diff --git a/encrypt.cpp b/encrypt.cpp index 1cb6adc..067e37c 100755 --- a/encrypt.cpp +++ b/encrypt.cpp @@ -64,10 +64,10 @@ int my_init_keys(const char * user_passwd,int is_client) //unsigned char pbkdf2_output2[400]=""; //PKCS5_PBKDF2_HMAC_SHA256(pbkdf2_output1,32,0,0,1, hmac_key_len*2+cipher_key_len*2,pbkdf2_output2); //stretch it - const char *info_hmac_encrypt="server-->client hmac"; - const char *info_hmac_decrypt="client-->server hmac"; - const char *info_cipher_encrypt="server-->client cipher"; - const char *info_cipher_decrypt="client-->server cipher"; + const char *info_hmac_encrypt="hmac_key server-->client"; + const char *info_hmac_decrypt="hmac_key client-->server"; + const char *info_cipher_encrypt="cipher_key server-->client"; + const char *info_cipher_decrypt="cipher_key client-->server"; if(is_client) { @@ -84,10 +84,6 @@ int my_init_keys(const char * user_passwd,int is_client) assert( hkdf_sha256_expand( pbkdf2_output1,32, (unsigned char *)info_cipher_decrypt,strlen(info_cipher_decrypt), cipher_key_decrypt, cipher_key_len ) ==0); assert( hkdf_sha256_expand( pbkdf2_output1,32, (unsigned char *)info_hmac_encrypt,strlen(info_hmac_encrypt), hmac_key_encrypt, hmac_key_len ) ==0); assert( hkdf_sha256_expand( pbkdf2_output1,32, (unsigned char *)info_hmac_decrypt,strlen(info_hmac_decrypt), hmac_key_decrypt, hmac_key_len ) ==0); - - - - } print_binary_chars(normal_key,16); diff --git a/lib/pbkdf2-sha256.cpp b/lib/pbkdf2-sha256.cpp index 528f550..b89b97c 100644 --- a/lib/pbkdf2-sha256.cpp +++ b/lib/pbkdf2-sha256.cpp @@ -956,14 +956,16 @@ int hkdf_sha256_expand( const unsigned char *prk, return( MBEDTLS_ERR_HKDF_BAD_INPUT_DATA ); } - /* - mbedtls_md_init( &ctx ); + //mbedtls_md_init( &ctx ); //old code + memset( &ctx, 0, sizeof( ctx) ); //its not necessary + /* if( (ret = mbedtls_md_setup( &ctx, md, 1) ) != 0 ) { goto exit; }*/ + /* RFC 5869 Section 2.3. */ for( i = 1; i <= n; i++ ) { @@ -988,8 +990,8 @@ int hkdf_sha256_expand( const unsigned char *prk, } //exit: - //mbedtls_md_free( &ctx ); - mbedtls_platform_zeroize( &ctx, sizeof( ctx ) ); + //mbedtls_md_free( &ctx ); //old code + mbedtls_platform_zeroize( &ctx, sizeof( ctx ) ); //not necessary too mbedtls_platform_zeroize( t, sizeof( t ) );