summaryrefslogtreecommitdiff
path: root/src/common/crypto.c
diff options
context:
space:
mode:
authorDavid Goulet <dgoulet@torproject.org>2016-12-12 16:45:28 -0500
committerNick Mathewson <nickm@torproject.org>2016-12-14 15:18:40 -0500
commit118691cd47e53521319cdcbf994f29ecca3db4d1 (patch)
tree78d64377d8a03653091601e18c3db6fc6424e65b /src/common/crypto.c
parent7a204ae8f9c54c15e9bc05b9c2bd62c7e46d6ebb (diff)
downloadtor-118691cd47e53521319cdcbf994f29ecca3db4d1.tar.gz
tor-118691cd47e53521319cdcbf994f29ecca3db4d1.zip
crypto: Change crypto_mac_sha3_256 to use the key length in the construction
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src/common/crypto.c')
-rw-r--r--src/common/crypto.c25
1 files changed, 16 insertions, 9 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c
index e4ef52d510..1b1f1f9aef 100644
--- a/src/common/crypto.c
+++ b/src/common/crypto.c
@@ -2109,25 +2109,32 @@ crypto_hmac_sha256(char *hmac_out,
tor_assert(rv);
}
-/** Compute an SHA3 MAC of <b>msg</b> using <b>key</b> as the key. The format
- * used for our MAC is SHA3(k | m). Write the DIGEST256_LEN-byte result into
- * <b>mac_out</b> of size <b>mac_out_len</b>. */
+/** Compute a MAC using SHA3-256 of <b>msg_len</b> bytes in <b>msg</b> using a
+ * <b>key</b> of length <b>key_len</b> and a <b>salt</b> of length
+ * <b>salt_len</b>. Store the result of <b>len_out</b> bytes in in
+ * <b>mac_out</b>. This function can't fail. */
void
-crypto_mac_sha3_256(char *mac_out, size_t mac_out_len,
- const char *key, size_t key_len,
- const char *msg, size_t msg_len)
+crypto_mac_sha3_256(uint8_t *mac_out, size_t len_out,
+ const uint8_t *key, size_t key_len,
+ const uint8_t *msg, size_t msg_len)
{
crypto_digest_t *digest;
+ const uint64_t key_len_netorder = tor_htonll(key_len);
+
tor_assert(mac_out);
tor_assert(key);
tor_assert(msg);
digest = crypto_digest256_new(DIGEST_SHA3_256);
- crypto_digest_add_bytes(digest, key, key_len);
- crypto_digest_add_bytes(digest, msg, msg_len);
- crypto_digest_get_digest(digest, mac_out, mac_out_len);
+ /* Order matters here that is any subsystem using this function should
+ * expect this very precise ordering in the MAC construction. */
+ crypto_digest_add_bytes(digest, (const char *) &key_len_netorder,
+ sizeof(key_len_netorder));
+ crypto_digest_add_bytes(digest, (const char *) key, key_len);
+ crypto_digest_add_bytes(digest, (const char *) msg, msg_len);
+ crypto_digest_get_digest(digest, (char *) mac_out, len_out);
crypto_digest_free(digest);
}
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion