Class: OpenSSL::HMAC
- Inherits:
-
Object
- Object
- OpenSSL::HMAC
- Defined in:
- ext/openssl/ossl_hmac.c,
ext/openssl/ossl_hmac.c
Overview
OpenSSL::HMAC allows computing Hash-based Message Authentication Code (HMAC). It is a type of message authentication code (MAC) involving a hash function in combination with a key. HMAC can be used to verify the integrity of a message as well as the authenticity.
OpenSSL::HMAC has a similar interface to OpenSSL::Digest.
HMAC-SHA256 using one-shot interface
key = "key"
data = "message-to-be-authenticated"
mac = OpenSSL::HMAC.hexdigest("SHA256", key, data)
#=> "cddb0db23f469c8bf072b21fd837149bd6ace9ab771cceef14c9e517cc93282e"
HMAC-SHA256 using incremental interface
data1 = File.read("file1")
data2 = File.read("file2")
key = "key"
digest = OpenSSL::Digest::SHA256.new
hmac = OpenSSL::HMAC.new(key, digest)
hmac << data1
hmac << data2
mac = hmac.digest
Class Method Summary collapse
-
.digest(digest, key, data) ⇒ aString
Returns the authentication code as a binary string.
-
.hexdigest(digest, key, data) ⇒ aString
Returns the authentication code as a hex-encoded string.
Instance Method Summary collapse
-
#digest ⇒ String
Returns the authentication code an instance represents as a binary string.
-
#hexdigest ⇒ String
(also: #inspect, #to_s)
Returns the authentication code an instance represents as a hex-encoded string.
-
#new(key, digest) ⇒ Object
constructor
Returns an instance of OpenSSL::HMAC set with the key and digest algorithm to be used.
-
#reset ⇒ self
Returns
self
as it was when it was first initialized, with all processed data cleared from it. -
#update(string) ⇒ self
(also: #<<)
Returns
self
updated with the message to be authenticated.
Constructor Details
#new(key, digest) ⇒ Object
Returns an instance of OpenSSL::HMAC set with the key and digest algorithm to be used. The instance represents the initial state of the message authentication code before any data has been processed. To process data with it, use the instance method #update with your data as an argument.
Example
key = ‘key’ digest = OpenSSL::Digest.new(‘sha1’) instance = OpenSSL::HMAC.new(key, digest) #=> f42bb0eeb018ebbd4597ae7213711ec60760843f instance.class #=> OpenSSL::HMAC
A note about comparisons
Two instances won’t be equal when they’re compared, even if they have the same value. Use #to_s or #hexdigest to return the authentication code that the instance represents. For example:
other_instance = OpenSSL::HMAC.new(‘key’, OpenSSL::Digest.new(‘sha1’)) #=> f42bb0eeb018ebbd4597ae7213711ec60760843f instance #=> f42bb0eeb018ebbd4597ae7213711ec60760843f instance == other_instance #=> false instance.to_s == other_instance.to_s #=> true
105 106 107 108 109 110 111 112 113 114 115 116 |
# File 'ext/openssl/ossl_hmac.c', line 105
static VALUE
ossl_hmac_initialize(VALUE self, VALUE key, VALUE digest)
{
HMAC_CTX *ctx;
StringValue(key);
GetHMAC(self, ctx);
HMAC_Init_ex(ctx, RSTRING_PTR(key), RSTRING_LENINT(key),
GetDigestPtr(digest), NULL);
return self;
}
|
Class Method Details
.digest(digest, key, data) ⇒ aString
Returns the authentication code as a binary string. The digest
parameter must be an instance of OpenSSL::Digest.
Example
key = ‘key’ data = ‘The quick brown fox jumps over the lazy dog’ digest = OpenSSL::Digest.new(‘sha1’)
hmac = OpenSSL::HMAC.digest(digest, key, data) #=> “xDE|x9Bx85xB8xB7x8AxA6xBCx8Az6xF7nx90px1Cx9DxB4xD9”
280 281 282 283 284 285 286 287 288 289 290 291 292 |
# File 'ext/openssl/ossl_hmac.c', line 280
static VALUE
ossl_hmac_s_digest(VALUE klass, VALUE digest, VALUE key, VALUE data)
{
unsigned char *buf;
unsigned int buf_len;
StringValue(key);
StringValue(data);
buf = HMAC(GetDigestPtr(digest), RSTRING_PTR(key), RSTRING_LENINT(key),
(unsigned char *)RSTRING_PTR(data), RSTRING_LEN(data), NULL, &buf_len);
return rb_str_new((const char *)buf, buf_len);
}
|
.hexdigest(digest, key, data) ⇒ aString
Returns the authentication code as a hex-encoded string. The digest
parameter must be an instance of OpenSSL::Digest.
Example
key = ‘key’ data = ‘The quick brown fox jumps over the lazy dog’ digest = OpenSSL::Digest.new(‘sha1’)
hmac = OpenSSL::HMAC.hexdigest(digest, key, data) #=> “de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9”
311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 |
# File 'ext/openssl/ossl_hmac.c', line 311
static VALUE
ossl_hmac_s_hexdigest(VALUE klass, VALUE digest, VALUE key, VALUE data)
{
unsigned char buf[EVP_MAX_MD_SIZE];
unsigned int buf_len;
VALUE ret;
StringValue(key);
StringValue(data);
if (!HMAC(GetDigestPtr(digest), RSTRING_PTR(key), RSTRING_LENINT(key),
(unsigned char *)RSTRING_PTR(data), RSTRING_LEN(data),
buf, &buf_len))
ossl_raise(eHMACError, "HMAC");
ret = rb_str_new(NULL, buf_len * 2);
ossl_bin2hex(buf, RSTRING_PTR(ret), buf_len);
return ret;
}
|
Instance Method Details
#digest ⇒ String
Returns the authentication code an instance represents as a binary string.
Example
instance = OpenSSL::HMAC.new(‘key’, OpenSSL::Digest.new(‘sha1’)) #=> f42bb0eeb018ebbd4597ae7213711ec60760843f instance.digest #=> “xF4+xB0xEExB0x18xEBxBDEx97xAErx13qx1ExC6a‘x84?”
194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 |
# File 'ext/openssl/ossl_hmac.c', line 194
static VALUE
ossl_hmac_digest(VALUE self)
{
HMAC_CTX *ctx;
unsigned int buf_len;
VALUE ret;
GetHMAC(self, ctx);
ret = rb_str_new(NULL, EVP_MAX_MD_SIZE);
hmac_final(ctx, (unsigned char *)RSTRING_PTR(ret), &buf_len);
assert(buf_len <= EVP_MAX_MD_SIZE);
rb_str_set_len(ret, buf_len);
return ret;
}
|
#hexdigest ⇒ String Also known as: inspect, to_s
Returns the authentication code an instance represents as a hex-encoded string.
217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 |
# File 'ext/openssl/ossl_hmac.c', line 217
static VALUE
ossl_hmac_hexdigest(VALUE self)
{
HMAC_CTX *ctx;
unsigned char buf[EVP_MAX_MD_SIZE];
unsigned int buf_len;
VALUE ret;
GetHMAC(self, ctx);
hmac_final(ctx, buf, &buf_len);
ret = rb_str_new(NULL, buf_len * 2);
ossl_bin2hex(buf, RSTRING_PTR(ret), buf_len);
return ret;
}
|
#reset ⇒ self
Returns self
as it was when it was first initialized, with all processed data cleared from it.
Example
data = “The quick brown fox jumps over the lazy dog” instance = OpenSSL::HMAC.new(‘key’, OpenSSL::Digest.new(‘sha1’)) #=> f42bb0eeb018ebbd4597ae7213711ec60760843f
instance.update(data) #=> de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9 instance.reset #=> f42bb0eeb018ebbd4597ae7213711ec60760843f
252 253 254 255 256 257 258 259 260 261 |
# File 'ext/openssl/ossl_hmac.c', line 252
static VALUE
ossl_hmac_reset(VALUE self)
{
HMAC_CTX *ctx;
GetHMAC(self, ctx);
HMAC_Init_ex(ctx, NULL, 0, NULL, NULL);
return self;
}
|
#update(string) ⇒ self Also known as: <<
Returns self
updated with the message to be authenticated. Can be called repeatedly with chunks of the message.
Example
first_chunk = ‘The quick brown fox jumps ’ second_chunk = ‘over the lazy dog’
instance.update(first_chunk) #=> 5b9a8038a65d571076d97fe783989e52278a492a instance.update(second_chunk) #=> de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9
152 153 154 155 156 157 158 159 160 161 162 |
# File 'ext/openssl/ossl_hmac.c', line 152
static VALUE
ossl_hmac_update(VALUE self, VALUE data)
{
HMAC_CTX *ctx;
StringValue(data);
GetHMAC(self, ctx);
HMAC_Update(ctx, (unsigned char *)RSTRING_PTR(data), RSTRING_LEN(data));
return self;
}
|