OLD | NEW |
1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file | 1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file |
2 // for details. All rights reserved. Use of this source code is governed by a | 2 // for details. All rights reserved. Use of this source code is governed by a |
3 // BSD-style license that can be found in the LICENSE file. | 3 // BSD-style license that can be found in the LICENSE file. |
4 | 4 |
5 library crypto.hmac; | 5 library crypto.hmac; |
6 | 6 |
7 import 'hash.dart'; | 7 import 'hash.dart'; |
8 | 8 |
9 /** | 9 /// An implementation of [keyed-hash method authentication codes][rfc]. |
10 * Hash-based Message Authentication Code support. | 10 /// |
11 * | 11 /// [rfc]: https://tools.ietf.org/html/rfc2104 |
12 * The [add] method is used to add data to the message. The [digest] and | 12 /// |
13 * [close] methods are used to extract the message authentication code. | 13 /// HMAC allows messages to be cryptographically authenticated using any |
14 */ | 14 /// iterated cryptographic hash function. |
15 // TODO(floitsch): make Hash implement Sink, EventSink or similar. | 15 /// |
| 16 /// The message's data is added using [add]. Once it's been fully added, the |
| 17 /// [digest] and [close] methods can be used to extract the message |
| 18 /// authentication digest. |
| 19 /// |
| 20 /// If an expected authentication digest is available, the [verify] method may |
| 21 /// also be used to ensure that the message actually corresponds to that digest. |
| 22 // TODO(floitsch): make HMAC implement Sink, EventSink or similar. |
16 class HMAC { | 23 class HMAC { |
| 24 /// The bytes from the message so far. |
17 final List<int> _message; | 25 final List<int> _message; |
| 26 |
| 27 /// The hash function used to compute the authentication digest. |
18 Hash _hash; | 28 Hash _hash; |
| 29 |
| 30 /// The secret key shared by the sender and the receiver. |
19 List<int> _key; | 31 List<int> _key; |
| 32 |
| 33 /// Whether this is closed. |
20 bool _isClosed = false; | 34 bool _isClosed = false; |
21 | 35 |
22 /** | 36 /// Create an [HMAC] object from a [Hash] and a binary key. |
23 * Create an [HMAC] object from a [Hash] and a key. | 37 /// |
24 */ | 38 /// The key should be a secret shared between the sender and receiver of the |
| 39 /// message. |
25 HMAC(Hash this._hash, List<int> this._key) : _message = []; | 40 HMAC(Hash this._hash, List<int> this._key) : _message = []; |
26 | 41 |
27 /** | 42 /// Adds a list of bytes to the message. |
28 * Add a list of bytes to the message. | 43 /// |
29 */ | 44 /// If [this] has already been closed, throws a [StateError]. |
30 void add(List<int> data) { | 45 void add(List<int> data) { |
31 if (_isClosed) throw new StateError("HMAC is closed"); | 46 if (_isClosed) throw new StateError("HMAC is closed"); |
32 _message.addAll(data); | 47 _message.addAll(data); |
33 } | 48 } |
34 | 49 |
35 /** | 50 /// Returns the digest of the message so far, as a list of bytes. |
36 * Extract the message digest as a list of bytes without closing [this]. | |
37 */ | |
38 List<int> get digest { | 51 List<int> get digest { |
39 var blockSize = _hash.blockSize; | 52 var blockSize = _hash.blockSize; |
40 | 53 |
41 // Hash the key if it is longer than the block size of the hash. | 54 // Hash the key if it is longer than the block size of the hash. |
42 if (_key.length > blockSize) { | 55 if (_key.length > blockSize) { |
43 _hash = _hash.newInstance(); | 56 _hash = _hash.newInstance(); |
44 _hash.add(_key); | 57 _hash.add(_key); |
45 _key = _hash.close(); | 58 _key = _hash.close(); |
46 } | 59 } |
47 | 60 |
(...skipping 24 matching lines...) Expand all Loading... |
72 padding[i] = 0x5c ^ _key[i]; | 85 padding[i] = 0x5c ^ _key[i]; |
73 } | 86 } |
74 | 87 |
75 // Outer hash computation which is the result. | 88 // Outer hash computation which is the result. |
76 _hash = _hash.newInstance(); | 89 _hash = _hash.newInstance(); |
77 _hash.add(padding); | 90 _hash.add(padding); |
78 _hash.add(innerHash); | 91 _hash.add(innerHash); |
79 return _hash.close(); | 92 return _hash.close(); |
80 } | 93 } |
81 | 94 |
82 /** | 95 /// Closes [this] and returns the digest of the message as a list of bytes. |
83 * Perform the actual computation and extract the message digest | 96 /// |
84 * as a list of bytes. | 97 /// Once closed, [add] may no longer be called. |
85 */ | |
86 List<int> close() { | 98 List<int> close() { |
87 _isClosed = true; | 99 _isClosed = true; |
88 return digest; | 100 return digest; |
89 } | 101 } |
90 | 102 |
91 /** | 103 /// Returns whether the digest computed for the data so far matches the given |
92 * Verify that the HMAC computed for the data so far matches the | 104 /// [digest]. |
93 * given message digest. | 105 /// |
94 * | 106 /// This method should be used instead of iterative comparisons to avoid |
95 * This method should be used instead of memcmp-style comparisons | 107 /// leaking information via timing. |
96 * to avoid leaking information via timing. | 108 /// |
97 * | 109 /// Throws an [ArgumentError] if the given digest does not have the same size |
98 * Throws an exception if the given digest does not have the same | 110 /// as the digest computed by [this]. |
99 * size as the digest computed by this HMAC instance. | |
100 */ | |
101 bool verify(List<int> digest) { | 111 bool verify(List<int> digest) { |
102 var computedDigest = this.digest; | 112 var computedDigest = this.digest; |
103 if (digest.length != computedDigest.length) { | 113 if (digest.length != computedDigest.length) { |
104 throw new ArgumentError( | 114 throw new ArgumentError( |
105 'Invalid digest size: ${digest.length} in HMAC.verify. ' | 115 'Invalid digest size: ${digest.length} in HMAC.verify. ' |
106 'Expected: ${_hash.blockSize}.'); | 116 'Expected: ${_hash.blockSize}.'); |
107 } | 117 } |
108 int result = 0; | 118 int result = 0; |
109 for (var i = 0; i < digest.length; i++) { | 119 for (var i = 0; i < digest.length; i++) { |
110 result |= digest[i] ^ computedDigest[i]; | 120 result |= digest[i] ^ computedDigest[i]; |
111 } | 121 } |
112 return result == 0; | 122 return result == 0; |
113 } | 123 } |
114 } | 124 } |
OLD | NEW |