I need a corresponding solution in C++ for an OpenSSL command

In tls.ulfheim.net , there is a section called "Server Encryption Keys Calculation". If you open it, then click on "Show code" (the second one), you'll see what i'm trying to do.

I'm trying to get the same output as the code on that example, which I get if I do the following: (Basically, i'm doing what's described in their example)

dgst -sha256 -mac HMAC -macopt hexkey:df4a291baa1eb7cfa6934b29b474baad2697e29f1f920dcc77c8a0a088447624 -binary seed.bin > c:/a1.bin

openssl dgst -sha256 -mac HMAC -macopt hexkey:df4a291baa1eb7cfa6934b29b474baad2697e29f1f920dcc77c8a0a088447624 -binary a1.bin > c:/a2.bin

and so on...

When i'm done the output is "91 6a bf 9d a5 59 73 e1 36 14 ae 0a 3f 5d 3f 37......". So everthing's correct.


Now I need to this in my c++ program instead. I dont know if there is a single function to all of this at once? Otherwise I use Crypto++ and have access to a "sha256" and "hmac" function.

I read alot about it, but can't figure out what to do with what.
Last edited on
If I get this right, you want to compute a MAC (specifically HMAC-SHA256) of a file using a given key.

(I hope the key you posted here is only a "demo" key!)

The C/C++ standard library does not contain such highly specific crypto functions. So, you'll either have to code it all yourself, or you have to use a suitable third-party library. But, unless this is for your own education, you certainly do not want to implement crypto functions yourself! Not only because it would be a whole lot of work to implement it all yourself, but also because it is way to easy to shoot yourself in the foot!

(Most "homebrew" crypto code is insecure for one reason or another)

Therefore, it is highly recommended to use an existing crypto library. Since OpenSSL in fact consists of two C libraries (libcrypto and libssl) plus a command-line application that uses these libraries, you can simply write your own C/C++ application that calls the relevant functions from libcrypto (OpenSSL crypto library).

See libcrypto API documentation on OpenSSL web-site for details:
https://wiki.openssl.org/index.php/Libcrypto_API

Specifically for HMAC see:
* https://www.openssl.org/docs/manmaster/man3/EVP_DigestSignInit.html
* https://wiki.openssl.org/index.php/EVP_Signing_and_Verifying#HMAC

(Warning: OpenSSL API documentation is often confusing and/or incomplete, in my experience, so if you are not used to calling third-party libraries from your own C/C++ code, this will be a rough start)
Last edited on
If I get this right, you want to compute a MAC (specifically HMAC-SHA256) of a file using a given key.


Is it only HMAC-SHA256 that's happening here? Or is there something more to it? Because there is a crypo++ hmac-sha256 function/class I can look closer in to in that case.
Is it only HMAC-SHA256 that's happening here?

I guess you should know, because it's your request ;-)

If you don't know what you actually want, you should clarify that first. Don't try to implement some crypto operation in your C/C++ program that you don't fully understand! But, if I read your OpenSSL command-line correctly, then this indeed computes the HMAC-SHA-256 with a key that is given in hexadecimal form.

See here:
https://www.openssl.org/docs/manmaster/man1/openssl-dgst.html

But note this remark from the OpenSSL manpage:
-mac alg
Create MAC (keyed Message Authentication Code). The most popular MAC algorithm is HMAC (hash-based MAC), but there are other MAC algorithms which are not based on hash, for instance gost-mac algorithm, supported by the gost engine. MAC keys and other options should be set via -macopt parameter.

The openssl-mac(1) command should be preferred to using this command line option.

It means that you should be using the following OpenSSL command instead of "dgst" command:
openssl mac [your options here]


Because there is a crypo++ hmac-sha256 function/class I can look closer in to in that case

You can use whatever third-party library gets the job done. But since you wanted to replicate an OpenSSL command-line operation, it would seem natural to use libcrypto (OpenSSL core library).
Last edited on
Thank you kigar, this helped alot. Finally I got it to work with the hmac class in crypto
Topic archived. No new replies allowed.