Qore Programming Language Reference Manual  0.9.4.6
HMAC Functions

Functions

string Qore::DSS1_hmac (data data, data key)
 Returns the DSS1 (SHA-1 and DSA) based HMAC of the supplied argument as a hex string. More...
 
string Qore::DSS_hmac (data data, data key)
 Returns the DSS (SHA-0 and DSA) based HMAC of the supplied argument as a hex string. More...
 
string Qore::MD2_hmac (data data, data key)
 Returns the MD2 based HMAC of the supplied argument as a hex string. More...
 
string Qore::MD4_hmac (data data, data key)
 Returns the MD4 based HMAC of the supplied argument as a hex string. More...
 
string Qore::MD5_hmac (data data, data key)
 Returns the MD5 based HMAC of the supplied argument as a hex string. More...
 
string Qore::MDC2_hmac (data data, data key)
 Returns the MDC2 based HMAC of the supplied argument as a hex string. More...
 
string Qore::RIPEMD160_hmac (data data, data key)
 Returns the RIPEMD based HMAC of the supplied argument as a hex string. More...
 
string Qore::SHA1_hmac (data data, data key)
 Returns the SHA1 based HMAC of the supplied argument as a hex string. More...
 
string Qore::SHA224_hmac (data data, data key)
 Returns the SHA224 based HMAC of the supplied argument as a hex string. More...
 
string Qore::SHA256_hmac (data data, data key)
 Returns the SHA256 based HMAC of the supplied argument as a hex string. More...
 
string Qore::SHA384_hmac (data data, data key)
 Returns the SHA384 based HMAC of the supplied argument as a hex string. More...
 
string Qore::SHA512_hmac (data data, data key)
 Returns the SHA512 based HMAC of the supplied argument as a hex string. More...
 
string Qore::SHA_hmac (data data, data key)
 Returns the SHA based HMAC of the supplied argument as a hex string. More...
 
binary Qore::decrypt_to_binary (string alg, data data, data key, data iv=Qore::DefaultIV, *data mac, *data aad)
 Returns a binary value of decrypted data corresponding to the input arguments inluding the given algorithm. More...
 
string Qore::decrypt_to_string (string alg, data data, data key, data iv=Qore::DefaultIV, *data mac, *data aad, *string encoding)
 Returns a string of decrypted data corresponding to the input arguments inluding the given algorithm. More...
 
binary Qore::digest (string digest, data data)
 Returns the digest of the supplied arguments as a binary value. More...
 
binary Qore::encrypt (string alg, data data, data key, data iv=Qore::DefaultIV, *reference< binary > mac, *int mac_size, *data aad)
 Returns a binary value of encrypted data corresponding to the input arguments inluding the given algorithm. More...
 
hash Qore::get_crypto_info ()
 Returns a hash of information about each cryptographic algorithmn supported by the current build of Qore. More...
 
Transform Qore::get_decryptor (string alg, data key, data iv=Qore::DefaultIV, *data mac, *data aad)
 Returns a Transform object for decrypting data using the given algorithm for use with TransformInputStream and TransformOutputStream. More...
 
list< stringQore::get_digests ()
 Returns a list of supported digest algorithms for hmac() More...
 
Transform Qore::get_encryptor (string alg, data key, data iv=Qore::DefaultIV, *reference< binary > mac, *int mac_size, *data aad)
 Returns a Transform object for encrypting data using the given algorithm for use with TransformInputStream and TransformOutputStream. More...
 
binary Qore::get_random_bytes (int size)
 returns a binary value of random bytes using openssl More...
 
binary Qore::hmac (string digest, data data, data key)
 Returns the digest-based HMAC of the supplied arguments as a binary value. More...
 

Detailed Description

Qore's cryptography support is provided by the OpenSSL library.

In cryptography, a keyed-hash message authentication code (HMAC) is a specific construction for calculating a message authentication code (MAC) involving a cryptographic hash function in combination with a secret cryptographic key. As with any MAC, it may be used to simultaneously verify both the data integrity and the authentication of a message. Any cryptographic hash function, such as MD5 or SHA-1, may be used in the calculation of an HMAC; the resulting MAC algorithm is termed HMAC-MD5 or HMAC-SHA1 accordingly. The cryptographic strength of the HMAC depends upon the cryptographic strength of the underlying hash function, the size of its hash output, and on the size and quality of the key.

For more info: Wikipedia's Hash-based message authentication code article.

See also:

Function Documentation

◆ decrypt_to_binary()

binary Qore::decrypt_to_binary ( string  alg,
data  data,
data  key,
data  iv = Qore::DefaultIV,
*data  mac,
*data  aad 
)

Returns a binary value of decrypted data corresponding to the input arguments inluding the given algorithm.

Code Flags:
RET_VALUE_ONLY
Example:
binary bin = decrypt_to_binary(Qore::CRYPTO_ALG_BLOWFISH, data, key);
Parameters
algthe transformation algorithm; see Cryptographic Stream Transformations for possible values
datathe data to decrypt
keythe encryption key
ivthe initialization vector or cryptographic nonce
maca message authentication code to be used to decrypt the message if required by the cryptographic algorithm, if not required, this argument is ignored
aadAdditional Authenticated Data; if the cryptographic algorithm does not support AAD, then this argument is ignored
Returns
a binary value of decrypted data corresponding to the input arguments
Exceptions
DECRYPT-ERRORunknown decryption algorithm; error with the decryption algorithm (ex: invalid key)
See also
Since
Qore 0.8.13

◆ decrypt_to_string()

string Qore::decrypt_to_string ( string  alg,
data  data,
data  key,
data  iv = Qore::DefaultIV,
*data  mac,
*data  aad,
*string  encoding 
)

Returns a string of decrypted data corresponding to the input arguments inluding the given algorithm.

Code Flags:
RET_VALUE_ONLY
Example:
string str = decrypt_to_string(Qore::CRYPTO_ALG_BLOWFISH, data, key);
Parameters
algthe transformation algorithm; see Cryptographic Stream Transformations for possible values
datathe data to decrypt
keythe encryption key
ivthe initialization vector or cryptographic nonce
maca message authentication code to be used to decrypt the message if required by the cryptographic algorithm, if not required, this argument is ignored
aadAdditional Authenticated Data; if the cryptographic algorithm does not support AAD, then this argument is ignored
encodingthe character encoding tag for the string return value; if not present, the default character encoding is assumed
Returns
a string of decrypted data corresponding to the input arguments
Exceptions
DECRYPT-ERRORunknown decryption algorithm; error with the decryption algorithm (ex: invalid key)
See also
Since
Qore 0.8.13

◆ digest()

binary Qore::digest ( string  digest,
data  data 
)

Returns the digest of the supplied arguments as a binary value.

Code Flags:
RET_VALUE_ONLY
Example:
binary bin = digest("md2", "Hello There This is a Test - 1234567890");
# returns <a9046c73e00331af68917d3804f70655>
Parameters
digestthe digest to use; for supported digests, see DigestMap
datathe data to process and produce a digest for; the trailing null character is not included in the digest when processing string arguments
Returns
the binary value of the digest
Exceptions
DIGEST-ERRORunknown digest
DIGEST-CALCULATION-ERRORerror calculating digest (should not normally happen)
Since
Qore 0.9.3

◆ DSS1_hmac()

string Qore::DSS1_hmac ( data  data,
data  key 
)

Returns the DSS1 (SHA-1 and DSA) based HMAC of the supplied argument as a hex string.

Parameters
datathe data to process and produce a digest for; the trailing null character is not included in the digest when processing string arguments
keya secret passphrase/key
Returns
a hex string of the digest (ex: "37a3cc73159aa129b0eb22bbdf4b9309d389f629")
Example:
string str = DSS1_hmac("Hello There This is a Test - 1234567890", "a key");
# returns "37a3cc73159aa129b0eb22bbdf4b9309d389f629"
Note
this digest algorithm is considered outdated and is included for backwards-compatibility only when Qore is built with an older openssl library
Exceptions
DSS1-HMAC-ERRORerror calculating digest (should not normally happen)
See also
hmac()

◆ DSS_hmac()

string Qore::DSS_hmac ( data  data,
data  key 
)

Returns the DSS (SHA-0 and DSA) based HMAC of the supplied argument as a hex string.

Parameters
datathe data to process and produce a digest for; the trailing null character is not included in the digest when processing string arguments
keya secret passphrase/key
Returns
a hex string of the digest (ex: "37a3cc73159aa129b0eb22bbdf4b9309d389f629")
Example:
string str = DSS_hmac("Hello There This is a Test - 1234567890", "a key");
# returns "37a3cc73159aa129b0eb22bbdf4b9309d389f629"
Note
this digest algorithm is considered outdated and is included for backwards-compatibility only when Qore is built with an older openssl library
Exceptions
DSS-HMAC-ERRORerror calculating digest (should not normally happen)
See also
hmac()

◆ encrypt()

binary Qore::encrypt ( string  alg,
data  data,
data  key,
data  iv = Qore::DefaultIV,
*reference< binary mac,
*int  mac_size,
*data  aad 
)

Returns a binary value of encrypted data corresponding to the input arguments inluding the given algorithm.

Code Flags:
RET_VALUE_ONLY
Example:
binary bin = encrypt(Qore::CRYPTO_ALG_BLOWFISH, data, key);
Parameters
algthe transformation algorithm; see Cryptographic Stream Transformations for possible values
datathe data to encrypt
keythe encryption key
ivthe initialization vector or cryptographic nonce
maca reference to a binary lvalue that will store the Message Authentication Code (MAC) when the transformation is closed, if the algorithm produces one; it is not an error to provide a reference here for cryptographic algorithms that do not generate a MAC, however in such cases, nothing will be written to the reference; in case this argument is passed, the mac_size argument must also be passed or a MAC-ERROR exception will be thrown
mac_sizenumber of bytes of the MAC to return; this value must be non-negative and less than 4096 or a MAC-ERROR exception will be thrown
aadAdditional Authenticated Data; if the cryptographic algorithm does not support AAD, then this argument is ignored
Returns
a binary value of encrypted data corresponding to the input arguments
Exceptions
MAC-ERRORthis exception is thrown if the mac_size argument is passed but no mac argument or vice-versa or if the mac_size argument is negative or greater than 4096 bytes
ENCRYPT-ERRORunknown encryption algorithm; error with the encryption algorithm (ex: invalid key size)
See also
Since
Qore 0.8.13

◆ get_crypto_info()

hash Qore::get_crypto_info ( )

Returns a hash of information about each cryptographic algorithmn supported by the current build of Qore.

Code Flags:
CONSTANT
Example:
hash h = get_crypto_info();
Returns
a hash of information about each cryptographic algorithmn supported by the current build of Qore; keys are algorithm names, values are hashes with the following keys:
  • key_len: the minimum required length of the cryptographic key; if 0 it means that the cipher takes a variable key length
  • iv_len: the minimum required lengh of the initialization vector or nonce; if 0 it means that the initialization vector can be of any length (note that initialization vector or nonce is always optional); -1 means that the algorithm does not support (ignores) initialization vectors
  • type: either "GCM" for Galois Counter Mode (meaning that the cipher accepts AAD and produces / requires a Message Authentication Code (MAC) for encryption / decryption, respectively) or "CBC" for Cipher Block Chaining (meaning that the cipher does not support AAD or a MAC)
See also
Since
Qore 0.8.13

◆ get_decryptor()

Transform Qore::get_decryptor ( string  alg,
data  key,
data  iv = Qore::DefaultIV,
*data  mac,
*data  aad 
)

Returns a Transform object for decrypting data using the given algorithm for use with TransformInputStream and TransformOutputStream.

Code Flags:
RET_VALUE_ONLY
Example:
Qore::FileOutputStream of("my-file.txt.enc");
Qore::TransformOutputStream ts(of, get_decryptor(Qore::CRYPTO_ALG_BLOWFISH, key));
Parameters
algthe transformation algorithm; see Cryptographic Stream Transformations for possible values
keythe encryption key
ivthe initialization vector
maca message authentication code to be used to decrypt the message if required by the cryptographic algorithm, if not required, this argument is ignored
aadAdditional Authenticated Data; if the cryptographic algorithm does not support AAD, then this argument is ignored
Returns
a Transform object for decrypting data using the given algorithm for use with TransformInputStream and TransformOutputStream
Exceptions
DECRYPT-ERRORunknown encryption algorithm; error decrypting the data
See also
Since
Qore 0.8.13

◆ get_digests()

list<string> Qore::get_digests ( )

Returns a list of supported digest algorithms for hmac()

Code Flags:
CONSTANT
Example:
# make a map of supported digests
hash<string, bool> digest_map = map {$1: True}, get_digests();
Returns
a list of supported digest algorithms for hmac()
See also
hmac()
Since
Qore 0.9.3

◆ get_encryptor()

Transform Qore::get_encryptor ( string  alg,
data  key,
data  iv = Qore::DefaultIV,
*reference< binary mac,
*int  mac_size,
*data  aad 
)

Returns a Transform object for encrypting data using the given algorithm for use with TransformInputStream and TransformOutputStream.

Code Flags:
RET_VALUE_ONLY
Example:
Qore::FileOutputStream of("my-file.txt.enc");
Qore::TransformOutputStream ts(of, get_encryptor(Qore::CRYPTO_ALG_BLOWFISH, key));
Parameters
algthe transformation algorithm; see Cryptographic Stream Transformations for possible values
keythe encryption key
ivthe initialization vector
maca reference to a binary lvalue that will store the Message Authentication Code (MAC) when the transformation is closed, if the algorithm produces one; it is not an error to provide a reference here for cryptographic algorithms that do not generate a MAC, however in such cases, nothing will be written to the reference; in case this argument is passed, the mac_size argument must also be passed or a MAC-ERROR exception will be thrown
mac_sizenumber of bytes of the MAC to return; this value must be non-negative and less than 4096 or a MAC-ERROR exception will be thrown
aadAdditional Authenticated Data; if the cryptographic algorithm does not support AAD, then this argument is ignored
Returns
a Transform object for encrypting data using the given algorithm for use with TransformInputStream and TransformOutputStream
Exceptions
MAC-ERRORthis exception is thrown if the mac_size argument is passed but no mac argument or vice-versa or if the mac_size argument is negative or greater than 4096 bytes
ENCRYPT-ERRORunknown encryption algorithm; error with the encryption algorithm (ex: invalid key size)
See also
Since
Qore 0.8.13

◆ get_random_bytes()

binary Qore::get_random_bytes ( int  size)

returns a binary value of random bytes using openssl

Code Flags:
RET_VALUE_ONLY
Example:
# return 16 bytes of random data
binary b = get_random_bytes(16);
Parameters
sizethe number of bytes in the output; if this value is not positive, an empty binary value is returned
Returns
a binary value of random bytes using openssl
Exceptions
GET-RANDOM-BYTES-ERRORthrown if there is an error generating or acquiring random data (ex: not enough entropy; random function not supported by the current random method)
Since
Qore 0.8.13

◆ hmac()

binary Qore::hmac ( string  digest,
data  data,
data  key 
)

Returns the digest-based HMAC of the supplied arguments as a binary value.

Code Flags:
RET_VALUE_ONLY
Example:
binary bin = hmac("ripemd160", "Hello There This is a Test - 1234567890", "a key");
# returns <4bca70bca1601aba57624eeb2606535cb12f2079>
Parameters
digestthe digest to use; for supported digests, see DigestMap
datathe data to process and produce a digest for; the trailing null character is not included in the digest when processing string arguments
keya secret passphrase/key
Returns
the binary value of the HMAC
Exceptions
DIGEST-ERRORunknown digest
HMAC-CALCULATION-ERRORerror calculating digest (should not normally happen)
See also
DigestMap
Since
Qore 0.9.3

◆ MD2_hmac()

string Qore::MD2_hmac ( data  data,
data  key 
)

Returns the MD2 based HMAC of the supplied argument as a hex string.

Platform Availability:
Qore::Option::HAVE_MD2
Parameters
datathe data to process and produce a digest for; the trailing null character is not included in the digest when processing string arguments
keya secret passphrase/key
Returns
a hex string of the digest (ex: "27f5f17500b408e97643403ea8ef1413")
Example:
string str = MD2_hmac("Hello There This is a Test - 1234567890", "a key");
# returns "27f5f17500b408e97643403ea8ef1413"
Exceptions
MD2-HMAC-ERRORerror calculating digest (should not normally happen)
See also

◆ MD4_hmac()

string Qore::MD4_hmac ( data  data,
data  key 
)

Returns the MD4 based HMAC of the supplied argument as a hex string.

Parameters
datathe data to process and produce a digest for; the trailing null character is not included in the digest when processing string arguments
keya secret passphrase/key
Returns
a hex string of the digest (ex: "053d084f321a3886e60166ebd9609ce1")
Example:
string str = MD4_hmac("Hello There This is a Test - 1234567890", "a key");
# returns "053d084f321a3886e60166ebd9609ce1"
Exceptions
MD4-HMAC-ERRORerror calculating digest (should not normally happen)
See also
hmac()

◆ MD5_hmac()

string Qore::MD5_hmac ( data  data,
data  key 
)

Returns the MD5 based HMAC of the supplied argument as a hex string.

Parameters
datathe data to process and produce a digest for; the trailing null character is not included in the digest when processing string arguments
keya secret passphrase/key
Returns
a hex string of the digest (ex: "87505c6164aaf6ca6315233902a01ef4")
Example:
string str = MD5_hmac("Hello There This is a Test - 1234567890", "a key");
# returns "87505c6164aaf6ca6315233902a01ef4"
Note
the MD5 algorithm is not collision-resistant; it's recommended to use another hash algorithm (like SHA-256) if cryptographic security is important
Exceptions
MD5-HMAC-ERRORerror calculating digest (should not normally happen)
See also
hmac()

◆ MDC2_hmac()

string Qore::MDC2_hmac ( data  data,
data  key 
)

Returns the MDC2 based HMAC of the supplied argument as a hex string.

Parameters
datathe data to process and produce a digest for; the trailing null character is not included in the digest when processing string arguments
keya secret passphrase/key
Returns
a hex string of the digest (ex: "e0ef6a6803e58807c5db395e180a999c")
Example:
string str = MDC2_hmac("Hello There This is a Test - 1234567890", "a key");
# returns "e0ef6a6803e58807c5db395e180a999c"
Exceptions
MDC2-HMAC-ERRORerror calculating digest (should not normally happen)
See also
hmac()

◆ RIPEMD160_hmac()

string Qore::RIPEMD160_hmac ( data  data,
data  key 
)

Returns the RIPEMD based HMAC of the supplied argument as a hex string.

Parameters
datathe data to process and produce a digest for; the trailing null character is not included in the digest when processing string arguments
keya secret passphrase/key
Returns
a hex string of the digest (ex: "4bca70bca1601aba57624eeb2606535cb12f2079")
Example:
string str = RIPEMD160_hmac("Hello There This is a Test - 1234567890", "a key");
# returns "4bca70bca1601aba57624eeb2606535cb12f2079"
Exceptions
RIPEMD160-HMAC-ERRORerror calculating digest (should not normally happen)
See also
hmac()

◆ SHA1_hmac()

string Qore::SHA1_hmac ( data  data,
data  key 
)

Returns the SHA1 based HMAC of the supplied argument as a hex string.

Parameters
datathe data to process and produce a digest for; the trailing null character is not included in the digest when processing string arguments
keya secret passphrase/key
Returns
a hex string of the digest (ex: "37a3cc73159aa129b0eb22bbdf4b9309d389f629")
Example:
string str = SHA1_hmac("Hello There This is a Test - 1234567890", "a key");
# returns "37a3cc73159aa129b0eb22bbdf4b9309d389f629"
Note
Cryptographic weaknesses were discovered in SHA-1, and the standard was no longer approved for most cryptographic uses after 2010.
Exceptions
SHA1-HMAC-ERRORerror calculating digest (should not normally happen)
See also
hmac()

◆ SHA224_hmac()

string Qore::SHA224_hmac ( data  data,
data  key 
)

Returns the SHA224 based HMAC of the supplied argument as a hex string.

Platform Availability:
Qore::Option::HAVE_SHA224
Parameters
datathe data to process and produce a digest for; the trailing null character is not included in the digest when processing string arguments
keya secret passphrase/key
Returns
a hex string of the digest (ex: "fad5667fa5aa412044555b7e077fced62372fe9c6ce20815609da12c")
Example:
string str = SHA224_hmac("Hello There This is a Test - 1234567890", "a key");
# returns "fad5667fa5aa412044555b7e077fced62372fe9c6ce20815609da12c"
Exceptions
SHA224-HMAC-ERRORerror calculating digest (should not normally happen)
See also
hmac()

◆ SHA256_hmac()

string Qore::SHA256_hmac ( data  data,
data  key 
)

Returns the SHA256 based HMAC of the supplied argument as a hex string.

Platform Availability:
Qore::Option::HAVE_SHA256
Parameters
datathe data to process and produce a digest for; the trailing null character is not included in the digest when processing string arguments
keya secret passphrase/key
Returns
a hex string of the digest (ex: "1c90c21e227712b62019ff831f34cba22c2e70f1a902651ef69a70705ee0f754")
Example:
string str = SHA256_hmac("Hello There This is a Test - 1234567890", "a key");
# returns "1c90c21e227712b62019ff831f34cba22c2e70f1a902651ef69a70705ee0f754"
Exceptions
SHA256-HMAC-ERRORerror calculating digest (should not normally happen)
See also
hmac()

◆ SHA384_hmac()

string Qore::SHA384_hmac ( data  data,
data  key 
)

Returns the SHA384 based HMAC of the supplied argument as a hex string.

Platform Availability:
Qore::Option::HAVE_SHA384
Parameters
datathe data to process and produce a digest for; the trailing null character is not included in the digest when processing string arguments
keya secret passphrase/key
Returns
a hex string of the digest (ex: "e2c253c6dcb050990b4da3cee95cd7b227f43388fa8116f476f59395af295d0d3bb7156ab2fcd0663b0500249a7a0865")
Example:
string str = SHA384_hmac("Hello There This is a Test - 1234567890", "a key");
# returns "e2c253c6dcb050990b4da3cee95cd7b227f43388fa8116f476f59395af295d0d3bb7156ab2fcd0663b0500249a7a0865"
Exceptions
SHA384-HMAC-ERRORerror calculating digest (should not normally happen)
See also
hmac()

◆ SHA512_hmac()

string Qore::SHA512_hmac ( data  data,
data  key 
)

Returns the SHA512 based HMAC of the supplied argument as a hex string.

Platform Availability:
Qore::Option::HAVE_SHA512
Parameters
datathe data to process and produce a digest for; the trailing null character is not included in the digest when processing string arguments
keya secret passphrase/key
Returns
a hex string of the digest (ex: "8dcefd7ea3f90ff1c822b5e9547fc36edf78c3e4ce13d47510a212a406bdda1a4094e7ea5ade90e1c736e204d331a814520eba49f3d074e2c261208de07264f6")
Example:
string str = SHA512_hmac("Hello There This is a Test - 1234567890", "a key");
# returns "8dcefd7ea3f90ff1c822b5e9547fc36edf78c3e4ce13d47510a212a406bdda1a4094e7ea5ade90e1c736e204d331a814520eba49f3d074e2c261208de07264f6"
Exceptions
SHA512-HMAC-ERRORerror calculating digest (should not normally happen)
See also
hmac()

◆ SHA_hmac()

string Qore::SHA_hmac ( data  data,
data  key 
)

Returns the SHA based HMAC of the supplied argument as a hex string.

Parameters
datathe data to process and produce a digest for; the trailing null character is not included in the digest when processing string arguments
keya secret passphrase/key
Returns
a hex string of the digest (ex: "0ad47c8d36dc4606d52f7e4cbd144ef2fda492a0")
Example:
string str = SHA_hmac("Hello There This is a Test - 1234567890", "a key");
# returns "0ad47c8d36dc4606d52f7e4cbd144ef2fda492a0"
Note
SHA/SHA0 was withdrawn shortly after publication due to an undisclosed "significant flaw" and replaced by the slightly revised version SHA-1.
Exceptions
SHA-HMAC-ERRORerror calculating digest (should not normally happen)
See also
hmac()