hash/hmac: allow keys greater than block length
This commit is contained in:
parent
cce9af76e3
commit
c10e11c398
@ -35,13 +35,24 @@ static const uint8_t OFILL = 0x5C;
|
|||||||
HMAC::HMAC (const uint8_t *restrict key, size_t len)
|
HMAC::HMAC (const uint8_t *restrict key, size_t len)
|
||||||
{
|
{
|
||||||
CHECK (key);
|
CHECK (key);
|
||||||
CHECK_LE (len, m_ikey.size ());
|
|
||||||
CHECK_LE (len, m_okey.size ());
|
|
||||||
|
|
||||||
static_assert (sizeof (m_ikey) == sizeof (m_okey), "key padding must match");
|
static_assert (sizeof (m_ikey) == sizeof (m_okey), "key padding must match");
|
||||||
|
|
||||||
|
// If the key is larger than the blocklength, use the hash of the key
|
||||||
std::copy (key, key + len, m_ikey.begin ());
|
if (len > 64) {
|
||||||
|
m_hash.update (key, len);
|
||||||
|
m_hash.finish ();
|
||||||
|
|
||||||
|
auto d = m_hash.digest ();
|
||||||
|
m_hash.reset ();
|
||||||
|
|
||||||
|
std::copy (d.begin (), d.end (), m_ikey.begin ());
|
||||||
|
len = d.size ();
|
||||||
|
// Use the key directly
|
||||||
|
} else {
|
||||||
|
std::copy (key, key + len, m_ikey.begin ());
|
||||||
|
}
|
||||||
|
|
||||||
std::fill (m_ikey.begin () + len,
|
std::fill (m_ikey.begin () + len,
|
||||||
m_ikey.end (),
|
m_ikey.end (),
|
||||||
0);
|
0);
|
||||||
@ -62,7 +73,6 @@ HMAC::HMAC (const uint8_t *restrict key, size_t len)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
//-----------------------------------------------------------------------------
|
//-----------------------------------------------------------------------------
|
||||||
void
|
void
|
||||||
HMAC::update (const void *restrict data, size_t len)
|
HMAC::update (const void *restrict data, size_t len)
|
||||||
|
Loading…
Reference in New Issue
Block a user