Dismiss
There will be a system update on Friday, May 5th, 6 PM ET. You may experience a brief service interruption.
Browse Prior Art Database

Test Cases for HMAC-MD5 and HMAC-SHA-1 (RFC2202)

IP.com Disclosure Number: IPCOM000002760D
Original Publication Date: 1997-Sep-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 6 page(s) / 11K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

P. Cheng: AUTHOR [+2]

Abstract

This document provides two sets of test cases for HMAC-MD5 and HMAC- SHA-1, respectively. HMAC-MD5 and HMAC-SHA-1 are two constructs of the HMAC [HMAC] message authentication function using the MD5 [MD5] hash function and the SHA-1 [SHA] hash function. Both constructs are used by IPSEC [OG,CG] and other protocols to authenticate messages. The test cases and results provided in this document are meant to be used as a conformance test for HMAC-MD5 and HMAC-SHA-1 implementations.

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 28% of the total text.

Network Working Group P. Cheng

Request for Comments: 2202 IBM

Category: Informational R. Glenn

NIST

September 1997

Test Cases for HMAC-MD5 and HMAC-SHA-1

Status of This Memo

This memo provides information for the Internet community. This memo

does not specify an Internet standard of any kind. Distribution of

this memo is unlimited.

Abstract

This document provides two sets of test cases for HMAC-MD5 and HMAC-

SHA-1, respectively. HMAC-MD5 and HMAC-SHA-1 are two constructs of

the HMAC [HMAC] message authentication function using the MD5 [MD5]

hash function and the SHA-1 [SHA] hash function. Both constructs are

used by IPSEC [OG,CG] and other protocols to authenticate messages.

The test cases and results provided in this document are meant to be

used as a conformance test for HMAC-MD5 and HMAC-SHA-1

implementations.

1. Introduction

The general method for constructing a HMAC message authentication

function using a particular hash function is described in section 2

of [HMAC]. We will not repeat the description here. Section 5 of

[HMAC] also discusses truncating the output of HMAC; the rule is that

we should keep the more significant bits (the bits in the left,

assuming a network byte order (big-endian)).

In sections 2 and 3 we provide test cases for HMAC-MD5 and HMAC-SHA-

1, respectively. Each case includes the key, the data, and the

result. The values of keys and data are either hexadecimal numbers

(prefixed by "0x") or ASCII character strings in double quotes. If a

value is an ASCII character string, then the HMAC computation for the

corresponding test case DOES NOT include the trailing null character

('\0') in the string.

The C source code of the functions used to generate HMAC-SHA-1

results is listed in the Appendix. Note that these functions are

meant to be simple and easy to understand; they are not optimized in

any way. The C source code for computing HMAC-MD5 can be found in

[MD5]; or you can do a simple modification to HMAC-SHA-1 code to get

HMAC-MD5 code, as explained in the Appendix.

The test cases in this document are cross-verified by three

independent implementations, one from NIST and two from IBM Research.

One IBM implementation uses optimized code that is very different

from the code in the Appendix. An implemenation that concurs with the

results provided in this document should be interoperable with other

similar implemenations. We do not claim that such an implementation

is absolutely correct with respect to the HMAC definition in [HMAC].

2. Test Cases for HMAC-MD5

test_case = 1

key = 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b

key_len = 16

data = "Hi There"

data_len = 8

digest = 0x...