[Date Prev][Date Next] [Chronological] [Thread] [Top]

A bug in rfc2104.el



Please CC: to me if reply to this message. I'm not on the nnimap list.

While writing another HMAC package, I found a bug in `rfc2104-hash'.

It seems that the `hash' argument of `rfc2104-hash' is expected to be
a hash function which returns a hash value in _hexicadecimal_ form.

But, in case of "(> (length key) block-length)", `rfc2104-hash' forgets
to convert HASH(key) to binary form, and returns wrong HMAC value.

p.s.
Using hexadecimal form of HMAC-MD5 value is part of CRAM-MD5, not part
of HMAC. (For example, SCRAM-MD5 uses binary form of HMAC-MD5 value.)
-- 
Shuhei KOBAYASHI