From 4cf00ca6cb40918c8ca89aebf02e8ca41c857e94 Mon Sep 17 00:00:00 2001
From: cinap_lenrek <cinap_lenrek@felloff.net>
Date: Sun, 14 Sep 2014 02:26:26 +0200
Subject: libsec: fix hmac for keys bigger then 64 byte block size

RFC2104 defines HMAC for keys bigger than the 64 byte block
size as follows:

Applications that use keys longer than B (64) bytes will
first hash the key using H (the hash function) and then
use the resultant L byte string as the actual key to HMAC.
---
 sys/src/libsec/port/hmac.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/sys/src/libsec/port/hmac.c b/sys/src/libsec/port/hmac.c
index aa2fa03f6..5379c3e69 100644
--- a/sys/src/libsec/port/hmac.c
+++ b/sys/src/libsec/port/hmac.c
@@ -11,8 +11,13 @@ hmac_x(uchar *p, ulong len, uchar *key, ulong klen, uchar *digest, DigestState *
 
 	if(xlen > sizeof(innerdigest))
 		return nil;
-	if(klen > Hmacblksz)
-		return nil;
+	if(klen > Hmacblksz){
+		if(xlen > Hmacblksz)
+			return nil;
+		(*x)(key, klen, innerdigest, nil);
+		key = innerdigest;
+		klen = xlen;
+	}
 
 	/* first time through */
 	if(s == nil || s->seeded == 0){
-- 
cgit v1.2.3