Explicit length checks in create_rend_cpath().

Had to also edit hs_ntor_circuit_key_expansion() to make it happen.
2024-11-11 05:33:47 +01:00 · 2017-07-06 16:23:30 +03:00 · 2017-07-06 16:23:30 +03:00 · 70d08f764d
commit 70d08f764d
parent c4d17faf81
6 changed files with 34 additions and 11 deletions
--- a/src/or/hs_circuit.c
+++ b/src/or/hs_circuit.c
@ -48,13 +48,17 @@ circuit_purpose_is_correct_for_rend(unsigned int circ_purpose, int is_service_si
 * If <b>is_service_side</b> is set, we are the hidden service and the final
 * hop of the rendezvous circuit is the client on the other side. */
 static crypt_path_t *
-create_rend_cpath(const uint8_t *ntor_key_seed, int is_service_side)
+create_rend_cpath(const uint8_t *ntor_key_seed, size_t seed_len,
+                  int is_service_side)
 {
  uint8_t keys[HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN];
  crypt_path_t *cpath = NULL;

  /* Do the key expansion */
-  hs_ntor_circuit_key_expansion(ntor_key_seed, keys);
+  if (hs_ntor_circuit_key_expansion(ntor_key_seed, seed_len,
+                                    keys, sizeof(keys)) < 0) {
+    goto err;
+  }

  /* Setup the cpath */
  cpath = tor_malloc_zero(sizeof(crypt_path_t));
@ -171,7 +175,7 @@ finalize_rend_circuit(origin_circuit_t *circ, crypt_path_t *hop,
 * Return 0 if the operation went well; in case of error return -1. */
 int
 hs_circuit_setup_e2e_rend_circ(origin_circuit_t *circ,
-                               const uint8_t *ntor_key_seed,
+                               const uint8_t *ntor_key_seed, size_t seed_len,
                               int is_service_side)
 {
  if (BUG(!circuit_purpose_is_correct_for_rend(TO_CIRCUIT(circ)->purpose,
@ -179,7 +183,8 @@ hs_circuit_setup_e2e_rend_circ(origin_circuit_t *circ,
    return -1;
  }

-  crypt_path_t *hop = create_rend_cpath(ntor_key_seed, is_service_side);
+  crypt_path_t *hop = create_rend_cpath(ntor_key_seed, seed_len,
+                                        is_service_side);
  if (!hop) {
    log_warn(LD_REND, "Couldn't get v3 %s cpath!",
             is_service_side ? "service-side" : "client-side");
--- a/src/or/hs_circuit.h
+++ b/src/or/hs_circuit.h
@ -15,6 +15,7 @@

 int hs_circuit_setup_e2e_rend_circ(origin_circuit_t *circ,
                                   const uint8_t *ntor_key_seed,
+                                   size_t seed_len,
                                   int is_service_side);
 int hs_circuit_setup_e2e_rend_circ_legacy_client(origin_circuit_t *circ,
                                          const uint8_t *rend_cell_body);
--- a/src/or/hs_ntor.c
+++ b/src/or/hs_ntor.c
@ -582,14 +582,25 @@ hs_ntor_client_rendezvous2_mac_is_good(
 /** Given the rendezvous key seed in <b>ntor_key_seed</b> (of size
 *  DIGEST256_LEN), do the circuit key expansion as specified by section
 *  '4.2.1. Key expansion' and place the keys in <b>keys_out</b> (which must be
- *  of size HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN). */
-void
-hs_ntor_circuit_key_expansion(const uint8_t *ntor_key_seed, uint8_t *keys_out)
+ *  of size HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN).
+ *
+ * Return 0 if things went well, else return -1. */
+int
+hs_ntor_circuit_key_expansion(const uint8_t *ntor_key_seed, size_t seed_len,
+                              uint8_t *keys_out, size_t keys_out_len)
 {
  uint8_t *ptr;
  uint8_t kdf_input[NTOR_KEY_EXPANSION_KDF_INPUT_LEN];
  crypto_xof_t *xof;

+  /* Sanity checks on lengths to make sure we are good */
+  if (BUG(seed_len != DIGEST256_LEN)) {
+    return -1;
+  }
+  if (BUG(keys_out_len != HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN)) {
+    return -1;
+  }
+
  /* Let's build the input to the KDF */
  ptr = kdf_input;
  APPEND(ptr, ntor_key_seed, DIGEST256_LEN);
@ -601,5 +612,7 @@ hs_ntor_circuit_key_expansion(const uint8_t *ntor_key_seed, uint8_t *keys_out)
  crypto_xof_add_bytes(xof, kdf_input, sizeof(kdf_input));
  crypto_xof_squeeze_bytes(xof, keys_out, HS_NTOR_KEY_EXPANSION_KDF_OUT_LEN);
  crypto_xof_free(xof);
+
+  return 0;
 }

--- a/src/or/hs_ntor.h
+++ b/src/or/hs_ntor.h
@ -55,8 +55,8 @@ int hs_ntor_service_get_rendezvous1_keys(
                  const curve25519_public_key_t *client_ephemeral_enc_pubkey,
                  hs_ntor_rend_cell_keys_t *hs_ntor_rend_cell_keys_out);

-void hs_ntor_circuit_key_expansion(const uint8_t *ntor_key_seed,
-                                   uint8_t *keys_out);
+int hs_ntor_circuit_key_expansion(const uint8_t *ntor_key_seed, size_t seed_len,
+                                  uint8_t *keys_out, size_t keys_out_len);

 int hs_ntor_client_rendezvous2_mac_is_good(
                        const hs_ntor_rend_cell_keys_t *hs_ntor_rend_cell_keys,
--- a/src/test/test_hs_client.c
+++ b/src/test/test_hs_client.c
@ -243,7 +243,9 @@ test_e2e_rend_circuit_setup(void *arg)
  /**********************************************/

  /* Setup the circuit */
-  retval = hs_circuit_setup_e2e_rend_circ(or_circ, ntor_key_seed, 0);
+  retval = hs_circuit_setup_e2e_rend_circ(or_circ,
+                                          ntor_key_seed, sizeof(ntor_key_seed),
+                                          0);
  tt_int_op(retval, OP_EQ, 0);

  /**********************************************/
--- a/src/test/test_hs_service.c
+++ b/src/test/test_hs_service.c
@ -290,7 +290,9 @@ test_e2e_rend_circuit_setup(void *arg)
  /* Setup the circuit: do the ntor key exchange */
  {
    uint8_t ntor_key_seed[DIGEST256_LEN] = {2};
-    retval = hs_circuit_setup_e2e_rend_circ(or_circ, ntor_key_seed, 1);
+    retval = hs_circuit_setup_e2e_rend_circ(or_circ,
+                                            ntor_key_seed, sizeof(ntor_key_seed),
+                                            1);
    tt_int_op(retval, OP_EQ, 0);
  }