crypto: Change crypto_mac_sha3_256 to use the key length in the construction

Signed-off-by: David Goulet <dgoulet@torproject.org>

3 files changed, 34 insertions, 27 deletions

diff --git a/src/test/test_crypto.c b/src/test/test_crypto.c
index 91c55d8c3d..d66ddccd4f 100644
--- a/src/test/test_crypto.c
+++ b/src/test/test_crypto.c
@@ -1147,28 +1147,34 @@ test_crypto_mac_sha3(void *arg)
   const char msg[] = "i am in a library somewhere using my computer";
   const char key[] = "i'm from the past talking to the future.";
 
-  char hmac_test[DIGEST256_LEN];
+  uint8_t hmac_test[DIGEST256_LEN];
   char hmac_manual[DIGEST256_LEN];
 
   (void) arg;
 
   /* First let's use our nice HMAC-SHA3 function */
   crypto_mac_sha3_256(hmac_test, sizeof(hmac_test),
-                      key, strlen(key),
-                      msg, strlen(msg));
+                      (uint8_t *) key, strlen(key),
+                      (uint8_t *) msg, strlen(msg));
 
-  /* Now let's try a manual H(k || m) construction */
+  /* Now let's try a manual H(len(k) || k || m) construction */
   {
-    char *key_msg_concat = NULL;
+    char *key_msg_concat = NULL, *all = NULL;
     int result;
+    const uint64_t key_len_netorder = tor_htonll(strlen(key));
+    size_t all_len;
 
     tor_asprintf(&key_msg_concat, "%s%s", key, msg);
+    all_len = sizeof(key_len_netorder) + strlen(key_msg_concat);
+    all = tor_malloc_zero(all_len);
+    memcpy(all, &key_len_netorder, sizeof(key_len_netorder));
+    memcpy(all + sizeof(key_len_netorder), key_msg_concat,
+           strlen(key_msg_concat));
 
-    result = crypto_digest256(hmac_manual,
-                              key_msg_concat, strlen(key_msg_concat),
-                              DIGEST_SHA3_256);
-    tt_int_op(result, ==, 0);
+    result = crypto_digest256(hmac_manual, all, all_len, DIGEST_SHA3_256);
     tor_free(key_msg_concat);
+    tor_free(all);
+    tt_int_op(result, ==, 0);
   }
 
   /* Now compare the two results */
diff --git a/src/test/test_hs_intropoint.c b/src/test/test_hs_intropoint.c
index 76f9dbaea0..608988ba9a 100644
--- a/src/test/test_hs_intropoint.c
+++ b/src/test/test_hs_intropoint.c
@@ -44,12 +44,12 @@ test_establish_intro_wrong_purpose(void *arg)
   or_circuit_t *intro_circ = or_circuit_new(0,NULL);;
   uint8_t cell_body[RELAY_PAYLOAD_SIZE];
   ssize_t cell_len = 0;
-  char circuit_key_material[DIGEST_LEN] = {0};
+  uint8_t circuit_key_material[DIGEST_LEN] = {0};
 
   (void)arg;
 
   /* Get the auth key of the intro point */
-  crypto_rand(circuit_key_material, sizeof(circuit_key_material));
+  crypto_rand((char *) circuit_key_material, sizeof(circuit_key_material));
   memcpy(intro_circ->rend_circ_nonce, circuit_key_material, DIGEST_LEN);
 
   /* Set a bad circuit purpose!! :) */
@@ -75,7 +75,8 @@ test_establish_intro_wrong_purpose(void *arg)
 
 /* Prepare a circuit for accepting an ESTABLISH_INTRO cell */
 static void
-helper_prepare_circ_for_intro(or_circuit_t *circ, char *circuit_key_material)
+helper_prepare_circ_for_intro(or_circuit_t *circ,
+                              uint8_t *circuit_key_material)
 {
   /* Prepare the circuit for the incoming ESTABLISH_INTRO */
   circuit_change_purpose(TO_CIRCUIT(circ), CIRCUIT_PURPOSE_OR);
@@ -88,12 +89,12 @@ test_establish_intro_wrong_keytype(void *arg)
 {
   int retval;
   or_circuit_t *intro_circ = or_circuit_new(0,NULL);;
-  char circuit_key_material[DIGEST_LEN] = {0};
+  uint8_t circuit_key_material[DIGEST_LEN] = {0};
 
   (void)arg;
 
   /* Get the auth key of the intro point */
-  crypto_rand(circuit_key_material, sizeof(circuit_key_material));
+  crypto_rand((char *) circuit_key_material, sizeof(circuit_key_material));
   helper_prepare_circ_for_intro(intro_circ, circuit_key_material);
 
   /* Receive the cell. Should fail. */
@@ -113,12 +114,12 @@ test_establish_intro_wrong_keytype2(void *arg)
   or_circuit_t *intro_circ = or_circuit_new(0,NULL);;
   uint8_t cell_body[RELAY_PAYLOAD_SIZE];
   ssize_t cell_len = 0;
-  char circuit_key_material[DIGEST_LEN] = {0};
+  uint8_t circuit_key_material[DIGEST_LEN] = {0};
 
   (void)arg;
 
   /* Get the auth key of the intro point */
-  crypto_rand(circuit_key_material, sizeof(circuit_key_material));
+  crypto_rand((char *) circuit_key_material, sizeof(circuit_key_material));
   helper_prepare_circ_for_intro(intro_circ, circuit_key_material);
 
   /* Create outgoing ESTABLISH_INTRO cell and extract its payload so that we
@@ -152,12 +153,12 @@ test_establish_intro_wrong_sig(void *arg)
   or_circuit_t *intro_circ = or_circuit_new(0,NULL);;
   uint8_t cell_body[RELAY_PAYLOAD_SIZE];
   ssize_t cell_len = 0;
-  char circuit_key_material[DIGEST_LEN] = {0};
+  uint8_t circuit_key_material[DIGEST_LEN] = {0};
 
   (void)arg;
 
   /* Get the auth key of the intro point */
-  crypto_rand(circuit_key_material, sizeof(circuit_key_material));
+  crypto_rand((char *) circuit_key_material, sizeof(circuit_key_material));
   helper_prepare_circ_for_intro(intro_circ, circuit_key_material);
 
   /* Create outgoing ESTABLISH_INTRO cell and extract its payload so that we
@@ -190,12 +191,12 @@ helper_establish_intro_v3(or_circuit_t *intro_circ)
   hs_cell_establish_intro_t *establish_intro_cell = NULL;
   uint8_t cell_body[RELAY_PAYLOAD_SIZE];
   ssize_t cell_len = 0;
-  char circuit_key_material[DIGEST_LEN] = {0};
+  uint8_t circuit_key_material[DIGEST_LEN] = {0};
 
   tt_assert(intro_circ);
 
   /* Prepare the circuit for the incoming ESTABLISH_INTRO */
-  crypto_rand(circuit_key_material, sizeof(circuit_key_material));
+  crypto_rand((char *) circuit_key_material, sizeof(circuit_key_material));
   helper_prepare_circ_for_intro(intro_circ, circuit_key_material);
 
   /* Create outgoing ESTABLISH_INTRO cell and extract its payload so that we
@@ -224,12 +225,12 @@ helper_establish_intro_v2(or_circuit_t *intro_circ)
   int retval;
   uint8_t cell_body[RELAY_PAYLOAD_SIZE];
   ssize_t cell_len = 0;
-  char circuit_key_material[DIGEST_LEN] = {0};
+  uint8_t circuit_key_material[DIGEST_LEN] = {0};
 
   tt_assert(intro_circ);
 
   /* Prepare the circuit for the incoming ESTABLISH_INTRO */
-  crypto_rand(circuit_key_material, sizeof(circuit_key_material));
+  crypto_rand((char *) circuit_key_material, sizeof(circuit_key_material));
   helper_prepare_circ_for_intro(intro_circ, circuit_key_material);
 
   /* Send legacy establish_intro */
@@ -238,7 +239,7 @@ helper_establish_intro_v2(or_circuit_t *intro_circ)
   /* Use old circuit_key_material why not */
   cell_len = encode_establish_intro_cell_legacy((char*)cell_body,
                                                 key1,
-                                                circuit_key_material);
+                                                (char *) circuit_key_material);
   tt_int_op(cell_len, >, 0);
 
   /* Receive legacy establish_intro */
diff --git a/src/test/test_hs_service.c b/src/test/test_hs_service.c
index 88c7ef2b35..195e5069cb 100644
--- a/src/test/test_hs_service.c
+++ b/src/test/test_hs_service.c
@@ -24,12 +24,12 @@ test_gen_establish_intro_cell(void *arg)
 {
   (void) arg;
   int retval;
-  char circuit_key_material[DIGEST_LEN] = {0};
+  uint8_t circuit_key_material[DIGEST_LEN] = {0};
   uint8_t buf[RELAY_PAYLOAD_SIZE];
   hs_cell_establish_intro_t *cell_out = NULL;
   hs_cell_establish_intro_t *cell_in = NULL;
 
-  crypto_rand(circuit_key_material, sizeof(circuit_key_material));
+  crypto_rand((char *) circuit_key_material, sizeof(circuit_key_material));
 
   /* Create outgoing ESTABLISH_INTRO cell and extract its payload so that we
      attempt to parse it. */
@@ -79,11 +79,11 @@ test_gen_establish_intro_cell_bad(void *arg)
 {
   (void) arg;
   hs_cell_establish_intro_t *cell = NULL;
-  char circuit_key_material[DIGEST_LEN] = {0};
+  uint8_t circuit_key_material[DIGEST_LEN] = {0};
 
   MOCK(ed25519_sign_prefixed, mock_ed25519_sign_prefixed);
 
-  crypto_rand(circuit_key_material, sizeof(circuit_key_material));
+  crypto_rand((char *) circuit_key_material, sizeof(circuit_key_material));
 
   setup_full_capture_of_logs(LOG_WARN);
   /* Easiest way to make that function fail is to mock the