Suren


There is a commonality in all these specifications - all the SHA options use a factor of 8 there - even SHA-1, which, I just googled, is a 160-byte hash - that's 8 times 20. The other SHA options are similar - 32 * 8 = 256, 48 * 8 = 384, 64 * 8 = 512 - so I don't see this being an IBM thing at all. This lines up well enough with what I read by googling for "SHA key lengths".

Vern


On Mon, 3 Jun, 2024 at 4:33 PM, Suren K <suren7437@xxxxxxxxx> wrote:


To: rpg programming on ibm i

Hi Peter,

Yeah looks like Key is mandatory. I found that blank is a valid key.

I am wondering why the key value has a minimum length limitation. Is this
limitation only on IBMi?

1 MD5
The minimum length for an MD5 HMAC key is 16 bytes.
2 SHA-1
The minimum length for an SHA-1 HMAC key is 20 bytes.
3 SHA-256
The minimum length for an SHA-256 HMAC key is 32 bytes.
4 SHA-384
The minimum length for an SHA-384 HMAC key is 48 bytes.
5 SHA-512
The minimum length for an SHA-512 HMAC key is 64 bytes.

Regards,
Suren

On Sun, Jun 2, 2024 at 3:01 PM Peter Dow <petercdow@xxxxxxxxx<mailto:petercdow@xxxxxxxxx>> wrote:

Hi Suren,

From what I've read about HMAC SHA1, a key is required. If you do not
provide a key, some implementations generate a random key for you. If
you want to be able to verify the hash, you'll need to save that key.

This is based on reading

https://stackoverflow.com/questions/27165107/check-hmac-sha1-without-key-in-c-sharp
and

https://stackoverflow.com/questions/25492833/what-key-is-used-by-openssl-command-for-hmac-if-key-is-not-passed-in-as-argume

In the latter, which is pretty old, it says that OpenSSL at that time,
did not require a key, but that according to a guy on the OpenSSL
mailing list, that was expected to change. The person answering the
question actually showed the OpenSSL source code that handles the key.

--
*Peter Dow* /
Dow Software Services, Inc.
909 793-9050
petercdow@xxxxxxxxx<mailto:petercdow@xxxxxxxxx>
pdow@xxxxxxxxxxxxxx<mailto:pdow@xxxxxxxxxxxxxx> /

On 5/31/2024 4:45 PM, Suren K wrote:
Hi All,

I am trying to calculate HMAC for text data using (QC3CALHM,
Qc3CalculateHMAC) API without a key using the SHA1 algorithm.

When I Pass the blank Key I get the error as "CPF9DF5 The key context is
not found or was previously destroyed."

When I pass Null Key I get the error as "CPF9DF4 The key context token
does
not reference a valid key context."

Is it possible to calculate HMAC without a key or is the key mandatory
for
calculating HMAC?

Any help will be very much appreciated.

Code I used for the reference

/copy QSYSINC/QRPGLESRC,QC3CCI

//‚API Error Datastructure
dcl-ds ApiError qualified inz;
BytesProvided int(10:0) inz(%size(ApiError));
BytesAvailable int(10:0);
MessageId char(7);
Reserved char(1);
MessageData char(3000);
end-ds;

dcl-pr Pr_CalculateHMAC extpgm('QC3CALHM');
InputData char(500) options(*varsize);
InputLength int(10) const;
Format char(8) const;
AlgDsc char(20) options(*varsize);
AlgFmt char(8) const;
KeyDsc char(20) options(*varsize);
KeyFmt char(8) const;
Crypt char(1) const;
Cryptdev char(10) const;
HMAC char(64) options(*varsize);
CalHashErrC likeds(ApiError) options(*nopass: *varsize);
end-pr;

//‚Prototype for EBCDIC to ASCII
dcl-pr QDCXLATE extpgm('QDCXLATE');
len packed(5:0) const;
data char(32702) options(*varsize);
table char(10) const;
end-pr;

data = 'abcd';
//‚Convert the EBCDIC to ASCII
len = %len(%trimr(data));
QDCXLATE(len: data: 'QTCPASC');
QC3HA = 2;
KeyDsc = *allx'00';

//‚Generate HMAC
Pr_CalculateHMAC(data:%len(%trim(data)):'DATA0100':QC3D0500:
'ALGD0500':KeyDsc:'KEYD0100':'0':' ':hmac:
ApiError);

Regards,
Suren
--
This is the RPG programming on IBM i (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxxxxxxxx<mailto:RPG400-L@xxxxxxxxxxxxxxxxxx>
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxxxxxxxx<mailto:RPG400-L-request@xxxxxxxxxxxxxxxxxx>
Before posting, please take a moment to review the archives
at https://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx<mailto:support@xxxxxxxxxxxxxxxxxxxx> for any subscription related
questions.



As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.