On 03.05.2017 17:17, Peltonen, Janne (Nokia - FI/Espoo) wrote:
> Hi,
>
> I think there is a problem or ambiguity in the ODP API spec regarding
> the truncation of the HMAC output.
>
> According to RFC 2104 the terminology goes so that HMAC-{hash-func} (e.g.
> HMAC-SHA-512) means the HMAC with the full, non-truncated output and
> HMAC-{hash-func}-{bits} (e.g. HMAC-SHA-512-256) means the HMAC output
> truncated to {bits} bits.
>
> The existing implementation (and this patch too) calculates the
> truncated output, even though the algorithm names do not indicate
> it. The deprecated names did indicate the output length (but not
> that the algorithms were HMACs).
Output is truncated up to the length specified in
param->auth_range.length. However you are right that digest capabilities
should be updated to reflect full digest length. If I have time, I'll
take a look on it.
--
With best wishes
Dmitry
