Forum Discussion

gpoverland's avatar
gpoverland
Icon for Nimbostratus rankNimbostratus
Feb 03, 2016

F5 iRule Example integrating HMAC

I currently utilize a static key value to create a custom encrypted cookie to validate user session authenticity via cookie values. I would like to move over to using an HMAC solution, but having iss...
iRules
LTM
security
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Feb 03, 2016

You'll get the same value with the new(er) CRYPTO::sign command. As an extended example:

 

when RULE_INIT {
    set message "test"
    set key [sha256 "yyyy123456789012345678901234567890123456789012345678901234567890xxxx"]


     all of this is the manual approach per Nat's example 
    set ipad ""
    set opad ""
    for { set j 0 }{ $j < [string length $key] }{ incr j }{
        binary scan $key @${j}H2 k
        set o [expr 0x$k ^ 0x5c]
        set i [expr 0x$k ^ 0x36]
        append ipad [format %c $i]
        append opad [format %c $o]
    }
    for { }{ $j < $bsize }{ incr j }{
        append ipad 6
        append opad \\
    }
    set token [sha256 $opad[sha256 "${ipad}${message}"]]
    binary scan $token H* hextoken
    log -noname local0. [string toupper "result  = $hextoken"]


     and this is with the CRYPTO::sign command using the same key and message 
    set signed_data [CRYPTO::sign -alg hmac-sha256 -key $key $message]
    binary scan $signed_data H* hexdata
    log -noname local0. [string toupper "signed = $hexdata"]
}