[Mono-dev] [PATCH] HMAC bug

Sebastien Pouliot sebastien.pouliot at gmail.com
Mon Apr 21 09:49:21 EDT 2008 

Hello,

It's in SVN. Thanks for the patch and test case!

Sebastien

On Mon, 2008-04-21 at 11:52 +0900, Kazuki Oikawa wrote:
> Hi.
> 
> HMAC function return wrong result if message is part of array.
> I made a patch to fix this bug.
> 
> Please review it.
> 
> plain text document attachment (HMAC.patch)
> Index: class/corlib/Mono.Security.Cryptography/CryptoTools.cs
> ===================================================================
> --- class/corlib/Mono.Security.Cryptography/CryptoTools.cs	(revision 101257)
> +++ class/corlib/Mono.Security.Cryptography/CryptoTools.cs	(working copy)
> @@ -133,7 +133,7 @@
>  				// 4. if data is still present fill the "block" with the remainder
>  				blockCount = cb - n;
>  				if (blockCount > 0)
> -					Buffer.BlockCopy (rgb, n, block, 0, blockCount);
> +					Buffer.BlockCopy (rgb, n + ib, block, 0, blockCount);
>  			}
>  		}
>  	
> Index: class/corlib/Test/System.Security.Cryptography/HMACSHA1Test.cs
> ===================================================================
> --- class/corlib/Test/System.Security.Cryptography/HMACSHA1Test.cs	(revision 101257)
> +++ class/corlib/Test/System.Security.Cryptography/HMACSHA1Test.cs	(working copy)
> @@ -121,6 +121,7 @@
>  		CheckC (testName, key, data, result);
>  		CheckD (testName, key, data, result);
>  		CheckE (testName, key, data, result);
> +		CheckF (testName, key, data, result);
>  	}
>  
>  	public void CheckA (string testName, byte[] key, byte[] data, byte[] result) 
> @@ -175,6 +176,16 @@
>  		Assert.AreEqual (result, algo.Hash, testName + "e");
>  	}
>  
> +	public void CheckF (string testName, byte[] key, byte[] data, byte[] result)
> +	{
> +		algo = new HMACSHA1 (key);
> +		byte[] temp = new byte[data.Length + 2];
> +		for (int i = 0; i < data.Length; i ++)
> +			temp[i + 1] = data[i];
> +		byte[] hmac = algo.ComputeHash (temp, 1, data.Length);
> +		Assert.AreEqual (result, hmac, testName + "f");
> +	}
> +
>  	[Test]
>  	public void FIPS198_A1 () 
>  	{
> _______________________________________________
> Mono-devel-list mailing list
> Mono-devel-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-devel-list

More information about the Mono-devel-list mailing list