[GNUnet-SVN] r12056 - gnunet/src/util

[gnunet]

Author: durner
Date: 2010-06-30 00:23:08 +0200 (Wed, 30 Jun 2010)
New Revision: 12056

Modified:
   gnunet/src/util/crypto_hkdf.c
Log:
The zeroed K(i)-field for K(1) was not included in the RFC (Appendix D, point 5 
of the *revised* (Crypto'2010) paper)

Modified: gnunet/src/util/crypto_hkdf.c
===================================================================
--- gnunet/src/util/crypto_hkdf.c       2010-06-29 21:30:42 UTC (rev 12055)
+++ gnunet/src/util/crypto_hkdf.c       2010-06-29 22:23:08 UTC (rev 12056)
@@ -132,29 +132,33 @@
     goto hkdf_error;
 dump(prk, xtr_len);
 
+  t = out_len / k;
+  d = out_len % k;
+
   /* K(1) */
-  plain_len = k + ctx_len + 4;
+  plain_len = k + ctx_len + 1;
   plain = GNUNET_malloc (plain_len);
-  memset (plain, 0, k);
-  memcpy (plain + k, ctx, ctx_len);
-  t = out_len / k;
   if (t > 0)
     {
-      memset (plain + k + ctx_len, 0, 4);
+      memcpy (plain, ctx, ctx_len);
+      memset (plain + ctx_len, 1, 1);
       gcry_md_reset (prf);
 dump(plain, plain_len);
-      hc = doHMAC (prf, prk, xtr_len, plain, plain_len);
+      hc = doHMAC (prf, prk, xtr_len, plain, ctx_len + 1);
       if (hc == NULL)
         goto hkdf_error;
       memcpy (result, hc, k);
       result += k;
     }
 
+  if (t > 1 || d > 0)
+    memcpy (plain + k, ctx, ctx_len);
+
   /* K(i+1) */
   for (i = 1; i < t; i++)
     {
       memcpy (plain, result - k, k);
-      memcpy (plain + k + ctx_len, &i, 4);
+      memset (plain + k + ctx_len, i + 1, 1);
       gcry_md_reset (prf);
 dump(plain, plain_len);
       hc = doHMAC (prf, prk, xtr_len, plain, plain_len);
@@ -165,12 +169,11 @@
     }
 
   /* K(t):d */
-  d = out_len % k;
   if (d > 0)
     {
       if (t > 0)
         memcpy (plain, result - k, k);
-      memcpy (plain + k + ctx_len, &i, 4);
+      memset (plain + k + ctx_len, i + 1, 1);
       gcry_md_reset (prf);
 dump(plain, plain_len);
       hc = doHMAC (prf, prk, xtr_len, plain, plain_len);