In cryptography, a keyed-hash message authentication code (HMAC) is a specific construction for calculating a message authentication code (MAC) involving a cryptographic hash function in combination with a secret cryptographic key. As with any MAC, it may be used to simultaneously verify both the data integrity and the authentication of a message. Any cryptographic hash function, such as MD5 or SHA-1, may be used in the calculation of an HMAC; the resulting MAC algorithm is termed HMAC-MD5 or HMAC-SHA1 accordingly. The cryptographic strength of the HMAC depends upon the cryptographic strength of the underlying hash function, the size of its hash output, and on the size and quality of the key.



HMAC, HMAC_Init, HMAC_Update, HMAC_Final, HMAC_cleanup – HMAC message
authentication code


#include (openssl/hmac.h)

unsigned char *HMAC(const EVP_MD *evp_md, const void *key,
int key_len, const unsigned char *d, int n,
unsigned char *md, unsigned int *md_len);

void HMAC_CTX_init(HMAC_CTX *ctx);

void HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len,
const EVP_MD *md);
void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int key_len,
const EVP_MD *md);
void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len);
void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);

void HMAC_CTX_cleanup(HMAC_CTX *ctx);
void HMAC_cleanup(HMAC_CTX *ctx);


HMAC is a MAC (message authentication code), i.e. a keyed hash function
used for message authentication, which is based on a hash function.

HMAC() computes the message authentication code of the n bytes at d
using the hash function evp_md and the key key which is key_len bytes

It places the result in md (which must have space for the output of the
hash function, which is no more than EVP_MAX_MD_SIZE bytes). If md is
NULL, the digest is placed in a static array. The size of the output
is placed in md_len, unless it is NULL.

evp_md can be EVP_sha1(), EVP_ripemd160() etc. key and evp_md may be
NULL if a key and hash function have been set in a previous call to
HMAC_Init() for that HMAC_CTX.

HMAC_CTX_init() initialises a HMAC_CTX before first use. It must be

HMAC_CTX_cleanup() erases the key and other data from the HMAC_CTX and
releases any associated resources. It must be called when an HMAC_CTX
is no longer required.

HMAC_cleanup() is an alias for HMAC_CTX_cleanup() included for back
compatibility with 0.9.6b, it is deprecated.

The following functions may be used if the message is not completely
stored in memory:

HMAC_Init() initializes a HMAC_CTX structure to use the hash function
evp_md and the key key which is key_len bytes long. It is deprecated
and only included for backward compatibility with OpenSSL 0.9.6b.

HMAC_Init_ex() initializes or reuses a HMAC_CTX structure to use the
function evp_md and key key. Either can be NULL, in which case the
existing one will be reused. HMAC_CTX_init() must have been called
before the first use of an HMAC_CTX in this function. N.B. HHMMAACC_IInniitt(())
had this undocumented behaviour in previous versions of OpenSSL – fail-
ure to switch to HHMMAACC_IInniitt_eexx(()) in programs that expect it will cause
them to stop working.

HMAC_Update() can be called repeatedly with chunks of the message to be
authenticated (len bytes at data).

HMAC_Final() places the message authentication code in md, which must
have space for the hash function output.


HMAC() returns a pointer to the message authentication code.
HMAC_CTX_init(), HMAC_Init_ex(), HMAC_Update(), HMAC_Final() and
HMAC_CTX_cleanup() do not return values.


Share this post from Rbcafe :
Share on FacebookTweet about this on TwitterPin on PinterestShare on Google+Share on LinkedInEmail this to someoneShare on RedditBuffer this page
Rbcafe © 2004- | Rb Cafe 1.3 | Contacter Rbcafe | Rbcafe sur Twitter | Rbcafe sur Facebook | Politique de confidentialité