Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong hmac values when the key contains "null" bytes #170

Closed
jinwoo opened this issue Feb 19, 2024 · 1 comment
Closed

Wrong hmac values when the key contains "null" bytes #170

jinwoo opened this issue Feb 19, 2024 · 1 comment

Comments

@jinwoo
Copy link

jinwoo commented Feb 19, 2024
edited

For example, crypto_data_hash gives the same hash value for keys [1,0,1] and [1]. I notice that strlen is used to calculate the key length:

packages-ssl/crypto4pl.c

Line 396 in acb9607

(unsigned char*)context->mac_key, strlen(context->mac_key),
and

packages-ssl/crypto4pl.c

Line 407 in acb9607

context->mac_key, strlen(context->mac_key),
. It'd work when the key is a string but wouldn't work when the key is a binary data.

?- Key = [1], crypto_data_hash(`foo`, Hash, [algorithm(sha256),hmac(Key)]).
Key = [1],
Hash = '63a592e348d812a8027985ecfc6e0df958e9177437e59a182037ada35a4636e8'.

?- Key = [1,0,1], crypto_data_hash(`foo`, Hash, [algorithm(sha256),hmac(Key)]).
Key = [1, 0, 1],
Hash = '63a592e348d812a8027985ecfc6e0df958e9177437e59a182037ada35a4636e8'.
@JanWielemaker
Copy link
Member

This issue has been mentioned on SWI-Prolog. There might be relevant details there:

https://swi-prolog.discourse.group/t/wrong-hmac-values-from-crypto-data-hash/7256/1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jinwoo @JanWielemaker