Test Cases for HMAC-MD5 and HMAC-SHA-1
RFC 2202
Document Type RFC - Informational (September 1997; Errata)
Last updated 2020-01-21
Stream Legacy
Formats plain text html pdf htmlized with errata bibtex
Stream Legacy state (None)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state RFC 2202 (Informational)
Telechat date
Responsible AD (None)
Send notices to (None)
Email authors IPR References Referenced by Nits 
Network Working Group                                          P. Cheng
Request for Comments: 2202                                          IBM
Category: Informational                                        R. Glenn
                                                                   NIST
                                                         September 1997

                 Test Cases for HMAC-MD5 and HMAC-SHA-1

Status of This Memo

   This memo provides information for the Internet community.  This memo
   does not specify an Internet standard of any kind.  Distribution of
   this memo is unlimited.

Abstract

   This document provides two sets of test cases for HMAC-MD5 and HMAC-
   SHA-1, respectively. HMAC-MD5 and HMAC-SHA-1 are two constructs of
   the HMAC [HMAC] message authentication function using the MD5 [MD5]
   hash function and the SHA-1 [SHA] hash function. Both constructs are
   used by IPSEC [OG,CG] and other protocols to authenticate messages.
   The test cases and results provided in this document are meant to be
   used as a conformance test for HMAC-MD5 and HMAC-SHA-1
   implementations.

1. Introduction

   The general method for constructing a HMAC message authentication
   function using a particular hash function is described in section 2
   of [HMAC]. We will not repeat the description here. Section 5 of
   [HMAC] also discusses truncating the output of HMAC; the rule is that
   we should keep the more significant bits (the bits in the left,
   assuming a network byte order (big-endian)).

   In sections 2 and 3 we provide test cases for HMAC-MD5 and HMAC-SHA-
   1, respectively. Each case includes the key, the data, and the
   result.  The values of keys and data are either hexadecimal numbers
   (prefixed by "0x") or ASCII character strings in double quotes. If a
   value is an ASCII character string, then the HMAC computation for the
   corresponding test case DOES NOT include the trailing null character
   ('\0') in the string.

Cheng & Glenn                Informational                      [Page 1]
RFC 2202         Test Cases for HMAC-MD5 and HMAC-SHA-1   September 1997

   The C source code of the functions used to generate HMAC-SHA-1
   results is listed in the Appendix. Note that these functions are
   meant to be simple and easy to understand; they are not optimized in
   any way. The C source code for computing HMAC-MD5 can be found in
   [MD5]; or you can do a simple modification to HMAC-SHA-1 code to get
   HMAC-MD5 code, as explained in the Appendix.

   The test cases in this document are cross-verified by three
   independent implementations, one from NIST and two from IBM Research.
   One IBM implementation uses optimized code that is very different
   from the code in the Appendix. An implemenation that concurs with the
   results provided in this document should be interoperable with other
   similar implemenations.  We do not claim that such an implementation
   is absolutely correct with respect to the HMAC definition in [HMAC].

2. Test Cases for HMAC-MD5

test_case =     1
key =           0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
key_len =       16
data =          "Hi There"
data_len =      8
digest =        0x9294727a3638bb1c13f48ef8158bfc9d

test_case =     2
key =           "Jefe"
key_len =       4
data =          "what do ya want for nothing?"
data_len =      28
digest =        0x750c783e6ab0b503eaa86e310a5db738

test_case =     3
key =           0xaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
key_len         16
data =          0xdd repeated 50 times
data_len =      50
digest =        0x56be34521d144c88dbb8c733f0e8b3f6

test_case =     4
key =           0x0102030405060708090a0b0c0d0e0f10111213141516171819
key_len         25
data =          0xcd repeated 50 times
data_len =      50
digest =        0x697eaf0aca3a3aea3a75164746ffaa79

Cheng & Glenn                Informational                      [Page 2]
RFC 2202         Test Cases for HMAC-MD5 and HMAC-SHA-1   September 1997

test_case =     5
key =           0x0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
key_len =       16
data =          "Test With Truncation"
data_len =      20
digest =        0x56461ef2342edc00f9bab995690efd4c
digest-96       0x56461ef2342edc00f9bab995

test_case =     6
key =           0xaa repeated 80 times
key_len =       80
data =          "Test Using Larger Than Block-Size Key - Hash Key First"
data_len =      54
digest =        0x6b1ab7fe4bd7bf8f0b62e6ce61b9d0cd

test_case =     7
key =           0xaa repeated 80 times
key_len =       80
data =          "Test Using Larger Than Block-Size Key and Larger
                Than One Block-Size Data"
data_len =      73
digest =        0x6f630fad67cda0ee1fb1f562db3aa53e

3. Test Cases for HMAC-SHA-1

test_case =     1
key =           0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
key_len =       20
data =          "Hi There"
data_len =      8
digest =        0xb617318655057264e28bc0b6fb378c8ef146be00

test_case =     2
key =           "Jefe"
key_len =       4
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools