HMAC function

speedphreak

Ok. I know I can use the mhash() function, but my service provider doesn't have it enabled. I'm attempting to write an HMAC function for MD5. I have a good understanding of the process, but seeing as I'm a coding newb there are a couple things that are stumping me. If you need more info on what HMAC is here ya go. http://www.faqs.org/rfcs/rfc2104.html

Here's my code. Again, don't laugh... This is the first function I've ever attempted to write.

<?
function hmac_md5($key, $data)
	{
		$l = '16';
		$b = '64';

if (strlen($key) > $b)
	$key = md5($key);

while (strlen($key) < $b)
	{
	$key = $key."0";
	//echo $key;
	//echo "<br>";
	//echo strlen($key)."<br>";
	}

for ($i='0'; $i<='64'; $i++) 
	{
	//echo $i."<br>";
	$ipad = $ipad.'0x36';
	$opad = $opad.'0x5c';
	//echo $ipad."<br>";
	//echo $opad."<br>";		
	//echo "<br>";
	}

$ipad = $key ^ $ipad;
$opad = $key ^ $opad;

//echo $ipad."<br>";
//echo $opad."<br>";

$result = md5($opad.(md5($ipad.$data)));
echo $result;
}
?>

Ignore the echo statements. I was trying to use those to help me test. Anyway. I'm sure where I'm messing up is the values for opad and ipad. If someone could help me clear those up, I would greatly appreciate it. Thanks a ton. Oh yeah, I had orginally intended to add a $hash variable to the function so you could specify the hash type. That way it will work with the different hash types that the mhash() function supports.

diego25

Are you trying to append the character with ASCII value 0x36? Then use

$ipad = $ipad.chr(0x36);

Same with $opad.

Diego

speedphreak

I think that's what I'm supposed to be doing. Here's how that section of the HMAC spec reads:

ipad = the byte 0x36 repeated B times
opad = the byte 0x5C repeated B times.

Here's the actual formula for computing the HMAC:

H(K XOR opad, H(K XOR ipad, text))

And here's a step by step:

(1) append zeros to the end of K to create a B byte string (e.g., if
K is of length 20 bytes and B=64, then K will be appended with 
44 zero bytes 0x00)
(2) XOR (bitwise exclusive-OR) the B byte string computed in step 
(1) with ipad
(3) append the stream of data 'text' to the B byte string resulting 
from step (2)
(4) apply H to the stream generated in step (3)
(5) XOR (bitwise exclusive-OR) the B byte string computed in step 
(1) with opad
(6) append the H result from step (4) to the B byte string 
resulting from step (5)
(7) apply H to the stream generated in step (6) and output the 
result

These are the variables:

H = the hash function (MD5 in this case)
K = the key used
B = the byte length of the blocks of data computed by the hash (64 for MD5)
L = the byte lenght of the hash outputs (16 for MD5)
ipad = the byte 0x36 repeated B times
opad = the byte 0x5c repeated B times

diego25

Then your loop is wrong coz it will append it 65 times.

Diego

speedphreak

Ok. I've changed the loop to

	for ($i='0'; $i<='63'; $i++) 
		{
		$ipad = $ipad.chr(0x36); 
		$opad = $opad.chr(0x36); 
		}

I'm still not getting the proper output. Does this section look right?

	$ipad = $key ^ $ipad;
	$opad = $key ^ $opad;

Thanks for your help BTW.

diego25

In the spec, the function H takes 2 parameters, but md5() only takes 1. You have to figure out the difference.

Diego