;;; Return an HMAC-SHA1 authentication code for KEY and MESSAGE. ;;; ;;; KEY and MESSAGE must be unibyte strings. The result is a unibyte ;;; string. Use the function `encode-hex-string' or the function ;;; `base64-encode-string' to produce human-readable output. ;;; ;;; See URL: for more information ;;; on the HMAC-SHA1 algorithm. ;;; ;;; The Emacs multibyte representation actually uses a series of ;;; 8-bit values under the hood, so we could have allowed multibyte ;;; strings as arguments. However, internal 8-bit values don't ;;; correspond to any external representation \(at least for major ;;; version 22). This makes multibyte strings useless for generating ;;; hashes. ;;; ;;; Instead, callers must explicitly pick and use an encoding for ;;; their multibyte data. Most callers will want to use UTF-8 ;;; encoding, which we can generate as follows: ;;; ;;; (let ((unibyte-key (encode-coding-string key 'utf-8 t)) ;;; (unibyte-value (encode-coding-string value 'utf-8 t))) ;;; (hmac-sha1 unibyte-key unibyte-value)) ;;; ;;; For keys and values that are already unibyte, the ;;; `encode-coding-string' calls just return the same string. ;;; ;;; Author: Derek Upham - sand (at) blarg.net ;;; ;;; Copyright: This code is in the public domain. (require 'sha1) (defun hmac-sha1 (key message) "Return an HMAC-SHA1 authentication code for KEY and MESSAGE. KEY and MESSAGE must be unibyte strings. The result is a unibyte string. Use the function `encode-hex-string' or the function `base64-encode-string' to produce human-readable output. See URL: for more information on the HMAC-SHA1 algorithm. The Emacs multibyte representation actually uses a series of 8-bit values under the hood, so we could have allowed multibyte strings as arguments. However, internal 8-bit values don't correspond to any external representation \(at least for major version 22). This makes multibyte strings useless for generating hashes. Instead, callers must explicitly pick and use an encoding for their multibyte data. Most callers will want to use UTF-8 encoding, which we can generate as follows: (let ((unibyte-key (encode-coding-string key 'utf-8 t)) (unibyte-value (encode-coding-string value 'utf-8 t))) (hmac-sha1 unibyte-key unibyte-value)) For keys and values that are already unibyte, the `encode-coding-string' calls just return the same string." (when (multibyte-string-p key) (error "key must be unibyte" key)) (when (multibyte-string-p message) (error "message must be unibyte" message)) ;; The key block is always exactly the block size of the hash ;; algorithm. If the key is too small, we pad it with zeroes (or ;; instead, we initialize the key block with zeroes and copy the ;; key onto the nulls). If the key is too large, we run it ;; through the hash algorithm and use the hashed value (strange ;; but true). (let ((+hmac-sha1-block-size-bytes+ 64)) ; SHA-1 uses 512-bit blocks (when (< +hmac-sha1-block-size-bytes+ (length key)) (setq key (sha1 key nil nil t))) (let ((key-block (make-vector +hmac-sha1-block-size-bytes+ 0))) (dotimes (i (length key)) (aset key-block i (aref key i))) (let ((opad (make-vector +hmac-sha1-block-size-bytes+ #x5c)) (ipad (make-vector +hmac-sha1-block-size-bytes+ #x36))) (dotimes (i +hmac-sha1-block-size-bytes+) (aset ipad i (logxor (aref ipad i) (aref key-block i))) (aset opad i (logxor (aref opad i) (aref key-block i)))) (sha1 (concat opad (sha1 (concat ipad message) nil nil t)) nil nil t))))) (provide 'hmac-sha1)