Signature mismatch, thanks
meepbear *
meepbear at hotmail.com
Sun Aug 7 12:57:13 PDT 2005
>The code's in PHP, which appears to *lack* an HMAC function, so I had to
>write my own - it's at http://www.ch3.org.uk/hmac.phps, with all the tests.
>I'm gonna go throw it at various PHP groups to see if they can figure it
>out.
Mhash has an SHA1-HMAC but PHP does have a native SHA1() which you can build
on top of to calculate an HMAC:
---------------
function cryptGenHMAC($data, $key) {
return (extension_loaded('mhash')) ? mhash(MHASH_SHA1, $data, $key) :
cryptSHA1_HMAC($data, $key);
}
// Original author unknown (changed to support SHA1-HMAC)
function cryptSHA1_HMAC($data, $key) {
$blocksize = 64;
if (strlen($key) > $blocksize)
$key = pack('H*', sha1($key));
$key = str_pad($key, $blocksize, "\0");
$ipad = str_repeat(chr(0x36), $blocksize);
$opad = str_repeat(chr(0x5c), $blocksize);
return pack('H*', sha1(($key^$opad).pack('H*',sha1(($key^$ipad).$data))));
}
---------------
One advantage is that the code above isn't dependent on an extension so even
if GMP isn't there your consumer will still work since you can fallback from
DH to regular HMAC which wouldn't be the case with your HMAC class.
More information about the yadis
mailing list