mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-28 06:13:31 +01:00
hs: Use AES-256 for v3 descriptor
That key size is taken from proposal 224 thus specified in the protocol. Closes #20569 Signed-off-by: David Goulet <dgoulet@torproject.org>
This commit is contained in:
parent
963e70673a
commit
870b5e2227
@ -59,10 +59,12 @@
|
||||
#define DIGEST256_LEN 32
|
||||
/** Length of the output of our 64-bit optimized message digests (SHA512). */
|
||||
#define DIGEST512_LEN 64
|
||||
/** Length of our symmetric cipher's keys. */
|
||||
/** Length of our symmetric cipher's keys of 128-bit. */
|
||||
#define CIPHER_KEY_LEN 16
|
||||
/** Length of our symmetric cipher's IV. */
|
||||
/** Length of our symmetric cipher's IV of 128-bit. */
|
||||
#define CIPHER_IV_LEN 16
|
||||
/** Length of our symmetric cipher's keys of 256-bit. */
|
||||
#define CIPHER256_KEY_LEN 32
|
||||
/** Length of our public keys. */
|
||||
#define PK_BYTES (1024/8)
|
||||
/** Length of our DH keys. */
|
||||
|
@ -541,8 +541,9 @@ build_encrypted(const uint8_t *key, const uint8_t *iv, const char *plaintext,
|
||||
tor_assert(plaintext);
|
||||
tor_assert(encrypted_out);
|
||||
|
||||
/* This creates a cipher for AES128. It can't fail. */
|
||||
cipher = crypto_cipher_new_with_iv((const char *) key, (const char *) iv);
|
||||
/* This creates a cipher for AES. It can't fail. */
|
||||
cipher = crypto_cipher_new_with_iv_and_bits(key, iv,
|
||||
HS_DESC_ENCRYPTED_BIT_SIZE);
|
||||
/* This can't fail. */
|
||||
encrypted_len = build_plaintext_padding(plaintext, plaintext_len,
|
||||
&padded_plaintext);
|
||||
@ -573,7 +574,7 @@ encrypt_descriptor_data(const hs_descriptor_t *desc, const char *plaintext,
|
||||
size_t encrypted_len, final_blob_len, offset = 0;
|
||||
uint8_t *encrypted;
|
||||
uint8_t salt[HS_DESC_ENCRYPTED_SALT_LEN];
|
||||
uint8_t secret_key[CIPHER_KEY_LEN], secret_iv[CIPHER_IV_LEN];
|
||||
uint8_t secret_key[HS_DESC_ENCRYPTED_KEY_LEN], secret_iv[CIPHER_IV_LEN];
|
||||
uint8_t mac_key[DIGEST256_LEN], mac[DIGEST256_LEN];
|
||||
|
||||
tor_assert(desc);
|
||||
@ -1058,7 +1059,7 @@ static size_t
|
||||
desc_decrypt_data_v3(const hs_descriptor_t *desc, char **decrypted_out)
|
||||
{
|
||||
uint8_t *decrypted = NULL;
|
||||
uint8_t secret_key[CIPHER_KEY_LEN], secret_iv[CIPHER_IV_LEN];
|
||||
uint8_t secret_key[HS_DESC_ENCRYPTED_KEY_LEN], secret_iv[CIPHER_IV_LEN];
|
||||
uint8_t mac_key[DIGEST256_LEN], our_mac[DIGEST256_LEN];
|
||||
const uint8_t *salt, *encrypted, *desc_mac;
|
||||
size_t encrypted_len, result_len = 0;
|
||||
@ -1118,8 +1119,9 @@ desc_decrypt_data_v3(const hs_descriptor_t *desc, char **decrypted_out)
|
||||
/* Decrypt. Here we are assured that the encrypted length is valid for
|
||||
* decryption. */
|
||||
crypto_cipher_t *cipher;
|
||||
cipher = crypto_cipher_new_with_iv((const char *) secret_key,
|
||||
(const char *) secret_iv);
|
||||
|
||||
cipher = crypto_cipher_new_with_iv_and_bits(secret_key, secret_iv,
|
||||
HS_DESC_ENCRYPTED_BIT_SIZE);
|
||||
/* Extra byte for the NUL terminated byte. */
|
||||
decrypted = tor_malloc_zero(encrypted_len + 1);
|
||||
crypto_cipher_decrypt(cipher, (char *) decrypted,
|
||||
|
@ -40,7 +40,7 @@
|
||||
/* Length of the KDF output value which is the length of the secret key,
|
||||
* the secret IV and MAC key length which is the length of H() output. */
|
||||
#define HS_DESC_ENCRYPTED_KDF_OUTPUT_LEN \
|
||||
CIPHER_KEY_LEN + CIPHER_IV_LEN + DIGEST256_LEN
|
||||
CIPHER256_KEY_LEN + CIPHER_IV_LEN + DIGEST256_LEN
|
||||
/* We need to pad the plaintext version of the encrypted data section before
|
||||
* encryption and it has to be a multiple of this value. */
|
||||
#define HS_DESC_PLAINTEXT_PADDING_MULTIPLE 128
|
||||
@ -60,6 +60,12 @@
|
||||
* view of a descriptor, is 1 that is the version field. */
|
||||
#define HS_DESC_PLAINTEXT_MIN_FIELDS 1
|
||||
|
||||
/* Key length for the descriptor symmetric encryption. As specified in the
|
||||
* protocol, we use AES-256 for the encrypted section of the descriptor. The
|
||||
* following is the length in bytes and the bit size. */
|
||||
#define HS_DESC_ENCRYPTED_KEY_LEN CIPHER256_KEY_LEN
|
||||
#define HS_DESC_ENCRYPTED_BIT_SIZE (HS_DESC_ENCRYPTED_KEY_LEN * 8)
|
||||
|
||||
/* Type of authentication in the descriptor. */
|
||||
typedef enum {
|
||||
HS_DESC_AUTH_PASSWORD = 1,
|
||||
|
Loading…
Reference in New Issue
Block a user