How do I set up CPHP Crypto API's SHA-256 with a secret key?
Environment:
Connect for PHP (CPHP), Custom Process Model (CPM), Custom Scripts
Issue:
How to create a SHA-256 Hashing Algorithm with a Secret Key
Resolution:
The Crypto API's SHA-256 API has no secret key implemented by default. In order to garner the same functionality as PHP's HASH_HMAC, this code example demonstrates how to replicate the same functionality.
function hmac is
input:
key: Bytes // Array on bytes
message: Bytes // Array of bytes to be hashed
hash: Function // The hash function to use (e.g. SHA-1)
blockSize: Integer // The block size of the hash function (e.g. 64 bytes for SHA-1)
outputSize: Integer // The output size of the hash function (e.g. 20 bytes for SHA-1)
// Keys longer than blockSize are shortened by hashing them
if (length(key) > blockSize) then
key ← hash(key) // key is outputSize bytes long
// Keys shorter than blockSize are padded to blockSize by padding with zeros on the right
if (length(key) < blockSize) then
key ← Pad(key, blockSize) // Pad key with zeros to make it blockSize bytes long
o_key_pad ← key xor [0x5c blockSize] // Outer padded key
i_key_pad ← key xor [0x36 blockSize] // Inner padded key
return hash(o_key_pad ∥ hash(i_key_pad ∥ message))
This functionality can be replicated in PHP using this code here:
/*
The sample code in this document or accessed through this document is not
certified or supported by Oracle. It is intended for educational or testing
purposes only. Use of this sample code implies acceptance of the License Agreement
at https://www.oracle.com/downloads/licenses/standard-license.html .
*/
function standard_crypt($msg){
try{
$md = new Crypto\MessageDigest();
$md->Algorithm->ID = 3; // SHA-256
$md->Text = $msg;
$md->hash();
$hashed_text = $md->HashText;
return ($hashed_text);
} catch (Exception $err ){
echo $err->getMessage();
}
}
// Create Signature Hash
function custom_hmac($algo, $data, $key)
{
$size = 64;
$pack = chr(0x00);
if (strlen($key) > $size) {
$key = $algo($key);
}
else if (strlen($key) < $size) {
$key = $key . str_repeat(chr(0x00), $size - strlen($key));
}
// Outter and Inner pad
$opad = str_repeat(chr(0x5C), $size);
$ipad = str_repeat(chr(0x36), $size);
$k_ipad = $ipad ^ $key;
$k_opad = $opad ^ $key;
return $algo($k_opad.$algo($k_ipad.$data));
}
$data = "foo";
$secret = "bar";
$bin_hash = custom_hmac('standard_crypt', $data, $secret, false);
echo "HASH: ".bin2hex($bin_hash);
Cause:
The Connect PHP Crypto API's SHA-256 implementation does not have a secret key implemented.
Notes:
See the Connect PHP API documentation available at Technical Documentation and Sample Code, then search for "crypto" to view information on the Crypto class in Connect PHP.
You can find further information on HMAC at Wikipedia (external link).
The sample code in this document or accessed through this document is not certified or supported by Oracle. It is intended for educational or testing purposes only. Use of this sample code implies acceptance of the License Agreement.
- File Type php custom_hmac.php (1.52 KB)