A-Shell Development History

New opcode CRYPTOP_HMAC allows CRYPTO.SBR to create HMACs (Hash-based Message Authentication Codes), commonly used for signing web service requests. They combine a hash/digest algorithm (e.g. SHA256) with a cryptographic key (typically pre-shared between sender and receiver) to both verify data integrity of a message and authenticate the sender.

xcall CRYPTO, CRYPTOP_HMAC, status, src, decoding, dst, encoding, cflags, cipher, key {, keybits, cmode, padding, cbsrc}

Parameters

src and decoding

specify the source message and decoding, as with other opcodes.

dst and encoding

specify the destination for the output of the function. Typically it is encoded using base64 or hex so as to make it easily insertable into a web document. The destination length is independent of the source length and instead is determined by the hash function—e.g. SHA256 results in 32 bytes raw, 43 for base64, 64 for hex.

cflags

used as for the other opcodes

cipher

should be set to CRYPTO_CIPHER_NA (0)

key

as for the CRYPTOP_ENCODE operation

keybits

may be set to 0 if the key is encoded in a text format; otherwise it should specify the number of bytes in a binary-format key.

mode

should be set to one of the following to specify the hash function to use (default CRYPTO_MODE_SHA1):

 

cbsrc

the same as for other opcodes.

Example

 

++include ashinc:crypto.def

 

map1 text$,s,0,"The quick brown fox jumps over the lazy dog"

map1 key$,s,64,"key"

map1 hmac$,s,132

map1 status,i,4

 

! generate HMAC-SHA256 for text$ using key$

xcall CRYPTO, CRYPTOP_HMAC, status, text$, "", hmac$, "hex", &
CRYPF_NONE, CRYPTO_CIPHER_NA, key$, 0, CRYPTO_MODE_SHA256

? "hex encoded hmac-sha256: ";hmac$