kdf: Avoid endianess issues

The key_type is only a letter, if we use and `int` and then cast it to
(const char *) we will end up with a 0 value on big endian.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>

include/libssh/crypto.h

@@ -219,7 +219,7 @@ struct ssh_cipher_struct {
 const struct ssh_cipher_struct *ssh_get_chacha20poly1305_cipher(void);
 int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
                       unsigned char *key, size_t key_len,
-                      int key_type, unsigned char *output,
+                      uint8_t key_type, unsigned char *output,
                       size_t requested_len);
 
 int secure_memcmp(const void *s1, const void *s2, size_t n);

include/libssh/wrapper.h

@@ -103,7 +103,7 @@ size_t hmac_digest_len(enum ssh_hmac_e type);
 
 int ssh_kdf(struct ssh_crypto_struct *crypto,
             unsigned char *key, size_t key_len,
-            int key_type, unsigned char *output,
+            uint8_t key_type, unsigned char *output,
             size_t requested_len);
 
 int crypt_set_algorithms_client(ssh_session session);

src/kdf.c

@@ -116,14 +116,13 @@ static void ssh_mac_final(unsigned char *md, ssh_mac_ctx ctx)
 
 int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
                       unsigned char *key, size_t key_len,
-                      int key_type, unsigned char *output,
+                      uint8_t key_type, unsigned char *output,
                       size_t requested_len)
 {
     /* Can't use VLAs with Visual Studio, so allocate the biggest
      * digest buffer we can possibly need */
     unsigned char digest[DIGEST_MAX_LEN];
     size_t output_len = crypto->digest_len;
-    char letter = key_type;
     ssh_mac_ctx ctx;
 
     if (DIGEST_MAX_LEN < crypto->digest_len) {
@@ -137,7 +136,7 @@ int sshkdf_derive_key(struct ssh_crypto_struct *crypto,
 
     ssh_mac_update(ctx, key, key_len);
     ssh_mac_update(ctx, crypto->secret_hash, crypto->digest_len);
-    ssh_mac_update(ctx, &letter, 1);
+    ssh_mac_update(ctx, &key_type, 1);
     ssh_mac_update(ctx, crypto->session_id, crypto->session_id_len);
     ssh_mac_final(digest, ctx);
 

src/libcrypto.c

@@ -214,7 +214,7 @@ static const char *sshkdf_digest_to_md(enum ssh_kdf_digest digest_type)
 
 int ssh_kdf(struct ssh_crypto_struct *crypto,
             unsigned char *key, size_t key_len,
-            int key_type, unsigned char *output,
+            uint8_t key_type, unsigned char *output,
             size_t requested_len)
 {
     int rc = -1;
@@ -330,7 +330,7 @@ out:
 #else
 int ssh_kdf(struct ssh_crypto_struct *crypto,
             unsigned char *key, size_t key_len,
-            int key_type, unsigned char *output,
+            uint8_t key_type, unsigned char *output,
             size_t requested_len)
 {
     return sshkdf_derive_key(crypto, key, key_len,

src/libgcrypt.c

@@ -124,7 +124,7 @@ void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen)
 
 int ssh_kdf(struct ssh_crypto_struct *crypto,
             unsigned char *key, size_t key_len,
-            int key_type, unsigned char *output,
+            uint8_t key_type, unsigned char *output,
             size_t requested_len)
 {
     return sshkdf_derive_key(crypto, key, key_len,

src/libmbedcrypto.c

@@ -127,7 +127,7 @@ void evp_final(EVPCTX ctx, unsigned char *md, unsigned int *mdlen)
 
 int ssh_kdf(struct ssh_crypto_struct *crypto,
             unsigned char *key, size_t key_len,
-            int key_type, unsigned char *output,
+            uint8_t key_type, unsigned char *output,
             size_t requested_len)
 {
     return sshkdf_derive_key(crypto, key, key_len,