HMAC function

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
speedphreak
Forum Newbie
Posts: 3
Joined: Wed Jan 29, 2003 2:54 pm

HMAC function

Post by speedphreak »

Ok. I know I can use the mhash() function, but my service provider doesn't have it enabled. I'm attempting to write an HMAC function for MD5. I have a good understanding of the process, but seeing as I'm a coding newb there are a couple things that are stumping me. If you need more info on what HMAC is here ya go. http://www.faqs.org/rfcs/rfc2104.html

Here's my code. Again, don't laugh... This is the first function I've ever attempted to write.

Code: Select all

<?
function hmac_md5($key, $data)
	&#123;
		$l = '16';
		$b = '64';
		
	if (strlen($key) > $b)
		$key = md5($key);
		
	while (strlen($key) < $b)
		&#123;
		$key = $key."0";
		//echo $key;
		//echo "<br>";
		//echo strlen($key)."<br>";
		&#125;

	for ($i='0'; $i<='64'; $i++) 
		&#123;
		//echo $i."<br>";
		$ipad = $ipad.chr(0x36); 
		$opad = $opad.chr(0x36); 
		//echo $ipad."<br>";
		//echo $opad."<br>";		
		//echo "<br>";
		&#125;
		
	$ipad = $key ^ $ipad;
	$opad = $key ^ $opad;
	
	//echo $ipad."<br>";
	//echo $opad."<br>";
	
	$result = md5($opad.(md5($ipad.$data)));
    echo $result;
&#125;
?>
Ignore the echo statements. I was trying to use those to help me test. Anyway. I'm sure where I'm messing up is the values for opad and ipad. If someone could help me clear those up, I would greatly appreciate it. Thanks a ton. Oh yeah, I had orginally intended to add a $hash variable to the function so you could specify the hash type. That way it will work with the different hash types that the mhash() function supports.
speedphreak
Forum Newbie
Posts: 3
Joined: Wed Jan 29, 2003 2:54 pm

Post by speedphreak »

Here's more infor on HMAC

These are the variables:

Code: Select all

H = the hash function (MD5 in this case)
K = the key used
B = the byte length of the blocks of data computed by the hash (64 for MD5)
L = the byte lenght of the hash outputs (16 for MD5)
ipad = the byte 0x36 repeated B times
opad = the byte 0x5c repeated B times
Here's the actual formula for computing the HMAC:

Code: Select all

H(K XOR opad, H(K XOR ipad, text))


And here's a step by step:

Code: Select all

(1) append zeros to the end of K to create a B byte string (e.g., if
K is of length 20 bytes and B=64, then K will be appended with 
44 zero bytes 0x00)
(2) XOR (bitwise exclusive-OR) the B byte string computed in step 
(1) with ipad
(3) append the stream of data 'text' to the B byte string resulting 
from step (2)
(4) apply H to the stream generated in step (3)
(5) XOR (bitwise exclusive-OR) the B byte string computed in step 
(1) with opad
(6) append the H result from step (4) to the B byte string 
resulting from step (5)
(7) apply H to the stream generated in step (6) and output the 
result
speedphreak
Forum Newbie
Posts: 3
Joined: Wed Jan 29, 2003 2:54 pm

Post by speedphreak »

Anybody??? Bueller??? Bueller??? Bueller???
User avatar
Stoker
Forum Regular
Posts: 782
Joined: Thu Jan 23, 2003 9:45 pm
Location: SWNY
Contact:

Post by Stoker »

I didnt really get what the question was? Error messages or just the wrong result?

What characters are you trying to pad with?
Post Reply