Fix logic error in HKDF and provide test case for regressions.

author: David Barksdale <amatus.amongus@gmail.com> 2010-10-18 05:52:29 +0000
committer: David Barksdale <amatus.amongus@gmail.com> 2010-10-18 05:52:29 +0000
commit: 93326b9ca26d5dc7f4a50c76b7a84cd685af9b33 (patch)
tree: ac9be16421d16bb264ebb3c42ff448a0c5da74b1 /src
parent: 0bdccef390726ec42400b5927d966a9066e7c243 (diff)
download: gnunet-93326b9ca26d5dc7f4a50c76b7a84cd685af9b33.tar.gz
gnunet-93326b9ca26d5dc7f4a50c76b7a84cd685af9b33.zip
2 files changed, 35 insertions, 2 deletions
diff --git a/src/util/crypto_hkdf.c b/src/util/crypto_hkdf.c
index eb91780cb..e27f31bb8 100644
--- a/src/util/crypto_hkdf.c
+++ b/src/util/crypto_hkdf.c
@@ -246,8 +246,12 @@ GNUNET_CRYPTO_hkdf_v (void *result, size_t out_len,
  if (d > 0)
    {
      if (t > 0)
-        memcpy (plain, result - k, k);
+        {
-      memset (plain + k + ctx_len, i + 1, 1);
+          memcpy (plain, result - k, k);
+          memset (plain + k + ctx_len, i + 1, 1);
+        }
+      else
+        memset (plain + k + ctx_len, 1, 1);
      gcry_md_reset (prf);
 #if DEBUG_HKDF
      dump("K(t):d", plain, plain_len);
diff --git a/src/util/test_crypto_hkdf.c b/src/util/test_crypto_hkdf.c
index 3a00ce679..80523454e 100644
--- a/src/util/test_crypto_hkdf.c
+++ b/src/util/test_crypto_hkdf.c
@@ -242,6 +242,34 @@ tc7 ()
  GNUNET_assert (memcmp(result + l, "\0", 2) == 0);
 }
+void
+tc8 ()
+{
+  unsigned char ikm[32] = { 0xbf, 0x16, 0x6e, 0x46, 0x3a, 0x6c, 0xf3, 0x93, 0xa7, 0x72,
+      0x11, 0xa1, 0xdc, 0x0b, 0x07, 0xdb, 0x1a, 0x5e, 0xd9, 0xb9, 0x81, 0xbe,
+      0xea, 0xe4, 0x31, 0x5f, 0x24, 0xff, 0xfe, 0x50, 0x8a, 0xde };
+  unsigned char salt[4] = { 0xfc, 0x62, 0x76, 0x35 };
+  unsigned char info[86] = { 0x8c, 0x0d, 0xcf, 0xb3, 0x25, 0x6e, 0x88, 0x0d, 0xc1, 0x0b,
+      0x1d, 0x33, 0x15, 0x3e, 0x52, 0x0b, 0xb0, 0x77, 0xff, 0x7d, 0xc3, 0xc7,
+      0xef, 0xe5, 0x8e, 0x3c, 0xc4, 0x4e, 0x8b, 0x41, 0x46, 0x1f, 0x02, 0x94,
+      0x82, 0x35, 0xc5, 0xa6, 0x5e, 0x91, 0xd8, 0xa2, 0x90, 0xfd, 0x6f, 0xb4,
+      0x07, 0xc9, 0xed, 0x6b, 0x18, 0x90, 0x31, 0xab, 0x0f, 0xb5, 0x6b, 0xec,
+      0x9e, 0x45, 0xa2, 0x83, 0x65, 0x41, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61,
+      0x6c, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x76, 0x65, 0x63,
+      0x74, 0x6f, 0x72, 0x00 };
+  unsigned char okm[16] = { 0xd6, 0x90, 0xec, 0x9e, 0x62, 0xdf, 0xb9, 0x41, 0xff, 0x92,
+      0x4f, 0xd2, 0xf6, 0x1d, 0x67, 0xe0 };
+  char result[18];
+  int l = 16;
+  memset (result, 0, sizeof(result));
+  GNUNET_assert (GNUNET_CRYPTO_hkdf(result, l, GCRY_MD_SHA512, GCRY_MD_SHA256, salt,
+      sizeof(salt), ikm, sizeof(ikm), info, sizeof(info),
+      NULL) == GNUNET_YES);
+  GNUNET_assert (memcmp(result, okm, l) == 0);
+  GNUNET_assert (memcmp(result + l, "\0", 2) == 0);
+}
 int
 main ()
 {
@@ -257,6 +285,7 @@ main ()
  /* Additional tests */
  tc7();
+  tc8();
  return 0;
 }
author	David Barksdale <amatus.amongus@gmail.com>	2010-10-18 05:52:29 +0000
committer	David Barksdale <amatus.amongus@gmail.com>	2010-10-18 05:52:29 +0000
commit	93326b9ca26d5dc7f4a50c76b7a84cd685af9b33 (patch)
tree	ac9be16421d16bb264ebb3c42ff448a0c5da74b1 /src
parent	0bdccef390726ec42400b5927d966a9066e7c243 (diff)
download	gnunet-93326b9ca26d5dc7f4a50c76b7a84cd685af9b33.tar.gz gnunet-93326b9ca26d5dc7f4a50c76b7a84cd685af9b33.zip

diff --git a/src/util/crypto_hkdf.c b/src/util/crypto_hkdf.c index eb91780cb..e27f31bb8 100644 --- a/src/util/crypto_hkdf.c +++ b/src/util/crypto_hkdf.c
@@ -246,8 +246,12 @@ GNUNET_CRYPTO_hkdf_v (void *result, size_t out_len,
246	if (d > 0)	246	if (d > 0)
247	{	247	{
248	if (t > 0)	248	if (t > 0)
249	memcpy (plain, result - k, k);	249	{
250	memset (plain + k + ctx_len, i + 1, 1);	250	memcpy (plain, result - k, k);
		251	memset (plain + k + ctx_len, i + 1, 1);
		252	}
		253	else
		254	memset (plain + k + ctx_len, 1, 1);
251	gcry_md_reset (prf);	255	gcry_md_reset (prf);
252	#if DEBUG_HKDF	256	#if DEBUG_HKDF
253	dump("K(t):d", plain, plain_len);	257	dump("K(t):d", plain, plain_len);


diff --git a/src/util/test_crypto_hkdf.c b/src/util/test_crypto_hkdf.c index 3a00ce679..80523454e 100644 --- a/src/util/test_crypto_hkdf.c +++ b/src/util/test_crypto_hkdf.c
@@ -242,6 +242,34 @@ tc7 ()
242	GNUNET_assert (memcmp(result + l, "\0", 2) == 0);	242	GNUNET_assert (memcmp(result + l, "\0", 2) == 0);
243	}	243	}
244		244
		245	void
		246	tc8 ()
		247	{
		248	unsigned char ikm[32] = { 0xbf, 0x16, 0x6e, 0x46, 0x3a, 0x6c, 0xf3, 0x93, 0xa7, 0x72,
		249	0x11, 0xa1, 0xdc, 0x0b, 0x07, 0xdb, 0x1a, 0x5e, 0xd9, 0xb9, 0x81, 0xbe,
		250	0xea, 0xe4, 0x31, 0x5f, 0x24, 0xff, 0xfe, 0x50, 0x8a, 0xde };
		251	unsigned char salt[4] = { 0xfc, 0x62, 0x76, 0x35 };
		252	unsigned char info[86] = { 0x8c, 0x0d, 0xcf, 0xb3, 0x25, 0x6e, 0x88, 0x0d, 0xc1, 0x0b,
		253	0x1d, 0x33, 0x15, 0x3e, 0x52, 0x0b, 0xb0, 0x77, 0xff, 0x7d, 0xc3, 0xc7,
		254	0xef, 0xe5, 0x8e, 0x3c, 0xc4, 0x4e, 0x8b, 0x41, 0x46, 0x1f, 0x02, 0x94,
		255	0x82, 0x35, 0xc5, 0xa6, 0x5e, 0x91, 0xd8, 0xa2, 0x90, 0xfd, 0x6f, 0xb4,
		256	0x07, 0xc9, 0xed, 0x6b, 0x18, 0x90, 0x31, 0xab, 0x0f, 0xb5, 0x6b, 0xec,
		257	0x9e, 0x45, 0xa2, 0x83, 0x65, 0x41, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61,
		258	0x6c, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x76, 0x65, 0x63,
		259	0x74, 0x6f, 0x72, 0x00 };
		260	unsigned char okm[16] = { 0xd6, 0x90, 0xec, 0x9e, 0x62, 0xdf, 0xb9, 0x41, 0xff, 0x92,
		261	0x4f, 0xd2, 0xf6, 0x1d, 0x67, 0xe0 };
		262	char result[18];
		263	int l = 16;
		264
		265	memset (result, 0, sizeof(result));
		266	GNUNET_assert (GNUNET_CRYPTO_hkdf(result, l, GCRY_MD_SHA512, GCRY_MD_SHA256, salt,
		267	sizeof(salt), ikm, sizeof(ikm), info, sizeof(info),
		268	NULL) == GNUNET_YES);
		269	GNUNET_assert (memcmp(result, okm, l) == 0);
		270	GNUNET_assert (memcmp(result + l, "\0", 2) == 0);
		271	}
		272
245	int	273	int
246	main ()	274	main ()
247	{	275	{
@@ -257,6 +285,7 @@ main ()
257		285
258	/* Additional tests */	286	/* Additional tests */
259	tc7();	287	tc7();
		288	tc8();
260		289
261	return 0;	290	return 0;
262	}	291	}