Hello All, I've managed to solve the hmac problem! The problem was the openssl commandline using digest (dgst) and hmac option would not let the hmac keys in hexadecimal digit to start with 00 as stated in my first post in this thread. It will give incorrect answer. So, I started thinking that I could use the API instead and thanks to Girish Venkatachalam (http://m.linuxjournal.com/article/8756) article about openssl, in the hmac section, I had gotten my answer. However not quite, as his codes still require hmac key to be in ascii format. Anyway, I have modified his codes to my requirement and hopefully it'll be useful to some of you. Below is the code : #include <fcntl.h> #include <string.h> #include <openssl/hmac.h> //#define KEY "c89f2d8eee56cde41aeb12948458c8b8" // I commented this out (also his key was different) main(int argc,char **argv) { HMAC_CTX hmac; int fd,n,i,len; unsigned char buf[1024],hmac_value[1024]; if(argc < 2) { printf("Please give a filename to compute the HMAC on\n"); return 1; } unsigned char KEY[] = {0xc8, 0x9f, 0x2d, 0x8e, 0xee, 0x56, 0xcd, 0xe4, 0x1a, 0xeb, 0x12, 0x94, 0x84, 0x58, 0xc8, 0xb8}; // add key def here HMAC_CTX_init(&hmac); HMAC_Init_ex(&hmac,KEY,sizeof(KEY),EVP_md5(),NULL); // changed strlen to sizeof
if((fd = open(argv[1],O_RDONLY) ) == -1) {
printf("Couldnt open input file, try again\n");
return 1;
}
while((n = read(fd,buf,1024)) > 0)
HMAC_Update(&hmac, buf, n);
HMAC_Final(&hmac, hmac_value, &len);
HMAC_CTX_cleanup(&hmac);
printf("Digest is: ");
for(i = 0; i < len; i++) printf("%02x", hmac_value[i]);
printf("\n");
return 0;
}
After compiling and running with the same message and key from my last post, I
had gotten the correct digest value. So, openssl's hmac does accept hex keys
starting with 00, but only thru the API and not the commandline. Anyways, users
that have ways to do this using commandline are welcomed to give their
solutions. Thanks for your time
- Ahmad Raif
________________________________
From: [EMAIL PROTECTED] on behalf of Ahmad Raif Mohamed Noor Beg
Sent: Mon 7/21/2008 4:45 PM
To: openssl-users@openssl.org
Cc: [EMAIL PROTECTED]
Subject: openssl hmac problem
Hi All,
I've managed to solve the problem of getting the hmac in hex by using perl but
not quite. I've noticed that if the key (in hex) starts with 00..., the digest
given will be wrong. For example:
perl -e 'print
pack("H*","98b0c8e5000000012bdd55872b408bc9a50d7ec6ccdb4725760942ff7ef0110fd7987dbef89e2c334faca33170f0bab76d04acd9aa3bd01ac081a12c075b4f559574f741815e786ad39bfc21d3994138b5c58c919b6a85c2da609c80eb22bb47955138a4d9314f4adc3cf1d11a28dd1d107a3a4c6600c47a")'
|/home/raif/tools/bin/openssl dgst -md5 -hmac `perl -e 'print
pack("H*","c89f2d8eee56cde41aeb12948458c8b8")'`
will produce 388a7391df93eba9423b320aaee2b32b (which is correct - compared
against Hashcalc 2.02 from slavasoft)
Now, the same message is being digested but with different key (with two zeroes
in front - 128 bits length, same as above, length that is) :
perl -e 'print
pack("H*","98b0c8e5000000012bdd55872b408bc9a50d7ec6ccdb4725760942ff7ef0110fd7987dbef89e2c334faca33170f0bab76d04acd9aa3bd01ac081a12c075b4f559574f741815e786ad39bfc21d3994138b5c58c919b6a85c2da609c80eb22bb47955138a4d9314f4adc3cf1d11a28dd1d107a3a4c6600c47a")'
|/home/raif/tools/bin/openssl dgst -md5 -hmac `perl -e 'print
pack("H*","009f2d8eee56cde41aeb12948458c8b8")'`
will produce 79b80eeb128b94aa58589a11db67d63e but the correct answer is
8b6d8ced6f5b4bcf86a19a2f61266436
Is there some way for openssl to accept keys which start with 00 ?
Best regards
-raif
------------------------------------------------------------------
-
-
DISCLAIMER:
This e-mail (including any attachments) may contain confidential information.
If you are not the intended recipient, you are hereby notified that any
dealing,
review, distribution, printing, copying or use of this e-mail is strictly
prohibited.
If you have received this email in error, please notify the sender or MIMOS
Berhad
immediately and delete the original message. Opinions, conclusions and other
information in this e-mail that do not relate to the official business of MIMOS
Berhad
and/or its subsidiaries shall be understood as neither given nor endorsed by
MIMOS
Berhad and/or its subsidiaries and neither MIMOS Berhad nor its subsidiaries
accepts
responsibility for the same. All liability arising from or in connection with
computer
viruses and/or corrupted e-mails is excluded to the fullest extent permitted by
law.
------------------------------------------------------------------
-
-
DISCLAIMER:
This e-mail (including any attachments) may contain confidential information.
If you are not the intended recipient, you are hereby notified that any dealing,
review, distribution, printing, copying or use of this e-mail is strictly
prohibited.
If you have received this email in error, please notify the sender or MIMOS
Berhad
immediately and delete the original message. Opinions, conclusions and other
information in this e-mail that do not relate to the official business of MIMOS
Berhad
and/or its subsidiaries shall be understood as neither given nor endorsed by
MIMOS
Berhad and/or its subsidiaries and neither MIMOS Berhad nor its subsidiaries
accepts
responsibility for the same. All liability arising from or in connection with
computer
viruses and/or corrupted e-mails is excluded to the fullest extent permitted by
law.<<winmail.dat>>
