hash/hmac: allow keys greater than block length

This commit is contained in:
Danny Robson 2015-03-02 00:35:58 +11:00
parent cce9af76e3
commit c10e11c398

View File

@ -35,13 +35,24 @@ static const uint8_t OFILL = 0x5C;
HMAC::HMAC (const uint8_t *restrict key, size_t len) HMAC::HMAC (const uint8_t *restrict key, size_t len)
{ {
CHECK (key); CHECK (key);
CHECK_LE (len, m_ikey.size ());
CHECK_LE (len, m_okey.size ());
static_assert (sizeof (m_ikey) == sizeof (m_okey), "key padding must match"); static_assert (sizeof (m_ikey) == sizeof (m_okey), "key padding must match");
// If the key is larger than the blocklength, use the hash of the key
if (len > 64) {
m_hash.update (key, len);
m_hash.finish ();
auto d = m_hash.digest ();
m_hash.reset ();
std::copy (d.begin (), d.end (), m_ikey.begin ());
len = d.size ();
// Use the key directly
} else {
std::copy (key, key + len, m_ikey.begin ());
}
std::copy (key, key + len, m_ikey.begin ());
std::fill (m_ikey.begin () + len, std::fill (m_ikey.begin () + len,
m_ikey.end (), m_ikey.end (),
0); 0);
@ -62,7 +73,6 @@ HMAC::HMAC (const uint8_t *restrict key, size_t len)
} }
//----------------------------------------------------------------------------- //-----------------------------------------------------------------------------
void void
HMAC::update (const void *restrict data, size_t len) HMAC::update (const void *restrict data, size_t len)