I've been playing around with OpenSSL and I'm trying to accomplish the same
thing via two different interfaces. The trouble is that it's returning me
two different hashes, and I was hoping someone here might be able to
explain to me why they're different.
Attempt 1: Command Line
$ echo -n 'password' | openssl dgst -sha1 -mac HMAC -macopt
hexkey:73616c7400000001
(stdin)= 110e10a574ba31387e22a939db0c580f94822262
This is wrong.
Attempt 2: C Program
#include <stdio.h>
#include <string.h>
#include <openssl/hmac.h>
int main(void)
{
char pass[8];
unsigned char salt[8];
unsigned char pbDK[20];
int i;
memcpy(pass,"password",8);
memcpy(salt,"salt\0\0\0\1",8);
HMAC_CTX ctx;
HMAC_CTX_init(&ctx);
HMAC_Init_ex(&ctx,pass,8,EVP_sha1(),NULL);
HMAC_Update(&ctx,salt,8);
HMAC_Final(&ctx,pbDK,NULL);
HMAC_CTX_cleanup(&ctx);
printf("pbDK = ");
for(i = 0; i < 20; ++i)
printf("%02X ", pbDK[i]);
printf("\n");
return 0;
}
$ ./sha1hmac
pbDK = 0C 60 C8 0F 96 1F 0E 71 F3 A9 B5 24 AF 60 12 06 2F E0 37 A6
This is the correct hash.
So my question is, what's different about these two different attempts to
generate an SHA1 HMAC?
