diff options
Diffstat (limited to 'src/util/crypto_kdf.c')
-rw-r--r-- | src/util/crypto_kdf.c | 56 |
1 files changed, 12 insertions, 44 deletions
diff --git a/src/util/crypto_kdf.c b/src/util/crypto_kdf.c index 8041f61ab..f577e0f7a 100644 --- a/src/util/crypto_kdf.c +++ b/src/util/crypto_kdf.c | |||
@@ -32,17 +32,7 @@ | |||
32 | 32 | ||
33 | #define LOG(kind, ...) GNUNET_log_from (kind, "util-crypto-kdf", __VA_ARGS__) | 33 | #define LOG(kind, ...) GNUNET_log_from (kind, "util-crypto-kdf", __VA_ARGS__) |
34 | 34 | ||
35 | /** | 35 | |
36 | * @brief Derive key | ||
37 | * @param result buffer for the derived key, allocated by caller | ||
38 | * @param out_len desired length of the derived key | ||
39 | * @param xts salt | ||
40 | * @param xts_len length of @a xts | ||
41 | * @param skm source key material | ||
42 | * @param skm_len length of @a skm | ||
43 | * @param argp va_list of void * & size_t pairs for context chunks | ||
44 | * @return #GNUNET_YES on success | ||
45 | */ | ||
46 | enum GNUNET_GenericReturnValue | 36 | enum GNUNET_GenericReturnValue |
47 | GNUNET_CRYPTO_kdf_v (void *result, | 37 | GNUNET_CRYPTO_kdf_v (void *result, |
48 | size_t out_len, | 38 | size_t out_len, |
@@ -75,17 +65,6 @@ GNUNET_CRYPTO_kdf_v (void *result, | |||
75 | } | 65 | } |
76 | 66 | ||
77 | 67 | ||
78 | /** | ||
79 | * @brief Derive key | ||
80 | * @param result buffer for the derived key, allocated by caller | ||
81 | * @param out_len desired length of the derived key | ||
82 | * @param xts salt | ||
83 | * @param xts_len length of @a xts | ||
84 | * @param skm source key material | ||
85 | * @param skm_len length of @a skm | ||
86 | * @param ... void * & size_t pairs for context chunks | ||
87 | * @return #GNUNET_YES on success | ||
88 | */ | ||
89 | enum GNUNET_GenericReturnValue | 68 | enum GNUNET_GenericReturnValue |
90 | GNUNET_CRYPTO_kdf (void *result, | 69 | GNUNET_CRYPTO_kdf (void *result, |
91 | size_t out_len, | 70 | size_t out_len, |
@@ -111,18 +90,6 @@ GNUNET_CRYPTO_kdf (void *result, | |||
111 | } | 90 | } |
112 | 91 | ||
113 | 92 | ||
114 | /** | ||
115 | * Deterministically generate a pseudo-random number uniformly from the | ||
116 | * integers modulo a libgcrypt mpi. | ||
117 | * | ||
118 | * @param[out] r MPI value set to the FDH | ||
119 | * @param n MPI to work modulo | ||
120 | * @param xts salt | ||
121 | * @param xts_len length of @a xts | ||
122 | * @param skm source key material | ||
123 | * @param skm_len length of @a skm | ||
124 | * @param ctx context string | ||
125 | */ | ||
126 | void | 93 | void |
127 | GNUNET_CRYPTO_kdf_mod_mpi (gcry_mpi_t *r, | 94 | GNUNET_CRYPTO_kdf_mod_mpi (gcry_mpi_t *r, |
128 | gcry_mpi_t n, | 95 | gcry_mpi_t n, |
@@ -137,33 +104,34 @@ GNUNET_CRYPTO_kdf_mod_mpi (gcry_mpi_t *r, | |||
137 | 104 | ||
138 | nbits = gcry_mpi_get_nbits (n); | 105 | nbits = gcry_mpi_get_nbits (n); |
139 | /* GNUNET_assert (nbits > 512); */ | 106 | /* GNUNET_assert (nbits > 512); */ |
140 | |||
141 | ctr = 0; | 107 | ctr = 0; |
142 | while (1) | 108 | while (1) |
143 | { | 109 | { |
144 | /* Ain't clear if n is always divisible by 8 */ | 110 | /* Ain't clear if n is always divisible by 8 */ |
145 | uint8_t buf[ (nbits - 1) / 8 + 1 ]; | 111 | size_t bsize = (nbits - 1) / 8 + 1; |
112 | uint8_t buf[bsize]; | ||
146 | uint16_t ctr_nbo = htons (ctr); | 113 | uint16_t ctr_nbo = htons (ctr); |
147 | 114 | ||
148 | memset (buf, 0, sizeof (buf)); | ||
149 | rc = GNUNET_CRYPTO_kdf (buf, | 115 | rc = GNUNET_CRYPTO_kdf (buf, |
150 | sizeof(buf), | 116 | bsize, |
151 | xts, xts_len, | 117 | xts, xts_len, |
152 | skm, skm_len, | 118 | skm, skm_len, |
153 | ctx, strlen (ctx), | 119 | ctx, strlen (ctx), |
154 | &ctr_nbo, sizeof(ctr_nbo), | 120 | &ctr_nbo, sizeof(ctr_nbo), |
155 | NULL, 0); | 121 | NULL, 0); |
156 | GNUNET_assert (GNUNET_YES == rc); | 122 | GNUNET_assert (GNUNET_YES == rc); |
157 | |||
158 | rc = gcry_mpi_scan (r, | 123 | rc = gcry_mpi_scan (r, |
159 | GCRYMPI_FMT_USG, | 124 | GCRYMPI_FMT_USG, |
160 | (const unsigned char *) buf, | 125 | (const unsigned char *) buf, |
161 | sizeof(buf), | 126 | bsize, |
162 | &rsize); | 127 | &rsize); |
163 | GNUNET_assert (0 == rc); /* Allocation error? */ | 128 | GNUNET_assert (GPG_ERR_NO_ERROR == rc); /* Allocation error? */ |
164 | GNUNET_assert (rsize == sizeof (buf)); | 129 | GNUNET_assert (rsize == bsize); |
165 | gcry_mpi_clear_highbit (*r, nbits); | 130 | gcry_mpi_clear_highbit (*r, |
166 | GNUNET_assert (0 == gcry_mpi_test_bit (*r, nbits)); | 131 | nbits); |
132 | GNUNET_assert (0 == | ||
133 | gcry_mpi_test_bit (*r, | ||
134 | nbits)); | ||
167 | ++ctr; | 135 | ++ctr; |
168 | /* We reject this FDH if either *r > n and retry with another ctr */ | 136 | /* We reject this FDH if either *r > n and retry with another ctr */ |
169 | if (0 > gcry_mpi_cmp (*r, n)) | 137 | if (0 > gcry_mpi_cmp (*r, n)) |