使用HMAC VS在OpenSSL的EVP功能 [英] Using HMAC vs EVP functions in OpenSSL
问题描述
这是一个非常基本的问题,但就是执行副总裁和HMAC之间的区别? EVP是一个消息摘要,但如何从不同是什么HMAC产生的?
......是执行副总裁和HMAC的区别
块引用>
EVP _ *
函数是一个高层次的接口。HMAC _ *
,AES _ *
和朋友都较低的水平基元。您可以擦出火花,但其推荐您使用EVP _ *
职能的工作。在HMAC _ *
例程是基于软件的,不使用的硬件。的
EVP _ *
功能将让您轻松地在不同的散列交换和code基本保持不变。你将充分利用硬件加速功能,如AES-NI为AES-CMAC的,如果有的话。下面是一个基于 https://www.openssl.org/docs/的OpenSSL的例子加密/ EVP_DigestInit.html 。
EVP_MD_CTX * mdctx = NULL;
常量EVP_MD * MD = NULL;unsigned char型md_value [EVP_MAX_MD_SIZE]
INT md_len = 0;CHAR消息[] =现在是所有好男人的时间
来到他们的国家\\ n的助手;OpenSSL_add_all_digests();MD = EVP_get_digestbyname(SHA1);
mdctx = EVP_MD_CTX_create();如果(!EVP_DigestInit_ex(mdctx,MD,NULL))
的HandleError();如果(!EVP_DigestUpdate(mdctx,消息,strlen的(消息)))
的HandleError();如果(EVP_DigestFinal_ex(mdctx,md_value,&安培;!md_len))
的HandleError();如果(!EVP_MD_CTX_destroy(mdctx))
的HandleError();的printf(文摘是:);
的for(int i = 0; I< md_len;我++)
的printf(%02X,md_value [I]);
的printf(\\ n);现在,和HMAC比哈希略有不同。该HMAC是密钥的散列,而散列是不是关键字。您也可以使用
EVP _ *
功能HMAC'ing。下面是从OpenSSL的wiki页面 EVP签名和验证:EVP_MD_CTX * mdctx = NULL;
常量EVP_MD * MD = NULL;
EVP_PKEY * p键= NULL;unsigned char型md_value [EVP_MAX_MD_SIZE]
INT md_len = 0;CHAR消息[] =现在是所有好男人的时间
来到他们的国家\\ n的助手;OpenSSL_add_all_digests();如果(!(mdctx = EVP_MD_CTX_create()))
的HandleError();如果(!(MD = EVP_get_digestbyname(SHA1)))
的HandleError();如果(!(p键= EVP_PKEY_new_mac_key(EVP_PKEY_HMAC,NULL,密码的strlen(密码))))
的HandleError();如果(1!= EVP_DigestSignInit(mdctx,NULL,MD,NULL,p键))
的HandleError();/ *与消息调用Update * /
如果(1!= EVP_DigestSignUpdate(mdctx,消息,strlen的(消息)))
的HandleError();如果(1 = EVP_DigestSignFinal(mdctx,md_value,&安培;!md_len))
的HandleError();的printf(HMAC是:);
的for(int i = 0; I< md_len;我++)
的printf(%02X,md_value [I]);
的printf(\\ n);低层次的接口将类似于:
EVP_MD_CTX * mdctx = NULL;
常量EVP_MD * MD = NULL;unsigned char型md_value [EVP_MAX_MD_SIZE]
INT md_len = 0;CHAR消息[] =现在是所有好男人的时间
来到他们的国家\\ n的助手;OpenSSL_add_all_digests();MD = EVP_get_digestbyname(SHA1);
mdctx = EVP_MD_CTX_create();如果(!HMAC_Init_ex(mdctx,钥匙,sizeof的(关键),MD,NULL))
的HandleError();如果(!HMAC_Update(mdctx,消息,strlen的(消息)))
的HandleError();如果(HMAC_Final(mdctx,md_value,&安培;!md_len))
的HandleError();如果(!HMAC_CTX_cleanup(mdctx))
的HandleError();的printf(HMAC是:);
的for(int i = 0; I< md_len;我++)
的printf(%02X,md_value [I]);
的printf(\\ n);This is a very basic question, but what is the difference between EVP and HMAC? EVP is a message digest, but how does that differ from what is generated by HMAC?
解决方案... what is the difference between EVP and HMAC
EVP_*
functions are a high level interface.HMAC_*
,AES_*
and friends are lower level primitives. You can work with either, but its recommended you work with theEVP_*
functions. TheHMAC_*
routines are software based and don't use hardware.The
EVP_*
functions will allow you to easily swap in different hashes and the code essentially remains the same. And you will take advantage of hardware acceleration, like AES-NI for an AES-CMAC, if available.Here's an OpenSSL example based on https://www.openssl.org/docs/crypto/EVP_DigestInit.html.
EVP_MD_CTX* mdctx = NULL; const EVP_MD* md = NULL; unsigned char md_value[EVP_MAX_MD_SIZE]; int md_len = 0; char message[] = "Now is the time for all good men to " "come to the aide of their country\n"; OpenSSL_add_all_digests(); md = EVP_get_digestbyname("SHA1"); mdctx = EVP_MD_CTX_create(); if(!EVP_DigestInit_ex(mdctx, md, NULL)) handleError(); if(!EVP_DigestUpdate(mdctx, message, strlen(message))) handleError(); if(!EVP_DigestFinal_ex(mdctx, md_value, &md_len)) handleError(); if(!EVP_MD_CTX_destroy(mdctx)) handleError(); printf("Digest is: "); for(int i = 0; i < md_len; i++) printf("%02x", md_value[i]); printf("\n");
Now, and HMAC is slightly different than a Hash. The HMAC is a keyed hash, while the hash is not keyed. You can also use the
EVP_*
functions for HMAC'ing. Below is from the OpenSSL's wiki page EVP Signing and Verifying:EVP_MD_CTX* mdctx = NULL; const EVP_MD* md = NULL; EVP_PKEY *pkey = NULL; unsigned char md_value[EVP_MAX_MD_SIZE]; int md_len = 0; char message[] = "Now is the time for all good men to " "come to the aide of their country\n"; OpenSSL_add_all_digests(); if(!(mdctx = EVP_MD_CTX_create())) handleError(); if(!(md = EVP_get_digestbyname("SHA1"))) handleError(); if(!(pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, "password", strlen("password")))) handleError(); if(1 != EVP_DigestSignInit(mdctx, NULL, md, NULL, pkey)) handleError(); /* Call update with the message */ if(1 != EVP_DigestSignUpdate(mdctx, message, strlen(message))) handleError(); if(1 != EVP_DigestSignFinal(mdctx, md_value, &md_len)) handleError(); printf("HMAC is: "); for(int i = 0; i < md_len; i++) printf("%02x", md_value[i]); printf("\n");
The low level interface would look similar to:
EVP_MD_CTX* mdctx = NULL; const EVP_MD* md = NULL; unsigned char md_value[EVP_MAX_MD_SIZE]; int md_len = 0; char message[] = "Now is the time for all good men to " "come to the aide of their country\n"; OpenSSL_add_all_digests(); md = EVP_get_digestbyname("SHA1"); mdctx = EVP_MD_CTX_create(); if(!HMAC_Init_ex(mdctx, key, sizeof(key), md, NULL)) handleError(); if(!HMAC_Update(mdctx, message, strlen(message))) handleError(); if(!HMAC_Final(mdctx, md_value, &md_len)) handleError(); if(!HMAC_CTX_cleanup(mdctx)) handleError(); printf("HMAC is: "); for(int i = 0; i < md_len; i++) printf("%02x", md_value[i]); printf("\n");
这篇关于使用HMAC VS在OpenSSL的EVP功能的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!