summaryrefslogtreecommitdiff
path: root/src/or/hs_ntor.c
diff options
context:
space:
mode:
authorGeorge Kadianakis <desnacked@riseup.net>2017-07-06 16:23:30 +0300
committerNick Mathewson <nickm@torproject.org>2017-07-07 11:12:27 -0400
commit70d08f764d9912e66a2c6c0f3e4241f563d53ebd (patch)
treea7cf6f22fcf2912c26d6b6bde85babc2cee2c9cd /src/or/hs_ntor.c
parentc4d17faf81d8cfe4cf943ba11be03413c58f4d44 (diff)
downloadtor-70d08f764d9912e66a2c6c0f3e4241f563d53ebd.tar.gz
tor-70d08f764d9912e66a2c6c0f3e4241f563d53ebd.zip
Explicit length checks in create_rend_cpath().
Had to also edit hs_ntor_circuit_key_expansion() to make it happen.
Diffstat (limited to 'src/or/hs_ntor.c')
-rw-r--r--src/or/hs_ntor.c19
1 files changed, 16 insertions, 3 deletions
diff --git a/src/or/hs_ntor.c b/src/or/hs_ntor.c
index 668ef221b8..a416bc46c3 100644
--- a/src/or/hs_ntor.c
+++ b/src/or/hs_ntor.c
@@ -582,14 +582,25 @@ hs_ntor_client_rendezvous2_mac_is_good(
/** Given the rendezvous key seed in <b>ntor_key_seed</b> (of size
* DIGEST256_LEN), do the circuit key expansion as specified by section
* '4.2.1. Key expansion' and place the keys in <b>keys_out</b> (which must be
- * of size HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN). */
-void
-hs_ntor_circuit_key_expansion(const uint8_t *ntor_key_seed, uint8_t *keys_out)
+ * of size HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN).
+ *
+ * Return 0 if things went well, else return -1. */
+int
+hs_ntor_circuit_key_expansion(const uint8_t *ntor_key_seed, size_t seed_len,
+ uint8_t *keys_out, size_t keys_out_len)
{
uint8_t *ptr;
uint8_t kdf_input[NTOR_KEY_EXPANSION_KDF_INPUT_LEN];
crypto_xof_t *xof;
+ /* Sanity checks on lengths to make sure we are good */
+ if (BUG(seed_len != DIGEST256_LEN)) {
+ return -1;
+ }
+ if (BUG(keys_out_len != HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN)) {
+ return -1;
+ }
+
/* Let's build the input to the KDF */
ptr = kdf_input;
APPEND(ptr, ntor_key_seed, DIGEST256_LEN);
@@ -601,5 +612,7 @@ hs_ntor_circuit_key_expansion(const uint8_t *ntor_key_seed, uint8_t *keys_out)
crypto_xof_add_bytes(xof, kdf_input, sizeof(kdf_input));
crypto_xof_squeeze_bytes(xof, keys_out, HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN);
crypto_xof_free(xof);
+
+ return 0;
}