commit 0120fe8345d6592bd61c0ae4df1c3db34155715c
parent f9b3f95b133dd98289ccd165966896fc0af5860d
Author: Florian Dold <florian@dold.me>
Date: Tue, 19 Oct 2021 14:07:27 +0200
sort out HKDF invocations (salt vs ikm vs info)
Diffstat:
1 file changed, 25 insertions(+), 7 deletions(-)
diff --git a/src/util/anastasis_crypto.c b/src/util/anastasis_crypto.c
@@ -61,12 +61,15 @@ ANASTASIS_CRYPTO_secure_answer_hash (
GNUNET_CRYPTO_kdf (
result,
sizeof (*result),
- "Anastasis-secure-question-uuid-salting",
- strlen ("Anastasis-secure-question-uuid-salting"),
- &pow,
- sizeof (pow),
+ /* salt / XTS */
uuid,
sizeof (*uuid),
+ /* skm */
+ &pow,
+ sizeof (pow),
+ /* info chunks */
+ "anastasis-secure-question-hashing",
+ strlen ("anastasis-secure-question-hashing"),
NULL,
0));
}
@@ -88,14 +91,19 @@ derive_key (const void *key_material,
const char *salt,
struct ANASTASIS_CRYPTO_SymKeyP *key)
{
-
if (GNUNET_YES !=
GNUNET_CRYPTO_kdf (key,
sizeof (struct ANASTASIS_CRYPTO_SymKeyP),
+ /* salt / XTS */
nonce,
sizeof (struct ANASTASIS_CRYPTO_NonceP),
+ /* ikm */
key_material,
key_m_len,
+ /* info chunks */
+ /* The "salt" passed here is actually not something random,
+ but a protocol-specific identifier string. Thus
+ we pass it as a context info to the HKDF */
salt,
strlen (salt),
NULL,
@@ -230,8 +238,13 @@ ANASTASIS_CRYPTO_account_private_key_derive (
if (GNUNET_YES !=
GNUNET_CRYPTO_kdf (&priv_key->priv,
sizeof (priv_key->priv),
+ /* salt / XTS */
+ NULL,
+ 0,
+ /* ikm */
id,
sizeof (struct ANASTASIS_CRYPTO_UserIdentifierP),
+ /* context chunks */
"ver",
strlen ("ver"),
NULL,
@@ -422,10 +435,15 @@ ANASTASIS_CRYPTO_policy_key_derive (
{
GNUNET_CRYPTO_kdf (policy_key,
sizeof (*policy_key),
- key_shares,
- keyshare_length * sizeof (*key_shares),
+ /* salt / XTS */
salt,
sizeof (*salt),
+ /* ikm */
+ key_shares,
+ keyshare_length * sizeof (*key_shares),
+ /* info chunks */
+ "anastasis-policy-key-derive",
+ strlen ("anastasis-policy-key-derive"),
NULL, 0);
}
