dcrypt.crypto.macs.hmac source code

1 module dcrypt.crypto.macs.hmac;
2 
3 public import dcrypt.crypto.macs.mac;
4 import dcrypt.crypto.digest;
5 
6 // TODO optimize reset()
7 // TODO wipe sensitive data in destructor
8 
9 static {
10 	import dcrypt.crypto.digests.sha2: SHA256;
11 
12 	static assert(isMAC!(HMac!SHA256), "HMac is not a valid MAC");
13 }
14 
15 //static {
16 //	import std.digest.sha;
17 //	
18 //	static assert(isMAC!(HMac!(std.digest.sha.SHA256)), "HMac is not a valid MAC");
19 //}
20 
21 @safe
22 public struct HMac(D, uint blockSize = D.blockSize) if(isDigest!D) {
23 
24 	
25 public:
26 
27 	public enum name = "HMAC-"~D.name;
28 	public enum macSize = digestLength!D;
29 
30 	/**
31 	 * Params: keyParam = the HMac key
32 	 */
33 	@safe @nogc
34 	void start(in ubyte[] macKey = null)
35 	in {
36 		if(!initialized) {
37 			assert(macKey !is null, "No mac key!");
38 		}
39 	}
40 	body {
41 		if(macKey !is null) {
42 			iKey[] = ipadByte;
43 			oKey[] = opadByte;
44 			// replace key by hash(key) if key length > block length of hash function
45 			if(macKey.length > blockSize) {
46 				ubyte[blockSize] key;
47 				digest.start();
48 				digest.put(macKey);
49 				key[0..digestLength!D] = digest.finish();
50 				iKey[] ^= key[];
51 				oKey[] ^= key[];
52 			} else {
53 				iKey[0..macKey.length] ^= macKey[];
54 				oKey[0..macKey.length] ^= macKey[];
55 			}
56 		}
57 
58 		if(initialized) {
59 			digest.start();
60 		}
61 
62 		digest.put(iKey);
63 		
64 		initialized = true;
65 	}
66 
67 	
68 	/**
69 	 * update the MAC with a block of bytes.
70 	 *
71 	 * Params:
72 	 * input = the ubyte slice containing the data.
73 	 */
74 	@safe
75 	void put(in ubyte[] input...) nothrow @nogc
76 	in {
77 		assert(initialized, "HMac not initialized! Call init() first");
78 	}
79 	body{
80 		digest.put(input);
81 	}
82 
83 	/**
84 	 * close the MAC, producing the final MAC value. The doFinal
85 	 * call leaves the MAC reset(). */
86 	@safe
87 	ubyte[] finish(ubyte[] output) nothrow @nogc {
88 		iHash = digest.finish();
89 		digest.put(oKey);
90 
91 		digest.put(iHash);
92 
93 		output[0..macSize] = digest.finish();
94 		
95 		digest.put(iKey);
96 		
97 		return output[0..macSize];
98 	}
99 
100 	@safe @nogc nothrow
101 	ubyte[macSize] finish() {
102 		ubyte[macSize] buf;
103 		finish(buf);
104 		return buf;
105 	}
106 	
107 	/**
108 	 * reset the digest back to it's initial state.
109 	 */
110 	@safe
111 	public void reset() nothrow @nogc
112 	in{
113 		assert(initialized, "HMac not initialized!");
114 	}
115 	body {
116 		start();
117 	}
118 	
119 private:
120 	D digest;
121 	private ubyte[D.digestLength] iHash;
122 	//	Digest iPaddedDigest, oPaddedDigest;
123 	ubyte[blockSize] iKey, oKey;
124 	bool initialized = false;
125 
126 	
127 	enum ubyte opadByte = 0x5c;
128 	enum ubyte ipadByte = 0x36;
129 
130 }
131 
132 
133 /// test vectors from http://tools.ietf.org/html/rfc4231
134 ///
135 /// test case: 1 2 3 4 6 7 (without 5)
136 unittest {
137 	import dcrypt.crypto.digests.sha2;
138 	import dcrypt.crypto.digests.sha2;
139 	import dcrypt.encoders.hex;
140 	import std.stdio;
141 	
142 	// test vectors from http://tools.ietf.org/html/rfc4231
143 	
144 	// test case: 1 2 3 4 6 7 (without 5)
145 	
146 	string[] keys = ["0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b",
147 		"4a656665",
148 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
149 		"0102030405060708090a0b0c0d0e0f10111213141516171819",
150 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
151 		"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",];
152 	
153 	string[] data = ["4869205468657265",
154 		"7768617420646f2079612077616e7420666f72206e6f7468696e673f",
155 		"dddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddddd",
156 		"cdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcdcd",
157 		"54657374205573696e67204c6172676572205468616e20426c6f636b2d53697a65204b6579202d2048617368204b6579204669727374",
158 		"5468697320697320612074657374207573696e672061206c6172676572207468616e20626c6f636b2d73697a65206b657920616e642061206c6172676572207468616e20626c6f636b2d73697a6520646174612e20546865206b6579206e6565647320746f20626520686173686564206265666f7265206265696e6720757365642062792074686520484d414320616c676f726974686d2e",
159 	];
160 	
161 	string[] macsSHA256 = [
162 		"b0344c61d8db38535ca8afceaf0bf12b881dc200c9833da726e9376c2e32cff7",
163 		"5bdcc146bf60754e6a042426089575c75a003f089d2739839dec58b964ec3843",
164 		"773ea91e36800e46854db8ebd09181a72959098b3ef8c122d9635514ced565fe",
165 		"82558a389a443c0ea4cc819899f2083a85f0faa3e578f8077a2e3ff46729665b",
166 		"60e431591ee0b67f0d8a26aacbf5b77f8e0bc6213728c5140546040f0ee37f54",
167 		"9b09ffa71b942fcb27635fbcd5b0e944bfdc63644f0713938a7f51535c3a35e2"];
168 	
169 	string[] macsSHA512 = [
170 		"87aa7cdea5ef619d4ff0b4241a1d6cb02379f4e2ce4ec2787ad0b30545e17cdedaa833b7d6b8a702038b274eaea3f4e4be9d914eeb61f1702e696c203a126854",
171 		"164b7a7bfcf819e2e395fbe73b56e0a387bd64222e831fd610270cd7ea2505549758bf75c05a994a6d034f65f8f0e6fdcaeab1a34d4a6b4b636e070a38bce737",
172 		"fa73b0089d56a284efb0f0756c890be9b1b5dbdd8ee81a3655f83e33b2279d39bf3e848279a722c806b485a47e67c807b946a337bee8942674278859e13292fb",
173 		"b0ba465637458c6990e5a8c5f61d4af7e576d97ff94b872de76f8050361ee3dba91ca5c11aa25eb4d679275cc5788063a5f19741120c4f2de2adebeb10a298dd",
174 		"80b24263c7c1a3ebb71493c1dd7be8b49b46d1f41b4aeec1121b013783f8f3526b56d037e05f2598bd0fd2215d6a1e5295e64f73f63f0aec8b915a985d786598",
175 		"e37b6a775dc87dbaa4dfa9f96e5e3ffddebd71f8867289865df5a32d20cdc944b6022cac3c4982b10d5eeb55c3e4de15134676fb6de0446065c97440fa8c6a58"];
176 	
177 	
178 	testHMac!(SHA256)(keys, data, macsSHA256);
179 	testHMac!(SHA512)(keys, data, macsSHA512);
180 }
181 
182 version(unittest) {
183 
184 	// unittest helper functions
185 
186 	import dcrypt.encoders.hex;
187 	import std.conv: text;
188 	
189 	/// Tests Digest d with given input data and reference hashes.
190 	///
191 	/// Params:
192 	/// hexData	= hex encoded data
193 	/// hexHashes	= expected hashes
194 	///
195 	/// Throws:
196 	/// AssertionError	if generated hash != expected hash
197 	@safe
198 	public void testHMac(Digest)(string[] hexKeys, string[] hexData, string[] hexHashes) 
199 	if(isStdDigest!Digest) {
200 		foreach (i; 0 .. hexData.length)
201 		{
202 			HMac!Digest mac;
203 			
204 			ubyte[] key = hexDecode(hexKeys[i]);
205 			ubyte[] data = hexDecode(hexData[i]);
206 			ubyte[] expectedHash = hexDecode(hexHashes[i]);
207 
208 			mac.start(key);
209 			
210 			mac.put(data);
211 			
212 			//            ubyte[] hash = mac.doFinal();
213 			ubyte[] hash = new ubyte[mac.macSize];
214 			mac.finish(hash);
215 			
216 			assert(hash == expectedHash, text(mac.name," failed: ",hexEncode(hash), " != ", hexHashes[i]));
217 		}
218 	}
219 }