#include "digest.h"
#include "prf.h"
-/* Generate key material from a master secret and a seed, based on RFC 2246.
+/* Generate key material from a master secret and a seed, based on RFC 4346 section 5.
We use SHA512 and Whirlpool instead of MD5 and SHA1.
*/
-static bool prf_xor(int nid, char *secret, size_t secretlen, char *seed, size_t seedlen, char *out, ssize_t outlen) {
+static bool prf_xor(int nid, const char *secret, size_t secretlen, char *seed, size_t seedlen, char *out, ssize_t outlen) {
digest_t digest;
- if(!digest_open_by_nid(&digest, nid, 0))
+ if(!digest_open_by_nid(&digest, nid, -1))
return false;
if(!digest_set_key(&digest, secret, secretlen))
return true;
}
-bool prf(char *secret, size_t secretlen, char *seed, size_t seedlen, char *out, size_t outlen) {
+bool prf(const char *secret, size_t secretlen, char *seed, size_t seedlen, char *out, size_t outlen) {
/* Split secret in half, generate outlen bits with two different hash algorithms,
and XOR the results. */
memset(out, 0, outlen);
- return prf_xor(NID_sha512, secret, secretlen / 2, seed, seedlen, out, outlen)
- && prf_xor(NID_whirlpool, secret, secretlen / 2, seed, seedlen, out, outlen);
+ return prf_xor(NID_sha512, secret, (secretlen + 1) / 2, seed, seedlen, out, outlen)
+ && prf_xor(NID_whirlpool, secret + secretlen / 2, (secretlen + 1) / 2, seed, seedlen, out, outlen);
}
projects / tinc / blobdiff