I have an edge case. I'm building code that reads binary datafiles produced by a commercial, closed source tool. The information on the data format is specified in a document.
For data integrity checks, the vendor's spec calls for an HMAC based on SHA1, using a key derived from a password as per RFC2898. Many programming environments have a class called HMACSHA1 to produce these hashes.
For data streams of non-zero length, I can successfully calculate the Hash, and the calculation in my code agrees with the vendor's implementation. In other words, my code can read and authenticate files written by the vendor, and vice versa.
However, when the length of the data stream is zero, the vendor's tool emits a Hash which is NOT all zeroes. I don't know where it comes from, if there is no message to run through the HMACSHA1.
For HMACSHA1, or for any HMAC, is the MAC defined for the edge case of "a null message"?
I am using .NET, and the class System.Security.Cryptography.HMACSHA1, although I believe my question is platform-agnostic.
There is one platform-specific bit: When I try to get the Hash property on an instance of that type, if I have not run any data through the instance, I get
Exception: System.NullReferenceException: Object reference not set to an instance of an object.
at System.Security.Cryptography.HashAlgorithm.get_Hash()
This isn't surprising to me at all, since there is nothing to hash.
any hints?