[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
A bug in rfc2104.el
Please CC: to me if reply to this message. I'm not on the nnimap list.
While writing another HMAC package, I found a bug in `rfc2104-hash'.
It seems that the `hash' argument of `rfc2104-hash' is expected to be
a hash function which returns a hash value in _hexicadecimal_ form.
But, in case of "(> (length key) block-length)", `rfc2104-hash' forgets
to convert HASH(key) to binary form, and returns wrong HMAC value.
p.s.
Using hexadecimal form of HMAC-MD5 value is part of CRAM-MD5, not part
of HMAC. (For example, SCRAM-MD5 uses binary form of HMAC-MD5 value.)
--
Shuhei KOBAYASHI