Toke Høiland-Jørgensen <toke@toke.dk> writes:
From: Toke Høiland-Jørgensen <toke@toke.dk>
This adds a new field to the MAC algorithm description which is a pointer that will allow an algorithm to validate a key before it is used. Add this validate to the Blake algorithms, validating that the key length is exactly equal to their respective output sizes.
Signed-off-by: Toke Høiland-Jørgensen <toke@toke.dk> --- lib/mac.c | 19 ++++++++++++++++++- lib/mac.h | 7 +++++++ nest/config.Y | 8 ++++++-- nest/password.c | 6 ++++++ nest/password.h | 1 + 5 files changed, 38 insertions(+), 3 deletions(-)
diff --git a/lib/mac.c b/lib/mac.c index f780b54c9..dfdaf3c65 100644 --- a/lib/mac.c +++ b/lib/mac.c @@ -151,6 +151,23 @@ hmac_final(struct mac_context *ctx) }
+/** + * mac_validate_key_length_to_output - enforce that the key length matches the MAC output + * @id: MAC algorithm ID, + * @key: key to verify + * @keylen: length of key + * + * This is a common MAC algorithm validation function that will enforce that the + * key length matches the MAC output length. + */ +static void +mac_validate_key_length_to_output(uint id, const byte *key UNUSED, uint keylen) +{ + if (keylen != mac_type_length(id)) + cf_error("Key size %d does not match required size of %d bytes for %s", + keylen, mac_type_length(id), mac_type_name(id)); +}
Note that for the shorter-variant Blake2 algorithms (blake2s128 and blake2b256) there really is no reason to limit the key to the output size (see discussion on the Babel list [0]), so this should likely be changed; but I'll wait for comments on the rest of the series before resubmitting. -Toke [0] https://mailarchive.ietf.org/arch/msg/babel/4OAa3UUkLIzut9a44NDB_UIbiLA/