New opcode CRYPTOP_HMAC allows CRYPTO.SBR to create HMACs (Hash-based Message Authentication Codes), commonly used for signing web service requests. They combine a hash/digest algorithm (e.g. SHA256) with a cryptographic key (typically pre-shared between sender and receiver) to both verify data integrity of a message and authenticate the sender.
xcall CRYPTO, CRYPTOP_HMAC, status, src, decoding, dst, encoding, cflags, cipher, key {, keybits, cmode, padding, cbsrc}
Parameters
src and decoding
specify the source message and decoding, as with other opcodes.
dst and encoding
specify the destination for the output of the function. Typically it is encoded using base64 or hex so as to make it easily insertable into a web document. The destination length is independent of the source length and instead is determined by the hash function—e.g. SHA256 results in 32 bytes raw, 43 for base64, 64 for hex.
cflags
used as for the other opcodes
cipher
should be set to CRYPTO_CIPHER_NA (0)
key
as for the CRYPTOP_ENCODE operation
keybits
may be set to 0 if the key is encoded in a text format; otherwise it should specify the number of bytes in a binary-format key.
mode
should be set to one of the following to specify the hash function to use (default CRYPTO_MODE_SHA1):
Symbol |
Value |
Description |
CRYPTO_MODE_SHA1 |
20 |
HMAC-SHA1 |
CRYPTO_MODE_SHA256 |
21 |
HMAC-SHA256 |
CRYPTO_MODE_SHA384 |
22 |
HMAC-SHA384 |
CRYPTO_MODE_SHA512 |
23 |
HMAC-SHA512 |
CRYPTO_MODE_MD2 |
24 |
HMAC-MD2 |
CRYPTO_MODE_RIPEMB128 |
26 |
HMAC-RIPEMB128 |
CRYPTO_MODE_RIPEMB160 |
27 |
HMAC-RIPEMB160 |
CRYPTO_MODE_RIPEMB256 |
28 |
HMAC-RIPEMB256 |
CRYPTO_MODE_RIPEMB320 |
29 |
HMAC-RIPEMB320 |
cbsrc
the same as for other opcodes.
Example
++include ashinc:crypto.def
map1 text$,s,0,"The quick brown fox jumps over the lazy dog"
map1 key$,s,64,"key"
map1 hmac$,s,132
map1 status,i,4
! generate HMAC-SHA256 for text$ using key$
xcall CRYPTO, CRYPTOP_HMAC, status, text$, "", hmac$,
"hex", &
CRYPF_NONE, CRYPTO_CIPHER_NA, key$, 0, CRYPTO_MODE_SHA256
? "hex encoded hmac-sha256: ";hmac$