Is there a library for iPhone to work with HMAC-SHA-1 encoding

Question

For all operation with Amazon services(S3, EC2, SimpleDB) You need to sign all resquest with HMAC-SHA-1 Signature(http://en.wikipedia.org/wiki/HMAC , http://docs.amazonwebservices.com/AWSFWS/latest/DeveloperGuide/index.html?SummaryOfAuthentication.html).

I'm working under asp.net backend and there is no problems. Problem is in the iPhone application. iPhone developer says that there is no way to use HMAC-SHA-1 encoding, and he have no rigths to implement his own algorithm. As programmer I cannot understand why there can be a problem.

So I want too know is iPhone developer right?

I've never coded for iPhone, so I don't even where to search such an information.

Answer 1

I don't know if this is the case anymore, but there used to be restrictions on encryption algorithms and your right to distribute them to certain countries were restricted.

If this is still the case it could be that Apple don't want/can't restrict certain applications from being downloaded in these countries.

Answer 2

Not for iPhone in particular, but the library libs3 provides a C API for accessing Amazon's S3 services. It, or the FUSE s3fs component, may be good sources for extracting the routines needed to communicate with Amazon's Web Services. As Objective-C is still C at its core, these routines should work just fine on the iPhone.

I know at least one developer who is using something similar within their iPhone application to communicate with S3 buckets.

Answer 3

I think the CommonCrypto library will do what you want. Look at this file:

/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS2.2.sdk/usr/include/CommonCrypto/CommonHMAC.h

Answer 4

CommonCrypto will do it. But if you want code, I have some here:

http://oauth.googlecode.com/svn/code/obj-c/OAuthConsumer/Crypto/

Which I wrote for use in the Cocoa OAuth implementation: http://code.google.com/p/oauthconsumer/wiki/UsingOAuthConsumer

Answer 5

CommonCrypto does the trick.

#import <CommonCrypto/CommonHMAC.h>

then later

/*
  inputs:
  NSData *keyData;
  NSData *clearTextData
*/

uint8_t digest[CC_SHA1_DIGEST_LENGTH] = {0};

CCHmacContext hmacContext;
CCHmacInit(&hmacContext, kCCHmacAlgSHA1, keyData.bytes, keyData.length);
CCHmacUpdate(&hmacContext, clearTextData.bytes, clearTextData.length);
CCHmacFinal(&hmacContext, digest);

NSData *out = [NSData dataWithBytes:digest length:CC_SHA1_DIGEST_LENGTH];

Answer 6

A bit of googling and I found this document.

Exporting of SHA1 is subject to (United Statese)Federal Government export controls and exporters are advised to contact the Department of Commerce, Bureau of Export Administration for more information.

I also found this:

People's Republic of China and the former Soviet Block can import SHA as long as it's intended for civil end-user applications rather than for military purpose. The following countries are prohibited from importing SHA: Cuba, Iran, Iraq, Libya, North Korea, Serbia, Syria, and Sudan. Please note that this list of embargo countries changes over time.

(Not a direct answer to your question, but certainly pertinent.)