diff options
| author | Nils Durner <durner@gnunet.org> | 2010-10-08 11:16:17 +0000 |
|---|---|---|
| committer | Nils Durner <durner@gnunet.org> | 2010-10-08 11:16:17 +0000 |
| commit | 5695665772107f5c5b088f957a277efc9e3d089e (patch) | |
| tree | dafca3c500625f3eccbca496af737ae925400a93 /src | |
| parent | f312e6df17cc5fe5848b53827546312eac899529 (diff) | |
| download | gnunet-5695665772107f5c5b088f957a277efc9e3d089e.tar.gz gnunet-5695665772107f5c5b088f957a277efc9e3d089e.zip | |
style fixes, minor bugfixes
Diffstat (limited to 'src')
| -rw-r--r-- | src/core/gnunet-service-core.c | 4 | ||||
| -rw-r--r-- | src/include/gnunet_crypto_lib.h | 12 | ||||
| -rw-r--r-- | src/util/crypto_hkdf.c | 87 | ||||
| -rw-r--r-- | src/util/crypto_kdf.c | 12 | ||||
| -rw-r--r-- | src/util/test_crypto_hkdf.c | 1 |
5 files changed, 55 insertions, 61 deletions
diff --git a/src/core/gnunet-service-core.c b/src/core/gnunet-service-core.c index cc549b073..bc4ac407d 100644 --- a/src/core/gnunet-service-core.c +++ b/src/core/gnunet-service-core.c | |||
| @@ -734,8 +734,8 @@ static unsigned long long bandwidth_target_out_bps; | |||
| 734 | static void | 734 | static void |
| 735 | derive_auth_key (struct GNUNET_CRYPTO_AuthKey *akey, | 735 | derive_auth_key (struct GNUNET_CRYPTO_AuthKey *akey, |
| 736 | const struct GNUNET_CRYPTO_AesSessionKey *skey, | 736 | const struct GNUNET_CRYPTO_AesSessionKey *skey, |
| 737 | const unsigned int seed, | 737 | uint32_t seed, |
| 738 | const struct GNUNET_TIME_Absolute creation_time) | 738 | struct GNUNET_TIME_Absolute creation_time) |
| 739 | { | 739 | { |
| 740 | static char ctx[] = "authentication key"; | 740 | static char ctx[] = "authentication key"; |
| 741 | 741 | ||
diff --git a/src/include/gnunet_crypto_lib.h b/src/include/gnunet_crypto_lib.h index 08da06c70..fbe8b42c3 100644 --- a/src/include/gnunet_crypto_lib.h +++ b/src/include/gnunet_crypto_lib.h | |||
| @@ -618,7 +618,7 @@ GNUNET_CRYPTO_hmac_derive_key(struct GNUNET_CRYPTO_AuthKey *key, | |||
| 618 | */ | 618 | */ |
| 619 | int | 619 | int |
| 620 | GNUNET_CRYPTO_hkdf (void *result, | 620 | GNUNET_CRYPTO_hkdf (void *result, |
| 621 | unsigned long long out_len, | 621 | size_t out_len, |
| 622 | int xtr_algo, int prf_algo, | 622 | int xtr_algo, int prf_algo, |
| 623 | const void *xts, size_t xts_len, | 623 | const void *xts, size_t xts_len, |
| 624 | const void *skm, size_t skm_len, | 624 | const void *skm, size_t skm_len, |
| @@ -640,7 +640,7 @@ GNUNET_CRYPTO_hkdf (void *result, | |||
| 640 | */ | 640 | */ |
| 641 | int | 641 | int |
| 642 | GNUNET_CRYPTO_hkdf_v (void *result, | 642 | GNUNET_CRYPTO_hkdf_v (void *result, |
| 643 | const unsigned long long out_len, /* FIXME: size_t? */ | 643 | size_t out_len, |
| 644 | int xtr_algo, | 644 | int xtr_algo, |
| 645 | int prf_algo, | 645 | int prf_algo, |
| 646 | const void *xts, size_t xts_len, | 646 | const void *xts, size_t xts_len, |
| @@ -661,7 +661,7 @@ GNUNET_CRYPTO_hkdf_v (void *result, | |||
| 661 | */ | 661 | */ |
| 662 | int | 662 | int |
| 663 | GNUNET_CRYPTO_kdf_v (void *result, | 663 | GNUNET_CRYPTO_kdf_v (void *result, |
| 664 | unsigned long long out_len, | 664 | size_t out_len, |
| 665 | const void *xts, size_t xts_len, | 665 | const void *xts, size_t xts_len, |
| 666 | const void *skm, size_t skm_len, | 666 | const void *skm, size_t skm_len, |
| 667 | va_list argp); | 667 | va_list argp); |
| @@ -679,9 +679,9 @@ GNUNET_CRYPTO_kdf_v (void *result, | |||
| 679 | * @return GNUNET_YES on success | 679 | * @return GNUNET_YES on success |
| 680 | */ | 680 | */ |
| 681 | int | 681 | int |
| 682 | GNUNET_CRYPTO_kdf (void *result, const unsigned long long out_len, | 682 | GNUNET_CRYPTO_kdf (void *result, size_t out_len, |
| 683 | const void *xts, const size_t xts_len, const void *skm, | 683 | const void *xts, size_t xts_len, const void *skm, |
| 684 | const size_t skm_len, ...); | 684 | size_t skm_len, ...); |
| 685 | 685 | ||
| 686 | 686 | ||
| 687 | /** | 687 | /** |
diff --git a/src/util/crypto_hkdf.c b/src/util/crypto_hkdf.c index c436e9962..96ff3804b 100644 --- a/src/util/crypto_hkdf.c +++ b/src/util/crypto_hkdf.c | |||
| @@ -24,6 +24,7 @@ | |||
| 24 | * @file src/util/crypto_hkdf.c | 24 | * @file src/util/crypto_hkdf.c |
| 25 | * @brief Hash-based KDF as defined in RFC 5869 | 25 | * @brief Hash-based KDF as defined in RFC 5869 |
| 26 | * @see http://www.rfc-editor.org/rfc/rfc5869.txt | 26 | * @see http://www.rfc-editor.org/rfc/rfc5869.txt |
| 27 | * @todo remove GNUNET references | ||
| 27 | * @author Nils Durner | 28 | * @author Nils Durner |
| 28 | */ | 29 | */ |
| 29 | 30 | ||
| @@ -36,6 +37,7 @@ | |||
| 36 | 37 | ||
| 37 | /** | 38 | /** |
| 38 | * @brief Compute the HMAC | 39 | * @brief Compute the HMAC |
| 40 | * @todo use chunked buffers | ||
| 39 | * @param mac gcrypt MAC handle | 41 | * @param mac gcrypt MAC handle |
| 40 | * @param key HMAC key | 42 | * @param key HMAC key |
| 41 | * @param key_len length of key | 43 | * @param key_len length of key |
| @@ -66,8 +68,8 @@ doHMAC (gcry_md_hd_t mac, | |||
| 66 | */ | 68 | */ |
| 67 | static int | 69 | static int |
| 68 | getPRK (gcry_md_hd_t mac, | 70 | getPRK (gcry_md_hd_t mac, |
| 69 | const void *xts, unsigned long long xts_len, /* FIXME: size_t? */ | 71 | const void *xts, size_t xts_len, |
| 70 | const void *skm, unsigned long long skm_len, | 72 | const void *skm, size_t skm_len, |
| 71 | void *prk) | 73 | void *prk) |
| 72 | { | 74 | { |
| 73 | const void *ret; | 75 | const void *ret; |
| @@ -115,40 +117,46 @@ dump(const char *src, | |||
| 115 | * @return GNUNET_YES on success | 117 | * @return GNUNET_YES on success |
| 116 | */ | 118 | */ |
| 117 | int | 119 | int |
| 118 | GNUNET_CRYPTO_hkdf_v (void *result, unsigned long long out_len, | 120 | GNUNET_CRYPTO_hkdf_v (void *result, size_t out_len, |
| 119 | int xtr_algo, int prf_algo, | 121 | int xtr_algo, int prf_algo, |
| 120 | const void *xts, size_t xts_len, | 122 | const void *xts, size_t xts_len, |
| 121 | const void *skm, size_t skm_len, | 123 | const void *skm, size_t skm_len, |
| 122 | va_list argp) | 124 | va_list argp) |
| 123 | { | 125 | { |
| 124 | void *prk, *plain; | ||
| 125 | const void *hc; | 126 | const void *hc; |
| 126 | unsigned long long plain_len; | ||
| 127 | unsigned long i, t, d; | 127 | unsigned long i, t, d; |
| 128 | unsigned int k, xtr_len; | 128 | unsigned int k = gcry_md_get_algo_dlen (prf_algo); |
| 129 | unsigned int xtr_len = gcry_md_get_algo_dlen (xtr_algo); | ||
| 130 | char prk[xtr_len]; | ||
| 129 | int ret; | 131 | int ret; |
| 130 | gcry_md_hd_t xtr, prf; | 132 | gcry_md_hd_t xtr, prf; |
| 131 | size_t ctx_len; | 133 | size_t ctx_len; |
| 132 | va_list args; | 134 | va_list args; |
| 133 | 135 | ||
| 134 | prk = plain = NULL; | 136 | if (k == 0) |
| 135 | xtr_len = gcry_md_get_algo_dlen (xtr_algo); | 137 | return GNUNET_SYSERR; |
| 136 | k = gcry_md_get_algo_dlen (prf_algo); | 138 | |
| 137 | gcry_md_open(&xtr, xtr_algo, GCRY_MD_FLAG_HMAC); | 139 | // FIXME: what is the check for? |
| 138 | gcry_md_open(&prf, prf_algo, GCRY_MD_FLAG_HMAC); | 140 | if (out_len > (2 ^ 32 * k)) |
| 141 | return GNUNET_SYSERR; | ||
| 142 | |||
| 143 | if (gcry_md_open(&xtr, xtr_algo, GCRY_MD_FLAG_HMAC) != GPG_ERR_NO_ERROR) | ||
| 144 | return GNUNET_SYSERR; | ||
| 139 | 145 | ||
| 140 | if (out_len > (2 ^ 32 * k) || !xtr_algo || !prf_algo) | 146 | if (gcry_md_open(&prf, prf_algo, GCRY_MD_FLAG_HMAC) != GPG_ERR_NO_ERROR) |
| 147 | { | ||
| 148 | gcry_md_close (xtr); | ||
| 141 | return GNUNET_SYSERR; | 149 | return GNUNET_SYSERR; |
| 150 | } | ||
| 142 | 151 | ||
| 143 | va_copy (args, argp); | 152 | va_copy (args, argp); |
| 144 | for (ctx_len = 0; va_arg (args, void *);) | 153 | |
| 154 | ctx_len = 0; | ||
| 155 | while (NULL != va_arg (args, void *)) | ||
| 145 | ctx_len += va_arg (args, size_t); | 156 | ctx_len += va_arg (args, size_t); |
| 146 | va_end(args); | 157 | va_end(args); |
| 147 | 158 | ||
| 148 | prk = GNUNET_malloc (xtr_len); | ||
| 149 | |||
| 150 | memset (result, 0, out_len); | 159 | memset (result, 0, out_len); |
| 151 | gcry_md_reset (xtr); | ||
| 152 | if (getPRK (xtr, xts, xts_len, skm, skm_len, prk) | 160 | if (getPRK (xtr, xts, xts_len, skm, skm_len, prk) |
| 153 | != GNUNET_YES) | 161 | != GNUNET_YES) |
| 154 | goto hkdf_error; | 162 | goto hkdf_error; |
| @@ -160,13 +168,13 @@ GNUNET_CRYPTO_hkdf_v (void *result, unsigned long long out_len, | |||
| 160 | d = out_len % k; | 168 | d = out_len % k; |
| 161 | 169 | ||
| 162 | /* K(1) */ | 170 | /* K(1) */ |
| 163 | plain_len = k + ctx_len + 1; | 171 | { |
| 164 | plain = GNUNET_malloc (plain_len); | 172 | size_t plain_len = k + ctx_len + 1; |
| 165 | if (t > 0) | 173 | char plain[plain_len]; |
| 166 | { | 174 | const void *ctx; |
| 167 | void *ctx, *dst; | 175 | char *dst; |
| 168 | 176 | ||
| 169 | dst = plain; | 177 | dst = plain + k; |
| 170 | va_copy (args, argp); | 178 | va_copy (args, argp); |
| 171 | while ((ctx = va_arg (args, void *))) | 179 | while ((ctx = va_arg (args, void *))) |
| 172 | { | 180 | { |
| @@ -178,37 +186,21 @@ GNUNET_CRYPTO_hkdf_v (void *result, unsigned long long out_len, | |||
| 178 | } | 186 | } |
| 179 | va_end (args); | 187 | va_end (args); |
| 180 | 188 | ||
| 181 | memset (dst, 1, 1); | 189 | if (t > 0) |
| 182 | gcry_md_reset (prf); | 190 | { |
| 191 | memset (plain + k + ctx_len, 1, 1); | ||
| 183 | #if DEBUG_HKDF | 192 | #if DEBUG_HKDF |
| 184 | dump("K(1)", plain, plain_len); | 193 | dump("K(1)", plain, plain_len); |
| 185 | #endif | 194 | #endif |
| 186 | hc = doHMAC (prf, | 195 | hc = doHMAC (prf, |
| 187 | prk, | 196 | prk, |
| 188 | xtr_len, plain, ctx_len + 1); | 197 | xtr_len, &plain[k], ctx_len + 1); |
| 189 | if (hc == NULL) | 198 | if (hc == NULL) |
| 190 | goto hkdf_error; | 199 | goto hkdf_error; |
| 191 | memcpy (result, hc, k); | 200 | memcpy (result, hc, k); |
| 192 | result += k; | 201 | result += k; |
| 193 | } | 202 | } |
| 194 | 203 | ||
| 195 | if (t > 1 || d > 0) | ||
| 196 | { | ||
| 197 | void *ctx, *dst; | ||
| 198 | |||
| 199 | dst = plain + k; | ||
| 200 | va_copy (args, argp); | ||
| 201 | while ((ctx = va_arg (args, void *))) | ||
| 202 | { | ||
| 203 | size_t len; | ||
| 204 | |||
| 205 | len = va_arg (args, size_t); | ||
| 206 | memcpy (dst, ctx, len); | ||
| 207 | dst += len; | ||
| 208 | } | ||
| 209 | va_end (args); | ||
| 210 | } | ||
| 211 | |||
| 212 | /* K(i+1) */ | 204 | /* K(i+1) */ |
| 213 | for (i = 1; i < t; i++) | 205 | for (i = 1; i < t; i++) |
| 214 | { | 206 | { |
| @@ -235,7 +227,10 @@ GNUNET_CRYPTO_hkdf_v (void *result, unsigned long long out_len, | |||
| 235 | #if DEBUG_HKDF | 227 | #if DEBUG_HKDF |
| 236 | dump("K(t):d", plain, plain_len); | 228 | dump("K(t):d", plain, plain_len); |
| 237 | #endif | 229 | #endif |
| 238 | hc = doHMAC (prf, prk, xtr_len, plain, plain_len); | 230 | if (t > 0) |
| 231 | hc = doHMAC (prf, prk, xtr_len, plain, plain_len); | ||
| 232 | else | ||
| 233 | hc = doHMAC (prf, prk, xtr_len, plain + k, plain_len - k); | ||
| 239 | if (hc == NULL) | 234 | if (hc == NULL) |
| 240 | goto hkdf_error; | 235 | goto hkdf_error; |
| 241 | memcpy (result, hc, d); | 236 | memcpy (result, hc, d); |
| @@ -246,12 +241,10 @@ GNUNET_CRYPTO_hkdf_v (void *result, unsigned long long out_len, | |||
| 246 | 241 | ||
| 247 | ret = GNUNET_YES; | 242 | ret = GNUNET_YES; |
| 248 | goto hkdf_ok; | 243 | goto hkdf_ok; |
| 249 | 244 | } | |
| 250 | hkdf_error: | 245 | hkdf_error: |
| 251 | ret = GNUNET_SYSERR; | 246 | ret = GNUNET_SYSERR; |
| 252 | hkdf_ok: | 247 | hkdf_ok: |
| 253 | GNUNET_free (prk); | ||
| 254 | GNUNET_free_non_null (plain); | ||
| 255 | gcry_md_close (prf); | 248 | gcry_md_close (prf); |
| 256 | gcry_md_close (xtr); | 249 | gcry_md_close (xtr); |
| 257 | 250 | ||
| @@ -274,7 +267,7 @@ hkdf_ok: | |||
| 274 | * @return GNUNET_YES on success | 267 | * @return GNUNET_YES on success |
| 275 | */ | 268 | */ |
| 276 | int | 269 | int |
| 277 | GNUNET_CRYPTO_hkdf (void *result, unsigned long long out_len, | 270 | GNUNET_CRYPTO_hkdf (void *result, size_t out_len, |
| 278 | int xtr_algo, int prf_algo, | 271 | int xtr_algo, int prf_algo, |
| 279 | const void *xts, size_t xts_len, | 272 | const void *xts, size_t xts_len, |
| 280 | const void *skm, size_t skm_len, | 273 | const void *skm, size_t skm_len, |
diff --git a/src/util/crypto_kdf.c b/src/util/crypto_kdf.c index 785603c8c..cd42a63bf 100644 --- a/src/util/crypto_kdf.c +++ b/src/util/crypto_kdf.c | |||
| @@ -41,9 +41,9 @@ | |||
| 41 | * @return GNUNET_YES on success | 41 | * @return GNUNET_YES on success |
| 42 | */ | 42 | */ |
| 43 | int | 43 | int |
| 44 | GNUNET_CRYPTO_kdf_v (void *result, const unsigned long long out_len, | 44 | GNUNET_CRYPTO_kdf_v (void *result, size_t out_len, |
| 45 | const void *xts, const size_t xts_len, const void *skm, | 45 | const void *xts, size_t xts_len, const void *skm, |
| 46 | const size_t skm_len, va_list argp) | 46 | size_t skm_len, va_list argp) |
| 47 | { | 47 | { |
| 48 | /* | 48 | /* |
| 49 | "Finally, we point out to a particularly advantageous instantiation using | 49 | "Finally, we point out to a particularly advantageous instantiation using |
| @@ -73,9 +73,9 @@ GNUNET_CRYPTO_kdf_v (void *result, const unsigned long long out_len, | |||
| 73 | * @return GNUNET_YES on success | 73 | * @return GNUNET_YES on success |
| 74 | */ | 74 | */ |
| 75 | int | 75 | int |
| 76 | GNUNET_CRYPTO_kdf (void *result, const unsigned long long out_len, | 76 | GNUNET_CRYPTO_kdf (void *result, size_t out_len, |
| 77 | const void *xts, const size_t xts_len, const void *skm, | 77 | const void *xts, size_t xts_len, const void *skm, |
| 78 | const size_t skm_len, ...) | 78 | size_t skm_len, ...) |
| 79 | { | 79 | { |
| 80 | va_list argp; | 80 | va_list argp; |
| 81 | int ret; | 81 | int ret; |
diff --git a/src/util/test_crypto_hkdf.c b/src/util/test_crypto_hkdf.c index 1cbe41b4a..3a00ce679 100644 --- a/src/util/test_crypto_hkdf.c +++ b/src/util/test_crypto_hkdf.c | |||
| @@ -23,6 +23,7 @@ | |||
| 23 | /** | 23 | /** |
| 24 | * @file src/util/test_crypt_hkdf.c | 24 | * @file src/util/test_crypt_hkdf.c |
| 25 | * @brief Testcases for HKDF | 25 | * @brief Testcases for HKDF |
| 26 | * @todo: test for out_len < hash_len | ||
| 26 | * @author Nils Durner | 27 | * @author Nils Durner |
| 27 | */ | 28 | */ |
| 28 | 29 | ||