diff options
| author | David Goulet <dgoulet@torproject.org> | 2016-12-12 16:45:28 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2016-12-14 15:18:40 -0500 |
| commit | 118691cd47e53521319cdcbf994f29ecca3db4d1 (patch) | |
| tree | 78d64377d8a03653091601e18c3db6fc6424e65b /src/common | |
| parent | 7a204ae8f9c54c15e9bc05b9c2bd62c7e46d6ebb (diff) | |
| download | tor-118691cd47e53521319cdcbf994f29ecca3db4d1.tar.gz tor-118691cd47e53521319cdcbf994f29ecca3db4d1.zip | |
crypto: Change crypto_mac_sha3_256 to use the key length in the construction
Signed-off-by: David Goulet <dgoulet@torproject.org>
Diffstat (limited to 'src/common')
| -rw-r--r-- | src/common/crypto.c | 25 | ||||
| -rw-r--r-- | src/common/crypto.h | 7 |
2 files changed, 20 insertions, 12 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c index e4ef52d510..1b1f1f9aef 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -2109,25 +2109,32 @@ crypto_hmac_sha256(char *hmac_out, tor_assert(rv); } -/** Compute an SHA3 MAC of <b>msg</b> using <b>key</b> as the key. The format - * used for our MAC is SHA3(k | m). Write the DIGEST256_LEN-byte result into - * <b>mac_out</b> of size <b>mac_out_len</b>. */ +/** Compute a MAC using SHA3-256 of <b>msg_len</b> bytes in <b>msg</b> using a + * <b>key</b> of length <b>key_len</b> and a <b>salt</b> of length + * <b>salt_len</b>. Store the result of <b>len_out</b> bytes in in + * <b>mac_out</b>. This function can't fail. */ void -crypto_mac_sha3_256(char *mac_out, size_t mac_out_len, - const char *key, size_t key_len, - const char *msg, size_t msg_len) +crypto_mac_sha3_256(uint8_t *mac_out, size_t len_out, + const uint8_t *key, size_t key_len, + const uint8_t *msg, size_t msg_len) { crypto_digest_t *digest; + const uint64_t key_len_netorder = tor_htonll(key_len); + tor_assert(mac_out); tor_assert(key); tor_assert(msg); digest = crypto_digest256_new(DIGEST_SHA3_256); - crypto_digest_add_bytes(digest, key, key_len); - crypto_digest_add_bytes(digest, msg, msg_len); - crypto_digest_get_digest(digest, mac_out, mac_out_len); + /* Order matters here that is any subsystem using this function should + * expect this very precise ordering in the MAC construction. */ + crypto_digest_add_bytes(digest, (const char *) &key_len_netorder, + sizeof(key_len_netorder)); + crypto_digest_add_bytes(digest, (const char *) key, key_len); + crypto_digest_add_bytes(digest, (const char *) msg, msg_len); + crypto_digest_get_digest(digest, (char *) mac_out, len_out); crypto_digest_free(digest); } diff --git a/src/common/crypto.h b/src/common/crypto.h index 32b6531456..bf2fa06aaa 100644 --- a/src/common/crypto.h +++ b/src/common/crypto.h @@ -255,9 +255,10 @@ void crypto_digest_assign(crypto_digest_t *into, void crypto_hmac_sha256(char *hmac_out, const char *key, size_t key_len, const char *msg, size_t msg_len); -void crypto_mac_sha3_256(char *mac_out, size_t mac_out_len, - const char *key, size_t key_len, - const char *msg, size_t msg_len); +void crypto_mac_sha3_256(uint8_t *mac_out, size_t len_out, + const uint8_t *key, size_t key_len, + const uint8_t *msg, size_t msg_len); + crypto_xof_t *crypto_xof_new(void); void crypto_xof_add_bytes(crypto_xof_t *xof, const uint8_t *data, size_t len); void crypto_xof_squeeze_bytes(crypto_xof_t *xof, uint8_t *out, size_t len); |