1 module dcrypt.crypto.macs.hmac; 2 3 public import dcrypt.crypto.macs.mac; 4 import dcrypt.crypto.digest; 5 6 // TODO optimize reset() 7 // TODO wipe sensitive data in destructor 8 9 static { 10 import dcrypt.crypto.digests.sha2: SHA256; 11 12 static assert(isMAC!(HMac!SHA256), "HMac is not a valid MAC"); 13 } 14 15 16 @safe 17 public struct HMac(D) if(isDigest!D) { 18 19 20 public: 21 22 public enum name = D.name ~ "/HMAC"; 23 public enum macSize = D.digestLength; 24 25 26 /** 27 * Params: keyParam = the HMac key 28 */ 29 @safe 30 void start(in ubyte[] macKey) 31 in { 32 assert(macKey !is null, "mac key can't be null!"); 33 } 34 body { 35 key = macKey.dup; 36 37 // replace key by hash(key) if key length > block length of hash function 38 if(key.length > digest.blockSize) { 39 digest.start(); 40 digest.update(key); 41 uint len = digest.doFinal(key); 42 key.length = len; 43 } 44 45 iPad = genPadBytes(key, ipadByte, digest.blockSize); 46 oPad = genPadBytes(key, opadByte, digest.blockSize); 47 48 reset(); 49 } 50 51 52 /** 53 * update the MAC with a block of bytes. 54 * 55 * Params: 56 * input = the ubyte slice containing the data. 57 */ 58 @safe 59 void put(in ubyte[] input...) nothrow @nogc 60 in { 61 assert(initialized, "HMac not initialized! Call init() first"); 62 } 63 body{ 64 digest.put(input); 65 } 66 67 /** 68 * close the MAC, producing the final MAC value. The doFinal 69 * call leaves the MAC reset(). */ 70 @safe 71 uint doFinal(ubyte[] output) nothrow @nogc { 72 digest.doFinal(iHash); 73 digest.put(oPad); 74 75 digest.put(iHash); 76 77 digest.doFinal(output); 78 79 reset(); 80 81 return macSize; 82 } 83 84 @safe @nogc nothrow 85 ubyte[macSize] finish() { 86 ubyte[macSize] buf; 87 doFinal(buf); 88 return buf; 89 } 90 91 /** 92 * reset the digest back to it's initial state. 93 */ 94 @safe 95 public void reset() nothrow @nogc 96 in{ 97 assert(key !is null || key.length == 0, "HMac not initialized!"); 98 } 99 body { 100 digest.start(); 101 digest.update(iPad); 102 103 initialized = true; 104 } 105 106 private: 107 D digest; 108 private ubyte[D.digestLength] iHash; 109 // Digest iPaddedDigest, oPaddedDigest; 110 ubyte[] key; 111 ubyte[] iPad, oPad; 112 bool initialized = false; 113 114 115 enum ubyte opadByte = 0x5c; 116 enum ubyte ipadByte = 0x36; 117 118 119 ubyte[] genPadBytes(in ubyte[] key, in ubyte padByte, in uint blockSize) nothrow { 120 ubyte[] paddedKey = key.dup; 121 paddedKey.length += blockSize - (key.length%blockSize); 122 paddedKey[] ^= padByte; 123 return paddedKey; 124 } 125 } 126 127 128 /// test vectors from http://tools.ietf.org/html/rfc4231 129 /// 130 /// test case: 1 2 3 4 6 7 (without 5) 131 unittest { 132 import dcrypt.crypto.digests.sha2; 133 import dcrypt.crypto.digests.sha2; 134 import dcrypt.util.encoders.hex; 135 import dcrypt.crypto.params.keyparameter; 136 import std.stdio; 137 138 // test vectors from http://tools.ietf.org/html/rfc4231 139 140 // test case: 1 2 3 4 6 7 (without 5) 141 142 string[] keys = ["0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", 143 "4a656665", 144 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 145 "0102030405060708090a0b0c0d0e0f10111213141516171819", 146 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", 147 "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",]; 148 149 string[] data = ["4869205468657265", 150 "7768617420646f2079612077616e7420666f72206e6f7468696e673f", 151 "dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd", 152 "cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd", 153 "54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b6579202d2048617368204b6579204669727374", 154 "5468697320697320612074657374207573696e672061206c6172676572207468616e20626c6f636b2d73697a65206b657920616e642061206c6172676572207468616e20626c6f636b2d73697a6520646174612e20546865206b6579206e6565647320746f20626520686173686564206265666f7265206265696e6720757365642062792074686520484d414320616c676f726974686d2e", 155 ]; 156 157 string[] macsSHA256 = [ 158 "b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7", 159 "5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843", 160 "773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565fe", 161 "82558a389a443c0ea4cc819899f2083a85f0faa3e578f8077a2e3ff46729665b", 162 "60e431591ee0b67f0d8a26aacbf5b77f8e0bc6213728c5140546040f0ee37f54", 163 "9b09ffa71b942fcb27635fbcd5b0e944bfdc63644f0713938a7f51535c3a35e2"]; 164 165 string[] macsSHA512 = [ 166 "87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a126854", 167 "164b7a7bfcf819e2e395fbe73b56e0a387bd64222e831fd610270cd7ea2505549758bf75c05a994a6d034f65f8f0e6fdcaeab1a34d4a6b4b636e070a38bce737", 168 "fa73b0089d56a284efb0f0756c890be9b1b5dbdd8ee81a3655f83e33b2279d39bf3e848279a722c806b485a47e67c807b946a337bee8942674278859e13292fb", 169 "b0ba465637458c6990e5a8c5f61d4af7e576d97ff94b872de76f8050361ee3dba91ca5c11aa25eb4d679275cc5788063a5f19741120c4f2de2adebeb10a298dd", 170 "80b24263c7c1a3ebb71493c1dd7be8b49b46d1f41b4aeec1121b013783f8f3526b56d037e05f2598bd0fd2215d6a1e5295e64f73f63f0aec8b915a985d786598", 171 "e37b6a775dc87dbaa4dfa9f96e5e3ffddebd71f8867289865df5a32d20cdc944b6022cac3c4982b10d5eeb55c3e4de15134676fb6de0446065c97440fa8c6a58"]; 172 173 174 testHMac!(SHA256)(keys, data, macsSHA256); 175 testHMac!(SHA512)(keys, data, macsSHA512); 176 } 177 178 version(unittest) { 179 180 // unittest helper functions 181 182 import dcrypt.util.encoders.hex; 183 import dcrypt.crypto.params.keyparameter; 184 import std.conv: text; 185 186 /// Tests Digest d with given input data and reference hashes. 187 /// 188 /// Params: 189 /// hexData = hex encoded data 190 /// hexHashes = expected hashes 191 /// 192 /// Throws: 193 /// AssertionError if generated hash != expected hash 194 @safe 195 public void testHMac(Digest)(string[] hexKeys, string[] hexData, string[] hexHashes) 196 if(isDigest!Digest) { 197 foreach (i; 0 .. hexData.length) 198 { 199 HMac!Digest mac; 200 201 ubyte[] key = hexDecode(hexKeys[i]); 202 ubyte[] data = hexDecode(hexData[i]); 203 ubyte[] expectedHash = hexDecode(hexHashes[i]); 204 205 mac.start(key); 206 207 mac.put(data); 208 209 // ubyte[] hash = mac.doFinal(); 210 ubyte[] hash = new ubyte[mac.macSize]; 211 mac.doFinal(hash); 212 213 assert(hash == expectedHash, text(mac.name," failed: ",hexEncode(hash), " != ", hexHashes[i])); 214 } 215 } 216 }