[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNU Crypto] Small problem with HMac
From: |
Casey Marshall |
Subject: |
[GNU Crypto] Small problem with HMac |
Date: |
Thu, 09 Jan 2003 04:22:55 -0800 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021130 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
It looks like there is a small problem with how HMac is reset: the
`underlyingHash' and `ipadHash' digests are not repopulated with the
"key ^ IPAD", resulting in incorrect MACs if an instance is used
multiple times. (I might be incorrect on this; I did this quickly and
did not read up on how HMacs work.)
The attached seems to fix this; it is, with this patch applied,
compatible with both BouncyCastle's HMac and the MAC that OpenSSH sends
over the wire.
Cheers,
- --
Casey Marshall || address@hidden
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE+HWmfgAuWMgRGsWsRAhfkAJ4+DJUeUkHbqyLsauDTMAF0DmqqGgCdFQxA
LXp0w3rHmu4fT3tmCf81g+Y=
=Rpt/
-----END PGP SIGNATURE-----
Index: source/gnu/crypto/mac/HMac.java
===================================================================
RCS file: /cvsroot/gnu-crypto/gnu-crypto/source/gnu/crypto/mac/HMac.java,v
retrieving revision 1.4
diff -u -r1.4 HMac.java
--- source/gnu/crypto/mac/HMac.java 7 Nov 2002 17:17:45 -0000 1.4
+++ source/gnu/crypto/mac/HMac.java 9 Jan 2003 12:13:58 -0000
@@ -104,6 +104,7 @@
protected int blockSize;
protected IMessageDigest ipadHash;
protected IMessageDigest opadHash;
+ protected byte[] ipad;
// Constructor(s)
// -------------------------------------------------------------------------
@@ -138,6 +139,9 @@
if (this.opadHash != null) {
result.opadHash = (IMessageDigest) this.opadHash.clone();
}
+ if (this.ipad != null) {
+ result.ipad = (byte[]) this.ipad.clone();
+ }
return result;
}
@@ -180,18 +184,31 @@
underlyingHash.reset();
opadHash = (IMessageDigest) underlyingHash.clone();
+ ipad = new byte[blockSize];
+
// (2) XOR (bitwise exclusive-OR) the B byte string computed in step
// (1) with ipad
// (3) append the stream of data 'text' to the B byte string resulting
// from step (2)
// (4) apply H to the stream generated in step (3)
for (int i = 0; i < blockSize; i++) {
- underlyingHash.update((byte)(K[i] ^ IPAD_BYTE));
+ ipad[i] = (byte)(K[i] ^ IPAD_BYTE);
+ }
+ for (int i = 0; i < blockSize; i++) {
opadHash.update((byte)(K[i] ^ OPAD_BYTE));
}
-
+
+ underlyingHash.update(ipad, 0, blockSize);
ipadHash = (IMessageDigest) underlyingHash.clone();
K = null;
+ }
+
+ public void reset() {
+ super.reset();
+ if (ipad != null) {
+ underlyingHash.update(ipad, 0, blockSize);
+ ipadHash = (IMessageDigest) underlyingHash.clone();
+ }
}
public byte[] digest() {
- [GNU Crypto] Small problem with HMac,
Casey Marshall <=