init: v1.0.0

2026-05-27 23:03:00 +08:00
commit 8d97f750eb
466 changed files with 80067 additions and 0 deletions
@@ -0,0 +1,123 @@
+package hmac
+
+/*
+hmac package are deprecated. Use crypto/hmac instead
+
+example:
+
+func ComputeMac(message, key[]byte) []byte{
+	mac := hmac.New(sm3.New, key)
+	mac.Write(message) // could write multiple messages
+	return mac.Sum(nil)
+}
+
+func ValidMAC(message, messageMAC, key []byte) bool {
+	mac := hmac.New(sha256.New, key)
+	mac.Write(message)
+	expectedMAC := mac.Sum(nil)
+	return hmac.Equal(messageMAC, expectedMAC) // must use hmac.Equal to compare with constant time.
+}
+*/
+import (
+	"crypto/hmac"
+	"errors"
+	"fmt"
+	"hash"
+
+	"xdx.jelly/xgcl/mac/subtle"
+	"xdx.jelly/xgcl/sm/sm3"
+)
+
+const (
+	// Minimum key size in bytes.
+	minKeySizeInBytes = uint32(16)
+
+	// Minimum tag size in bytes. This provides minimum 80-bit security strength.
+	minTagSizeInBytes = uint32(10)
+)
+
+var errHMACInvalidInput = errors.New("HMAC: invalid input")
+
+// HMAC implementation of interface gcl.mac.MAC
+type HMAC struct {
+	HashFunc func() hash.Hash
+	Key      []byte
+	TagSize  uint32
+}
+
+// NewHMAC creates a new instance of HMAC with the specified key and tag size.
+// key should be at least 16 bytes and no longer then hash's digest size.
+// tag size should be at least 10 bytes and no longer then hash's digest size.
+func NewHMAC(hashAlg string, key []byte, tagSize uint32) (*HMAC, error) {
+	keySize := uint32(len(key))
+	if err := ValidateHMACParams(hashAlg, keySize, tagSize); err != nil {
+		return nil, fmt.Errorf("hmac: %s", err)
+	}
+	hashFunc := subtle.GetHashFunc(hashAlg)
+	if hashFunc == nil {
+		return nil, fmt.Errorf("hmac: invalid hash algorithm")
+	}
+	return &HMAC{
+		HashFunc: hashFunc,
+		Key:      key,
+		TagSize:  tagSize,
+	}, nil
+}
+
+// ValidateHMACParams validates parameters of HMAC constructor.
+func ValidateHMACParams(hash string, keySize uint32, tagSize uint32) error {
+	// validate tag size
+	digestSize, err := subtle.GetHashDigestSize(hash)
+	if err != nil {
+		return err
+	}
+	if tagSize > digestSize {
+		return fmt.Errorf("tag size too big")
+	}
+	if tagSize < minTagSizeInBytes {
+		return fmt.Errorf("tag size too small")
+	}
+	// validate key size
+	if keySize < minKeySizeInBytes {
+		return fmt.Errorf("key too short")
+	}
+	return nil
+}
+
+// ComputeMAC computes message authentication code (MAC) for the given data.
+func (h *HMAC) ComputeMAC(data []byte) ([]byte, error) {
+	if data == nil {
+		return nil, errHMACInvalidInput
+	}
+	mac := hmac.New(h.HashFunc, h.Key)
+	if _, err := mac.Write(data); err != nil {
+		return nil, err
+	}
+	tag := mac.Sum(nil)
+	return tag[:h.TagSize], nil
+}
+
+// VerifyMAC verifies whether the given MAC is a correct message authentication
+// code (MAC) the given data.
+func (h *HMAC) VerifyMAC(mac []byte, data []byte) error {
+	if mac == nil || data == nil {
+		return errHMACInvalidInput
+	}
+	expectedMAC, err := h.ComputeMAC(data)
+	if err != nil {
+		return err
+	}
+	if hmac.Equal(expectedMAC, mac) {
+		return nil
+	}
+	return errors.New("HMAC: invalid MAC")
+}
+
+// HMacSM3 returns the HMacSM3 with tag size 32
+func HMacSM3(data []byte, key []byte) ([]byte, error) {
+	mac := hmac.New(sm3.New, key)
+	if _, err := mac.Write(data); err != nil {
+		return nil, err
+	}
+	return mac.Sum(nil), nil
+}
@@ -0,0 +1,117 @@
+package hmac_test
+
+import (
+	"encoding/hex"
+	"fmt"
+	"testing"
+
+	"xdx.jelly/xgcl/mac/hmac"
+)
+
+var key, _ = hex.DecodeString("000102030405060708090a0b0c0d0e0f")
+var data = []byte("Hello")
+var hmacTests = []struct {
+	hashAlg     string
+	tagSize     uint32
+	key         []byte
+	data        []byte
+	expectedMac string
+}{
+	{
+		hashAlg:     "SHA256",
+		tagSize:     32,
+		data:        data,
+		key:         key,
+		expectedMac: "e0ff02553d9a619661026c7aa1ddf59b7b44eac06a9908ff9e19961d481935d4",
+	},
+	{
+		hashAlg: "SHA512",
+		tagSize: 64,
+		data:    data,
+		key:     key,
+		expectedMac: "481e10d823ba64c15b94537a3de3f253c16642451ac45124dd4dde120bf1e5c15" +
+			"e55487d55ba72b43039f235226e7954cd5854b30abc4b5b53171a4177047c9b",
+	},
+	// empty data
+	{
+		hashAlg:     "SHA256",
+		tagSize:     32,
+		data:        []byte{},
+		key:         key,
+		expectedMac: "07eff8b326b7798c9ccfcbdbe579489ac785a7995a04618b1a2813c26744777d",
+	},
+	{
+		hashAlg:     "SM3",
+		tagSize:     32,
+		data:        data,
+		key:         key,
+		expectedMac: "06d19e9ee3a3db273490fb6cf15d001fc3a9dfa9288f4dd801c60f9c8176b8ab",
+	},
+}
+
+func TestHMACBasic(t *testing.T) {
+	for i, test := range hmacTests {
+		cipher, err := hmac.NewHMAC(test.hashAlg, test.key, test.tagSize)
+		if err != nil {
+			t.Errorf("cannot create new mac in test case %d: %s", i, err)
+		}
+		mac, err := cipher.ComputeMAC(test.data)
+		if err != nil {
+			t.Errorf("mac computation failed in test case %d: %s", i, err)
+		}
+		if hex.EncodeToString(mac) != test.expectedMac[:(test.tagSize*2)] {
+			t.Errorf("incorrect mac in test case %d: expect %s, got %s",
+				i, test.expectedMac[:(test.tagSize*2)], hex.EncodeToString(mac))
+		}
+		if err := cipher.VerifyMAC(mac, test.data); err != nil {
+			t.Errorf("mac verification failed in test case %d: %s", i, err)
+		}
+	}
+}
+
+// 密钥= EFC0D9722E2F539C52E1B40E2F20E73D
+// IV= C06B0C0A5295E37A6839EF67CBDA1A2C
+// 明文长度= 16
+// 明文= 7685B2CE7A74A215E3A4788D50CA6197
+// MAC值= BCA3412199BA34A85FAE161AC054B8A5715D4BE6FB302B1C445D056A82EBC140
+func TestHMAC(t *testing.T) {
+	var key, _ = hex.DecodeString("C62BB9801E85FF7C4CCAEC6152C2E0D4")
+	var data, _ = hex.DecodeString("476670281EC8B07402DD3664A3AE83028F251890F408AFE4CBC7FF9DA554EE813A9ECC953299E765ED2597D734226706E54785BCB3671DD908D40C4DCF70985B7B729974EFC71E49251DB5A3501F7A82")
+	cipher, err := hmac.NewHMAC("SM3", key, 32)
+	if err != nil {
+		t.Errorf("cannot create new mac in test case: %s", err)
+	}
+	mac, err := cipher.ComputeMAC(data)
+	if err != nil {
+		t.Errorf("mac computation failed in test case: %s", err)
+	}
+	fmt.Printf("mac: %02x\n", mac)
+	// if hex.EncodeToString(mac) != test.expectedMac[:(test.tagSize*2)] {
+	// 	t.Errorf("incorrect mac in test case %d: expect %s, got %s",
+	// 		i, test.expectedMac[:(test.tagSize*2)], hex.EncodeToString(mac))
+	// }
+	// if err := cipher.VerifyMAC(mac, test.data); err != nil {
+	// 	t.Errorf("mac verification failed in test case %d: %s", i, err)
+	// }
+}
+
+func TestHMAC2(t *testing.T) {
+	var key, _ = hex.DecodeString("12345678901234561234567890123456")
+	var data, _ = hex.DecodeString("123456789012345612345678901234560102")
+	cipher, err := hmac.NewHMAC("SM3", key, 32)
+	if err != nil {
+		t.Errorf("cannot create new mac in test case: %s", err)
+	}
+	mac, err := cipher.ComputeMAC(data)
+	if err != nil {
+		t.Errorf("mac computation failed in test case: %s", err)
+	}
+	fmt.Printf("mac: %02x\n", mac)
+	// if hex.EncodeToString(mac) != test.expectedMac[:(test.tagSize*2)] {
+	// 	t.Errorf("incorrect mac in test case %d: expect %s, got %s",
+	// 		i, test.expectedMac[:(test.tagSize*2)], hex.EncodeToString(mac))
+	// }
+	// if err := cipher.VerifyMAC(mac, test.data); err != nil {
+	// 	t.Errorf("mac verification failed in test case %d: %s", i, err)
+	// }
+}