command line hmac with key in hex

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

command line hmac with key in hex

MITSUNARI Shigeo
Hi,
I tried to use openssl command to generate an HMAC with a key
contains '\0', but failed.

>openssl dgst -sha1 -hmac `cat <key-file>` <input-file>

I'm happy if dgst command supports binary format like enc command.
So I appended -hmachex <key in hex> option as the followings:

>openssl dgst -sha1 -hmachex aabbcc0011223344 <input-file>
How about this patch?

Yours,
 Shigeo

--- openssl-1.0.1c/apps/dgst.c.org 2012-02-11 01:46:19.000000000 +0900
+++ openssl-1.0.1c/apps/dgst.c 2012-08-02 14:47:31.368244214 +0900
@@ -74,6 +74,8 @@
 #undef PROG
 #define PROG dgst_main
 
+int set_hex(char *in,unsigned char *out,int size); // defined in apps/enc.c
+
 int do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
   EVP_PKEY *key, unsigned char *sigin, int siglen,
   const char *sig_name, const char *md_name,
@@ -126,6 +128,8 @@
  char *engine=NULL;
 #endif
  char *hmac_key=NULL;
+ char hmac_key_data[EVP_MAX_KEY_LENGTH];
+ int hmac_key_len = -1;
  char *mac_name=NULL;
  int non_fips_allow = 0;
  STACK_OF(OPENSSL_STRING) *sigopts = NULL, *macopts = NULL;
@@ -226,6 +230,15 @@
  break;
  hmac_key=*++argv;
  }
+ else if (!strcmp(*argv,"-hmachex"))
+ {
+ if (--argc < 1)
+ break;
+ hmac_key_len = strlen(*++argv) / 2;
+ if (!set_hex(*argv, hmac_key_data, sizeof hmac_key_data))
+ break;
+ hmac_key = hmac_key_data;
+ }
  else if (!strcmp(*argv,"-mac"))
  {
  if (--argc < 1)
@@ -281,6 +294,7 @@
  BIO_printf(bio_err,"-signature file signature to verify\n");
  BIO_printf(bio_err,"-sigopt nm:v    signature parameter\n");
  BIO_printf(bio_err,"-hmac key       create hashed MAC with key\n");
+ BIO_printf(bio_err,"-hmachex hexkey create hashed MAC with key in hex\n");
  BIO_printf(bio_err,"-mac algorithm  create MAC (not neccessarily HMAC)\n");
 
  BIO_printf(bio_err,"-macopt nm:v    MAC algorithm parameters or key\n");
 #ifndef OPENSSL_NO_ENGINE
@@ -410,7 +424,7 @@
  if (hmac_key)
  {
  sigkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, e,
- (unsigned char *)hmac_key, -1);
+ (unsigned char *)hmac_key, hmac_key_len);
  if (!sigkey)
  goto end;
  }

dgst.patch (1K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: command line hmac with key in hex

Dr. Stephen Henson
On Thu, Aug 02, 2012, MITSUNARI Shigeo wrote:

> Hi,
> I tried to use openssl command to generate an HMAC with a key
> contains '\0', but failed.
>
> >openssl dgst -sha1 -hmac `cat <key-file>` <input-file>
>
> I'm happy if dgst command supports binary format like enc command.
> So I appended -hmachex <key in hex> option as the followings:
>
> >openssl dgst -sha1 -hmachex aabbcc0011223344 <input-file>
> How about this patch?
>

You can achieve this using the generalised MAC interface to HMAC like this:

openssl dgst -sha1 -mac HMAC -macopt hexkey:aabbcc

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: command line hmac with key in hex

MITSUNARI Shigeo
Hi,

>You can achieve this using the generalised MAC interface to HMAC like this:
>
>openssl dgst -sha1 -mac HMAC -macopt hexkey:aabbcc

I'm ashamed of my mail. Thank you for your advice.

Yours,
 Shigeo


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]