jrwe / crypto-js

Automatically exported from code.google.com/p/crypto-js
1 stars 0 forks source link

hmac function ignores sigBytes of key #57

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Create a WordArray called 'key' with 20 words, but only 32 sigBytes.
2. Clone this and create a key2, 32 sigBytes, but clamped.
3. Use both keys to generate an hmac of a fixed WordArray.  hmac will be 
different.

What is the expected output? What do you see instead?
I expect the hmac digests to be equal.  The keys are supposed to be the same, 
despite differences in the internal WordArray structure.

What version of the product are you using? On what operating system?
3.0.2, mac, chrome

Please provide any additional information below.
I believe the problem is in hmac.js, around line 45, in the init function.  
There's no clamp() here, but lines later in the function use the key's word 
array directly, and override the key's sigBytes with hasherBlockSizeBytes.

Original issue reported on code.google.com by russelle...@gmail.com on 26 Nov 2012 at 4:01

GoogleCodeExporter commented 9 years ago

Original comment by Jeff.Mott.OR on 28 Nov 2012 at 8:24

GoogleCodeExporter commented 9 years ago
Very good catch, and your proposed solution was right on. Fixed in r555.

Original comment by Jeff.Mott.OR on 28 Nov 2012 at 8:37