Corrected the very strange inconsistencies that existed from hmac com…

…patibility with other versions (256 bit hmac keys for 160 bit sha1 digest). This allows 'keyczart addkey' to be called with the size parameter equal to 256 which is consistant with the other versions of keyczar. Also kept the ability to call it with size=160 to support the example code, test code, and any users with that value hardcoded in, but it will fire a warning message

cpp/src/keyczar/aes_key.cc

@@ -26,7 +26,7 @@ namespace {
 // This function returns 0 if it fails.
 static int GetHMACSizeFromAESSize(int size) {
 #ifdef COMPAT_KEYCZAR_06B
-  return 160;
+  return 256;
 #else
   // These choices follow the NIST recommendations, see SP800-57 part1
   // pages 63-64.
@@ -238,7 +238,7 @@ bool AESKey::Decrypt(const std::string& ciphertext,
     return false;
 
   int key_size = size() / 8;
-  int digest_size = hmac_key()->size() / 8;
+  int digest_size = hmac_key()->digest_size() / 8;
 
   std::string data_bytes = ciphertext.substr(Key::GetHeaderSize());
   int data_bytes_len = data_bytes.length();

cpp/src/keyczar/crypto_factory.cc

@@ -139,7 +139,7 @@ AESImpl* CryptoFactory::CreateAES(CipherMode::Type cipher_mode,
 HMACImpl* CryptoFactory::GenerateHMAC(int size) {
 #ifdef COMPAT_KEYCZAR_06B
   switch (size) {
-    case 160:
+    case 256:
       return openssl::HMACOpenSSL::GenerateKey(HMACImpl::SHA1, 256);
     default:
       NOTREACHED();

cpp/src/keyczar/hmac_key.cc

@@ -68,21 +68,18 @@ HMACKey* HMACKey::CreateFromValue(const Value& root_key) {
   if (!hmac_key->GetInteger("size", &size))
     return NULL;
 
-#ifdef COMPAT_KEYCZAR_06B
-  CHECK_EQ(size, 256);
-  size = 160;
-
-  if (!KeyType::IsValidCipherSize(KeyType::HMAC_SHA1, size))
-    return NULL;
-#else
   if (size / 8 != static_cast<int>(key->size())) {
     LOG(ERROR) << "Mismatch between key string length and declared size";
     return NULL;
   }
-
+
+#ifdef COMPAT_KEYCZAR_06B
+  if (!KeyType::IsValidCipherSize(KeyType::HMAC_SHA1, size))
+    return NULL;
+#else
   if (!KeyType::IsValidCipherSize(KeyType::HMAC, size))
     return NULL;
-
+  
   std::string digest_name;
   if (!hmac_key->GetString("digest", &digest_name))
     return NULL;
@@ -104,7 +101,12 @@ HMACKey* HMACKey::CreateFromValue(const Value& root_key) {
 // static
 HMACKey* HMACKey::GenerateKey(int size) {
 #ifdef COMPAT_KEYCZAR_06B
-  CHECK_EQ(size, 160);
+  if (size == 160) {
+    LOG(WARNING) << "160 bit key size for C++ hmac is not supported. "
+        << "For compatability with older versions, this will generate "
+        << "a 256 bit key to be used with SHA1.";
+    size = 256;
+  }
   if (!KeyType::IsValidCipherSize(KeyType::HMAC_SHA1, size))
 #else
   if (!KeyType::IsValidCipherSize(KeyType::HMAC, size))
@@ -131,8 +133,7 @@ Value* HMACKey::GetValue() const {
     return NULL;
 
 #ifdef COMPAT_KEYCZAR_06B
-  CHECK_EQ(size(), 160);
-  if (!hmac_key->SetInteger("size", 256))
+  if (!hmac_key->SetInteger("size", size()))
 #else
   std::string digest_name;
   if (!GetDigestNameFromHMACKeySize(size(), &digest_name))

cpp/src/keyczar/hmac_key.h

@@ -50,7 +50,15 @@ class HMACKey : public Key {
 
   // The caller doesn't take ownership over the returned HMACKey object.
   const HMACImpl* hmac_impl() const { return hmac_impl_.get(); }
-
+
+  const int digest_size() const {
+#ifdef COMPAT_KEYCZAR_06B
+    return 160;
+#else
+    return size();
+#endif
+  }
+
  private:
   scoped_ptr<HMACImpl> hmac_impl_;
 

cpp/src/keyczar/key_type.cc

@@ -22,7 +22,7 @@ namespace {
 
 static const int kAESSizes[] = {128, 192, 256, 0};
 #ifdef COMPAT_KEYCZAR_06B
-static const int kHMACSHA1Sizes[] = {160, 0};
+static const int kHMACSHA1Sizes[] = {256, 0};
 static const int kRSASizes[] = {512, 768, 1024, 2048, 3072, 4096, 0};
 #else
 static const int kHMACSizes[] = {160, 224, 256, 384, 512, 0};
@@ -130,7 +130,7 @@ int KeyType::DefaultCipherSize(Type type) {
       return 128;
 #ifdef COMPAT_KEYCZAR_06B
     case HMAC_SHA1:
-      return 160;
+      return 256;
 #else
     case HMAC:
       return 160;