Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Use safe_mem_is_zero for checking curve25519 output for 0-ness

This should make the intent more explicit.  Probably needless, though.
Nick Mathewson 11 years ago
parent
f07a5125cb
commit
5f219ddd02
2 changed files with 5 additions and 25 deletions
Split View Show Diff Stats
  1. 1 5
      src/common/crypto_curve25519.c
  2. 4 20
      src/or/onion_ntor.c

+ 1 - 5
src/common/crypto_curve25519.c
View File 

@@ -49,11 +49,7 @@ curve25519_impl(uint8_t *output, const uint8_t *secret,
 
 int
 
 curve25519_public_key_is_ok(const curve25519_public_key_t *key)
 
 {
 
-  static const uint8_t zero[] =
 
-    "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"
 
-    "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
 
-
 
-  return tor_memneq(key->public_key, zero, CURVE25519_PUBKEY_LEN);
 
+  return !safe_mem_is_zero(key->public_key, CURVE25519_PUBKEY_LEN);
 
 }
 
 
 /** Generate a new keypair and return the secret key.  If <b>extra_strong</b>

+ 4 - 20
src/or/onion_ntor.c
View File 

@@ -167,18 +167,10 @@ onion_skin_ntor_server_handshake(const uint8_t *onion_skin,
 
 
   /* build secret_input */
 
   curve25519_handshake(si, &s.seckey_y, &s.pubkey_X);
 
-  bad = tor_memeq(si,
 
-                  "\x00\x00\x00\x00\x00\x00\x00\x00"
 
-                  "\x00\x00\x00\x00\x00\x00\x00\x00"
 
-                  "\x00\x00\x00\x00\x00\x00\x00\x00"
 
-                  "\x00\x00\x00\x00\x00\x00\x00\x00", 32);
 
+  bad = safe_mem_is_zero(si, CURVE25519_OUTPUT_LEN);
 
   si += CURVE25519_OUTPUT_LEN;
 
   curve25519_handshake(si, &keypair_bB->seckey, &s.pubkey_X);
 
-  bad |= tor_memeq(si,
 
-                   "\x00\x00\x00\x00\x00\x00\x00\x00"
 
-                   "\x00\x00\x00\x00\x00\x00\x00\x00"
 
-                   "\x00\x00\x00\x00\x00\x00\x00\x00"
 
-                   "\x00\x00\x00\x00\x00\x00\x00\x00", 32);
 
+  bad |= safe_mem_is_zero(si, CURVE25519_OUTPUT_LEN);
 
   si += CURVE25519_OUTPUT_LEN;
 
 
   APPEND(si, my_node_id, DIGEST_LEN);
 
@@ -257,19 +249,11 @@ onion_skin_ntor_client_handshake(
 
 
   /* Compute secret_input */
 
   curve25519_handshake(si, &handshake_state->seckey_x, &s.pubkey_Y);
 
-  bad = tor_memeq(si,
 
-                  "\x00\x00\x00\x00\x00\x00\x00\x00"
 
-                  "\x00\x00\x00\x00\x00\x00\x00\x00"
 
-                  "\x00\x00\x00\x00\x00\x00\x00\x00"
 
-                  "\x00\x00\x00\x00\x00\x00\x00\x00", 32);
 
+  bad = safe_mem_is_zero(si, CURVE25519_OUTPUT_LEN);
 
   si += CURVE25519_OUTPUT_LEN;
 
   curve25519_handshake(si, &handshake_state->seckey_x,
 
                        &handshake_state->pubkey_B);
 
-  bad |= tor_memeq(si,
 
-                   "\x00\x00\x00\x00\x00\x00\x00\x00"
 
-                   "\x00\x00\x00\x00\x00\x00\x00\x00"
 
-                   "\x00\x00\x00\x00\x00\x00\x00\x00"
 
-                   "\x00\x00\x00\x00\x00\x00\x00\x00", 32);
 
+  bad |= safe_mem_is_zero(si, CURVE25519_OUTPUT_LEN);
 
   si += CURVE25519_OUTPUT_LEN;
 
   APPEND(si, handshake_state->router_id, DIGEST_LEN);
 
   APPEND(si, handshake_state->pubkey_B.public_key, CURVE25519_PUBKEY_LEN);