diff options
author | Nils Durner <durner@gnunet.org> | 2010-06-29 22:23:08 +0000 |
---|---|---|
committer | Nils Durner <durner@gnunet.org> | 2010-06-29 22:23:08 +0000 |
commit | 4b9b323560928f1a03459e22191a69bc7d777e7e (patch) | |
tree | 3423e8b1276929c4053b99ecf2d24892241b6318 /src/util/crypto_hkdf.c | |
parent | 773edae5e9c44583c3750ca46f8e556fa76cc561 (diff) | |
download | gnunet-4b9b323560928f1a03459e22191a69bc7d777e7e.tar.gz gnunet-4b9b323560928f1a03459e22191a69bc7d777e7e.zip |
The zeroed K(i)-field for K(1) was not included in the RFC (Appendix D, point 5 of the *revised* (Crypto'2010) paper)
Diffstat (limited to 'src/util/crypto_hkdf.c')
-rw-r--r-- | src/util/crypto_hkdf.c | 21 |
1 files changed, 12 insertions, 9 deletions
diff --git a/src/util/crypto_hkdf.c b/src/util/crypto_hkdf.c index 3ee6ae3db..6a87e496b 100644 --- a/src/util/crypto_hkdf.c +++ b/src/util/crypto_hkdf.c | |||
@@ -132,29 +132,33 @@ GNUNET_CRYPTO_hkdf (int xtr_algo, int prf_algo, const void *xts, | |||
132 | goto hkdf_error; | 132 | goto hkdf_error; |
133 | dump(prk, xtr_len); | 133 | dump(prk, xtr_len); |
134 | 134 | ||
135 | t = out_len / k; | ||
136 | d = out_len % k; | ||
137 | |||
135 | /* K(1) */ | 138 | /* K(1) */ |
136 | plain_len = k + ctx_len + 4; | 139 | plain_len = k + ctx_len + 1; |
137 | plain = GNUNET_malloc (plain_len); | 140 | plain = GNUNET_malloc (plain_len); |
138 | memset (plain, 0, k); | ||
139 | memcpy (plain + k, ctx, ctx_len); | ||
140 | t = out_len / k; | ||
141 | if (t > 0) | 141 | if (t > 0) |
142 | { | 142 | { |
143 | memset (plain + k + ctx_len, 0, 4); | 143 | memcpy (plain, ctx, ctx_len); |
144 | memset (plain + ctx_len, 1, 1); | ||
144 | gcry_md_reset (prf); | 145 | gcry_md_reset (prf); |
145 | dump(plain, plain_len); | 146 | dump(plain, plain_len); |
146 | hc = doHMAC (prf, prk, xtr_len, plain, plain_len); | 147 | hc = doHMAC (prf, prk, xtr_len, plain, ctx_len + 1); |
147 | if (hc == NULL) | 148 | if (hc == NULL) |
148 | goto hkdf_error; | 149 | goto hkdf_error; |
149 | memcpy (result, hc, k); | 150 | memcpy (result, hc, k); |
150 | result += k; | 151 | result += k; |
151 | } | 152 | } |
152 | 153 | ||
154 | if (t > 1 || d > 0) | ||
155 | memcpy (plain + k, ctx, ctx_len); | ||
156 | |||
153 | /* K(i+1) */ | 157 | /* K(i+1) */ |
154 | for (i = 1; i < t; i++) | 158 | for (i = 1; i < t; i++) |
155 | { | 159 | { |
156 | memcpy (plain, result - k, k); | 160 | memcpy (plain, result - k, k); |
157 | memcpy (plain + k + ctx_len, &i, 4); | 161 | memset (plain + k + ctx_len, i + 1, 1); |
158 | gcry_md_reset (prf); | 162 | gcry_md_reset (prf); |
159 | dump(plain, plain_len); | 163 | dump(plain, plain_len); |
160 | hc = doHMAC (prf, prk, xtr_len, plain, plain_len); | 164 | hc = doHMAC (prf, prk, xtr_len, plain, plain_len); |
@@ -165,12 +169,11 @@ dump(plain, plain_len); | |||
165 | } | 169 | } |
166 | 170 | ||
167 | /* K(t):d */ | 171 | /* K(t):d */ |
168 | d = out_len % k; | ||
169 | if (d > 0) | 172 | if (d > 0) |
170 | { | 173 | { |
171 | if (t > 0) | 174 | if (t > 0) |
172 | memcpy (plain, result - k, k); | 175 | memcpy (plain, result - k, k); |
173 | memcpy (plain + k + ctx_len, &i, 4); | 176 | memset (plain + k + ctx_len, i + 1, 1); |
174 | gcry_md_reset (prf); | 177 | gcry_md_reset (prf); |
175 | dump(plain, plain_len); | 178 | dump(plain, plain_len); |
176 | hc = doHMAC (prf, prk, xtr_len, plain, plain_len); | 179 | hc = doHMAC (prf, prk, xtr_len, plain, plain_len); |