rusthmacsha1

Rust hmacsha and hmac-sha1 libraries return different result on calculation

I tried to use two Rust libraries to compute hmacsha1: hmacsha and hmac-sha1. This functions use different set of params(hmacsha require strings, hmac-sha1 require [u8]) and return different result. I used this online tool to compare. hmacsha return same with online tool result, hmac-sha1 different from both online tool and hmacsha.

This is how I use hmacsha:

const ENCRYPT_KEY: &str = "C2B3723CC6AED9B5343C53EE2F4367CE";
let key = [200, 7, 216, 173, 213, 146, 229, 69, 96, 121, 68, 66, 55, 215, 179, 150, 34, 206, 128, 136, 252, 37, 173, 113, 170, 80, 148, 36, 5, 129, 212, 183, 47, 24, 47, 123, 157, 47, 26, 2];
let hash_key = HmacSha::from(
    &encode_hex(&key), // C807D8ADD592E5456079444237D7B39622CE8088FC25AD71AA5094240581D4B72F182F7B9D2F1A02
    ENCRYPT_KEY,
    Sha1::default()
).compute_digest();

println!("{:?}", encode_hex(&hash_key)); // 545E5C8D754F21DD586BA7378F8AA7AA815F4500

This is my encode_hex function I use for both examples:

pub fn encode_hex(bytes: &[u8]) -> String {
    let mut s = String::with_capacity(bytes.len() * 2);
    for &b in bytes {
       write!(&mut s, "{:02x}", b).unwrap();
    }
   s.to_uppercase()
}

This is how I use hmac-sha1:

const ENCRYPT_KEY: [u8; 16] = [
    0xC2, 0xB3, 0x72, 0x3C, 0xC6, 0xAE, 0xD9, 0xB5, 0x34, 0x3C, 0x53, 0xEE, 0x2F, 0x43, 0x67, 0xCE
];
let key = [200, 7, 216, 173, 213, 146, 229, 69, 96, 121, 68, 66, 55, 215, 179, 150, 34, 206, 128, 136, 252, 37, 173, 113, 170, 80, 148, 36, 5, 129, 212, 183, 47, 24, 47, 123, 157, 47, 26, 2];
let hash_key = &hmac_sha1(&key, &ENCRYPT_KEY2);

println!("{:?}", encode_hex(&hash_key)); // 80FEC15187802FFB4EA8124220A19DD575E45DC3

Could somebody explain what am I doing wrong ?

Solution

  • HmacSha::from from hmac-sha crate takes a string as the key but it does not expect a hex-encoded string. It instead uses the bytes of the string as-is. This seems like a mistake in the API since this will only accept keys that are valid UTF-8 bytes. You should instead use HmacSha::new from the same crate, which accepts a byte slice as the key:

    let hash_key = HmacSha::new(
    &key, // no encode_hex() here
    ENCRYPT_KEY,
    Sha1::default()
).compute_digest();