* verify message integrity. Everything after this hash (including
* this hash itself) will be encrypted.
*/
- GNUNET_HashCode plaintext_hash;
+ GNUNET_HashCode hmac;
/**
* Sequence number, in network byte order. This field
em->header.type = htons (GNUNET_MESSAGE_TYPE_CORE_ENCRYPTED_MESSAGE);
em->iv_seed = ph->iv_seed;
esize = used - ENCRYPTED_HEADER_SIZE;
- GNUNET_CRYPTO_hash (&ph->sequence_number,
+ GNUNET_CRYPTO_hmac (&n->encrypt_key,
+ &ph->sequence_number,
esize - sizeof (GNUNET_HashCode),
- &ph->plaintext_hash);
+ &ph->hmac);
GNUNET_CRYPTO_hash (&ph->iv_seed, sizeof (uint32_t), &iv);
#if DEBUG_HANDSHAKE
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Hashed %u bytes of plaintext (`%s') using IV `%d'\n",
(unsigned int) (esize - sizeof (GNUNET_HashCode)),
- GNUNET_h2s (&ph->plaintext_hash),
+ GNUNET_h2s (&ph->hmac),
(int) ph->iv_seed);
#endif
/* encrypt */
GNUNET_assert (GNUNET_OK ==
do_encrypt (n,
&iv,
- &ph->plaintext_hash,
- &em->plaintext_hash, esize));
+ &ph->hmac,
+ &em->hmac, esize));
/* append to transmission list */
GNUNET_CONTAINER_DLL_insert_after (n->encrypted_head,
n->encrypted_tail,
if (GNUNET_OK !=
do_decrypt (n,
&iv,
- &m->plaintext_hash,
+ &m->hmac,
&buf[ENCRYPTED_HEADER_SIZE],
size - ENCRYPTED_HEADER_SIZE))
return;
pt = (struct EncryptedMessage *) buf;
/* validate hash */
- GNUNET_CRYPTO_hash (&pt->sequence_number,
+ GNUNET_CRYPTO_hmac (&n->decrypt_key,
+ &pt->sequence_number,
size - ENCRYPTED_HEADER_SIZE - sizeof (GNUNET_HashCode), &ph);
#if DEBUG_HANDSHAKE
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
(int) m->iv_seed);
#endif
if (0 != memcmp (&ph,
- &pt->plaintext_hash,
+ &pt->hmac,
sizeof (GNUNET_HashCode)))
{
/* checksum failed */
GNUNET_HashCode * ret);
+/**
+ * Calculate HMAC of a message (RFC 2104)
+ *
+ * @param key secret key
+ * @param plaintext input plaintext
+ * @param plaintext_len length of plaintext
+ * @param hmac where to store the hmac
+ */
+void
+GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AesSessionKey *key,
+ const void *plaintext,
+ size_t plaintext_len,
+ GNUNET_HashCode *hmac);
+
+
/**
* Function called once the hash computation over the
* specified file has completed.
return 0;
}
+
+/**
+ * Calculate HMAC of a message (RFC 2104)
+ *
+ * @param key secret key
+ * @param plaintext input plaintext
+ * @param plaintext_len length of plaintext
+ * @param hmac where to store the hmac
+ */
+void
+GNUNET_CRYPTO_hmac (const struct GNUNET_CRYPTO_AesSessionKey *key,
+ const void *plaintext,
+ size_t plaintext_len,
+ GNUNET_HashCode *hmac)
+{
+ GNUNET_HashCode kh;
+ GNUNET_HashCode ipad;
+ GNUNET_HashCode opad;
+ GNUNET_HashCode him;
+ struct sha512_ctx sctx;
+
+ memset (&kh, 0, sizeof (kh));
+ GNUNET_assert (sizeof (GNUNET_HashCode) > sizeof (struct GNUNET_CRYPTO_AesSessionKey));
+ memcpy (&kh, key, sizeof (struct GNUNET_CRYPTO_AesSessionKey));
+ memset (&ipad, 0x5c, sizeof (ipad));
+ memset (&opad, 0x36, sizeof (opad));
+ GNUNET_CRYPTO_hash_xor (&ipad, &kh, &ipad);
+ GNUNET_CRYPTO_hash_xor (&opad, &kh, &opad);
+ sha512_init (&sctx);
+ sha512_update (&sctx, (const unsigned char*) &ipad, sizeof (ipad));
+ sha512_update (&sctx, plaintext, plaintext_len);
+ sha512_final (&sctx, (unsigned char*) &him);
+ sha512_init (&sctx);
+ sha512_update (&sctx, (const unsigned char*) &opad, sizeof (opad));
+ sha512_update (&sctx, (const unsigned char*) &him, sizeof (him));
+ sha512_final (&sctx, (unsigned char*) hmac);
+}
+
+
/* end of crypto_hash.c */
projects / oweals / gnunet.git / commitdiff