diff options
| author | George Kadianakis <desnacked@riseup.net> | 2018-09-06 16:25:31 +0300 |
|---|---|---|
| committer | David Goulet <dgoulet@torproject.org> | 2018-09-07 14:05:07 -0400 |
| commit | 6583d1e7091ba368b66c6f3038df223d3b7652cb (patch) | |
| tree | ba2f7aa7377bbaeb18674a5affe4a2856c7d2698 /src/feature/hs/hs_descriptor.c | |
| parent | 1e9428dc618250ba7a64f5e2e0451a9da9c75853 (diff) | |
| download | tor-6583d1e7091ba368b66c6f3038df223d3b7652cb.tar.gz tor-6583d1e7091ba368b66c6f3038df223d3b7652cb.zip | |
HSv3: Add subcredential in client auth KDF on the client-side.
Diffstat (limited to 'src/feature/hs/hs_descriptor.c')
| -rw-r--r-- | src/feature/hs/hs_descriptor.c | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/src/feature/hs/hs_descriptor.c b/src/feature/hs/hs_descriptor.c index f34685e232..d0cdffdf10 100644 --- a/src/feature/hs/hs_descriptor.c +++ b/src/feature/hs/hs_descriptor.c @@ -1427,13 +1427,15 @@ decrypt_descriptor_cookie(const hs_descriptor_t *desc, sizeof(desc->superencrypted_data.auth_ephemeral_pubkey))); tor_assert(!tor_mem_is_zero((char *) client_auth_sk, sizeof(*client_auth_sk))); + tor_assert(!tor_mem_is_zero((char *) desc->subcredential, DIGEST256_LEN)); /* Calculate x25519(client_x, hs_Y) */ curve25519_handshake(secret_seed, client_auth_sk, &desc->superencrypted_data.auth_ephemeral_pubkey); - /* Calculate KEYS = KDF(SECRET_SEED, 40) */ + /* Calculate KEYS = KDF(subcredential | SECRET_SEED, 40) */ xof = crypto_xof_new(); + crypto_xof_add_bytes(xof, desc->subcredential, DIGEST256_LEN); crypto_xof_add_bytes(xof, secret_seed, sizeof(secret_seed)); crypto_xof_squeeze_bytes(xof, keystream, sizeof(keystream)); crypto_xof_free(xof); @@ -2539,9 +2541,8 @@ hs_desc_decode_plaintext(const char *encoded, } /* Fully decode an encoded descriptor and set a newly allocated descriptor - * object in desc_out. Subcredentials are used if not NULL else it's ignored. - * Client secret key is used to decrypt the "encrypted" section if not NULL - * else it's ignored. + * object in desc_out. Client secret key is used to decrypt the "encrypted" + * section if not NULL else it's ignored. * * Return 0 on success. A negative value is returned on error and desc_out is * set to NULL. */ @@ -2558,8 +2559,9 @@ hs_desc_decode_descriptor(const char *encoded, desc = tor_malloc_zero(sizeof(hs_descriptor_t)); - /* Subcredentials are optional. */ - if (BUG(!subcredential)) { + /* Subcredentials are not optional. */ + if (BUG(!subcredential || + tor_mem_is_zero((char*)subcredential, DIGEST256_LEN))) { log_warn(LD_GENERAL, "Tried to decrypt without subcred. Impossible!"); goto err; } |