make KDF conform to RFC 5869

author: Florian Dold <florian@dold.me> 2021-10-19 13:55:28 +0200
committer: Florian Dold <florian@dold.me> 2021-10-19 13:55:53 +0200
commit: 2e2abc61db54f3a25fcb261e2d93277673770d70 (patch)
tree: 514387c82aa9f65b86fc84fc5661ffe57b47638c /src/util
parent: d64ac269856744b9bab170964e1d6f36896ecc55 (diff)
download: gnunet-2e2abc61db54f3a25fcb261e2d93277673770d70.tar.gz
gnunet-2e2abc61db54f3a25fcb261e2d93277673770d70.zip
1 files changed, 20 insertions, 2 deletions
diff --git a/src/util/crypto_hkdf.c b/src/util/crypto_hkdf.c
index 7270b87b6..ba3626e1a 100644
--- a/src/util/crypto_hkdf.c
+++ b/src/util/crypto_hkdf.c
@@ -103,11 +103,29 @@ getPRK (gcry_md_hd_t mac, const void *xts, size_t xts_len, const void *skm,
        size_t skm_len, void *prk)
 {
  const void *ret;
+  size_t dlen;
-  ret = doHMAC (mac, xts, xts_len, skm, skm_len);
+  dlen = gcry_md_get_algo_dlen (gcry_md_get_algo (mac));
+  /* sanity check to bound stack allocation */
+  GNUNET_assert (dlen <= 512);
+  /* From RFC 5869:
+   * salt - optional salt value (a non-secret random value);
+   * if not provided, it is set to a string of HashLen zeros. */
+  if (xts_len == 0)
+  {
+    char zero_salt[dlen] = { 0 };
+    ret = doHMAC (mac, zero_salt, dlen, skm, skm_len);
+  }
+  else
+  {
+    ret = doHMAC (mac, xts, xts_len, skm, skm_len);
+  }
  if (ret == NULL)
    return GNUNET_SYSERR;
-  GNUNET_memcpy (prk, ret, gcry_md_get_algo_dlen (gcry_md_get_algo (mac)));
+  GNUNET_memcpy (prk, ret, dlen);
  return GNUNET_YES;
 }
author	Florian Dold <florian@dold.me>	2021-10-19 13:55:28 +0200
committer	Florian Dold <florian@dold.me>	2021-10-19 13:55:53 +0200
commit	2e2abc61db54f3a25fcb261e2d93277673770d70 (patch)
tree	514387c82aa9f65b86fc84fc5661ffe57b47638c /src/util
parent	d64ac269856744b9bab170964e1d6f36896ecc55 (diff)
download	gnunet-2e2abc61db54f3a25fcb261e2d93277673770d70.tar.gz gnunet-2e2abc61db54f3a25fcb261e2d93277673770d70.zip

diff --git a/src/util/crypto_hkdf.c b/src/util/crypto_hkdf.c index 7270b87b6..ba3626e1a 100644 --- a/src/util/crypto_hkdf.c +++ b/src/util/crypto_hkdf.c
@@ -103,11 +103,29 @@ getPRK (gcry_md_hd_t mac, const void xts, size_t xts_len, const void skm,
103	size_t skm_len, void *prk)	103	size_t skm_len, void *prk)
104	{	104	{
105	const void *ret;	105	const void *ret;
		106	size_t dlen;
106		107
107	ret = doHMAC (mac, xts, xts_len, skm, skm_len);	108	dlen = gcry_md_get_algo_dlen (gcry_md_get_algo (mac));
		109
		110	/* sanity check to bound stack allocation */
		111	GNUNET_assert (dlen <= 512);
		112
		113	/* From RFC 5869:
		114	* salt - optional salt value (a non-secret random value);
		115	* if not provided, it is set to a string of HashLen zeros. */
		116
		117	if (xts_len == 0)
		118	{
		119	char zero_salt[dlen] = { 0 };
		120	ret = doHMAC (mac, zero_salt, dlen, skm, skm_len);
		121	}
		122	else
		123	{
		124	ret = doHMAC (mac, xts, xts_len, skm, skm_len);
		125	}
108	if (ret == NULL)	126	if (ret == NULL)
109	return GNUNET_SYSERR;	127	return GNUNET_SYSERR;
110	GNUNET_memcpy (prk, ret, gcry_md_get_algo_dlen (gcry_md_get_algo (mac)));	128	GNUNET_memcpy (prk, ret, dlen);
111		129
112	return GNUNET_YES;	130	return GNUNET_YES;
113	}	131	}