[PATCH v3 5/7] config: Allow MAC algorithms to specify a function to validate their keys

[Toke Høiland-Jørgensen]

Toke Høiland-Jørgensen <toke at toke.dk> writes:

> From: Toke Høiland-Jørgensen <toke at toke.dk>
>
> This adds a new field to the MAC algorithm description which is a pointer
> that will allow an algorithm to validate a key before it is used. Add this
> validate to the Blake algorithms, validating that the key length is exactly
> equal to their respective output sizes.
>
> Signed-off-by: Toke Høiland-Jørgensen <toke at toke.dk>
> ---
>  lib/mac.c       |   19 ++++++++++++++++++-
>  lib/mac.h       |    7 +++++++
>  nest/config.Y   |    8 ++++++--
>  nest/password.c |    6 ++++++
>  nest/password.h |    1 +
>  5 files changed, 38 insertions(+), 3 deletions(-)
>
> diff --git a/lib/mac.c b/lib/mac.c
> index f780b54c9..dfdaf3c65 100644
> --- a/lib/mac.c
> +++ b/lib/mac.c
> @@ -151,6 +151,23 @@ hmac_final(struct mac_context *ctx)
>  }
>  
>  
> +/**
> + * mac_validate_key_length_to_output - enforce that the key length matches the MAC output
> + * @id: MAC algorithm ID,
> + * @key: key to verify
> + * @keylen: length of key
> + *
> + * This is a common MAC algorithm validation function that will enforce that the
> + * key length matches the MAC output length.
> + */
> +static void
> +mac_validate_key_length_to_output(uint id, const byte *key UNUSED, uint keylen)
> +{
> +  if (keylen != mac_type_length(id))
> +    cf_error("Key size %d does not match required size of %d bytes for %s",
> +             keylen, mac_type_length(id), mac_type_name(id));
> +}

Note that for the shorter-variant Blake2 algorithms (blake2s128 and
blake2b256) there really is no reason to limit the key to the output
size (see discussion on the Babel list [0]), so this should likely be
changed; but I'll wait for comments on the rest of the series before
resubmitting.

-Toke

[0] https://mailarchive.ietf.org/arch/msg/babel/4OAa3UUkLIzut9a44NDB_UIbiLA/