Menu
I want to implement HMAC encryption algorithm for my iPhone application. Any sample code will really help. Also, please guide me with brief implementation of the same.
434
Working of HMAC. HMACs provides client and server with a shared private key that is known only to them. The client makes a unique hash (HMAC) for every request. When the client requests the server, it hashes the requested data with a private key and sends it as a part of the request.
HMAC does not encrypt the message. Instead, the message (encrypted or not) must be sent alongside the HMAC hash. Parties with the secret key will hash the message again themselves, and if it is authentic, the received and computed hashes will match.
Hash-based Message Authentication Code (HMAC) is a message authentication code that uses a cryptographic key in conjunction with a hash function. Hash-based message authentication code (HMAC) provides the server and the client each with a private key that is known only to that specific server and that specific client.
The HMAC process mixes a secret key with the message data, hashes the result with the hash function, mixes that hash value with the secret key again, and then applies the hash function a second time. The output hash is 256 bits in length.
Use the Common Crypto functions. The documentation is in man pages, so you'll need to hunt for it a bit. They're in libSystem on iOS and Mac OS X, so no need to add another library or framework to your project. As you can see from the example below, the API is very similar to OpenSSL's.
If you are actually interested in encrypting, as opposed to authenticating data, Common Crypto has functions to perform AES and 3DES (and DES, but don't use it, it's far too weak for modern needs). Take a look at the CCCryptor man page for details.
The example below is equivalent to running openssl dgst -md5 -hmac secret < myfile.txt. Start by initializing the the CCHmacContext, and then call CCHmacUpdate as long as you have data to authenticate. When you've read all the bytes, call CCHmacFinal to get the HMAC into a buffer. I've provided a crude method to convert the HMAC bytes into printable hex.
#include <CommonCrypto/CommonHMAC.h>
#include <sys/types.h>
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
extern int errno;
int
main( int ac, char *av[] )
{
CCHmacContext ctx;
char *key = "secret";
char buf[ 8192 ];
unsigned char mac[ CC_MD5_DIGEST_LENGTH ];
char hexmac[ 2 * CC_MD5_DIGEST_LENGTH + 1 ];
char *p;
int fd;
int rr, i;
if ( ac != 2 ) {
fprintf( stderr, "usage: %s path\n", av[ 0 ] );
exit( 1 );
}
if (( fd = open( av[ 1 ], O_RDONLY )) < 0 ) {
fprintf( stderr, "open %s: %s\n", av[ 1 ], strerror( errno ));
exit( 2 );
}
CCHmacInit( &ctx, kCCHmacAlgMD5, key, strlen( key ));
while (( rr = read( fd, buf, sizeof( buf ))) > 0 ) {
CCHmacUpdate( &ctx, buf, rr );
}
if ( rr < 0 ) {
perror( "read" );
exit( 2 );
}
CCHmacFinal( &ctx, mac );
(void)close( fd );
p = hexmac;
for ( i = 0; i < CC_MD5_DIGEST_LENGTH; i++ ) {
snprintf( p, 3, "%02x", mac[ i ] );
p += 2;
}
printf( "%s\n", hexmac );
return( 0 );
}
HMAC is not an encryption mechanism, but an authentication digest. It uses an underlying message digest function such as SHA-1, SHA-256, MD5 etc, with a secret key to generate a code that can be used to authenticate data.
Generating an HMAC digest is extremely simple. Here is the description from RFC2104 (via Wikipedia)
Let:
Then HMAC(K,m) is mathematically defined by:
HMAC(K,m) = H((K ⊕ opad) | H((K ⊕ ipad) | m)).
For the underlying digest function you can help yourself to one of the C implementations from OpenSSL. In fact it also has a C implementation of HMAC that you can probably just use as is.
29
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
