CODEWITHSUNDEEP
copensslmd5hmac
ukhan
ukhan

Reputation: 61

MD5 HMAC With OpenSSL

I was trying to generate MD5 HMAC with OpenSSL & most of the code is borrowed. The hmac being generate is incorrect:

#include <openssl/hmac.h>
#include <openssl/evp.h>
#include <syslog.h>
#include <string.h>

#include <openssl/engine.h>
#include <openssl/hmac.h>
#include <openssl/evp.h>
#include <stdio.h>
#include <string.h>
#include <stdlib.h>

int main() 
{
  unsigned char* key = (unsigned char*) "2012121220121212201212122012121220121212201212122012121220121212";
  unsigned char* data = (unsigned char*) "johndoejohndoejohndoejohndoejohndoejohndoejohndoejohndoejohndoejohndoejohndoejohndoe";
  unsigned char* expected = (unsigned char*) "abcd1d87dca34f334786307d0da4fcbd";
  unsigned char* result;
  // unsigned int result_len = 16;
  unsigned int result_len = 16;
  int i;
  static char res_hexstring[32];

  // result = HMAC(EVP_sha256(), key, 4, data, 28, NULL, NULL);
  result = HMAC(EVP_md5(), key, 32, data, 28, NULL, NULL);
  for (i = 0; i < result_len; i++) {
    sprintf(&(res_hexstring[i * 2]), "%02x", result[i]);
  }

  if (strcmp((char*) res_hexstring, (char*) expected) == 0) {
    printf("Test ok, result length %d\n", result_len);
  } else {
    printf("Got %s instead of %s\n", res_hexstring, expected);
  }
}

The hash being produced is incorrect. I would appreciate some feedback or someone pointing me in the right direction.

Upvotes: 6

Views: 15008

Answers (3)

Yogeesh H T
Yogeesh H T

Reputation: 2885

Use

result = HMAC(EVP_md5(), key, strlen(key), data, strlen(data), NULL, NULL);

Instead of

result = HMAC(EVP_md5(), key, 32, data, 28, NULL, NULL);

It generally work for any data & key

Upvotes: -2

rustyMagnet
rustyMagnet

Reputation: 4085

You can make the all-in-one OpenSSL HMAC command tidier, if you write:

result = HMAC(EVP_md5(), key, sizeof(key)-1, data, sizeof(data)-1, NULL, NULL);

Because key and data are initialized with string literals, the last char of both is \0. This termination character should not be hashed. We skip this character by specifing the size of the array minus the last char.

You can get other Test Vectors for HMAC-MD5 from https://www.rfc-editor.org/rfc/rfc2202.

Upvotes: -1

Remi Gacogne
Remi Gacogne

Reputation: 4853

The third and fifth parameters to HMAC are just wrong. You have to pass the length of the key and the length of data. In your example, this is respectively 64 and 84, not 32 and 28.

So :

-    result = HMAC(EVP_md5(), key, 32, data, 28, NULL, NULL);                                                                                                                                                                         
+    result = HMAC(EVP_md5(), key, 64, data, 84, NULL, NULL);

With this modification, it seems to be working fine.

Upvotes: 8

Related Questions