How to implement HMAC-SHA1 algorithm in Qt
I'm trying to implement HMAC-SHA1 algorithm in my C++/Qt application. I have a method for Sha1 algorithm available, I just need to understand the HMAC part of it.
This pseudocode is from wikipedia:
1 function hmac (key, message)
2 if (length(key) > blocksize) then
3 // keys longer than blocksize are shortened
4 key = hash(key)
5 end if
6 if (length(key) < blocksize) then
7 // keys shorter than blocksize are zero-padded
8 key = key ∥ zeroes(blocksize - length(key))
9 end if
10
11 // Where blocksize is that of the underlying hash function
12 o_key_pad = [0x5c * blocksize] ⊕ key
13 i_key_pad = [0x36 * blocksize] ⊕ key // Where ⊕ is exclusive or (XOR)
14 // Where ∥ is concatenation
15 return hash(o_key_pad ∥ hash(i_key_pad ∥ message))
16 end function
What is the blocksize? What does the zeroes-function do on line 8? How do you express lines 12-13 in C++?
Answer
1. What is the blocksize ?
Usually, hash algorithm process data by cutting it into chunks of fixed size data (aka. "blocks"). For SHA1, I the usual block size is 64 bytes.
2. What does the zeros function do on line 8 ?
It (as the comment states) adds "zeroes" to the end of key so that its length matches the "block" size.
3. How do you express lines 12-13 in C++ ?
I think you're looking for the XOR operator: ^.
Example:
o_key_pad = (0x5c * blocksize) ^ key; // Actually, it should be 0x5c5c5c... repeated enough so that it matches key size.
Just a quick note: this has nothing special to do with Qt and you will probably want to do it in "raw" C++ so that you can eventually reuse it in a non-Qt project. Qt is great imho, but you clearly don't require it to implement this.