1 module dcrypt.crypto.macs.hmac;
2 
3 public import dcrypt.crypto.macs.mac;
4 import dcrypt.crypto.digest;
5 
6 // TODO optimize reset()
7 // TODO wipe sensitive data in destructor
8 
9 static {
10 	import dcrypt.crypto.digests.sha2: SHA256;
11 
12 	static assert(isMAC!(HMac!SHA256), "HMac is not a valid MAC");
13 }
14 
15 
16 @safe
17 public struct HMac(D) if(isDigest!D) {
18 
19 	
20 public:
21 
22 	public enum name = D.name ~ "/HMAC";
23 	public enum macSize = D.digestLength;
24 
25 	
26 	/**
27 	 * Params: keyParam = the HMac key
28 	 */
29 	@safe
30 	void start(in ubyte[] macKey)
31 	in {
32 		assert(macKey !is null, "mac key can't be null!");
33 	}
34 	body {
35 		key = macKey.dup;
36 
37 		// replace key by hash(key) if key length > block length of hash function
38 		if(key.length > digest.blockSize) {
39 			digest.start();
40 			digest.update(key);
41 			uint len = digest.doFinal(key);
42 			key.length = len;
43 		}
44 
45 		iPad = genPadBytes(key, ipadByte, digest.blockSize);
46 		oPad = genPadBytes(key, opadByte, digest.blockSize);
47 
48 		reset();
49 	}
50 
51 	
52 	/**
53 	 * update the MAC with a block of bytes.
54 	 *
55 	 * Params:
56 	 * input = the ubyte slice containing the data.
57 	 */
58 	@safe
59 	void put(in ubyte[] input...) nothrow @nogc
60 	in {
61 		assert(initialized, "HMac not initialized! Call init() first");
62 	}
63 	body{
64 		digest.put(input);
65 	}
66 
67 	/**
68 	 * close the MAC, producing the final MAC value. The doFinal
69 	 * call leaves the MAC reset(). */
70 	@safe
71 	uint doFinal(ubyte[] output) nothrow @nogc {
72 		digest.doFinal(iHash);
73 		digest.put(oPad);
74 
75 		digest.put(iHash);
76 
77 		digest.doFinal(output);
78 		
79 		reset();
80 		
81 		return macSize;
82 	}
83 
84 	@safe @nogc nothrow
85 	ubyte[macSize] finish() {
86 		ubyte[macSize] buf;
87 		doFinal(buf);
88 		return buf;
89 	}
90 	
91 	/**
92 	 * reset the digest back to it's initial state.
93 	 */
94 	@safe
95 	public void reset() nothrow @nogc
96 	in{
97 		assert(key !is null || key.length == 0, "HMac not initialized!");
98 	}
99 	body {
100 		digest.start();
101 		digest.update(iPad);
102 
103 		initialized = true;
104 	}
105 	
106 private:
107 	D digest;
108 	private ubyte[D.digestLength] iHash;
109 	//	Digest iPaddedDigest, oPaddedDigest;
110 	ubyte[] key;
111 	ubyte[] iPad, oPad;
112 	bool initialized = false;
113 
114 	
115 	enum ubyte opadByte = 0x5c;
116 	enum ubyte ipadByte = 0x36;
117 
118 
119 	ubyte[] genPadBytes(in ubyte[] key, in ubyte padByte, in uint blockSize) nothrow {
120 		ubyte[] paddedKey = key.dup;
121 		paddedKey.length += blockSize - (key.length%blockSize);
122 		paddedKey[] ^= padByte;
123 		return paddedKey;
124 	}
125 }
126 
127 
128 /// test vectors from http://tools.ietf.org/html/rfc4231
129 ///
130 /// test case: 1 2 3 4 6 7 (without 5)
131 unittest {
132 	import dcrypt.crypto.digests.sha2;
133 	import dcrypt.crypto.digests.sha2;
134 	import dcrypt.util.encoders.hex;
135 	import dcrypt.crypto.params.keyparameter;
136 	import std.stdio;
137 	
138 	// test vectors from http://tools.ietf.org/html/rfc4231
139 	
140 	// test case: 1 2 3 4 6 7 (without 5)
141 	
142 	string[] keys = ["0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
143 		"4a656665",
144 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
145 		"0102030405060708090a0b0c0d0e0f10111213141516171819",
146 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
147 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",];
148 	
149 	string[] data = ["4869205468657265",
150 		"7768617420646f2079612077616e7420666f72206e6f7468696e673f",
151 		"dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd",
152 		"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd",
153 		"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b6579202d2048617368204b6579204669727374",
154 		"5468697320697320612074657374207573696e672061206c6172676572207468616e20626c6f636b2d73697a65206b657920616e642061206c6172676572207468616e20626c6f636b2d73697a6520646174612e20546865206b6579206e6565647320746f20626520686173686564206265666f7265206265696e6720757365642062792074686520484d414320616c676f726974686d2e",
155 	];
156 	
157 	string[] macsSHA256 = [
158 		"b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7",
159 		"5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843",
160 		"773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565fe",
161 		"82558a389a443c0ea4cc819899f2083a85f0faa3e578f8077a2e3ff46729665b",
162 		"60e431591ee0b67f0d8a26aacbf5b77f8e0bc6213728c5140546040f0ee37f54",
163 		"9b09ffa71b942fcb27635fbcd5b0e944bfdc63644f0713938a7f51535c3a35e2"];
164 	
165 	string[] macsSHA512 = [
166 		"87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a126854",
167 		"164b7a7bfcf819e2e395fbe73b56e0a387bd64222e831fd610270cd7ea2505549758bf75c05a994a6d034f65f8f0e6fdcaeab1a34d4a6b4b636e070a38bce737",
168 		"fa73b0089d56a284efb0f0756c890be9b1b5dbdd8ee81a3655f83e33b2279d39bf3e848279a722c806b485a47e67c807b946a337bee8942674278859e13292fb",
169 		"b0ba465637458c6990e5a8c5f61d4af7e576d97ff94b872de76f8050361ee3dba91ca5c11aa25eb4d679275cc5788063a5f19741120c4f2de2adebeb10a298dd",
170 		"80b24263c7c1a3ebb71493c1dd7be8b49b46d1f41b4aeec1121b013783f8f3526b56d037e05f2598bd0fd2215d6a1e5295e64f73f63f0aec8b915a985d786598",
171 		"e37b6a775dc87dbaa4dfa9f96e5e3ffddebd71f8867289865df5a32d20cdc944b6022cac3c4982b10d5eeb55c3e4de15134676fb6de0446065c97440fa8c6a58"];
172 	
173 	
174 	testHMac!(SHA256)(keys, data, macsSHA256);
175 	testHMac!(SHA512)(keys, data, macsSHA512);
176 }
177 
178 version(unittest) {
179 
180 	// unittest helper functions
181 
182 	import dcrypt.util.encoders.hex;
183 	import dcrypt.crypto.params.keyparameter;
184 	import std.conv: text;
185 	
186 	/// Tests Digest d with given input data and reference hashes.
187 	///
188 	/// Params:
189 	/// hexData	= hex encoded data
190 	/// hexHashes	= expected hashes
191 	///
192 	/// Throws:
193 	/// AssertionError	if generated hash != expected hash
194 	@safe
195 	public void testHMac(Digest)(string[] hexKeys, string[] hexData, string[] hexHashes) 
196 	if(isDigest!Digest) {
197 		foreach (i; 0 .. hexData.length)
198 		{
199 			HMac!Digest mac;
200 			
201 			ubyte[] key = hexDecode(hexKeys[i]);
202 			ubyte[] data = hexDecode(hexData[i]);
203 			ubyte[] expectedHash = hexDecode(hexHashes[i]);
204 
205 			mac.start(key);
206 			
207 			mac.put(data);
208 			
209 			//            ubyte[] hash = mac.doFinal();
210 			ubyte[] hash = new ubyte[mac.macSize];
211 			mac.doFinal(hash);
212 			
213 			assert(hash == expectedHash, text(mac.name," failed: ",hexEncode(hash), " != ", hexHashes[i]));
214 		}
215 	}
216 }