在使用像CommonCrypto,CryptoSwift这样的库之后,我尝试在Swift 4中生成hash_hmac('sha256',$ key,$ secret_key)等效的php函数,但没有成功。我需要这些API身份验证功能,使用Alamofire库,这是一个很棒的库。由于我使用Swift 4,因此与其他Swift库的兼容性并不是那么好。即使使用具有Swift 4最新版本(0.7.1)的CryptoSwift,我仍然会遇到很多兼容性错误 enter image description here
答案 0 :(得分:2)
Swift 3/4:
HMAC与MD5,SHA1,SHA224,SHA256,SHA384,SHA512(Swift 3)
这些函数将使用八种加密哈希算法之一对String或Data输入进行散列。
name参数将散列函数名称指定为String 支持的功能有MD5,SHA1,SHA224,SHA256,SHA384和SHA512
此示例需要Common Crypto
项目必须有一个桥接标题:
#import <CommonCrypto/CommonCrypto.h>
将Security.framework添加到项目中。
这些函数采用哈希名称,要散列的消息,密钥并返回摘要:
hashName: name of a hash function as String message: message as Data key: key as Data returns: digest as Data
func hmac(hashName:String, message:Data, key:Data) -> Data? {
let algos = ["SHA1": (kCCHmacAlgSHA1, CC_SHA1_DIGEST_LENGTH),
"MD5": (kCCHmacAlgMD5, CC_MD5_DIGEST_LENGTH),
"SHA224": (kCCHmacAlgSHA224, CC_SHA224_DIGEST_LENGTH),
"SHA256": (kCCHmacAlgSHA256, CC_SHA256_DIGEST_LENGTH),
"SHA384": (kCCHmacAlgSHA384, CC_SHA384_DIGEST_LENGTH),
"SHA512": (kCCHmacAlgSHA512, CC_SHA512_DIGEST_LENGTH)]
guard let (hashAlgorithm, length) = algos[hashName] else { return nil }
var macData = Data(count: Int(length))
macData.withUnsafeMutableBytes {macBytes in
message.withUnsafeBytes {messageBytes in
key.withUnsafeBytes {keyBytes in
CCHmac(CCHmacAlgorithm(hashAlgorithm),
keyBytes, key.count,
messageBytes, message.count,
macBytes)
}
}
}
return macData
hashName: name of a hash function as String message: message as String key: key as String returns: digest as Data
func hmac(hashName:String, message:String, key:String) -> Data? {
let messageData = message.data(using:.utf8)!
let keyData = key.data(using:.utf8)!
return hmac(hashName:hashName, message:messageData, key:keyData)
}
hashName: name of a hash function as String message: message as String key: key as Data returns: digest as Data
func hmac(hashName:String, message:String, key:Data) -> Data? {
let messageData = message.data(using:.utf8)!
return hmac(hashName:hashName, message:messageData, key:key)
}
//示例
let clearString = "clearData0123456"
let keyString = "keyData8901234562"
let clearData = clearString.data(using:.utf8)!
let keyData = keyString.data(using:.utf8)!
print("clearString: \(clearString)")
print("keyString: \(keyString)")
print("clearData: \(clearData as NSData)")
print("keyData: \(keyData as NSData)")
let hmacData1 = hmac(hashName:"SHA1", message:clearData, key:keyData)
print("hmacData1: \(hmacData1! as NSData)")
let hmacData2 = hmac(hashName:"SHA1", message:clearString, key:keyString)
print("hmacData2: \(hmacData2! as NSData)")
let hmacData3 = hmac(hashName:"SHA1", message:clearString, key:keyData)
print("hmacData3: \(hmacData3! as NSData)")
输出:
clearString: clearData0123456
keyString: keyData8901234562
clearData: <636c6561 72446174 61303132 33343536>
keyData: <6b657944 61746138 39303132 33343536 32>
hmacData1: <bb358f41 79b68c08 8e93191a da7dabbc 138f2ae6>
hmacData2: <bb358f41 79b68c08 8e93191a da7dabbc 138f2ae6>
hmacData3: <bb358f41 79b68c08 8e93191a da7dabbc 138f2ae6>
答案 1 :(得分:0)
首先,直接使用SHA512可能会更好,因为使用GPU可以很容易地破解SHA,因此提高内存容量并不是一个坏主意。
其次,使用CommonCrypto实际上非常容易生成HMAC,这是我使用的实现:
static func hmac(_ secretKey: inout [UInt8], cipherText: inout [UInt8], algorithm: CommonCrypto.HMACAlgorithm = .sha512) -> [UInt8] {
var mac = [UInt8](repeating: 0, count: 64)
CCHmac(algorithm.value, &secretKey, secretKey.count, &cipherText, cipherText.count, &mac)
return mac
}
算法定义如下:
enum HMACAlgorithm {
case sha512
var value: UInt32 {
switch(self) {
case .sha512:
return UInt32(kCCHmacAlgSHA512)
}
}
}
在这个例子中,我的密文是cipherText + IV。当您不使用AES-GCM时,似乎建议/建议使用HMAC IV + Cipher,但我无法向您提供有关原因的技术细节。
将数据或NSData转换为字节数组:
var byteArray = data.withUnsafeBytes { [UInt8](UnsafeBufferPointer(start: $0, count: data.count) }
使用数组的原因是数据的性能大幅增加,我不知道核心团队在做什么,但数据表现甚至比NSMutableData差。