[BUG-214745] Feature proposal: string llHMACSHA(string secret_key, integer key_is_hex, string message_to_sign, integer 1_or_256, integer base_64_or_hex)

[sl-service-account]

Add a function: string llHMACSHAXBase64Sign(string secret_key, integer key_is_hex, string message_to_sign, integer 1_or_256)

Currently we have to "roll our own" HMAC-SHA1 / HMAC-SHA256 hashing algorithms for creating signatures to interface with services like Twitter and Amazon AWS. There is a good free library available: https://wiki.secondlife.com/wiki/Twitter_OAuth_Library... but you can see there is quite a bit of code in the script dedicated to just making this signature. It takes upwards of 2.5 seconds to sign a typical select request for Amazon SimpleDB.

This just seems rather like something that ought to be made into an official LL function. Otherwise that one algorithm is taking up a sizable chunk of your script's memory. Combine that with the rest of the signing code and the HTTP stuff, and pretty soon you have to break up your script and use link messages, or get stack heap collisions.

For example on one script I'm working on, I have to have the request sent by one script, and the response handled by another. If I had this proposed function, I could do it all in one script, and that would just be so cool.

Here is my proposal for the functions of the following input parameters: 1_or_256 - if TRUE, HMAC-SHA256 algorithm shall be used if FALSE, HMAC-SHA1 algorithm shall be used key_is_hex - set TRUE if your secret key is in hexadecimal format set FALSE if your secret key is a regular string base_64_or_hex - if TRUE, function outputs in Base64 format if FALSE, function outputs in hexadecimal format

I think for the future of the SL platform, implementing robust signing features into the LSL is very important to allow for interaction with social media and cloud services that require authentication.

Original Jira Fields

| Field | Value | | ------------- | ------------- | | Issue | BUG-214745 | | Summary | Feature proposal: string llHMACSHA(string secret_key, integer key_is_hex, string message_to_sign, integer 1_or_256, integer base_64_or_hex) | | Type | New Feature Request | | Priority | Unset | | Status | Accepted | | Resolution | Accepted | | Labels | web, security, lsl, scripting | | Reporter | Gistya Eusebio (gistya.eusebio) | | Created at | 2012-10-31T17:37:16Z | | Updated at | 2018-04-04T18:11:39Z | ``` { 'Business Unit': ['Platform'], 'How would you like the feature to work?': '...', 'Target Viewer Version': 'viewer-development', 'What just happened?': '.', 'What were you doing when it happened?': '.', 'What were you expecting to happen instead?': '.', 'Why is this feature important to you? How would it benefit the community?': '...', } ```

[sl-service-account]

Gistya Eusebio commented at 2013-05-20T01:33:02Z

Cmon can we get some action on this?

[sl-service-account]

Gistya Eusebio commented at 2013-05-20T22:35:14Z

I added some additional ideas to this.

[sl-service-account]

Gistya Eusebio commented at 2013-05-20T22:40:42Z

5-20-13: updated this to be a more robust and versatile function