blake2: Refuse empty keys in keyed hash construction (#510)

RustCrypto · Jan 11, 2024 · 6243d29 · 6243d29
1 parent 559d7ff
commit 6243d29
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 4 deletions.
diff --git a/blake2/src/macros.rs b/blake2/src/macros.rs
@@ -274,9 +274,12 @@ macro_rules! blake2_mac_impl {
         {
             /// Create new instance using provided key, salt, and persona.
             ///
-            /// Key length should not be bigger than block size, salt and persona
-            /// length should not be bigger than quarter of block size. If any
-            /// of those conditions is false the method will return an error.
+            /// # Errors
+            ///
+            /// Key length should not be empty or bigger than the block size and
+            /// the salt and persona length should not be bigger than quarter of
+            /// block size. If any of those conditions is false the method will
+            /// return an error.
             #[inline]
             pub fn new_with_salt_and_personal(
                 key: &[u8],
@@ -286,7 +289,7 @@ macro_rules! blake2_mac_impl {
                 let kl = key.len();
                 let bs = <$hash as BlockSizeUser>::BlockSize::USIZE;
                 let qbs = bs / 4;
-                if kl > bs || salt.len() > qbs || persona.len() > qbs {
+                if kl == 0 || kl > bs || salt.len() > qbs || persona.len() > qbs {
                     return Err(InvalidLength);
                 }
                 let mut padded_key = Block::<$hash>::default();

diff --git a/blake2/tests/mac.rs b/blake2/tests/mac.rs
@@ -27,3 +27,9 @@ fn blake2b_new_test() {
     run::<blake2::Blake2sMac256>(&[0x42; 32]);
     run::<blake2::Blake2bMac512>(&[0x42; 64]);
 }
+
+#[test]
+fn mac_refuses_empty_keys() {
+    assert!(blake2::Blake2bMac512::new_with_salt_and_personal(&[], b"salt", b"persona").is_err());
+    assert!(blake2::Blake2sMac256::new_with_salt_and_personal(&[], b"salt", b"persona").is_err());
+}