[openssl-users] openssl dgst computes wrong HMAC?
Hi list,
when I use OpenSSL I suspect some funny business going on with the HMAC
computation of openssl dgst command line tool. Consider:
$ echo -n foobar | openssl dgst -sha256 -hex -hmac aabbcc
(stdin)= 6e74cdc3b72b8b66535b914357c7d656a22acbb1700b4e6de688fd5c091d305c
But
#include stdio.h
#include stdint.h
#include stdbool.h
#include openssl/hmac.h
#include hexdump.h
int main() {
uint8_t digest[32];
HMAC_CTX hmacCtx;
HMAC_CTX_init(hmacCtx);
HMAC_Init_ex(hmacCtx, \xaa\xbb\xcc, 3, EVP_sha256(), NULL);
HMAC_Update(hmacCtx, foobar, 6);
unsigned int length;
HMAC_Final(hmacCtx, digest, length);
HMAC_CTX_cleanup(hmacCtx);
HexDump(digest, 32);
return 0;
}
Yields 985343745ee86b452c7c0b327171829c77e1a022f423d95156b52fa22083db8e
Also, Python:
#!/usr/bin/python3
import Crypto.Hash.HMAC
import Crypto.Hash.SHA256
key = b\xaa\xbb\xcc
data = bfoobar
hmac = Crypto.Hash.HMAC.new(digestmod = Crypto.Hash.SHA256, key = key)
hmac.update(data)
result = hmac.digest()
print(.join(%02x % (c) for c in result))
Yields 985343745ee86b452c7c0b327171829c77e1a022f423d95156b52fa22083db8e
Am I using openssl dgst wrong or is it just plain broken?
Regards,
Johannes
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] openssl dgst computes wrong HMAC?
On 03.02.2015 10:00, Johannes Bauer wrote: when I use OpenSSL I suspect some funny business going on with the HMAC computation of openssl dgst command line tool. Consider: Damn, I'm sorry. Forgot to include the version: OpenSSL 1.0.1f 6 Jan 2014 Regards, Johannes ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] openssl dgst computes wrong HMAC?
Hi list,
when I use OpenSSL I suspect some funny business going on with the HMAC
computation of openssl dgst command line tool. Consider:
$ echo -n foobar | openssl dgst -sha256 -hex -hmac aabbcc
(stdin)= 6e74cdc3b72b8b66535b914357c7d656a22acbb1700b4e6de688fd5c091d305c
But
#include stdio.h
#include stdint.h
#include stdbool.h
#include openssl/hmac.h
#include hexdump.h
int main() {
uint8_t digest[32];
HMAC_CTX hmacCtx;
HMAC_CTX_init(hmacCtx);
HMAC_Init_ex(hmacCtx, \xaa\xbb\xcc, 3, EVP_sha256(), NULL);
HMAC_Update(hmacCtx, foobar, 6);
unsigned int length;
HMAC_Final(hmacCtx, digest, length);
HMAC_CTX_cleanup(hmacCtx);
HexDump(digest, 32);
return 0;
}
Yields 985343745ee86b452c7c0b327171829c77e1a022f423d95156b52fa22083db8e
Also, Python:
#!/usr/bin/python3
import Crypto.Hash.HMAC
import Crypto.Hash.SHA256
key = b\xaa\xbb\xcc
data = bfoobar
hmac = Crypto.Hash.HMAC.new(digestmod = Crypto.Hash.SHA256, key = key)
hmac.update(data)
result = hmac.digest()
print(.join(%02x % (c) for c in result))
Yields 985343745ee86b452c7c0b327171829c77e1a022f423d95156b52fa22083db8e
Am I using openssl dgst wrong or is it just plain broken?
Regards,
Johannes
___
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] openssl dgst computes wrong HMAC?
On 03.02.2015 10:00, Johannes Bauer wrote: when I use OpenSSL I suspect some funny business going on with the HMAC computation of openssl dgst command line tool. Consider: Damn, I'm sorry. Forgot to include the version: OpenSSL 1.0.1f 6 Jan 2014 Regards, Johannes ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] openssl dgst computes wrong HMAC?
$ echo -n foobar | openssl dgst -sha256 -hex -hmac aabbcc (stdin)= 6e74cdc3b72b8b66535b914357c7d656a22acbb1700b4e6de688fd5c091d305c This gets posted every once in a while -- google around. Something about the hmac switch not doing what you think it's doing. $ echo -n foobar | openssl dgst -sha256 -mac HMAC -macopt hexkey:aabbcc (stdin)= 985343745ee86b452c7c0b327171829c77e1a022f423d95156b52fa22083db8e BBB ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] openssl dgst computes wrong HMAC?
On 03.02.2015 11:16, Billy Brumley wrote: $ echo -n foobar | openssl dgst -sha256 -hex -hmac aabbcc (stdin)= 6e74cdc3b72b8b66535b914357c7d656a22acbb1700b4e6de688fd5c091d305c This gets posted every once in a while -- google around. Something about the hmac switch not doing what you think it's doing. $ echo -n foobar | openssl dgst -sha256 -mac HMAC -macopt hexkey:aabbcc (stdin)= 985343745ee86b452c7c0b327171829c77e1a022f423d95156b52fa22083db8e Ah, interesting. I did google the issue, but only found post of people who didn't realize that echo without -n appends a newline. If this topic really comes up every now and then, I'd still suggest updating the help page to clarify while remaining identical behavior. Currently it reads -hmac argset the HMAC key to arg. I would suggest -hmac strset the HMAC key to the string str. Regards, Johannes ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
