commit 70d08f764d9912e66a2c6c0f3e4241f563d53ebd Author: George Kadianakis desnacked@riseup.net Date: Thu Jul 6 16:23:30 2017 +0300
Explicit length checks in create_rend_cpath().
Had to also edit hs_ntor_circuit_key_expansion() to make it happen. --- src/or/hs_circuit.c | 13 +++++++++---- src/or/hs_circuit.h | 1 + src/or/hs_ntor.c | 19 ++++++++++++++++--- src/or/hs_ntor.h | 4 ++-- src/test/test_hs_client.c | 4 +++- src/test/test_hs_service.c | 4 +++- 6 files changed, 34 insertions(+), 11 deletions(-)
diff --git a/src/or/hs_circuit.c b/src/or/hs_circuit.c index 42c5dcb..f2ea8f5 100644 --- a/src/or/hs_circuit.c +++ b/src/or/hs_circuit.c @@ -48,13 +48,17 @@ circuit_purpose_is_correct_for_rend(unsigned int circ_purpose, int is_service_si * If <b>is_service_side</b> is set, we are the hidden service and the final * hop of the rendezvous circuit is the client on the other side. */ static crypt_path_t * -create_rend_cpath(const uint8_t *ntor_key_seed, int is_service_side) +create_rend_cpath(const uint8_t *ntor_key_seed, size_t seed_len, + int is_service_side) { uint8_t keys[HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN]; crypt_path_t *cpath = NULL;
/* Do the key expansion */ - hs_ntor_circuit_key_expansion(ntor_key_seed, keys); + if (hs_ntor_circuit_key_expansion(ntor_key_seed, seed_len, + keys, sizeof(keys)) < 0) { + goto err; + }
/* Setup the cpath */ cpath = tor_malloc_zero(sizeof(crypt_path_t)); @@ -171,7 +175,7 @@ finalize_rend_circuit(origin_circuit_t *circ, crypt_path_t *hop, * Return 0 if the operation went well; in case of error return -1. */ int hs_circuit_setup_e2e_rend_circ(origin_circuit_t *circ, - const uint8_t *ntor_key_seed, + const uint8_t *ntor_key_seed, size_t seed_len, int is_service_side) { if (BUG(!circuit_purpose_is_correct_for_rend(TO_CIRCUIT(circ)->purpose, @@ -179,7 +183,8 @@ hs_circuit_setup_e2e_rend_circ(origin_circuit_t *circ, return -1; }
- crypt_path_t *hop = create_rend_cpath(ntor_key_seed, is_service_side); + crypt_path_t *hop = create_rend_cpath(ntor_key_seed, seed_len, + is_service_side); if (!hop) { log_warn(LD_REND, "Couldn't get v3 %s cpath!", is_service_side ? "service-side" : "client-side"); diff --git a/src/or/hs_circuit.h b/src/or/hs_circuit.h index 1c2924c..71ce5c3 100644 --- a/src/or/hs_circuit.h +++ b/src/or/hs_circuit.h @@ -15,6 +15,7 @@
int hs_circuit_setup_e2e_rend_circ(origin_circuit_t *circ, const uint8_t *ntor_key_seed, + size_t seed_len, int is_service_side); int hs_circuit_setup_e2e_rend_circ_legacy_client(origin_circuit_t *circ, const uint8_t *rend_cell_body); diff --git a/src/or/hs_ntor.c b/src/or/hs_ntor.c index 668ef22..a416bc4 100644 --- a/src/or/hs_ntor.c +++ b/src/or/hs_ntor.c @@ -582,14 +582,25 @@ hs_ntor_client_rendezvous2_mac_is_good( /** Given the rendezvous key seed in <b>ntor_key_seed</b> (of size * DIGEST256_LEN), do the circuit key expansion as specified by section * '4.2.1. Key expansion' and place the keys in <b>keys_out</b> (which must be - * of size HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN). */ -void -hs_ntor_circuit_key_expansion(const uint8_t *ntor_key_seed, uint8_t *keys_out) + * of size HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN). + * + * Return 0 if things went well, else return -1. */ +int +hs_ntor_circuit_key_expansion(const uint8_t *ntor_key_seed, size_t seed_len, + uint8_t *keys_out, size_t keys_out_len) { uint8_t *ptr; uint8_t kdf_input[NTOR_KEY_EXPANSION_KDF_INPUT_LEN]; crypto_xof_t *xof;
+ /* Sanity checks on lengths to make sure we are good */ + if (BUG(seed_len != DIGEST256_LEN)) { + return -1; + } + if (BUG(keys_out_len != HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN)) { + return -1; + } + /* Let's build the input to the KDF */ ptr = kdf_input; APPEND(ptr, ntor_key_seed, DIGEST256_LEN); @@ -601,5 +612,7 @@ hs_ntor_circuit_key_expansion(const uint8_t *ntor_key_seed, uint8_t *keys_out) crypto_xof_add_bytes(xof, kdf_input, sizeof(kdf_input)); crypto_xof_squeeze_bytes(xof, keys_out, HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN); crypto_xof_free(xof); + + return 0; }
diff --git a/src/or/hs_ntor.h b/src/or/hs_ntor.h index 3a97e17..37c3261 100644 --- a/src/or/hs_ntor.h +++ b/src/or/hs_ntor.h @@ -55,8 +55,8 @@ int hs_ntor_service_get_rendezvous1_keys( const curve25519_public_key_t *client_ephemeral_enc_pubkey, hs_ntor_rend_cell_keys_t *hs_ntor_rend_cell_keys_out);
-void hs_ntor_circuit_key_expansion(const uint8_t *ntor_key_seed, - uint8_t *keys_out); +int hs_ntor_circuit_key_expansion(const uint8_t *ntor_key_seed, size_t seed_len, + uint8_t *keys_out, size_t keys_out_len);
int hs_ntor_client_rendezvous2_mac_is_good( const hs_ntor_rend_cell_keys_t *hs_ntor_rend_cell_keys, diff --git a/src/test/test_hs_client.c b/src/test/test_hs_client.c index 9e5fe04..938d3d2 100644 --- a/src/test/test_hs_client.c +++ b/src/test/test_hs_client.c @@ -243,7 +243,9 @@ test_e2e_rend_circuit_setup(void *arg) /**********************************************/
/* Setup the circuit */ - retval = hs_circuit_setup_e2e_rend_circ(or_circ, ntor_key_seed, 0); + retval = hs_circuit_setup_e2e_rend_circ(or_circ, + ntor_key_seed, sizeof(ntor_key_seed), + 0); tt_int_op(retval, OP_EQ, 0);
/**********************************************/ diff --git a/src/test/test_hs_service.c b/src/test/test_hs_service.c index b5aaa0c..5793747 100644 --- a/src/test/test_hs_service.c +++ b/src/test/test_hs_service.c @@ -290,7 +290,9 @@ test_e2e_rend_circuit_setup(void *arg) /* Setup the circuit: do the ntor key exchange */ { uint8_t ntor_key_seed[DIGEST256_LEN] = {2}; - retval = hs_circuit_setup_e2e_rend_circ(or_circ, ntor_key_seed, 1); + retval = hs_circuit_setup_e2e_rend_circ(or_circ, + ntor_key_seed, sizeof(ntor_key_seed), + 1); tt_int_op(retval, OP_EQ, 0); }