# # Permission is hereby granted, free of charge, to any person obtaining # a copy of this software and associated documentation files (the # "Software"), to deal in the Software without restriction, including # without limitation the rights to use, copy, modify, merge, publish, # distribute, sublicense, and/or sell copies of the Software, and to # permit persons to whom the Software is furnished to do so, subject to # the following conditions: # # The above copyright notice and this permission notice shall be # included in all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. # IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY # CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, # TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE # SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. # ---------------------------------------- # HMAC is: # H(K XOR opad, H(K XOR ipad, plaintext)) # where ipad is 0x36 repated B times, and opad is 0x5C repeated B times. # B is the block length of the hash function (for SHA-1, B=64) # Keys longer than B are hashed before being used. # # See "HMAC: Keyed-Hashing for Message Authentication" (RFC 2104) # http://www.ietf.org/rfc/rfc2104.txt function hmac_sha1($data, $key, $raw_output=FALSE) { $block_size = 64; // SHA-1 block size if (strlen($key) > $block_size) { $k = pack("H*", sha1($key)); } else { $k = str_pad($key, $block_Size, "\x00", STR_PAD_RIGHT); } $ki = ''; for($i = 0; $i < $block_size; $i++) { $ki .= chr(ord(substr($k, $i, 1)) ^ 0x36); } $ko = ''; for($i = 0; $i < $block_size; $i++) { $ko .= chr(ord(substr($k, $i, 1)) ^ 0x5C); } $h = sha1($ko . pack('H*', sha1($ki . $data))); if ($raw_output) { return pack('H*', $h); } else { return $h; } }