diff options
author | Christian Grothoff <grothoff@gnunet.org> | 2022-03-28 13:58:24 +0200 |
---|---|---|
committer | Christian Grothoff <grothoff@gnunet.org> | 2022-03-28 13:58:24 +0200 |
commit | 452aa5391b75ab6637b62398f9b0627593570d5d (patch) | |
tree | 37a7c117c8bc8ce06bd611b4dfaa8f996c6a3ede /src | |
parent | 69e887bb68064ddf40db83d46ae3333659112db4 (diff) | |
download | anastasis-452aa5391b75ab6637b62398f9b0627593570d5d.tar.gz anastasis-452aa5391b75ab6637b62398f9b0627593570d5d.tar.bz2 anastasis-452aa5391b75ab6637b62398f9b0627593570d5d.zip |
-code cleanup
Diffstat (limited to 'src')
-rw-r--r-- | src/util/anastasis_crypto.c | 46 |
1 files changed, 22 insertions, 24 deletions
diff --git a/src/util/anastasis_crypto.c b/src/util/anastasis_crypto.c index 89750e4..b4b87da 100644 --- a/src/util/anastasis_crypto.c +++ b/src/util/anastasis_crypto.c @@ -91,28 +91,23 @@ derive_key (const void *key_material, const char *salt, struct ANASTASIS_CRYPTO_SymKeyP *key) { - if (GNUNET_YES != - GNUNET_CRYPTO_kdf (key, - sizeof (struct ANASTASIS_CRYPTO_SymKeyP), - /* salt / XTS */ - nonce, - sizeof (struct ANASTASIS_CRYPTO_NonceP), - /* ikm */ - key_material, - key_m_len, - /* info chunks */ - /* The "salt" passed here is actually not something random, - but a protocol-specific identifier string. Thus - we pass it as a context info to the HKDF */ - salt, - strlen (salt), - NULL, - 0)) - { - // FIXME: Huh?! Why would we continue here? - GNUNET_break (0); - return; - } + GNUNET_assert (GNUNET_YES == + GNUNET_CRYPTO_kdf (key, + sizeof (*key), + /* salt / XTS */ + nonce, + sizeof (*nonce), + /* ikm */ + key_material, + key_m_len, + /* info chunks */ + /* The "salt" passed here is actually not something random, + but a protocol-specific identifier string. Thus + we pass it as a context info to the HKDF */ + salt, + strlen (salt), + NULL, + 0)); } @@ -185,8 +180,11 @@ anastasis_decrypt (const void *key, struct ANASTASIS_CRYPTO_SymKeyP skey; size_t plaintext_size; - GNUNET_assert (data_size >= crypto_secretbox_NONCEBYTES - + crypto_secretbox_MACBYTES); + if (data_size < crypto_secretbox_NONCEBYTES + crypto_secretbox_MACBYTES) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } nonce = data; derive_key (key, key_len, |