Re: [tor-bugs] #17556 [Tor]: Doc or implementation error in NTor handshake

["Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>]

#17556: Doc or implementation error in NTor handshake
--------------------+---------------------------
 Reporter:  awick   |          Owner:
     Type:  defect  |         Status:  closed
 Priority:  Medium  |      Milestone:
Component:  Tor     |        Version:
 Severity:  Normal  |     Resolution:  not a bug
 Keywords:          |  Actual Points:
Parent ID:          |         Points:
  Sponsor:          |
--------------------+---------------------------
Changes (by yawning):

 * status:  new => closed
 * resolution:   => not a bug


Comment:

 `  crypto_hmac_sha256((char*)out, tweak, tweak_len, (const char*)inp,
 inp_len);`

 calls:

 {{{
 void
 crypto_hmac_sha256(char *hmac_out,
                    const char *key, size_t key_len,
                    const char *msg, size_t msg_len)
 {
   /* If we've got OpenSSL >=0.9.8 we can use its hmac implementation. */
   tor_assert(key_len < INT_MAX);
   tor_assert(msg_len < INT_MAX);
   HMAC(EVP_sha256(), key, (int)key_len, (unsigned char*)msg, (int)msg_len,
        (unsigned char*)hmac_out, NULL);
 }
 }}}

 Resulting in behavior as specified (The spec defines `H(x,t)`, the code
 expects to be called as `H(t,x)`).  The spec would be clearer and more in
 line with how HMAC constructs are usually defined if everything was
 written down as `H(t,x)`, but there's nothing wrong with either the code
 or spec at present beyond being confusing.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17556#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs