I want to implement HMAC encryption algorithm for my iPhone application. Any sample code will really help. Also, please guide me with brief implementation of the same.
Add a comment
|
2 Answers
Use the Common Crypto functions. The documentation is in man pages, so you'll need to hunt for it a bit. They're in libSystem on iOS and Mac OS X, so no need to add another library or framework to your project. As you can see from the example below, the API is very similar to OpenSSL's.
If you are actually interested in encrypting, as opposed to authenticating data, Common Crypto has functions to perform AES and 3DES (and DES, but don't use it, it's far too weak for modern needs). Take a look at the CCCryptor man page for details.
The example below is equivalent to running openssl dgst -md5 -hmac secret < myfile.txt. Start by initializing the the CCHmacContext, and then call CCHmacUpdate as long as you have data to authenticate. When you've read all the bytes, call CCHmacFinal to get the HMAC into a buffer. I've provided a crude method to convert the HMAC bytes into printable hex.
#include <CommonCrypto/CommonHMAC.h>
#include <sys/types.h>
#include <errno.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
extern int errno;
int
main( int ac, char *av[] )
{
CCHmacContext ctx;
char *key = "secret";
char buf[ 8192 ];
unsigned char mac[ CC_MD5_DIGEST_LENGTH ];
char hexmac[ 2 * CC_MD5_DIGEST_LENGTH + 1 ];
char *p;
int fd;
int rr, i;
if ( ac != 2 ) {
fprintf( stderr, "usage: %s path\n", av[ 0 ] );
exit( 1 );
}
if (( fd = open( av[ 1 ], O_RDONLY )) < 0 ) {
fprintf( stderr, "open %s: %s\n", av[ 1 ], strerror( errno ));
exit( 2 );
}
CCHmacInit( &ctx, kCCHmacAlgMD5, key, strlen( key ));
while (( rr = read( fd, buf, sizeof( buf ))) > 0 ) {
CCHmacUpdate( &ctx, buf, rr );
}
if ( rr < 0 ) {
perror( "read" );
exit( 2 );
}
CCHmacFinal( &ctx, mac );
(void)close( fd );
p = hexmac;
for ( i = 0; i < CC_MD5_DIGEST_LENGTH; i++ ) {
snprintf( p, 3, "%02x", mac[ i ] );
p += 2;
}
printf( "%s\n", hexmac );
return( 0 );
}
1 Comment
anka
Thanks for that! I summarized this on our blog and made a category for NSString for further usage. See it at blog.blackwhale.at/?p=801 . cheers,anka
HMAC is not an encryption mechanism, but an authentication digest. It uses an underlying message digest function such as SHA-1, SHA-256, MD5 etc, with a secret key to generate a code that can be used to authenticate data.
Generating an HMAC digest is extremely simple. Here is the description from RFC2104 (via Wikipedia)
Let:
- H(·) be a cryptographic hash function (ie. SHA-1, SHA-256, MD5 etc)
- K be a secret key padded to the right with extra zeros to the input block size of the hash function, or the hash of the original key if it's longer than that block size
- m be the message to be authenticated
- | denote concatenation
- ⊕ denote exclusive or (XOR)
- opad be the outer padding (0x5c5c5c…5c5c, one-block-long hexadecimal constant)
- ipad be the inner padding (0x363636…3636, one-block-long hexadecimal constant)
Then HMAC(K,m) is mathematically defined by:
HMAC(K,m) = H((K ⊕ opad) | H((K ⊕ ipad) | m)).
For the underlying digest function you can help yourself to one of the C implementations from OpenSSL. In fact it also has a C implementation of HMAC that you can probably just use as is.
3 Comments
Abhinav
Thank you Dean. Which API should use in IOS to utilize HMAC authentication digest? Do you have any sample code?
Dean Povey
I don't think there are any built-in APIs in iOS, you will have to write your own. You will need to get the source from OpenSSL and add it to your application manually.
