Toke Høiland-Jørgensen <t...@toke.dk> writes: > From: Toke Høiland-Jørgensen <t...@toke.dk> > > This adds a new field to the MAC algorithm description which is a pointer > that will allow an algorithm to validate a key before it is used. Add this > validate to the Blake algorithms, validating that the key length is exactly > equal to their respective output sizes. > > Signed-off-by: Toke Høiland-Jørgensen <t...@toke.dk> > --- > lib/mac.c | 19 ++++++++++++++++++- > lib/mac.h | 7 +++++++ > nest/config.Y | 8 ++++++-- > nest/password.c | 6 ++++++ > nest/password.h | 1 + > 5 files changed, 38 insertions(+), 3 deletions(-) > > diff --git a/lib/mac.c b/lib/mac.c > index f780b54c9..dfdaf3c65 100644 > --- a/lib/mac.c > +++ b/lib/mac.c > @@ -151,6 +151,23 @@ hmac_final(struct mac_context *ctx) > } > > > +/** > + * mac_validate_key_length_to_output - enforce that the key length matches > the MAC output > + * @id: MAC algorithm ID, > + * @key: key to verify > + * @keylen: length of key > + * > + * This is a common MAC algorithm validation function that will enforce that > the > + * key length matches the MAC output length. > + */ > +static void > +mac_validate_key_length_to_output(uint id, const byte *key UNUSED, uint > keylen) > +{ > + if (keylen != mac_type_length(id)) > + cf_error("Key size %d does not match required size of %d bytes for %s", > + keylen, mac_type_length(id), mac_type_name(id)); > +}
Note that for the shorter-variant Blake2 algorithms (blake2s128 and blake2b256) there really is no reason to limit the key to the output size (see discussion on the Babel list [0]), so this should likely be changed; but I'll wait for comments on the rest of the series before resubmitting. -Toke [0] https://mailarchive.ietf.org/arch/msg/babel/4OAa3UUkLIzut9a44NDB_UIbiLA/