On Mon, Jul 14, 2014, Steven Ct wrote:
> I've been playing around with OpenSSL and I'm trying to accomplish the same
> thing via two different interfaces. The trouble is that it's returning me
> two different hashes, and I was hoping someone here might be able to
> explain to me why they're different.
>
> Attempt 1: Command Line
> $ echo -n 'password' | openssl dgst -sha1 -mac HMAC -macopt
> hexkey:73616c7400000001
> (stdin)= 110e10a574ba31387e22a939db0c580f94822262
>
> This is wrong.
>
> Attempt 2: C Program
> #include <stdio.h>
> #include <string.h>
> #include <openssl/hmac.h>
>
> int main(void)
> {
> char pass[8];
> unsigned char salt[8];
> unsigned char pbDK[20];
> int i;
> memcpy(pass,"password",8);
> memcpy(salt,"salt\0\0\0\1",8);
> HMAC_CTX ctx;
> HMAC_CTX_init(&ctx);
> HMAC_Init_ex(&ctx,pass,8,EVP_sha1(),NULL);
> HMAC_Update(&ctx,salt,8);
> HMAC_Final(&ctx,pbDK,NULL);
> HMAC_CTX_cleanup(&ctx);
>
> printf("pbDK = ");
> for(i = 0; i < 20; ++i)
> printf("%02X ", pbDK[i]);
> printf("\n");
>
> return 0;
> }
>
> $ ./sha1hmac
> pbDK = 0C 60 C8 0F 96 1F 0E 71 F3 A9 B5 24 AF 60 12 06 2F E0 37 A6
>
> This is the correct hash.
>
> So my question is, what's different about these two different attempts to
> generate an SHA1 HMAC?
The command line is using salt as the HMAC key and "password" as the data to
be HMACed while your program has those reversed.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
