[mono-vb] Need a second opinion

Fri Jul 30 19:23:23 EDT 2010

  I'd like to have a second opinon on encoding problem:

Basically it's C# and not VB, but since it concerns the mono-runtime, 
it's just as relevant here.

I've downloaded and tried to run
http://www.lumisoft.ee/lswww/Download/Downloads/MailServer/
on my Ubuntu 10.04 server.

The author claims he has tested it on Suse Linux with the  0.94 release, 
and that it worked.
However, I had to correct all the bugs listed here to get the latest 
version working:
http://www.lumisoft.ee/Forum/default.aspx?g=posts&t=673 
<http://www.lumisoft.ee/Forum/default.aspx?g=posts&t=673>

I was debugging (without step-through...) this issue all friday evening, 
until I found the reason.
It turned out the "bug" was the way the Mailserver's developer converted 
the HmacMd5 to a hex string...
Now in my opinion, his line:
return 
Encoding.Default.GetString(kMd5.ComputeHash(Encoding.ASCII.GetBytes(hashKey)));
is plain wrong, because this causes the byte array to be converted into 
a different encoding on each operating system (1252 on my windows 7, 
UTF-8 on Ubuntu), and the mailserver's programmer then calculates the 
hex string from the string hash with the operating-system specific encoding.

Now since it works with the encoding change on Windows (but not on 
Linux), I'm not sure anymore whether I am right, or whether the server's 
programmer is right, which would mean that the encoding-bug is a bug in 
mono.

I've isolated the code in question below, just switch bCorrectedVersion 
between true and false, and watch how the hash is different on Windows 
vs. Linux when one switches bCorrectedVersion to false...
BTW, this is the hash used to authenticate pop3/smtp, so it definitely 
is not good when it's different...
(That was the issue that kept all my get/send mail request to and from 
the server failing, because authentication failed...)

Who is right ?

Below is the code in question to reproduce the issue:

private void button1_Click(object sender, EventArgs e)
         {
             string m_Key = "TestKey1";
             string result_Password = "TestUser1";
             string hash = "";

             bool bCorrectedVersion = true;
             if(bCorrectedVersion)
                 hash = HmacMd5_corrected(m_Key, result_Password);
             else
                 hash = Net_Utils_ToHex(HmacMd5(m_Key, result_Password));

             this.textBox2.Text = "Hash: " + hash;
         }

         public static string Net_Utils_ToHex(string text)
         {
             if (text == null)
             {
                 throw new ArgumentNullException("text");
             }
             // Default encoding: Windows 1252, Linux UTF-8
             return 
BitConverter.ToString(Encoding.Default.GetBytes(text)).ToLower().Replace("-","");
         }

         // corrected version of original
         private string HmacMd5_corrected(string hashKey, string text)
         {
             System.Security.Cryptography.HMACMD5 kMd5 = new 
System.Security.Cryptography.HMACMD5(Encoding.Default.GetBytes(text));

             string strHash = "";
             foreach (byte x in 
kMd5.ComputeHash(Encoding.ASCII.GetBytes(hashKey)))
             {
                 strHash += x.ToString("x2");

             }
             return strHash;
             //return 
Encoding.Default.GetString(kMd5.ComputeHash(Encoding.ASCII.GetBytes(hashKey)));
         }

         // original
         private string HmacMd5(string hashKey, string text)
         {
             System.Security.Cryptography.HMACMD5 kMd5 = new 
System.Security.Cryptography.HMACMD5(Encoding.Default.GetBytes(text));

             return 
Encoding.Default.GetString(kMd5.ComputeHash(Encoding.ASCII.GetBytes(hashKey)));
         }