#include "../lib/lib.h" #include "../lib/lib2.h" #include "../lib/lib3.h" #include "../lib/lib4.h" #include int main(int argc, char **argv) { if(argc != 2) printf("Please provide ONE key as argument!\n"); unsigned int hmac[5]; unsigned int hmac2[5]; int i; unsigned char *text = "comment1=cooking%20MCs;userdata=foo;comment2=%20like%20a%20pound%20of%20bacon"; unsigned char *append = ";admin=true"; unsigned char *key = argv[1]; printf("Using secret key: %s\n", key); unsigned char *padded; int padding_len = sha1_padding(strlen(key)+strlen(text), &padded); sha1_hmac(hmac, text, strlen(text), key, strlen(key)); printf("MAC of original message:\n"); for(i=0;i<5;i++) printf("%02x", hmac[i]); printf("\n"); /* * We are appending a text to the original message without knowign the * key. Actually we don't know the message here, just the hash of the orginal * message. We have to append the right padding here, e.g. the size of the * *complete* message, not only append */ unsigned int new_msg_len = strlen(text)+strlen(append)+padding_len; unsigned char *new_msg = malloc(new_msg_len); memcpy(new_msg, text, strlen(text)); memcpy(&new_msg[strlen(text)], padded, padding_len); memcpy(&new_msg[strlen(text)+padding_len], append, strlen(append)); unsigned char *padding2; // mesage + padding + append + padding int padding2_len = sha1_padding(new_msg_len+strlen(key), &padding2); unsigned char *tmp2 = malloc(strlen(append)+padding2_len); memcpy(tmp2, append, strlen(append)); memcpy(&tmp2[strlen(append)], padding2, padding2_len); sha1_hmac_forge(hmac2, tmp2, (strlen(append)+padding2_len), hmac); printf("MAC of forged message:\n"); for(i=0;i<5;i++) printf("%02x", hmac2[i]); printf("\n"); /* * create the message we forged. Send this plus the hmac to the * victim. He knows the secret and test and will think that * this is a message from Alice */ printf("Verifying...\n"); if(sha1_hmac_verify(hmac2, new_msg, new_msg_len, key, strlen(key))) printf("Forged MAC got accepted!\n"); }