From 2e2abc61db54f3a25fcb261e2d93277673770d70 Mon Sep 17 00:00:00 2001
From: Florian Dold <florian@dold.me>
Date: Tue, 19 Oct 2021 13:55:28 +0200
Subject: make KDF conform to RFC 5869

---
 src/util/crypto_hkdf.c | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

(limited to 'src/util')

diff --git a/src/util/crypto_hkdf.c b/src/util/crypto_hkdf.c
index 7270b87b6..ba3626e1a 100644
--- a/src/util/crypto_hkdf.c
+++ b/src/util/crypto_hkdf.c
@@ -103,11 +103,29 @@ getPRK (gcry_md_hd_t mac, const void *xts, size_t xts_len, const void *skm,
         size_t skm_len, void *prk)
 {
   const void *ret;
+  size_t dlen;
 
-  ret = doHMAC (mac, xts, xts_len, skm, skm_len);
+  dlen = gcry_md_get_algo_dlen (gcry_md_get_algo (mac));
+
+  /* sanity check to bound stack allocation */
+  GNUNET_assert (dlen <= 512);
+
+  /* From RFC 5869:
+   * salt - optional salt value (a non-secret random value);
+   * if not provided, it is set to a string of HashLen zeros. */
+
+  if (xts_len == 0)
+  {
+    char zero_salt[dlen] = { 0 };
+    ret = doHMAC (mac, zero_salt, dlen, skm, skm_len);
+  }
+  else
+  {
+    ret = doHMAC (mac, xts, xts_len, skm, skm_len);
+  }
   if (ret == NULL)
     return GNUNET_SYSERR;
-  GNUNET_memcpy (prk, ret, gcry_md_get_algo_dlen (gcry_md_get_algo (mac)));
+  GNUNET_memcpy (prk, ret, dlen);
 
   return GNUNET_YES;
 }
-- 
cgit v1.2.3