From 5695665772107f5c5b088f957a277efc9e3d089e Mon Sep 17 00:00:00 2001 From: Nils Durner Date: Fri, 8 Oct 2010 11:16:17 +0000 Subject: style fixes, minor bugfixes --- src/util/crypto_hkdf.c | 87 +++++++++++++++++++++------------------------ src/util/crypto_kdf.c | 12 +++---- src/util/test_crypto_hkdf.c | 1 + 3 files changed, 47 insertions(+), 53 deletions(-) (limited to 'src/util') diff --git a/src/util/crypto_hkdf.c b/src/util/crypto_hkdf.c index c436e9962..96ff3804b 100644 --- a/src/util/crypto_hkdf.c +++ b/src/util/crypto_hkdf.c @@ -24,6 +24,7 @@ * @file src/util/crypto_hkdf.c * @brief Hash-based KDF as defined in RFC 5869 * @see http://www.rfc-editor.org/rfc/rfc5869.txt + * @todo remove GNUNET references * @author Nils Durner */ @@ -36,6 +37,7 @@ /** * @brief Compute the HMAC + * @todo use chunked buffers * @param mac gcrypt MAC handle * @param key HMAC key * @param key_len length of key @@ -66,8 +68,8 @@ doHMAC (gcry_md_hd_t mac, */ static int getPRK (gcry_md_hd_t mac, - const void *xts, unsigned long long xts_len, /* FIXME: size_t? */ - const void *skm, unsigned long long skm_len, + const void *xts, size_t xts_len, + const void *skm, size_t skm_len, void *prk) { const void *ret; @@ -115,40 +117,46 @@ dump(const char *src, * @return GNUNET_YES on success */ int -GNUNET_CRYPTO_hkdf_v (void *result, unsigned long long out_len, +GNUNET_CRYPTO_hkdf_v (void *result, size_t out_len, int xtr_algo, int prf_algo, const void *xts, size_t xts_len, const void *skm, size_t skm_len, va_list argp) { - void *prk, *plain; const void *hc; - unsigned long long plain_len; unsigned long i, t, d; - unsigned int k, xtr_len; + unsigned int k = gcry_md_get_algo_dlen (prf_algo); + unsigned int xtr_len = gcry_md_get_algo_dlen (xtr_algo); + char prk[xtr_len]; int ret; gcry_md_hd_t xtr, prf; size_t ctx_len; va_list args; - prk = plain = NULL; - xtr_len = gcry_md_get_algo_dlen (xtr_algo); - k = gcry_md_get_algo_dlen (prf_algo); - gcry_md_open(&xtr, xtr_algo, GCRY_MD_FLAG_HMAC); - gcry_md_open(&prf, prf_algo, GCRY_MD_FLAG_HMAC); + if (k == 0) + return GNUNET_SYSERR; + + // FIXME: what is the check for? + if (out_len > (2 ^ 32 * k)) + return GNUNET_SYSERR; + + if (gcry_md_open(&xtr, xtr_algo, GCRY_MD_FLAG_HMAC) != GPG_ERR_NO_ERROR) + return GNUNET_SYSERR; - if (out_len > (2 ^ 32 * k) || !xtr_algo || !prf_algo) + if (gcry_md_open(&prf, prf_algo, GCRY_MD_FLAG_HMAC) != GPG_ERR_NO_ERROR) + { + gcry_md_close (xtr); return GNUNET_SYSERR; + } va_copy (args, argp); - for (ctx_len = 0; va_arg (args, void *);) + + ctx_len = 0; + while (NULL != va_arg (args, void *)) ctx_len += va_arg (args, size_t); va_end(args); - prk = GNUNET_malloc (xtr_len); - memset (result, 0, out_len); - gcry_md_reset (xtr); if (getPRK (xtr, xts, xts_len, skm, skm_len, prk) != GNUNET_YES) goto hkdf_error; @@ -160,13 +168,13 @@ GNUNET_CRYPTO_hkdf_v (void *result, unsigned long long out_len, d = out_len % k; /* K(1) */ - plain_len = k + ctx_len + 1; - plain = GNUNET_malloc (plain_len); - if (t > 0) - { - void *ctx, *dst; + { + size_t plain_len = k + ctx_len + 1; + char plain[plain_len]; + const void *ctx; + char *dst; - dst = plain; + dst = plain + k; va_copy (args, argp); while ((ctx = va_arg (args, void *))) { @@ -178,37 +186,21 @@ GNUNET_CRYPTO_hkdf_v (void *result, unsigned long long out_len, } va_end (args); - memset (dst, 1, 1); - gcry_md_reset (prf); + if (t > 0) + { + memset (plain + k + ctx_len, 1, 1); #if DEBUG_HKDF dump("K(1)", plain, plain_len); #endif hc = doHMAC (prf, prk, - xtr_len, plain, ctx_len + 1); + xtr_len, &plain[k], ctx_len + 1); if (hc == NULL) goto hkdf_error; memcpy (result, hc, k); result += k; } - if (t > 1 || d > 0) - { - void *ctx, *dst; - - dst = plain + k; - va_copy (args, argp); - while ((ctx = va_arg (args, void *))) - { - size_t len; - - len = va_arg (args, size_t); - memcpy (dst, ctx, len); - dst += len; - } - va_end (args); - } - /* K(i+1) */ for (i = 1; i < t; i++) { @@ -235,7 +227,10 @@ GNUNET_CRYPTO_hkdf_v (void *result, unsigned long long out_len, #if DEBUG_HKDF dump("K(t):d", plain, plain_len); #endif - hc = doHMAC (prf, prk, xtr_len, plain, plain_len); + if (t > 0) + hc = doHMAC (prf, prk, xtr_len, plain, plain_len); + else + hc = doHMAC (prf, prk, xtr_len, plain + k, plain_len - k); if (hc == NULL) goto hkdf_error; memcpy (result, hc, d); @@ -246,12 +241,10 @@ GNUNET_CRYPTO_hkdf_v (void *result, unsigned long long out_len, ret = GNUNET_YES; goto hkdf_ok; - + } hkdf_error: ret = GNUNET_SYSERR; hkdf_ok: - GNUNET_free (prk); - GNUNET_free_non_null (plain); gcry_md_close (prf); gcry_md_close (xtr); @@ -274,7 +267,7 @@ hkdf_ok: * @return GNUNET_YES on success */ int -GNUNET_CRYPTO_hkdf (void *result, unsigned long long out_len, +GNUNET_CRYPTO_hkdf (void *result, size_t out_len, int xtr_algo, int prf_algo, const void *xts, size_t xts_len, const void *skm, size_t skm_len, diff --git a/src/util/crypto_kdf.c b/src/util/crypto_kdf.c index 785603c8c..cd42a63bf 100644 --- a/src/util/crypto_kdf.c +++ b/src/util/crypto_kdf.c @@ -41,9 +41,9 @@ * @return GNUNET_YES on success */ int -GNUNET_CRYPTO_kdf_v (void *result, const unsigned long long out_len, - const void *xts, const size_t xts_len, const void *skm, - const size_t skm_len, va_list argp) +GNUNET_CRYPTO_kdf_v (void *result, size_t out_len, + const void *xts, size_t xts_len, const void *skm, + size_t skm_len, va_list argp) { /* "Finally, we point out to a particularly advantageous instantiation using @@ -73,9 +73,9 @@ GNUNET_CRYPTO_kdf_v (void *result, const unsigned long long out_len, * @return GNUNET_YES on success */ int -GNUNET_CRYPTO_kdf (void *result, const unsigned long long out_len, - const void *xts, const size_t xts_len, const void *skm, - const size_t skm_len, ...) +GNUNET_CRYPTO_kdf (void *result, size_t out_len, + const void *xts, size_t xts_len, const void *skm, + size_t skm_len, ...) { va_list argp; int ret; diff --git a/src/util/test_crypto_hkdf.c b/src/util/test_crypto_hkdf.c index 1cbe41b4a..3a00ce679 100644 --- a/src/util/test_crypto_hkdf.c +++ b/src/util/test_crypto_hkdf.c @@ -23,6 +23,7 @@ /** * @file src/util/test_crypt_hkdf.c * @brief Testcases for HKDF + * @todo: test for out_len < hash_len * @author Nils Durner */ -- cgit v1.2.3