summaryrefslogtreecommitdiff
path: root/node/EllipticCurveKeyPair.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'node/EllipticCurveKeyPair.cpp')
-rw-r--r--node/EllipticCurveKeyPair.cpp20
1 files changed, 16 insertions, 4 deletions
diff --git a/node/EllipticCurveKeyPair.cpp b/node/EllipticCurveKeyPair.cpp
index bed0725e..66acf320 100644
--- a/node/EllipticCurveKeyPair.cpp
+++ b/node/EllipticCurveKeyPair.cpp
@@ -55,7 +55,20 @@ public:
};
static _EC_Group ZT_EC_GROUP;
-/* Key derivation function */
+/**
+ * Key derivation function
+ *
+ * TODO:
+ * If/when we document the protocol, this will have to be documented as
+ * well. It's a fairly standard KDF that uses SHA-256 to transform the
+ * raw EC key. It's generally considered good crypto practice to do this
+ * to eliminate the possibility of leaking information from EC exchange to
+ * downstream algorithms.
+ *
+ * In our code it is used to produce a two 32-bit keys. One key is used
+ * for Salsa20 and the other for HMAC-SHA-256. They are generated together
+ * as a single 64-bit key.
+ */
static void *_zt_EC_KDF(const void *in,size_t inlen,void *out,size_t *outlen)
{
SHA256_CTX sha;
@@ -130,9 +143,8 @@ bool EllipticCurveKeyPair::generate()
fread(tmp,sizeof(tmp),1,rf);
fclose(rf);
} else {
- fprintf(stderr,"WARNING: cannot open /dev/urandom\n");
- for(unsigned int i=0;i<sizeof(tmp);++i)
- tmp[i] = (unsigned char)(rand() >> 3);
+ fprintf(stderr,"FATAL: could not open /dev/urandom\n");
+ exit(-1);
}
RAND_seed(tmp,sizeof(tmp));
#else
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-27 22:59:15 +0000