Have some code. Share some code.
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner
F5 Employee
F5 Employee

Problem this snippet solves:

This iRule shows example of to calculate HMAC or keyed-Hash Message Authentication Code by iRule using built-in function sha256.

Code :

when RULE_INIT {
    set message "test"
    set input { "1234" \
                "123456789012345678901234567890123456789012345678901234567890xxxx" \
                "yyyy123456789012345678901234567890123456789012345678901234567890xxxx" \

  foreach prekey $input {
    set bsize 64
    if { [string length $prekey] > $bsize } {
        set key [sha256 $prekey]
    } else {
        set key $prekey

    set ipad ""
    set opad ""
    for { set j 0 }{ $j < [string length $key] }{ incr j }{
        binary scan $key @${j}H2 k
        set o [expr 0x$k ^ 0x5c]
        set i [expr 0x$k ^ 0x36]
        append ipad [format %c $i]
        append opad [format %c $o]
    for { }{ $j < $bsize }{ incr j }{
        append ipad 6
        append opad \\

    set token [sha256 $opad[sha256 "${ipad}${message}"]]

    binary scan $token H* hextoken
    log -noname local0. [string toupper "result  = $hextoken"]
Historic F5 Account
As a note, version 11.1 and above has the CRYPTO::sign iRule command, which provides multiple HMAC algorithms:
Version history
Last update:
‎17-Mar-2015 16:56
Updated by: