summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGeorge Kadianakis <desnacked@riseup.net>2017-07-06 16:23:30 +0300
committerNick Mathewson <nickm@torproject.org>2017-07-07 11:12:27 -0400
commit70d08f764d9912e66a2c6c0f3e4241f563d53ebd (patch)
treea7cf6f22fcf2912c26d6b6bde85babc2cee2c9cd
parentc4d17faf81d8cfe4cf943ba11be03413c58f4d44 (diff)
downloadtor-70d08f764d9912e66a2c6c0f3e4241f563d53ebd.tar.gz
tor-70d08f764d9912e66a2c6c0f3e4241f563d53ebd.zip
Explicit length checks in create_rend_cpath().
Had to also edit hs_ntor_circuit_key_expansion() to make it happen.
-rw-r--r--src/or/hs_circuit.c13
-rw-r--r--src/or/hs_circuit.h1
-rw-r--r--src/or/hs_ntor.c19
-rw-r--r--src/or/hs_ntor.h4
-rw-r--r--src/test/test_hs_client.c4
-rw-r--r--src/test/test_hs_service.c4
6 files changed, 34 insertions, 11 deletions
diff --git a/src/or/hs_circuit.c b/src/or/hs_circuit.c
index 42c5dcb91a..f2ea8f5538 100644
--- a/src/or/hs_circuit.c
+++ b/src/or/hs_circuit.c
@@ -48,13 +48,17 @@ circuit_purpose_is_correct_for_rend(unsigned int circ_purpose, int is_service_si
* If <b>is_service_side</b> is set, we are the hidden service and the final
* hop of the rendezvous circuit is the client on the other side. */
static crypt_path_t *
-create_rend_cpath(const uint8_t *ntor_key_seed, int is_service_side)
+create_rend_cpath(const uint8_t *ntor_key_seed, size_t seed_len,
+ int is_service_side)
{
uint8_t keys[HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN];
crypt_path_t *cpath = NULL;
/* Do the key expansion */
- hs_ntor_circuit_key_expansion(ntor_key_seed, keys);
+ if (hs_ntor_circuit_key_expansion(ntor_key_seed, seed_len,
+ keys, sizeof(keys)) < 0) {
+ goto err;
+ }
/* Setup the cpath */
cpath = tor_malloc_zero(sizeof(crypt_path_t));
@@ -171,7 +175,7 @@ finalize_rend_circuit(origin_circuit_t *circ, crypt_path_t *hop,
* Return 0 if the operation went well; in case of error return -1. */
int
hs_circuit_setup_e2e_rend_circ(origin_circuit_t *circ,
- const uint8_t *ntor_key_seed,
+ const uint8_t *ntor_key_seed, size_t seed_len,
int is_service_side)
{
if (BUG(!circuit_purpose_is_correct_for_rend(TO_CIRCUIT(circ)->purpose,
@@ -179,7 +183,8 @@ hs_circuit_setup_e2e_rend_circ(origin_circuit_t *circ,
return -1;
}
- crypt_path_t *hop = create_rend_cpath(ntor_key_seed, is_service_side);
+ crypt_path_t *hop = create_rend_cpath(ntor_key_seed, seed_len,
+ is_service_side);
if (!hop) {
log_warn(LD_REND, "Couldn't get v3 %s cpath!",
is_service_side ? "service-side" : "client-side");
diff --git a/src/or/hs_circuit.h b/src/or/hs_circuit.h
index 1c2924ccad..71ce5c3331 100644
--- a/src/or/hs_circuit.h
+++ b/src/or/hs_circuit.h
@@ -15,6 +15,7 @@
int hs_circuit_setup_e2e_rend_circ(origin_circuit_t *circ,
const uint8_t *ntor_key_seed,
+ size_t seed_len,
int is_service_side);
int hs_circuit_setup_e2e_rend_circ_legacy_client(origin_circuit_t *circ,
const uint8_t *rend_cell_body);
diff --git a/src/or/hs_ntor.c b/src/or/hs_ntor.c
index 668ef221b8..a416bc46c3 100644
--- a/src/or/hs_ntor.c
+++ b/src/or/hs_ntor.c
@@ -582,14 +582,25 @@ hs_ntor_client_rendezvous2_mac_is_good(
/** Given the rendezvous key seed in <b>ntor_key_seed</b> (of size
* DIGEST256_LEN), do the circuit key expansion as specified by section
* '4.2.1. Key expansion' and place the keys in <b>keys_out</b> (which must be
- * of size HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN). */
-void
-hs_ntor_circuit_key_expansion(const uint8_t *ntor_key_seed, uint8_t *keys_out)
+ * of size HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN).
+ *
+ * Return 0 if things went well, else return -1. */
+int
+hs_ntor_circuit_key_expansion(const uint8_t *ntor_key_seed, size_t seed_len,
+ uint8_t *keys_out, size_t keys_out_len)
{
uint8_t *ptr;
uint8_t kdf_input[NTOR_KEY_EXPANSION_KDF_INPUT_LEN];
crypto_xof_t *xof;
+ /* Sanity checks on lengths to make sure we are good */
+ if (BUG(seed_len != DIGEST256_LEN)) {
+ return -1;
+ }
+ if (BUG(keys_out_len != HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN)) {
+ return -1;
+ }
+
/* Let's build the input to the KDF */
ptr = kdf_input;
APPEND(ptr, ntor_key_seed, DIGEST256_LEN);
@@ -601,5 +612,7 @@ hs_ntor_circuit_key_expansion(const uint8_t *ntor_key_seed, uint8_t *keys_out)
crypto_xof_add_bytes(xof, kdf_input, sizeof(kdf_input));
crypto_xof_squeeze_bytes(xof, keys_out, HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN);
crypto_xof_free(xof);
+
+ return 0;
}
diff --git a/src/or/hs_ntor.h b/src/or/hs_ntor.h
index 3a97e17acc..37c3261ae7 100644
--- a/src/or/hs_ntor.h
+++ b/src/or/hs_ntor.h
@@ -55,8 +55,8 @@ int hs_ntor_service_get_rendezvous1_keys(
const curve25519_public_key_t *client_ephemeral_enc_pubkey,
hs_ntor_rend_cell_keys_t *hs_ntor_rend_cell_keys_out);
-void hs_ntor_circuit_key_expansion(const uint8_t *ntor_key_seed,
- uint8_t *keys_out);
+int hs_ntor_circuit_key_expansion(const uint8_t *ntor_key_seed, size_t seed_len,
+ uint8_t *keys_out, size_t keys_out_len);
int hs_ntor_client_rendezvous2_mac_is_good(
const hs_ntor_rend_cell_keys_t *hs_ntor_rend_cell_keys,
diff --git a/src/test/test_hs_client.c b/src/test/test_hs_client.c
index 9e5fe04a62..938d3d24f0 100644
--- a/src/test/test_hs_client.c
+++ b/src/test/test_hs_client.c
@@ -243,7 +243,9 @@ test_e2e_rend_circuit_setup(void *arg)
/**********************************************/
/* Setup the circuit */
- retval = hs_circuit_setup_e2e_rend_circ(or_circ, ntor_key_seed, 0);
+ retval = hs_circuit_setup_e2e_rend_circ(or_circ,
+ ntor_key_seed, sizeof(ntor_key_seed),
+ 0);
tt_int_op(retval, OP_EQ, 0);
/**********************************************/
diff --git a/src/test/test_hs_service.c b/src/test/test_hs_service.c
index b5aaa0c75e..57937475c0 100644
--- a/src/test/test_hs_service.c
+++ b/src/test/test_hs_service.c
@@ -290,7 +290,9 @@ test_e2e_rend_circuit_setup(void *arg)
/* Setup the circuit: do the ntor key exchange */
{
uint8_t ntor_key_seed[DIGEST256_LEN] = {2};
- retval = hs_circuit_setup_e2e_rend_circ(or_circ, ntor_key_seed, 1);
+ retval = hs_circuit_setup_e2e_rend_circ(or_circ,
+ ntor_key_seed, sizeof(ntor_key_seed),
+ 1);
tt_int_op(retval, OP_EQ, 0);
}