fixed block sizes for hmac-sha2-256 and hmac-sha2-512

Both MACs have to use larger block/digest sizes than SHA1. Additionally the KEX must be changed so that it will resize the keys "E" and "F" to get keys of the right size for those MACs (according to section 7.2 of rfc4253)
2025-12-06 07:10:53 +03:00 · 2014-11-11 19:25:55 +01:00
parent 44e1ce1358
commit 70720de71b
3 changed files with 4 additions and 4 deletions
--- a/src/main/java/net/schmizz/sshj/transport/KeyExchanger.java
+++ b/src/main/java/net/schmizz/sshj/transport/KeyExchanger.java
@@ -310,11 +310,11 @@ final class KeyExchanger

        final MAC mac_C2S = Factory.Named.Util.create(transport.getConfig().getMACFactories(), negotiatedAlgs
                .getClient2ServerMACAlgorithm());
-        mac_C2S.init(integrityKey_C2S);
+        mac_C2S.init(resizedKey(integrityKey_C2S, mac_C2S.getBlockSize(), hash, kex.getK(), kex.getH()));

        final MAC mac_S2C = Factory.Named.Util.create(transport.getConfig().getMACFactories(),
                                                      negotiatedAlgs.getServer2ClientMACAlgorithm());
-        mac_S2C.init(integrityKey_S2C);
+        mac_S2C.init(resizedKey(integrityKey_S2C, mac_S2C.getBlockSize(), hash, kex.getK(), kex.getH()));

        final Compression compression_S2C =
                Factory.Named.Util.create(transport.getConfig().getCompressionFactories(),
--- a/src/main/java/net/schmizz/sshj/transport/mac/HMACSHA2256.java
+++ b/src/main/java/net/schmizz/sshj/transport/mac/HMACSHA2256.java
@@ -35,6 +35,6 @@ public class HMACSHA2256
    }

    public HMACSHA2256() {
-        super("HmacSHA256", 20, 20);
+        super("HmacSHA256", 32, 32);
    }
 }
--- a/src/main/java/net/schmizz/sshj/transport/mac/HMACSHA2512.java
+++ b/src/main/java/net/schmizz/sshj/transport/mac/HMACSHA2512.java
@@ -35,6 +35,6 @@ public class HMACSHA2512
    }

    public HMACSHA2512() {
-        super("HmacSHA512", 20, 20);
+        super("HmacSHA512", 64, 64);
    }
 }