Loading src/common/crypto.c +1 −1 Original line number Diff line number Diff line Loading @@ -3008,7 +3008,7 @@ base32_decode(char *dest, size_t destlen, const char *src, size_t srclen) * Does not support <b>key_out_len</b> > DIGEST_LEN. */ void secret_to_key(char *key_out, size_t key_out_len, const char *secret, secret_to_key_rfc2440(char *key_out, size_t key_out_len, const char *secret, size_t secret_len, const char *s2k_specifier) { crypto_digest_t *d; Loading src/common/crypto.h +3 −2 Original line number Diff line number Diff line Loading @@ -282,8 +282,9 @@ int digest256_from_base64(char *digest, const char *d64); /** Length of RFC2440-style S2K specifier: the first 8 bytes are a salt, the * 9th describes how much iteration to do. */ #define S2K_SPECIFIER_LEN 9 void secret_to_key(char *key_out, size_t key_out_len, const char *secret, #define S2K_RFC2440_SPECIFIER_LEN 9 void secret_to_key_rfc2440( char *key_out, size_t key_out_len, const char *secret, size_t secret_len, const char *s2k_specifier); /** OpenSSL-based utility functions. */ Loading src/or/control.c +10 −6 Original line number Diff line number Diff line Loading @@ -993,7 +993,8 @@ handle_control_setevents(control_connection_t *conn, uint32_t len, /** Decode the hashed, base64'd passwords stored in <b>passwords</b>. * Return a smartlist of acceptable passwords (unterminated strings of * length S2K_SPECIFIER_LEN+DIGEST_LEN) on success, or NULL on failure. * length S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN) on success, or NULL on * failure. */ smartlist_t * decode_hashed_passwords(config_line_t *passwords) Loading @@ -1009,16 +1010,17 @@ decode_hashed_passwords(config_line_t *passwords) if (!strcmpstart(hashed, "16:")) { if (base16_decode(decoded, sizeof(decoded), hashed+3, strlen(hashed+3))<0 || strlen(hashed+3) != (S2K_SPECIFIER_LEN+DIGEST_LEN)*2) { || strlen(hashed+3) != (S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN)*2) { goto err; } } else { if (base64_decode(decoded, sizeof(decoded), hashed, strlen(hashed)) != S2K_SPECIFIER_LEN+DIGEST_LEN) { != S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN) { goto err; } } smartlist_add(sl, tor_memdup(decoded, S2K_SPECIFIER_LEN+DIGEST_LEN)); smartlist_add(sl, tor_memdup(decoded, S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN)); } return sl; Loading Loading @@ -1171,8 +1173,10 @@ handle_control_authenticate(control_connection_t *conn, uint32_t len, } else { SMARTLIST_FOREACH(sl, char *, expected, { secret_to_key(received,DIGEST_LEN,password,password_len,expected); if (tor_memeq(expected+S2K_SPECIFIER_LEN, received, DIGEST_LEN)) secret_to_key_rfc2440(received,DIGEST_LEN, password,password_len,expected); if (tor_memeq(expected + S2K_RFC2440_SPECIFIER_LEN, received, DIGEST_LEN)) goto ok; }); SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp)); Loading src/or/main.c +4 −4 Original line number Diff line number Diff line Loading @@ -2674,11 +2674,11 @@ do_hash_password(void) { char output[256]; char key[S2K_SPECIFIER_LEN+DIGEST_LEN]; char key[S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN]; crypto_rand(key, S2K_SPECIFIER_LEN-1); key[S2K_SPECIFIER_LEN-1] = (uint8_t)96; /* Hash 64 K of data. */ secret_to_key(key+S2K_SPECIFIER_LEN, DIGEST_LEN, crypto_rand(key, S2K_RFC2440_SPECIFIER_LEN-1); key[S2K_RFC2440_SPECIFIER_LEN-1] = (uint8_t)96; /* Hash 64 K of data. */ secret_to_key_rfc2440(key+S2K_RFC2440_SPECIFIER_LEN, DIGEST_LEN, get_options()->command_arg, strlen(get_options()->command_arg), key); base16_encode(output, sizeof(output), key, sizeof(key)); Loading src/test/test_crypto.c +2 −2 Original line number Diff line number Diff line Loading @@ -708,7 +708,7 @@ test_crypto_s2k(void) buf3 = tor_malloc(65536); memset(buf3, 0, 65536); secret_to_key(buf+9, 20, "", 0, buf); secret_to_key_rfc2440(buf+9, 20, "", 0, buf); crypto_digest(buf2+9, buf3, 1024); test_memeq(buf, buf2, 29); Loading @@ -716,7 +716,7 @@ test_crypto_s2k(void) memcpy(buf2,"vrbacrda",8); buf[8] = 96; buf2[8] = 96; secret_to_key(buf+9, 20, "12345678", 8, buf); secret_to_key_rfc2440(buf+9, 20, "12345678", 8, buf); for (i = 0; i < 65536; i += 16) { memcpy(buf3+i, "vrbacrda12345678", 16); } Loading Loading
src/common/crypto.c +1 −1 Original line number Diff line number Diff line Loading @@ -3008,7 +3008,7 @@ base32_decode(char *dest, size_t destlen, const char *src, size_t srclen) * Does not support <b>key_out_len</b> > DIGEST_LEN. */ void secret_to_key(char *key_out, size_t key_out_len, const char *secret, secret_to_key_rfc2440(char *key_out, size_t key_out_len, const char *secret, size_t secret_len, const char *s2k_specifier) { crypto_digest_t *d; Loading
src/common/crypto.h +3 −2 Original line number Diff line number Diff line Loading @@ -282,8 +282,9 @@ int digest256_from_base64(char *digest, const char *d64); /** Length of RFC2440-style S2K specifier: the first 8 bytes are a salt, the * 9th describes how much iteration to do. */ #define S2K_SPECIFIER_LEN 9 void secret_to_key(char *key_out, size_t key_out_len, const char *secret, #define S2K_RFC2440_SPECIFIER_LEN 9 void secret_to_key_rfc2440( char *key_out, size_t key_out_len, const char *secret, size_t secret_len, const char *s2k_specifier); /** OpenSSL-based utility functions. */ Loading
src/or/control.c +10 −6 Original line number Diff line number Diff line Loading @@ -993,7 +993,8 @@ handle_control_setevents(control_connection_t *conn, uint32_t len, /** Decode the hashed, base64'd passwords stored in <b>passwords</b>. * Return a smartlist of acceptable passwords (unterminated strings of * length S2K_SPECIFIER_LEN+DIGEST_LEN) on success, or NULL on failure. * length S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN) on success, or NULL on * failure. */ smartlist_t * decode_hashed_passwords(config_line_t *passwords) Loading @@ -1009,16 +1010,17 @@ decode_hashed_passwords(config_line_t *passwords) if (!strcmpstart(hashed, "16:")) { if (base16_decode(decoded, sizeof(decoded), hashed+3, strlen(hashed+3))<0 || strlen(hashed+3) != (S2K_SPECIFIER_LEN+DIGEST_LEN)*2) { || strlen(hashed+3) != (S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN)*2) { goto err; } } else { if (base64_decode(decoded, sizeof(decoded), hashed, strlen(hashed)) != S2K_SPECIFIER_LEN+DIGEST_LEN) { != S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN) { goto err; } } smartlist_add(sl, tor_memdup(decoded, S2K_SPECIFIER_LEN+DIGEST_LEN)); smartlist_add(sl, tor_memdup(decoded, S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN)); } return sl; Loading Loading @@ -1171,8 +1173,10 @@ handle_control_authenticate(control_connection_t *conn, uint32_t len, } else { SMARTLIST_FOREACH(sl, char *, expected, { secret_to_key(received,DIGEST_LEN,password,password_len,expected); if (tor_memeq(expected+S2K_SPECIFIER_LEN, received, DIGEST_LEN)) secret_to_key_rfc2440(received,DIGEST_LEN, password,password_len,expected); if (tor_memeq(expected + S2K_RFC2440_SPECIFIER_LEN, received, DIGEST_LEN)) goto ok; }); SMARTLIST_FOREACH(sl, char *, cp, tor_free(cp)); Loading
src/or/main.c +4 −4 Original line number Diff line number Diff line Loading @@ -2674,11 +2674,11 @@ do_hash_password(void) { char output[256]; char key[S2K_SPECIFIER_LEN+DIGEST_LEN]; char key[S2K_RFC2440_SPECIFIER_LEN+DIGEST_LEN]; crypto_rand(key, S2K_SPECIFIER_LEN-1); key[S2K_SPECIFIER_LEN-1] = (uint8_t)96; /* Hash 64 K of data. */ secret_to_key(key+S2K_SPECIFIER_LEN, DIGEST_LEN, crypto_rand(key, S2K_RFC2440_SPECIFIER_LEN-1); key[S2K_RFC2440_SPECIFIER_LEN-1] = (uint8_t)96; /* Hash 64 K of data. */ secret_to_key_rfc2440(key+S2K_RFC2440_SPECIFIER_LEN, DIGEST_LEN, get_options()->command_arg, strlen(get_options()->command_arg), key); base16_encode(output, sizeof(output), key, sizeof(key)); Loading
src/test/test_crypto.c +2 −2 Original line number Diff line number Diff line Loading @@ -708,7 +708,7 @@ test_crypto_s2k(void) buf3 = tor_malloc(65536); memset(buf3, 0, 65536); secret_to_key(buf+9, 20, "", 0, buf); secret_to_key_rfc2440(buf+9, 20, "", 0, buf); crypto_digest(buf2+9, buf3, 1024); test_memeq(buf, buf2, 29); Loading @@ -716,7 +716,7 @@ test_crypto_s2k(void) memcpy(buf2,"vrbacrda",8); buf[8] = 96; buf2[8] = 96; secret_to_key(buf+9, 20, "12345678", 8, buf); secret_to_key_rfc2440(buf+9, 20, "12345678", 8, buf); for (i = 0; i < 65536; i += 16) { memcpy(buf3+i, "vrbacrda12345678", 16); } Loading