Skip Menu |

This queue is for tickets about the Digest-SHA CPAN distribution.

Report information
The Basics
Id: 7181
Status: resolved
Worked: 45 min
Priority: 0/
Queue: Digest-SHA
People
Owner: mshelor [...] cpan.org
Requestors: awoodbury [...] mitre.org
Cc:
AdminCc:
Bug Information
Severity: Critical
Broken in: 5.02
Fixed in: 5.03

History Show all quoted text
  Fri Jul 30 10:55:22 2004 Guest - Ticket created
Subject: HMAC broken for SHA384, 512
In hmac.c, the lines for (i = 0; i < 64; i++) h->key[i] ^= 0x5c; shawrite(h->key, 512, h->osha); for (i = 0; i < 64; i++) h->key[i] ^= (0x5c ^ 0x36); shawrite(h->key, 512, h->isha); use the constants 64 and 512. These are only correct for SHA1 and SHA256. They should be 128 and 1024. I'm not sure if there are the only incorrect areas, but I can provide correct code, test vectors and an external program. rehash is correct: (http://rehash.sourceforge.net/) $ echo -n "abc" > test.txt $ ./rehash.exe -none -sha1 -sha256 -sha384 -sha512 -hmac:Test test.txt <test.txt> HMAC hashes using key: Test SHA1 : 5A3295D6 B47441BE C1DE3C0A 74DFEFC5 A5002C74 SHA256 : DB5F1D85 A1669F93 BAA1202B 0A0F2B9A CFB160A4 027E23CE F32B35A1 BF5D4B5E SHA384 : 14AA1152 E0E14EE1 72AB8A31 B1FD4D69 24087E8E ECB2EBF5 2E588593 605F8EE4 7C8A40F5 0F18C853 BFF18B69 0F211111 SHA512 : 4ABF9DC8 E6AC4B44 DED6EBA7 A221262C D07CDC82 553173A2 3678966E 4D2290BC F0DC3922 DA524C85 BDC774C5 DDEF8DFB D24C9942 9B3065B1 3F91A166 AF27630A $ cat test.txt abc Not that I think it matters much, but: Linux debian1 2.4.25c2 #3 SMP Tue Mar 16 10:33:22 EST 2004 i686 GNU/Linux This is perl, v5.8.3 built for i386-linux-thread-multi Copyright 1987-2003, Larry Wall Perl may be copied only under the terms of either the Artistic License or the GNU General Public License, which may be found in the Perl 5 source kit. Complete documentation for Perl, including FAQ lists, should be found on this system using `man perl' or `perldoc perl'. If you have access to the Internet, point your browser at http://www.perl.com/, the Perl Home Page.
use strict; use Digest::SHA qw(sha1 sha1_hex sha256 sha256_hex sha384 sha384_hex sha512 sha512_hex hmac_sha1_hex hmac_sha256_hex hmac_sha384_hex hmac_sha512_hex); my $ipad = '6' x 64; my $bigipad = '6' x 128; my $opad = '\\' x 64; my $bigopad = '\\' x 128; my $key = 'Test' . "\x{00}" x 60; my $bigkey = 'Test' . "\x{00}" x 124; my $data = 'abc'; print "Digest::SHA hmac sha1:\n" . hmac_sha1_hex($data, $key) . "\n"; print "hmac sha1:\n" . sha1_hex(($key ^ $opad) .sha1(($key ^ $ipad) . $data)) . "\n"; print "\n"; print "Digest::SHA hmac sha256:\n" . hmac_sha256_hex($data, $key) . "\n"; print "hmac sha256:\n" . sha256_hex(($key ^ $opad) .sha256(($key ^ $ipad) . $data)) . "\n"; print "\n"; print "Digest::SHA hmac sha384:\n" . hmac_sha384_hex($data, $key) . "\n"; print "bad hmac sha384:\n" . sha384_hex(($key ^ $opad) .sha384(($key ^ $ipad) . $data)) . "\n"; print "correct hmac sha384:\n" . sha384_hex(($bigkey ^ $bigopad) .sha384(($bigkey ^ $bigipad) . $data)) . "\n"; print "\n"; print "Digest::SHA hmac sha512:\n" . hmac_sha512_hex($data, $key) . "\n"; print "bad hmac sha512:\n" . sha512_hex(($key ^ $opad) .sha512(($key ^ $ipad) . $data)) . "\n"; print "correct hmac sha512:\n" . sha512_hex(($bigkey ^ $bigopad) .sha512(($bigkey ^ $bigipad) . $data)) . "\n"; print "\n";
  Sat Jul 31 03:43:28 2004 mshelor [...] cpan.org - Taken
  Sat Jul 31 04:02:00 2004 mshelor [...] cpan.org - Correspondence added 45 min
RT-Send-CC: bug-Digest-SHA [...] rt.cpan.org
As noted in the original report, the error resulted from using the SHA-1/256 block size for HMAC-SHA-384/512 processing. The code in "src/hmac.c" has been corrected (as of Version 5.03) to use the "blocksize" value from "SHA" in lieu of the hardwired value. Also, a test script (t/5-hmac-woodbury.t) has been added to assure correct behavior, using the vectors supplied above by Adam Woodbury.
  Sat Jul 31 04:02:05 2004 mshelor [...] cpan.org - Status changed from 'new' to 'resolved'
  Sat Jul 31 07:39:02 2004 mshelor [...] cpan.org - Fixed in 5.03 added