0

I've been trying to generate an authentication for a API request as follows: base64(sha256(payload+secret))

I've been using the following code but the base64 string that's been generated isn't correct.

- (void)viewDidLoad
{
[super viewDidLoad];
NSString *data = @"{"
    @"\"testing\":{"
    @"\"uri\":\"https://example.com/something.php\","
    @"\"id\":\"0\""
    @"}"
    @"}";
NSString *key = @"secret";
NSString *hashString = [NSString stringWithFormat:@"%@%@",data,key];
const char *cKey = [hashString cStringUsingEncoding:NSUTF8StringEncoding];
NSData *sdata = [NSData dataWithBytes:cKey length:hashString.length];
unsigned char sHMAC[64];
CC_SHA256((__bridge const void *)(sdata), sdata.length, sHMAC);
NSData *hash = [[NSData alloc] initWithBytes:sHMAC length:sizeof(sHMAC)];
NSString *s = [self base64forData:hash];
NSLog(@"Authentication: %@",s);
}

//Base64 encoding
- (NSString*)base64forData:(NSData*)theData {
const uint8_t* input = (const uint8_t*)[theData bytes];
NSInteger length = [theData length];

static char table[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";

NSMutableData* data = [NSMutableData dataWithLength:((length + 2) / 3) * 4];
uint8_t* output = (uint8_t*)data.mutableBytes;

NSInteger i;
for (i=0; i < length; i += 3) {
    NSInteger value = 0;
    NSInteger j;
    for (j = i; j < (i + 3); j++) {
        value <<= 8;

        if (j < length) {
            value |= (0xFF & input[j]);
        }
    }

    NSInteger theIndex = (i / 3) * 4;
    output[theIndex + 0] = table[(value >> 18) & 0x3F];
    output[theIndex + 1] = table[(value >> 12) & 0x3F];
    output[theIndex + 2] = (i + 1) < length ? table[(value >> 6) & 0x3F] : '=';
    output[theIndex + 3] = (i + 2) < length ? table[(value >> 0) & 0x3F] : '=';
}

return [[NSString alloc] initWithData:data encoding:NSASCIIStringEncoding];
}

I've been struggling with this one for a couple of weeks already. Thank you for your kind assistance!

user2253208
  • 1
  • 1

1 Answers1

1

You have an extra comma in your JSON dictionary. Maybe this is messing it up?

Also, notice that your hashString looks like this: 

{"testing":{"uri":"https://example.com/something.php","id":"0",}}secret

Is this intended?

Also, for your traditional c-code, it has all been done before. See e.g. this answer.

Community
  • 1
  • 1
Mundi
  • 79,884
  • 17
  • 117
  • 140
  • Thank you for the answer. The comma was accidentally placed there. The formula for generating the authorization string is base64(sha256(payload+secret)). I thought that the payload and the secret strings should be combined (hashString) before hashing SHA256? Hash is then runned through base64 to get the authorization string. – user2253208 Jul 15 '13 at 18:03