Inconsistent behavior of hexdigest! (and gnutls_hmac_output) between GnuTLS versions - Githubissues

JuliaWeb / GnuTLS.jl

Transport Level Security for Julia Streams provided by GnuTLS

Other

8 stars 13 forks source link

Inconsistent behavior of hexdigest! (and gnutls_hmac_output) between GnuTLS versions #5

Closed simonster closed 9 years ago

simonster commented 11 years ago

The following test passes in 3.1.10 but fails in 2.12.5:

h = HMACState(SHA256,"key")
update(h,"The quick brown fox jumps over the lazy dog")
@test hexdigest!(h) == "f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8"
update(h,"The quick brown fox jumps over the lazy dog")
@test hexdigest!(h) == "f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8"

In 2.12.5, I get 6b2062726f776e20666f78206a756d7073206f76657220746865206c617a7920 the second time around. I'm not actually sure where this comes from, since

h = HMACState(SHA256,"key")
update(h,"The quick brown fox jumps over the lazy dog")
update(h,"The quick brown fox jumps over the lazy dog")
hexdigest!(h)

yields 563d87fd06455e5809679f6153df494301b543b9720113876ac44e0c9fd55299.

This seems like it could be fixed by reinitializing the HMAC after hexdigest! for old versions of GnuTLS, although I'm not sure when this was fixed/changed.

stevengj commented 11 years ago

Hmm, I can't find any mention of a change of this sort in the GnuTLS API in their NEWS file.

stevengj commented 11 years ago

This fact that gnutls_hmac_output resets the state of the MAC was only documented on April 27, which means that it may be new to GnuTLS 3.1.11 (released May 10). In particular, it looks like the reset functionality was changed on 27 April in this commit and this commit, but it's not clear to me if that was actually a point at which the gnutls_hmac_output semantics changed, or if it was a fix for compatibility with a libnettle release.

But then, it works for @simonster in 3.1.10 (released March 22), so maybe the April 27 fixes are unrelated?

stevengj commented 11 years ago

It's not clear to me if there ever was a separate function to reset the hmac in GnuTLS.

My suspicion at this point is that (assuming the hmac in 2.12.5 worked at some point) there is an incompatibility between recent libnettle versions and older GnuTLS versions.

stevengj commented 11 years ago

I posted a question on the gnutls mailing list to see if we can get any clarification on this.

stevengj commented 11 years ago

Progress! The GnuTLS developers say that the problem is that you need to have a GnuTLS linked with Nettle rather than libgcrypt in order for the HMAC to be reset on update. Nettle became the default in GnuTLS 2.11.1, but libgcrypt is still an option.

@simonster, can you confirm that your 2.12.5 was linked with libgcrypt rather than libnettle?

simonster commented 11 years ago

Yes, it was, and so is the Ubuntu libgnutls26 package.

sbromberger commented 9 years ago

Tidying up and closing this out, since it appears to reference a problem in versions of GnuTLS that are deprecated.