Wrong hmac values from crypto_data_hash

jinwoo · February 21, 2024, 2:23am

Posting here to get attentions to the issue that I filed : Wrong hmac values when the key contains "null" bytes · Issue #170 · SWI-Prolog/packages-ssl · GitHub.

When crypto_data_hash is called with the hmac(Key) option, and when Key contains null bytes, the resulting value is wrong. That’s because the underlying C code treats the key as a C-string and uses strlen to calculate the key length. strlen thinks the key is terminated by the null byte.

The key can contain null bytes when the key is a binary data, especially when the key is derived from key-derivation-functions such as scrypt, bcrypt, etc.

Would anyone familiar with the code base be kind enough to fix this?

jan · February 21, 2024, 8:48am

Pushed a fix. I don’t know much about the crypto predicates. The code suggests the key is expected to be a normal key without 0-bytes. Anyway, it works fine with 0-bytes now. The choice was between supporting them or raising an error when the key contains 0-bytes. Just returning the wrong result is not an option

jinwoo · February 21, 2024, 2:35pm

Woohoo! It was quick! Thank you, Jan.

Topic		Replies	Views
Issue with crypto HMAC Hash General bug	3	371	May 8, 2020
Creating terms with binary value Help! bug	2	274	December 27, 2022
Character code literals Help!	8	590	January 4, 2020
Sha1 different results Help!	1	115	March 1, 2024
Marking crypto library as safe in sandbox for pengines Predicate	3	476	November 22, 2021

Wrong hmac values from crypto_data_hash

Related topics