Correct generation of the crypto key

Signed-off-by: Marcel Jordense <marcel.jordense@adlinktech.com>

src/security/builtin_plugins/cryptographic/src/crypto_key_factory.c

@@ -89,8 +89,10 @@ calculate_kx_keys(
   unsigned char *kx_master_salt, *kx_master_sender_key;
   size_t shared_secret_size = get_secret_size_from_secret_handle(shared_secret);
   unsigned char hash[SHA256_DIGEST_LENGTH];
-  size_t concatenated_bytes1_size = DDS_SECURITY_AUTHENTICATION_CHALLENGE_SIZE * 2 + sizeof(KXSALTCOOKIE);
-  size_t concatenated_bytes2_size = DDS_SECURITY_AUTHENTICATION_CHALLENGE_SIZE * 2 + sizeof(KXKEYCOOKIE);
+  size_t KXKEYCOOKIE_SIZE = strlen(KXKEYCOOKIE);
+  size_t KXSALTCOOKIE_SIZE = strlen(KXSALTCOOKIE);
+  size_t concatenated_bytes1_size = DDS_SECURITY_AUTHENTICATION_CHALLENGE_SIZE * 2 + KXSALTCOOKIE_SIZE;
+  size_t concatenated_bytes2_size = DDS_SECURITY_AUTHENTICATION_CHALLENGE_SIZE * 2 + KXKEYCOOKIE_SIZE;
   DDS_Security_octet *concatenated_bytes1, *concatenated_bytes2;
 
   memset(ex, 0, sizeof(*ex));
@@ -108,9 +110,8 @@ calculate_kx_keys(
 
   /* master_salt */
   memcpy(concatenated_bytes1, challenge1, DDS_SECURITY_AUTHENTICATION_CHALLENGE_SIZE);
-  memcpy(concatenated_bytes1 + DDS_SECURITY_AUTHENTICATION_CHALLENGE_SIZE, KXSALTCOOKIE, sizeof(KXSALTCOOKIE));
-  memcpy(concatenated_bytes1 + DDS_SECURITY_AUTHENTICATION_CHALLENGE_SIZE + sizeof(KXSALTCOOKIE), challenge2,
-         DDS_SECURITY_AUTHENTICATION_CHALLENGE_SIZE);
+  memcpy(concatenated_bytes1 + DDS_SECURITY_AUTHENTICATION_CHALLENGE_SIZE, KXSALTCOOKIE, KXSALTCOOKIE_SIZE);
+  memcpy(concatenated_bytes1 + DDS_SECURITY_AUTHENTICATION_CHALLENGE_SIZE + KXSALTCOOKIE_SIZE, challenge2, DDS_SECURITY_AUTHENTICATION_CHALLENGE_SIZE);
 
   SHA256(concatenated_bytes1, concatenated_bytes1_size, hash);
   if (!(kx_master_salt = crypto_hmac256(hash, SHA256_DIGEST_LENGTH, shared_secret_key, (uint32_t) shared_secret_size, ex)))
@@ -118,9 +119,8 @@ calculate_kx_keys(
 
   /* master_sender_key */
   memcpy(concatenated_bytes2, challenge2, DDS_SECURITY_AUTHENTICATION_CHALLENGE_SIZE);
-  memcpy(concatenated_bytes2 + DDS_SECURITY_AUTHENTICATION_CHALLENGE_SIZE, KXKEYCOOKIE, sizeof(KXKEYCOOKIE));
-  memcpy(concatenated_bytes2 + DDS_SECURITY_AUTHENTICATION_CHALLENGE_SIZE + sizeof(KXKEYCOOKIE), challenge1,
-         DDS_SECURITY_AUTHENTICATION_CHALLENGE_SIZE);
+  memcpy(concatenated_bytes2 + DDS_SECURITY_AUTHENTICATION_CHALLENGE_SIZE, KXKEYCOOKIE, KXKEYCOOKIE_SIZE);
+  memcpy(concatenated_bytes2 + DDS_SECURITY_AUTHENTICATION_CHALLENGE_SIZE + KXKEYCOOKIE_SIZE, challenge1, DDS_SECURITY_AUTHENTICATION_CHALLENGE_SIZE);
 
   SHA256(concatenated_bytes2, concatenated_bytes2_size, hash);
   if (!(kx_master_sender_key = crypto_hmac256(hash, SHA256_DIGEST_LENGTH, shared_secret_key, (uint32_t) shared_secret_size, ex)))
@@ -1158,6 +1158,7 @@ crypto_factory_set_participant_crypto_tokens(
     master_key_material *remote_key_mat_new = crypto_master_key_material_new(CRYPTO_TRANSFORMATION_KIND_NONE);
     crypto_token_copy(remote_key_mat_new, remote_key_mat);
     key_material->remote_key_material = remote_key_mat_new;
+
     if (remote_key_mat_old != NULL)
     {
       struct gcreq *gcreq = gcreq_new(impl->crypto->gv->gcreq_queue, gc_remote_key_material);

src/security/builtin_plugins/cryptographic/src/crypto_utils.c

@@ -62,6 +62,7 @@ crypto_calculate_key_impl(
   memcpy(buffer, prefix, strlen(prefix));
   memcpy(&buffer[strlen(prefix)], master_salt, key_bytes);
   memcpy(&buffer[strlen(prefix) + key_bytes], &id, sizeof(id));
+
   if (HMAC(EVP_sha256(), master_key, (int)key_bytes, buffer, sz, md, NULL) == NULL)
   {
     DDS_Security_Exception_set_with_openssl_error(ex, DDS_CRYPTO_PLUGIN_CONTEXT, DDS_SECURITY_ERR_CIPHER_ERROR, 0, "HMAC failed: ");