summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorFlorian Dold <florian@dold.me>2021-10-19 13:55:28 +0200
committerFlorian Dold <florian@dold.me>2021-10-19 13:55:53 +0200
commit2e2abc61db54f3a25fcb261e2d93277673770d70 (patch)
tree514387c82aa9f65b86fc84fc5661ffe57b47638c /src
parentd64ac269856744b9bab170964e1d6f36896ecc55 (diff)
make KDF conform to RFC 5869
Diffstat (limited to 'src')
-rw-r--r--src/util/crypto_hkdf.c22
1 files changed, 20 insertions, 2 deletions
diff --git a/src/util/crypto_hkdf.c b/src/util/crypto_hkdf.c
index 7270b87b6..ba3626e1a 100644
--- a/src/util/crypto_hkdf.c
+++ b/src/util/crypto_hkdf.c
@@ -103,11 +103,29 @@ getPRK (gcry_md_hd_t mac, const void *xts, size_t xts_len, const void *skm,
size_t skm_len, void *prk)
{
const void *ret;
+ size_t dlen;
- ret = doHMAC (mac, xts, xts_len, skm, skm_len);
+ dlen = gcry_md_get_algo_dlen (gcry_md_get_algo (mac));
+
+ /* sanity check to bound stack allocation */
+ GNUNET_assert (dlen <= 512);
+
+ /* From RFC 5869:
+ * salt - optional salt value (a non-secret random value);
+ * if not provided, it is set to a string of HashLen zeros. */
+
+ if (xts_len == 0)
+ {
+ char zero_salt[dlen] = { 0 };
+ ret = doHMAC (mac, zero_salt, dlen, skm, skm_len);
+ }
+ else
+ {
+ ret = doHMAC (mac, xts, xts_len, skm, skm_len);
+ }
if (ret == NULL)
return GNUNET_SYSERR;
- GNUNET_memcpy (prk, ret, gcry_md_get_algo_dlen (gcry_md_get_algo (mac)));
+ GNUNET_memcpy (prk, ret, dlen);
return GNUNET_YES;
}