Forum Discussion
NimbostratusF5 iRule Example integrating HMAC
I currently utilize a static key value to create a custom encrypted cookie to validate user session authenticity via cookie values. I would like to move over to using an HMAC solution, but having issues with the currently provided example. I am currently running 10.2 code on my LTM, so some of the current information on 11.x using new commands is irrelevant. Does anyone have an example laying around or can translate the example at https://devcentral.f5.com/codeshare/hmac for me? Thanks
30 Replies
- Kai_Wilke
MVP
Hi Dtwesten,
the mentioned codeshare sample seems to use just commands, that where already available on 10.2 plattforms.
Did you already tried this sample on your box? Any TCL related error messages received?
Cheers, Kai
gpoverlandNothing yet.. The example didn't really define with comments what the values mean. For example, I believe the message variable is the data I want encrypted and that the token is the output. This could be just an issue of me reading up on HMAC, so just trying to see if someone has a full blown example of how they used it for say... user session authentication or validation.. Make sense? Thanks for replying so quickly
- Kai_WilkeOn the first sight i would say that $message is the message to be authenticated and $input is your secret key. You may also take a look to the available Google-Authenticator iRule samples, to see some real world examples. GA tokens are using HMAC-SHA1 calculations. Cheers, Kai
- Kai_WilkeSince Nat Thirasuttakorn is aware of your question, I would leave the conversation now. I guess its far more effective if he answers any questions regarding his code... ;-) Good luck with your development and Cheers, Kai
Nat_ThirasuttakornEmployee
Hi dtwesten,
regarding hmac codeshare example, I remember implementing it based on algorithm found on hmac wiki https://en.wikipedia.org/wiki/Hash-based_message_authentication_code
the hash result in binary is stored in variable "token"
the hash result in hex string is stored in variable "hextoken"
Nat
- Kevin_Stewart
You'll get the same value with the new(er) CRYPTO::sign command. As an extended example:
when RULE_INIT { set message "test" set key [sha256 "yyyy123456789012345678901234567890123456789012345678901234567890xxxx"] all of this is the manual approach per Nat's example set ipad "" set opad "" for { set j 0 }{ $j < [string length $key] }{ incr j }{ binary scan $key @${j}H2 k set o [expr 0x$k ^ 0x5c] set i [expr 0x$k ^ 0x36] append ipad [format %c $i] append opad [format %c $o] } for { }{ $j < $bsize }{ incr j }{ append ipad 6 append opad \\ } set token [sha256 $opad[sha256 "${ipad}${message}"]] binary scan $token H* hextoken log -noname local0. [string toupper "result = $hextoken"] and this is with the CRYPTO::sign command using the same key and message set signed_data [CRYPTO::sign -alg hmac-sha256 -key $key $message] binary scan $signed_data H* hexdata log -noname local0. [string toupper "signed = $hexdata"] } - Kevin_Stewart
Ugh. You did mention the version earlier. ;)
Well then, you're stuck with the first version using sha256 directly.
- gpoverland
Kevin,, I see how to create the HMAC using the 10.2 version of the HMAC iRULE, but I don't see how to sign or verify. That was the piece I was missing. Basically, I am going to set two pieces of information set when HTTP Request as my message and sign them using the HMAC (one piece of info from an application session cookie and the other from X509 Subject field from client presented cert). I'd like to verify the hash each time a request comes in to validate the user and the session. It looks pretty easy in 11.1 (or later), but I don't see many examples using 10.2 code..Thoughts?
- Kai_WilkeHi dtwesten, HMAC is basically a hash-function with added symmetric encryption (unlike digital signatures which are based on asymmetric keys). The use cases of HMAC are to identify that the sender and receiver are owning the same SharedKey (Authentication) and/or that message are not tampered on transit (Message Signing). To give you an idea what would be needed to create an HMAC-enabled solution... 1. Both parties had somehow exchanged the SharedKey in advance. 2. The Sender has PlainText (e.g. your Cookie+SSL SID) for the receiver that needs to be protected from tampering 3. The Sender computes HMAC(PlainText&SharedKey) 4. The Sender sends the PlainText in addition with the result of HMAC(PlainText&SharedKey) 5. The Receiver splits the received data into PlainText and the result of HMAC(PlainText&SharedKey). 6. The Receiver computes HMAC(PlainText&SharedKey) again. 7. The Receiver compares his computed HMAC(PlainText&SharedKey) results with the received HMAC(PlainText&SharedKey) results. 8. If both HMAC codes are identical, then the Receiver can be sure that the Sender is the origin of the received message and nothing was tampered on transit. Note: I don’t take replay attacks into consideration ;-) To integrate HMAC in your homegrown security solution, you don’t have to follow any specifications in which format the message and code is exchanged between the two parties unless you need certain interoperability. Do you? Cheers, Kai
- gpoverland
By the way.. this was a pretty good read on HMAC.. http://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf
- gpoverland
Kai,, thanks for the reply.. I understand the concept, and I see where in the HMAC irule that the token and hextoken is set. I can use that to send out, and receive back to the F5 as a cookie. Once the cookie comes back, I need to validate the message, so I need to decrypt the cookie. I see the commands in 11.1 with crypto::sign and crypto::verify.. However I don't see how to that in the 10.x version. That is the part I am missing..
- Kai_WilkeFor 10.x you have to rebuild those command using procedures. Gíve me a few minutes...
- Kai_Wilke
Here is the quick coding...
when RULE_INIT { set sharedkey "1234" set crypto_sign [call crypto_sign "hallo world" $sharedkey] log -noname local0. "HMAC Code is = $crypto_sign" set crypto_verify [call crypto_verify "hallo world" $sharedkey $crypto_sign] log -noname local0. "HMAC Code verified = $crypto_verify" } proc crypto_sign { message prekey } { set bsize 64 if { [string length $prekey] > $bsize } { set key [sha256 $prekey] } else { set key $prekey } set ipad "" set opad "" for { set j 0 }{ $j < [string length $key] }{ incr j }{ binary scan $key @${j}H2 k set o [expr 0x$k ^ 0x5c] set i [expr 0x$k ^ 0x36] append ipad [format %c $i] append opad [format %c $o] } for { }{ $j < $bsize }{ incr j }{ append ipad 6 append opad \\ } set token [sha256 $opad[sha256 "${ipad}${message}"]] binary scan $token H* hextoken return $hextoken } proc crypto_verify { message prekey hmac } { set bsize 64 if { [string length $prekey] > $bsize } { set key [sha256 $prekey] } else { set key $prekey } set ipad "" set opad "" for { set j 0 }{ $j < [string length $key] }{ incr j }{ binary scan $key @${j}H2 k set o [expr 0x$k ^ 0x5c] set i [expr 0x$k ^ 0x36] append ipad [format %c $i] append opad [format %c $o] } for { }{ $j < $bsize }{ incr j }{ append ipad 6 append opad \\ } set token [sha256 $opad[sha256 "${ipad}${message}"]] binary scan $token H* hextoken if { $hextoken eq $hmac } then { return 1 } else { return 0 } }Cheers, Kai
- gpoverland
Perfect thanks.. It wasn't making sense to me.. Really appreciate your help.
- Kai_WilkeYou're welcome^^ As I've mentioned in my previous post, the verification process a just string comparsion of the computed and received HMAC token. Cheers, Kai
