On 03.05.2017 17:17, Peltonen, Janne (Nokia - FI/Espoo) wrote: > Hi, > > I think there is a problem or ambiguity in the ODP API spec regarding > the truncation of the HMAC output. > > According to RFC 2104 the terminology goes so that HMAC-{hash-func} (e.g. > HMAC-SHA-512) means the HMAC with the full, non-truncated output and > HMAC-{hash-func}-{bits} (e.g. HMAC-SHA-512-256) means the HMAC output > truncated to {bits} bits. > > The existing implementation (and this patch too) calculates the > truncated output, even though the algorithm names do not indicate > it. The deprecated names did indicate the output length (but not > that the algorithms were HMACs).
Output is truncated up to the length specified in param->auth_range.length. However you are right that digest capabilities should be updated to reflect full digest length. If I have time, I'll take a look on it. -- With best wishes Dmitry