Re: [Exim] [patch] HMAC (hash message authentication code) e…

Top Page
Delete this message
Reply to this message
Author: Steve Haslam
Date:  
To: exim-users
Subject: Re: [Exim] [patch] HMAC (hash message authentication code) expansion operator
On Thu, Oct 17, 2002 at 01:36:37PM +0200, Nico Erfurth wrote:
> Steve Haslam wrote:
> >OK, I have updated http://www.arise.demon.co.uk/exim_hmac_path with a patch
>
> http://www.arise.demon.co.uk/exim_hmac_patch


Indeed. Or even http://www.arise.demon.co.uk/exim-patches/ now.

> >to spec.txt describing ${hmac_...}. I will try and get round to adding
> >documentation on the other patches I've done, as well as sorting them out
> >into separate blocks for people to browse.
>
> Mhhh, i personaly don't like the way you implemented it, because it uses
> : as delimeter for the parameters, for multi-parameter-things exim uses
> {} everywhere, so your patch should use it too (IMHO). But maybe i'm
> just confused with the difference between an item and an operator.
>
> I just looked over it, and it seems like it will not allow : in the secret.


Well, Exim isn't entirely consistent. But to add it as an expansion operator
meant it was very easy to hook in, and also groups it with the other hash
functions which I thought was conceptually right. However, none of the other
operators takes multiple parameters, as you say, so I had to invent using
another ':' to separate them. You could use something like:

${hmac_md5{<secret>}<text>} or ${hmac_md5{<secret>}{<text>}}

would also make sense. Hmm..., yes it look slike that could be done by
making it an expansion item. Although it would take the algorithm as a
separate argument, since exim doesn't split on _ for items, so:

${hmac{<alg>}{<secret>}{<text>}}

This would also let us split the arguments before expanding them.

So, who prefers this syntax to the operator syntax?

SRH
--
Steve Haslam      Reading, UK                           araqnid@???
Debian GNU/Linux Maintainer                               araqnid@???
                               maybe the human race deserves to be wiped out