[tor-commits] [tor/master] Explicit length checks in create_rend_cpath().
nickm at torproject.org
nickm at torproject.org
Fri Jul 7 15:19:28 UTC 2017
commit 70d08f764d9912e66a2c6c0f3e4241f563d53ebd
Author: George Kadianakis <desnacked at riseup.net>
Date: Thu Jul 6 16:23:30 2017 +0300
Explicit length checks in create_rend_cpath().
Had to also edit hs_ntor_circuit_key_expansion() to make it happen.
---
src/or/hs_circuit.c | 13 +++++++++----
src/or/hs_circuit.h | 1 +
src/or/hs_ntor.c | 19 ++++++++++++++++---
src/or/hs_ntor.h | 4 ++--
src/test/test_hs_client.c | 4 +++-
src/test/test_hs_service.c | 4 +++-
6 files changed, 34 insertions(+), 11 deletions(-)
diff --git a/src/or/hs_circuit.c b/src/or/hs_circuit.c
index 42c5dcb..f2ea8f5 100644
--- a/src/or/hs_circuit.c
+++ b/src/or/hs_circuit.c
@@ -48,13 +48,17 @@ circuit_purpose_is_correct_for_rend(unsigned int circ_purpose, int is_service_si
* If <b>is_service_side</b> is set, we are the hidden service and the final
* hop of the rendezvous circuit is the client on the other side. */
static crypt_path_t *
-create_rend_cpath(const uint8_t *ntor_key_seed, int is_service_side)
+create_rend_cpath(const uint8_t *ntor_key_seed, size_t seed_len,
+ int is_service_side)
{
uint8_t keys[HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN];
crypt_path_t *cpath = NULL;
/* Do the key expansion */
- hs_ntor_circuit_key_expansion(ntor_key_seed, keys);
+ if (hs_ntor_circuit_key_expansion(ntor_key_seed, seed_len,
+ keys, sizeof(keys)) < 0) {
+ goto err;
+ }
/* Setup the cpath */
cpath = tor_malloc_zero(sizeof(crypt_path_t));
@@ -171,7 +175,7 @@ finalize_rend_circuit(origin_circuit_t *circ, crypt_path_t *hop,
* Return 0 if the operation went well; in case of error return -1. */
int
hs_circuit_setup_e2e_rend_circ(origin_circuit_t *circ,
- const uint8_t *ntor_key_seed,
+ const uint8_t *ntor_key_seed, size_t seed_len,
int is_service_side)
{
if (BUG(!circuit_purpose_is_correct_for_rend(TO_CIRCUIT(circ)->purpose,
@@ -179,7 +183,8 @@ hs_circuit_setup_e2e_rend_circ(origin_circuit_t *circ,
return -1;
}
- crypt_path_t *hop = create_rend_cpath(ntor_key_seed, is_service_side);
+ crypt_path_t *hop = create_rend_cpath(ntor_key_seed, seed_len,
+ is_service_side);
if (!hop) {
log_warn(LD_REND, "Couldn't get v3 %s cpath!",
is_service_side ? "service-side" : "client-side");
diff --git a/src/or/hs_circuit.h b/src/or/hs_circuit.h
index 1c2924c..71ce5c3 100644
--- a/src/or/hs_circuit.h
+++ b/src/or/hs_circuit.h
@@ -15,6 +15,7 @@
int hs_circuit_setup_e2e_rend_circ(origin_circuit_t *circ,
const uint8_t *ntor_key_seed,
+ size_t seed_len,
int is_service_side);
int hs_circuit_setup_e2e_rend_circ_legacy_client(origin_circuit_t *circ,
const uint8_t *rend_cell_body);
diff --git a/src/or/hs_ntor.c b/src/or/hs_ntor.c
index 668ef22..a416bc4 100644
--- a/src/or/hs_ntor.c
+++ b/src/or/hs_ntor.c
@@ -582,14 +582,25 @@ hs_ntor_client_rendezvous2_mac_is_good(
/** Given the rendezvous key seed in <b>ntor_key_seed</b> (of size
* DIGEST256_LEN), do the circuit key expansion as specified by section
* '4.2.1. Key expansion' and place the keys in <b>keys_out</b> (which must be
- * of size HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN). */
-void
-hs_ntor_circuit_key_expansion(const uint8_t *ntor_key_seed, uint8_t *keys_out)
+ * of size HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN).
+ *
+ * Return 0 if things went well, else return -1. */
+int
+hs_ntor_circuit_key_expansion(const uint8_t *ntor_key_seed, size_t seed_len,
+ uint8_t *keys_out, size_t keys_out_len)
{
uint8_t *ptr;
uint8_t kdf_input[NTOR_KEY_EXPANSION_KDF_INPUT_LEN];
crypto_xof_t *xof;
+ /* Sanity checks on lengths to make sure we are good */
+ if (BUG(seed_len != DIGEST256_LEN)) {
+ return -1;
+ }
+ if (BUG(keys_out_len != HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN)) {
+ return -1;
+ }
+
/* Let's build the input to the KDF */
ptr = kdf_input;
APPEND(ptr, ntor_key_seed, DIGEST256_LEN);
@@ -601,5 +612,7 @@ hs_ntor_circuit_key_expansion(const uint8_t *ntor_key_seed, uint8_t *keys_out)
crypto_xof_add_bytes(xof, kdf_input, sizeof(kdf_input));
crypto_xof_squeeze_bytes(xof, keys_out, HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN);
crypto_xof_free(xof);
+
+ return 0;
}
diff --git a/src/or/hs_ntor.h b/src/or/hs_ntor.h
index 3a97e17..37c3261 100644
--- a/src/or/hs_ntor.h
+++ b/src/or/hs_ntor.h
@@ -55,8 +55,8 @@ int hs_ntor_service_get_rendezvous1_keys(
const curve25519_public_key_t *client_ephemeral_enc_pubkey,
hs_ntor_rend_cell_keys_t *hs_ntor_rend_cell_keys_out);
-void hs_ntor_circuit_key_expansion(const uint8_t *ntor_key_seed,
- uint8_t *keys_out);
+int hs_ntor_circuit_key_expansion(const uint8_t *ntor_key_seed, size_t seed_len,
+ uint8_t *keys_out, size_t keys_out_len);
int hs_ntor_client_rendezvous2_mac_is_good(
const hs_ntor_rend_cell_keys_t *hs_ntor_rend_cell_keys,
diff --git a/src/test/test_hs_client.c b/src/test/test_hs_client.c
index 9e5fe04..938d3d2 100644
--- a/src/test/test_hs_client.c
+++ b/src/test/test_hs_client.c
@@ -243,7 +243,9 @@ test_e2e_rend_circuit_setup(void *arg)
/**********************************************/
/* Setup the circuit */
- retval = hs_circuit_setup_e2e_rend_circ(or_circ, ntor_key_seed, 0);
+ retval = hs_circuit_setup_e2e_rend_circ(or_circ,
+ ntor_key_seed, sizeof(ntor_key_seed),
+ 0);
tt_int_op(retval, OP_EQ, 0);
/**********************************************/
diff --git a/src/test/test_hs_service.c b/src/test/test_hs_service.c
index b5aaa0c..5793747 100644
--- a/src/test/test_hs_service.c
+++ b/src/test/test_hs_service.c
@@ -290,7 +290,9 @@ test_e2e_rend_circuit_setup(void *arg)
/* Setup the circuit: do the ntor key exchange */
{
uint8_t ntor_key_seed[DIGEST256_LEN] = {2};
- retval = hs_circuit_setup_e2e_rend_circ(or_circ, ntor_key_seed, 1);
+ retval = hs_circuit_setup_e2e_rend_circ(or_circ,
+ ntor_key_seed, sizeof(ntor_key_seed),
+ 1);
tt_int_op(retval, OP_EQ, 0);
}
More information about the tor-commits
mailing list