libsec: fix hmac for keys bigger then 64 byte block size

RFC2104 defines HMAC for keys bigger than the 64 byte block size as follows: Applications that use keys longer than B (64) bytes will first hash the key using H (the hash function) and then use the resultant L byte string as the actual key to HMAC.
author: cinap_lenrek <cinap_lenrek@felloff.net> 2014-09-14 02:26:26 +0200
committer: cinap_lenrek <cinap_lenrek@felloff.net> 2014-09-14 02:26:26 +0200
commit: 4cf00ca6cb40918c8ca89aebf02e8ca41c857e94 (patch)
tree: 4985acabc897339af5a2b180172919e6041ce1d1 /sys/src/libsec
parent: 69fab298beee33e4a6f91d9e1811dfa1898aa743 (diff)
1 files changed, 7 insertions, 2 deletions
diff --git a/sys/src/libsec/port/hmac.c b/sys/src/libsec/port/hmac.c
index aa2fa03f6..5379c3e69 100644
--- a/sys/src/libsec/port/hmac.c
+++ b/sys/src/libsec/port/hmac.c
@@ -11,8 +11,13 @@ hmac_x(uchar *p, ulong len, uchar *key, ulong klen, uchar *digest, DigestState *
 
 	if(xlen > sizeof(innerdigest))
 		return nil;
-	if(klen > Hmacblksz)
-		return nil;
+	if(klen > Hmacblksz){
+		if(xlen > Hmacblksz)
+			return nil;
+		(*x)(key, klen, innerdigest, nil);
+		key = innerdigest;
+		klen = xlen;
+	}
 
 	/* first time through */
 	if(s == nil || s->seeded == 0){
author	cinap_lenrek <cinap_lenrek@felloff.net>	2014-09-14 02:26:26 +0200
committer	cinap_lenrek <cinap_lenrek@felloff.net>	2014-09-14 02:26:26 +0200
commit	4cf00ca6cb40918c8ca89aebf02e8ca41c857e94 (patch)
tree	4985acabc897339af5a2b180172919e6041ce1d1 /sys/src/libsec
parent	69fab298beee33e4a6f91d9e1811dfa1898aa743 (diff)