Bug#552454: libgcrypt11: HMAC-SHA512 computation with 128-bytes key yields wrong result

Stefan Westerfeld stefan at space.twc.de
Mon Oct 26 10:35:55 UTC 2009 

Package: libgcrypt11
Version: 1.4.1-1
Severity: normal

The HMAC-512 computation with a long key (128 bytes) gives a wrong result. This
is a known problem, a mail from the upstream developer can be found here:

http://www.nabble.com/Important-fix-for-HMAC-SHA-384-512-to20348035.html

I wrote a test program which computes:
 - HMAC-SHA512 with 128 bytes key via Debian/stable grcypt
 - HMAC-SHA512 implemented manually
 - HMAC-SHA512 implemented using python

Results:

* Debian/stable package:
stefan at quadcorn:/big/home/stefan/src/sandbox/fmc$ hmac512 abc
Key:  KeyKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK
Data: abc
GCrypt: 7933494498a4dadbe4e5d7a84d4aea568ea2e7da23f9c159ba609e19fa60e256a079f27c4cd2a7980701aac72243550900e66367af06110adf9dbcc93ec43fb4
MyHMAC: 2c5b16e1d82fff0c6ef5754b97bcfad5324a5bc9515031b5f1ab1a25751db9bca44c28833a51ab108bc67b63803281fece57d596001941a717550082c6f9522c
Python: 2c5b16e1d82fff0c6ef5754b97bcfad5324a5bc9515031b5f1ab1a25751db9bca44c28833a51ab108bc67b63803281fece57d596001941a717550082c6f9522c

* manually compiled gcrypt 1.4.4
stefan at quadcorn:/big/home/stefan/src/sandbox/fmc$ LD_LIBRARY_PATH=/usr/local/gcrypt/lib hmac512 abc
Key:  KeyKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKK
Data: abc
GCrypt: 2c5b16e1d82fff0c6ef5754b97bcfad5324a5bc9515031b5f1ab1a25751db9bca44c28833a51ab108bc67b63803281fece57d596001941a717550082c6f9522c
MyHMAC: 2c5b16e1d82fff0c6ef5754b97bcfad5324a5bc9515031b5f1ab1a25751db9bca44c28833a51ab108bc67b63803281fece57d596001941a717550082c6f9522c
Python: 2c5b16e1d82fff0c6ef5754b97bcfad5324a5bc9515031b5f1ab1a25751db9bca44c28833a51ab108bc67b63803281fece57d596001941a717550082c6f9522c

As you see, the newer gcrypt 1.4.4 gives the correct result (the same result as
my routine and python), whereas the Debian/stable gcrypt HMAC-SHA512 is wrong.

-- System Information:
Debian Release: 5.0.3
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/4 CPU cores)
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

Versions of packages libgcrypt11 depends on:
ii  libc6                         2.7-18     GNU C Library: Shared libraries
ii  libgpg-error0                 1.4-2      library for common error values an

libgcrypt11 recommends no packages.

Versions of packages libgcrypt11 suggests:
pn  rng-tools                     <none>     (no description available)

-- no debconf information
-------------- next part --------------
A non-text attachment was scrubbed...
Name: hmac512.cc
Type: text/x-c
Size: 2276 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20091026/a6391af5/attachment.bin>

More information about the Pkg-gnutls-maint mailing list