Sunday, April 8, 2012

Is there a library for iPhone to work with HMAC-SHA-1 encoding


For all operation with Amazon services(S3, EC2, SimpleDB) You need to sign all resquest with HMAC-SHA-1 Signature( http://en.wikipedia.org/wiki/HMAC , http://docs.amazonwebservices.com/AWSFWS/latest/DeveloperGuide/index.html?SummaryOfAuthentication.html ).



I'm working under asp.net backend and there is no problems. Problem is in the iPhone application. iPhone developer says that there is no way to use HMAC-SHA-1 encoding, and he have no rigths to implement his own algorithm. As programmer I cannot understand why there can be a problem.



So I want too know is iPhone developer right?



I've never coded for iPhone, so I don't even where to search such an information.


Source: Tips4all

7 comments:

  1. CommonCrypto will do it. But if you want code, I have some here:

    http://oauth.googlecode.com/svn/code/obj-c/OAuthConsumer/Crypto/

    Which I wrote for use in the Cocoa OAuth implementation: http://code.google.com/p/oauthconsumer/wiki/UsingOAuthConsumer

    ReplyDelete
  2. CommonCrypto does the trick.

    #import <CommonCrypto/CommonHMAC.h>


    then later

    /*
    inputs:
    NSData *keyData;
    NSData *clearTextData
    */

    uint8_t digest[CC_SHA1_DIGEST_LENGTH] = {0};

    CCHmacContext hmacContext;
    CCHmacInit(&hmacContext, kCCHmacAlgSHA1, keyData.bytes, keyData.length);
    CCHmacUpdate(&hmacContext, clearTextData.bytes, clearTextData.length);
    CCHmacFinal(&hmacContext, digest);

    NSData *out = [NSData dataWithBytes:digest length:CC_SHA1_DIGEST_LENGTH];

    ReplyDelete
  3. A bit of googling and I found this document.


    Exporting of SHA1 is subject to
    (United Statese)Federal Government
    export controls and exporters are
    advised to contact the Department of
    Commerce, Bureau of Export
    Administration for more information.


    I also found this:


    People's Republic of China and the
    former Soviet Block can import SHA as
    long as it's intended for civil
    end-user applications rather than for
    military purpose. The following
    countries are prohibited from
    importing SHA: Cuba, Iran, Iraq,
    Libya, North Korea, Serbia, Syria, and
    Sudan. Please note that this list of
    embargo countries changes over time.


    (Not a direct answer to your question, but certainly pertinent.)

    ReplyDelete
  4. Not for iPhone in particular, but the library libs3 provides a C API for accessing Amazon's S3 services. It, or the FUSE s3fs component, may be good sources for extracting the routines needed to communicate with Amazon's Web Services. As Objective-C is still C at its core, these routines should work just fine on the iPhone.

    I know at least one developer who is using something similar within their iPhone application to communicate with S3 buckets.

    ReplyDelete
  5. I think the CommonCrypto library will do what you want. Look at this file:

    /Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS2.2.sdk/usr/include/CommonCrypto/CommonHMAC.h

    ReplyDelete
  6. This article demonstrates a little function that will generate an SHA-1 hash digest that will match what the php sha1() function will generate if you give it the same input:

    #import <CommonCrypto/CommonDigest.h>

    @implementation SHA1

    +(NSString*) digest:(NSString*)input
    {
    const char *cstr = [input cStringUsingEncoding:NSUTF8StringEncoding];
    NSData *data = [NSData dataWithBytes:cstr length:input.length];

    uint8_t digest[CC_SHA1_DIGEST_LENGTH];

    CC_SHA1(data.bytes, data.length, digest);

    NSMutableString* output = [NSMutableString stringWithCapacity:CC_SHA1_DIGEST_LENGTH * 2];

    for(int i = 0; i < CC_SHA1_DIGEST_LENGTH; i++)
    [output appendFormat:@"%02x", digest[i]];

    return output;

    }
    @end

    ReplyDelete
  7. I don't know if this is the case anymore, but there used to be restrictions on encryption algorithms and your right to distribute them to certain countries were restricted.

    If this is still the case it could be that Apple don't want/can't restrict certain applications from being downloaded in these countries.

    ReplyDelete