HMAC

Problem this snippet solves:

This iRule shows example of to calculate HMAC or keyed-Hash Message Authentication Code by iRule using built-in function sha256.

Code :

when RULE_INIT {
  
    set message "test"
    set input { "1234" \
                "123456789012345678901234567890123456789012345678901234567890xxxx" \
                "yyyy123456789012345678901234567890123456789012345678901234567890xxxx" \
    }

  foreach prekey $input {
    set bsize 64
    if { [string length $prekey] > $bsize } {
        set key [sha256 $prekey]
    } else {
        set key $prekey
    }

    set ipad ""
    set opad ""
    for { set j 0 }{ $j < [string length $key] }{ incr j }{
        binary scan $key @${j}H2 k
        set o [expr 0x$k ^ 0x5c]
        set i [expr 0x$k ^ 0x36]
        append ipad [format %c $i]
        append opad [format %c $o]
    }
    for { }{ $j < $bsize }{ incr j }{
        append ipad 6
        append opad \\
    }

    set token [sha256 $opad[sha256 "${ipad}${message}"]]

    binary scan $token H* hextoken
    log -noname local0. [string toupper "result  = $hextoken"]
  }
}
Published Mar 17, 2015
Version 1.0

Was this article helpful?

1 Comment

  • Sam_Richman_263's avatar
    Sam_Richman_263
    Historic F5 Account
    As a note, version 11.1 and above has the CRYPTO::sign iRule command, which provides multiple HMAC algorithms: https://clouddocs.f5.com/api/irules/CRYPTO__sign.html