diff options
author | Martin Schanzenbach <schanzen@gnunet.org> | 2024-06-17 13:19:56 +0200 |
---|---|---|
committer | Martin Schanzenbach <schanzen@gnunet.org> | 2024-06-17 13:19:56 +0200 |
commit | 604b2d10b0ea0d83de8431e0eb3f60211368d572 (patch) | |
tree | fd20ffb404b1b688f9025e4c6b5bebddfa5c91b1 | |
parent | f065f7819563e37959d23b27758101fe4e505cf9 (diff) | |
download | gnunet-604b2d10b0ea0d83de8431e0eb3f60211368d572.tar.gz gnunet-604b2d10b0ea0d83de8431e0eb3f60211368d572.zip |
transport(tcp): update hkdf usage
-rw-r--r-- | src/service/transport/gnunet-communicator-tcp.c | 64 |
1 files changed, 34 insertions, 30 deletions
diff --git a/src/service/transport/gnunet-communicator-tcp.c b/src/service/transport/gnunet-communicator-tcp.c index a29dad6e3..ac59b1368 100644 --- a/src/service/transport/gnunet-communicator-tcp.c +++ b/src/service/transport/gnunet-communicator-tcp.c | |||
@@ -1221,45 +1221,49 @@ setup_cipher (const struct GNUNET_HashCode *dh, | |||
1221 | { | 1221 | { |
1222 | char key[256 / 8]; | 1222 | char key[256 / 8]; |
1223 | char ctr[128 / 8]; | 1223 | char ctr[128 / 8]; |
1224 | char ikm[sizeof (*pid) + sizeof (*dh)]; | ||
1225 | struct GNUNET_ShortHashCode prk; | ||
1224 | 1226 | ||
1225 | GNUNET_assert (0 == gcry_cipher_open (cipher, | 1227 | GNUNET_assert (0 == gcry_cipher_open (cipher, |
1226 | GCRY_CIPHER_AES256 /* low level: go for speed */ | 1228 | GCRY_CIPHER_AES256 /* low level: go for speed */ |
1227 | , | 1229 | , |
1228 | GCRY_CIPHER_MODE_CTR, | 1230 | GCRY_CIPHER_MODE_CTR, |
1229 | 0 /* flags */)); | 1231 | 0 /* flags */)); |
1230 | GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_kdf (key, | 1232 | memcpy (ikm, pid, sizeof (*pid)); |
1231 | sizeof(key), | 1233 | memcpy (ikm + sizeof (*pid), dh, sizeof (*dh)); |
1232 | "TCP-key", | 1234 | GNUNET_assert (GNUNET_CRYPTO_hkdf_extract (&prk, |
1233 | strlen ("TCP-key"), | 1235 | NULL, 0, |
1234 | dh, | 1236 | ikm, sizeof (ikm))); |
1235 | sizeof(*dh), | 1237 | GNUNET_assert (GNUNET_YES == |
1236 | pid, | 1238 | GNUNET_CRYPTO_hkdf_expand (key, |
1237 | sizeof(*pid), | 1239 | sizeof(key), |
1238 | NULL, | 1240 | &prk, |
1239 | 0)); | 1241 | "gnunet-communicator-tcp-key", |
1242 | strlen ( | ||
1243 | "gnunet-communicator-tcp-key"), | ||
1244 | pid, | ||
1245 | sizeof(*pid), | ||
1246 | NULL, | ||
1247 | 0)); | ||
1240 | GNUNET_assert (0 == gcry_cipher_setkey (*cipher, key, sizeof(key))); | 1248 | GNUNET_assert (0 == gcry_cipher_setkey (*cipher, key, sizeof(key))); |
1241 | GNUNET_assert (GNUNET_YES == GNUNET_CRYPTO_kdf (ctr, | 1249 | GNUNET_assert (GNUNET_YES == |
1242 | sizeof(ctr), | 1250 | GNUNET_CRYPTO_hkdf_expand (ctr, |
1243 | "TCP-ctr", | 1251 | sizeof(ctr), |
1244 | strlen ("TCP-ctr"), | 1252 | &prk, |
1245 | dh, | 1253 | "gnunet-communicator-tcp-ctr", |
1246 | sizeof(*dh), | 1254 | strlen ( |
1247 | pid, | 1255 | "gnunet-communicator-tcp-ctr"), |
1248 | sizeof(*pid), | 1256 | NULL, |
1249 | NULL, | 1257 | 0)); |
1250 | 0)); | ||
1251 | gcry_cipher_setctr (*cipher, ctr, sizeof(ctr)); | 1258 | gcry_cipher_setctr (*cipher, ctr, sizeof(ctr)); |
1252 | GNUNET_assert (GNUNET_YES == | 1259 | GNUNET_assert (GNUNET_YES == |
1253 | GNUNET_CRYPTO_kdf (hmac_key, | 1260 | GNUNET_CRYPTO_hkdf_expand (hmac_key, |
1254 | sizeof(struct GNUNET_HashCode), | 1261 | sizeof(struct GNUNET_HashCode), |
1255 | "TCP-hmac", | 1262 | &prk, |
1256 | strlen ("TCP-hmac"), | 1263 | "gnunet-communicator-hmac", |
1257 | dh, | 1264 | strlen ("gnunet-communicator-hmac"), |
1258 | sizeof(*dh), | 1265 | NULL, |
1259 | pid, | 1266 | 0)); |
1260 | sizeof(*pid), | ||
1261 | NULL, | ||
1262 | 0)); | ||
1263 | } | 1267 | } |
1264 | 1268 | ||
1265 | 1269 | ||