os400qc3: Be sure hmac keys have a minimum length

The Qc3 library requires a minimum key length depending on the target hash algorithm. Append binary zeroes to the given key if not long enough. This matches RFC 2104 specifications.
2015-12-09 14:25:42 +01:00 · 2015-12-09 14:25:42 +01:00 · 2ddcaf2db8
commit 2ddcaf2db8
parent 0f15724e72
2 changed files with 20 additions and 4 deletions
--- a/src/os400qc3.c
+++ b/src/os400qc3.c
@ -1035,8 +1035,19 @@ libssh2_os400qc3_hash(const unsigned char *message, unsigned long len,

 void
 libssh2_os400qc3_hmac_init(_libssh2_os400qc3_crypto_ctx *ctx,
-                           int algo, void *key, int keylen)
+                           int algo, size_t minkeylen, void *key, int keylen)
 {
+    if (keylen < minkeylen) {
+        char *lkey = alloca(minkeylen);
+
+        /* Pad key with zeroes if too short. */
+        if (!lkey)
+            return;
+        memcpy(lkey, (char *) key, keylen);
+        memset(lkey + keylen, 0, minkeylen - keylen);
+        key = (void *) lkey;
+        keylen = minkeylen;
+    }
    libssh2_os400qc3_hash_init(&ctx->hash, algo);
    Qc3CreateKeyContext((char *) key, &keylen, binstring, &algo, qc3clear,
                        NULL, NULL, ctx->key.Key_Context_Token,
--- a/src/os400qc3.h
+++ b/src/os400qc3.h
@ -248,16 +248,20 @@ typedef struct {        /* Algorithm description. */
                                       sizeof(libssh2_hmac_ctx))
 #define libssh2_hmac_md5_init(ctx, key, keylen)                             \
                                libssh2_os400qc3_hmac_init(ctx, Qc3_MD5,    \
+                                                           MD5_DIGEST_LENGTH, \
                                                           key, keylen)
 #define libssh2_hmac_sha1_init(ctx, key, keylen)                            \
                                libssh2_os400qc3_hmac_init(ctx, Qc3_SHA1,   \
+                                                           SHA_DIGEST_LENGTH, \
                                                           key, keylen)
 #define libssh2_hmac_sha256_init(ctx, key, keylen)                          \
                                libssh2_os400qc3_hmac_init(ctx, Qc3_SHA256, \
-                                                           key, keylen)
+                                                         SHA256_DIGEST_LENGTH, \
+                                                         key, keylen)
 #define libssh2_hmac_sha512_init(ctx, key, keylen)                          \
                                libssh2_os400qc3_hmac_init(ctx, Qc3_SHA512, \
-                                                           key, keylen)
+                                                         SHA512_DIGEST_LENGTH, \
+                                                         key, keylen)
 #define libssh2_hmac_update(ctx, data, datalen)                             \
                                libssh2_os400qc3_hmac_update(&(ctx),        \
                                                             data, datalen)
@ -335,7 +339,8 @@ extern int      libssh2_os400qc3_hash(const unsigned char *message,
                                      unsigned long len, unsigned char *out,
                                      unsigned int algo);
 extern void     libssh2_os400qc3_hmac_init(_libssh2_os400qc3_crypto_ctx *x,
-                                           int algo, void *key, int keylen);
+                                           int algo, size_t minkeylen,
+                                           void *key, int keylen);
 extern void     libssh2_os400qc3_hmac_update(_libssh2_os400qc3_crypto_ctx *ctx,
                                             const unsigned char *data,
                                             int len);