init: v1.0.0
This commit is contained in:
yaole
@@ -0,0 +1,123 @@
|
||||
package hmac
|
||||
|
||||
/*
|
||||
hmac package are deprecated. Use crypto/hmac instead
|
||||
|
||||
example:
|
||||
|
||||
func ComputeMac(message, key[]byte) []byte{
|
||||
mac := hmac.New(sm3.New, key)
|
||||
mac.Write(message) // could write multiple messages
|
||||
return mac.Sum(nil)
|
||||
}
|
||||
|
||||
func ValidMAC(message, messageMAC, key []byte) bool {
|
||||
mac := hmac.New(sha256.New, key)
|
||||
mac.Write(message)
|
||||
expectedMAC := mac.Sum(nil)
|
||||
return hmac.Equal(messageMAC, expectedMAC) // must use hmac.Equal to compare with constant time.
|
||||
}
|
||||
*/
|
||||
import (
|
||||
"crypto/hmac"
|
||||
"errors"
|
||||
"fmt"
|
||||
"hash"
|
||||
|
||||
"xdx.jelly/xgcl/mac/subtle"
|
||||
"xdx.jelly/xgcl/sm/sm3"
|
||||
)
|
||||
|
||||
const (
|
||||
// Minimum key size in bytes.
|
||||
minKeySizeInBytes = uint32(16)
|
||||
|
||||
// Minimum tag size in bytes. This provides minimum 80-bit security strength.
|
||||
minTagSizeInBytes = uint32(10)
|
||||
)
|
||||
|
||||
var errHMACInvalidInput = errors.New("HMAC: invalid input")
|
||||
|
||||
// HMAC implementation of interface gcl.mac.MAC
|
||||
type HMAC struct {
|
||||
HashFunc func() hash.Hash
|
||||
Key []byte
|
||||
TagSize uint32
|
||||
}
|
||||
|
||||
// NewHMAC creates a new instance of HMAC with the specified key and tag size.
|
||||
// key should be at least 16 bytes and no longer then hash's digest size.
|
||||
// tag size should be at least 10 bytes and no longer then hash's digest size.
|
||||
func NewHMAC(hashAlg string, key []byte, tagSize uint32) (*HMAC, error) {
|
||||
keySize := uint32(len(key))
|
||||
if err := ValidateHMACParams(hashAlg, keySize, tagSize); err != nil {
|
||||
return nil, fmt.Errorf("hmac: %s", err)
|
||||
}
|
||||
hashFunc := subtle.GetHashFunc(hashAlg)
|
||||
if hashFunc == nil {
|
||||
return nil, fmt.Errorf("hmac: invalid hash algorithm")
|
||||
}
|
||||
return &HMAC{
|
||||
HashFunc: hashFunc,
|
||||
Key: key,
|
||||
TagSize: tagSize,
|
||||
}, nil
|
||||
}
|
||||
|
||||
// ValidateHMACParams validates parameters of HMAC constructor.
|
||||
func ValidateHMACParams(hash string, keySize uint32, tagSize uint32) error {
|
||||
// validate tag size
|
||||
digestSize, err := subtle.GetHashDigestSize(hash)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if tagSize > digestSize {
|
||||
return fmt.Errorf("tag size too big")
|
||||
}
|
||||
if tagSize < minTagSizeInBytes {
|
||||
return fmt.Errorf("tag size too small")
|
||||
}
|
||||
// validate key size
|
||||
if keySize < minKeySizeInBytes {
|
||||
return fmt.Errorf("key too short")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// ComputeMAC computes message authentication code (MAC) for the given data.
|
||||
func (h *HMAC) ComputeMAC(data []byte) ([]byte, error) {
|
||||
if data == nil {
|
||||
return nil, errHMACInvalidInput
|
||||
}
|
||||
mac := hmac.New(h.HashFunc, h.Key)
|
||||
if _, err := mac.Write(data); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
tag := mac.Sum(nil)
|
||||
return tag[:h.TagSize], nil
|
||||
}
|
||||
|
||||
// VerifyMAC verifies whether the given MAC is a correct message authentication
|
||||
// code (MAC) the given data.
|
||||
func (h *HMAC) VerifyMAC(mac []byte, data []byte) error {
|
||||
if mac == nil || data == nil {
|
||||
return errHMACInvalidInput
|
||||
}
|
||||
expectedMAC, err := h.ComputeMAC(data)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
if hmac.Equal(expectedMAC, mac) {
|
||||
return nil
|
||||
}
|
||||
return errors.New("HMAC: invalid MAC")
|
||||
}
|
||||
|
||||
// HMacSM3 returns the HMacSM3 with tag size 32
|
||||
func HMacSM3(data []byte, key []byte) ([]byte, error) {
|
||||
mac := hmac.New(sm3.New, key)
|
||||
if _, err := mac.Write(data); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return mac.Sum(nil), nil
|
||||
}
|
||||
Reference in New Issue
Block a user