[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [tor/master] Use a better salted-MAC construction in build_mac()



commit c189cb5cc29e92e55f8e94b5531d2626eff71d63
Author: Nick Mathewson <nickm@xxxxxxxxxxxxxx>
Date:   Fri Nov 4 13:15:28 2016 -0400

    Use a better salted-MAC construction in build_mac()
---
 src/or/hs_descriptor.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/or/hs_descriptor.c b/src/or/hs_descriptor.c
index 7868c05..a0ddf27 100644
--- a/src/or/hs_descriptor.c
+++ b/src/or/hs_descriptor.c
@@ -481,8 +481,7 @@ build_secret_key_iv_mac(const hs_descriptor_t *desc,
 }
 
 /* Using a key, salt and encrypted payload, build a MAC and put it in mac_out.
- * The length of the mac key and salt must be fixed and if not, you can't rely
- * on the result to be a valid MAC. We use SHA3-256 for the MAC computation.
+ * We use SHA3-256 for the MAC computation.
  * This function can't fail. */
 static void
 build_mac(const uint8_t *mac_key, size_t mac_key_len,
@@ -492,6 +491,9 @@ build_mac(const uint8_t *mac_key, size_t mac_key_len,
 {
   crypto_digest_t *digest;
 
+  const uint64_t mac_len_netorder = tor_htonll(mac_key_len);
+  const uint64_t salt_len_netorder = tor_htonll(salt_len);
+
   tor_assert(mac_key);
   tor_assert(salt);
   tor_assert(encrypted);
@@ -500,7 +502,10 @@ build_mac(const uint8_t *mac_key, size_t mac_key_len,
   digest = crypto_digest256_new(DIGEST_SHA3_256);
   /* As specified in section 2.5 of proposal 224, first add the mac key
    * then add the salt first and then the encrypted section. */
+
+  crypto_digest_add_bytes(digest, (const char *) &mac_len_netorder, 8);
   crypto_digest_add_bytes(digest, (const char *) mac_key, mac_key_len);
+  crypto_digest_add_bytes(digest, (const char *) &salt_len_netorder, 8);
   crypto_digest_add_bytes(digest, (const char *) salt, salt_len);
   crypto_digest_add_bytes(digest, (const char *) encrypted, encrypted_len);
   crypto_digest_get_digest(digest, (char *) mac_out, mac_len);



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits