diff options
| -rw-r--r-- | src/common/crypto.c | 2 | ||||
| -rw-r--r-- | src/common/crypto.h | 5 | ||||
| -rw-r--r-- | src/or/control.c | 16 | ||||
| -rw-r--r-- | src/or/main.c | 8 | ||||
| -rw-r--r-- | src/test/test_crypto.c | 4 |
5 files changed, 20 insertions, 15 deletions
diff --git a/src/common/crypto.c b/src/common/crypto.c index 014c83e850..a3e767e6f5 100644 --- a/src/common/crypto.c +++ b/src/common/crypto.c @@ -3008,7 +3008,7 @@ base32_decode(char *dest, size_t destlen, const char *src, size_t srclen) * Does not support <b>key_out_len</b> > DIGEST_LEN. */ void -secret_to_key(char *key_out, size_t key_out_len, const char *secret, +secret_to_key_rfc2440(char *key_out, size_t key_out_len, const char *secret, size_t secret_len, const char *s2k_specifier) { crypto_digest_t *d; diff --git a/src/common/crypto.h b/src/common/crypto.h index aa4271aa33..ba6fe84f0d 100644 --- a/src/common/crypto.h +++ b/src/common/crypto.h @@ -282,8 +282,9 @@ int digest256_from_base64(char *digest, const char *d64); /** Length of RFC2440-style S2K specifier: the first 8 bytes are a salt, the * 9th describes how much iteration to do. */ -#define S2K_SPECIFIER_LEN 9 -void secret_to_key(char *key_out, size_t key_out_len, const char *secret, +#define S2K_RFC2440_SPECIFIER_LEN 9 +void secret_to_key_rfc2440( + char *key_out, size_t key_out_len, const char *secret, size_t secret_len, const char *s2k_specifier); /** OpenSSL-based utility functions. */ diff --git a/src/or/control.c b/src/or/control.c index b3a9dd693e..08cdad4943 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -993,7 +993,8 @@ handle_control_setevents(control_connection_t *conn, uint32_t len, /** Decode the hashed, base64'd passwords stored in <b>passwords</b>. * Return a smartlist of acceptable passwords (unterminated strings of - * length S2K_SPECIFIER_LEN+DIGEST_LEN) on success, or NULL on failure. + * length S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN) on success, or NULL on + * failure. */ smartlist_t * decode_hashed_passwords(config_line_t *passwords) @@ -1009,16 +1010,17 @@ decode_hashed_passwords(config_line_t *passwords) if (!strcmpstart(hashed, "16:")) { if (base16_decode(decoded, sizeof(decoded), hashed+3, strlen(hashed+3))<0 - || strlen(hashed+3) != (S2K_SPECIFIER_LEN+DIGEST_LEN)*2) { + || strlen(hashed+3) != (S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN)*2) { goto err; } } else { if (base64_decode(decoded, sizeof(decoded), hashed, strlen(hashed)) - != S2K_SPECIFIER_LEN+DIGEST_LEN) { + != S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN) { goto err; } } - smartlist_add(sl, tor_memdup(decoded, S2K_SPECIFIER_LEN+DIGEST_LEN)); + smartlist_add(sl, + tor_memdup(decoded, S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN)); } return sl; @@ -1171,8 +1173,10 @@ handle_control_authenticate(control_connection_t *conn, uint32_t len, } else { SMARTLIST_FOREACH(sl, char *, expected, { - secret_to_key(received,DIGEST_LEN,password,password_len,expected); - if (tor_memeq(expected+S2K_SPECIFIER_LEN, received, DIGEST_LEN)) + secret_to_key_rfc2440(received,DIGEST_LEN, + password,password_len,expected); + if (tor_memeq(expected + S2K_RFC2440_SPECIFIER_LEN, + received, DIGEST_LEN)) goto ok; }); SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp)); diff --git a/src/or/main.c b/src/or/main.c index 094120fecf..4ead8aa35c 100644 --- a/src/or/main.c +++ b/src/or/main.c @@ -2674,11 +2674,11 @@ do_hash_password(void) { char output[256]; - char key[S2K_SPECIFIER_LEN+DIGEST_LEN]; + char key[S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN]; - crypto_rand(key, S2K_SPECIFIER_LEN-1); - key[S2K_SPECIFIER_LEN-1] = (uint8_t)96; /* Hash 64 K of data. */ - secret_to_key(key+S2K_SPECIFIER_LEN, DIGEST_LEN, + crypto_rand(key, S2K_RFC2440_SPECIFIER_LEN-1); + key[S2K_RFC2440_SPECIFIER_LEN-1] = (uint8_t)96; /* Hash 64 K of data. */ + secret_to_key_rfc2440(key+S2K_RFC2440_SPECIFIER_LEN, DIGEST_LEN, get_options()->command_arg, strlen(get_options()->command_arg), key); base16_encode(output, sizeof(output), key, sizeof(key)); diff --git a/src/test/test_crypto.c b/src/test/test_crypto.c index 5d8edb6550..d0024750cf 100644 --- a/src/test/test_crypto.c +++ b/src/test/test_crypto.c @@ -708,7 +708,7 @@ test_crypto_s2k(void) buf3 = tor_malloc(65536); memset(buf3, 0, 65536); - secret_to_key(buf+9, 20, "", 0, buf); + secret_to_key_rfc2440(buf+9, 20, "", 0, buf); crypto_digest(buf2+9, buf3, 1024); test_memeq(buf, buf2, 29); @@ -716,7 +716,7 @@ test_crypto_s2k(void) memcpy(buf2,"vrbacrda",8); buf[8] = 96; buf2[8] = 96; - secret_to_key(buf+9, 20, "12345678", 8, buf); + secret_to_key_rfc2440(buf+9, 20, "12345678", 8, buf); for (i = 0; i < 65536; i += 16) { memcpy(buf3+i, "vrbacrda12345678", 16); } |