Class: OpenSSL::HMAC
- Inherits:
-
Object
- Object
- OpenSSL::HMAC
- Defined in:
- ext/openssl/ossl_hmac.c,
lib/openssl/hmac.rb,
ext/openssl/ossl_hmac.c
Overview
OpenSSL::HMAC allows computing Hash-based Message Authentication Code (HMAC). It is a type of message authentication code (MAC) involving a hash function in combination with a key. HMAC can be used to verify the integrity of a message as well as the authenticity.
OpenSSL::HMAC has a similar interface to OpenSSL::Digest.
HMAC-SHA256 using one-shot interface
key = "key"
data = "message-to-be-authenticated"
mac = OpenSSL::HMAC.hexdigest("SHA256", key, data)
#=> "cddb0db23f469c8bf072b21fd837149bd6ace9ab771cceef14c9e517cc93282e"
HMAC-SHA256 using incremental interface
data1 = File.binread("file1")
data2 = File.binread("file2")
key = "key"
hmac = OpenSSL::HMAC.new(key, 'SHA256')
hmac << data1
hmac << data2
mac = hmac.digest
Class Method Summary collapse
-
.base64digest(digest, key, data) ⇒ Object
:call-seq: HMAC.base64digest(digest, key, data) -> aString.
-
.digest(digest, key, data) ⇒ Object
:call-seq: HMAC.digest(digest, key, data) -> aString.
-
.hexdigest(digest, key, data) ⇒ Object
:call-seq: HMAC.hexdigest(digest, key, data) -> aString.
Instance Method Summary collapse
-
#==(other) ⇒ Object
Securely compare with another HMAC instance in constant time.
-
#base64digest ⇒ Object
:call-seq: hmac.base64digest -> string.
-
#digest ⇒ String
Returns the authentication code an instance represents as a binary string.
-
#hexdigest ⇒ String
(also: #inspect, #to_s)
Returns the authentication code an instance represents as a hex-encoded string.
-
#new(key, digest) ⇒ Object
constructor
Returns an instance of OpenSSL::HMAC set with the key and digest algorithm to be used.
- #initialize_copy(other) ⇒ Object
-
#reset ⇒ self
Returns hmac as it was when it was first initialized, with all processed data cleared from it.
-
#update(string) ⇒ self
(also: #<<)
Returns hmac updated with the message to be authenticated.
Constructor Details
#new(key, digest) ⇒ Object
Returns an instance of OpenSSL::HMAC set with the key and digest algorithm to be used. The instance represents the initial state of the message authentication code before any data has been processed. To process data with it, use the instance method #update with your data as an argument.
Example
key = ‘key’ instance = OpenSSL::HMAC.new(key, ‘SHA1’) #=> f42bb0eeb018ebbd4597ae7213711ec60760843f instance.class #=> OpenSSL::HMAC
A note about comparisons
Two instances can be securely compared with #== in constant time:
other_instance = OpenSSL::HMAC.new(‘key’, ‘SHA1’) #=> f42bb0eeb018ebbd4597ae7213711ec60760843f instance == other_instance #=> true
92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 |
# File 'ext/openssl/ossl_hmac.c', line 92
static VALUE
ossl_hmac_initialize(VALUE self, VALUE key, VALUE digest)
{
EVP_MD_CTX *ctx;
EVP_PKEY *pkey;
GetHMAC(self, ctx);
StringValue(key);
pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
(unsigned char *)RSTRING_PTR(key),
RSTRING_LENINT(key));
if (!pkey)
ossl_raise(eHMACError, "EVP_PKEY_new_mac_key");
if (EVP_DigestSignInit(ctx, NULL, ossl_evp_get_digestbyname(digest),
NULL, pkey) != 1) {
EVP_PKEY_free(pkey);
ossl_raise(eHMACError, "EVP_DigestSignInit");
}
/* Decrement reference counter; EVP_MD_CTX still keeps it */
EVP_PKEY_free(pkey);
return self;
}
|
Class Method Details
.base64digest(digest, key, data) ⇒ Object
:call-seq:
HMAC.base64digest(digest, key, data) -> aString
Returns the authentication code as a Base64-encoded string. The digest parameter specifies the digest algorithm to use. This may be a String representing the algorithm name or an instance of OpenSSL::Digest.
Example
key = 'key'
data = 'The quick brown fox jumps over the lazy dog'
hmac = OpenSSL::HMAC.base64digest('SHA1', key, data)
#=> "3nybhbi3iqa8ino29wqQcBydtNk="
73 74 75 |
# File 'lib/openssl/hmac.rb', line 73 def base64digest(digest, key, data) [digest(digest, key, data)].pack("m0") end |
.digest(digest, key, data) ⇒ Object
:call-seq:
HMAC.digest(digest, key, data) -> aString
Returns the authentication code as a binary string. The digest parameter specifies the digest algorithm to use. This may be a String representing the algorithm name or an instance of OpenSSL::Digest.
Example
key = 'key'
data = 'The quick brown fox jumps over the lazy dog'
hmac = OpenSSL::HMAC.digest('SHA1', key, data)
#=> "\xDE|\x9B\x85\xB8\xB7\x8A\xA6\xBC\x8Az6\xF7\n\x90p\x1C\x9D\xB4\xD9"
35 36 37 38 39 |
# File 'lib/openssl/hmac.rb', line 35 def digest(digest, key, data) hmac = new(key, digest) hmac << data hmac.digest end |
.hexdigest(digest, key, data) ⇒ Object
:call-seq:
HMAC.hexdigest(digest, key, data) -> aString
Returns the authentication code as a hex-encoded string. The digest parameter specifies the digest algorithm to use. This may be a String representing the algorithm name or an instance of OpenSSL::Digest.
Example
key = 'key'
data = 'The quick brown fox jumps over the lazy dog'
hmac = OpenSSL::HMAC.hexdigest('SHA1', key, data)
#=> "de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9"
54 55 56 57 58 |
# File 'lib/openssl/hmac.rb', line 54 def hexdigest(digest, key, data) hmac = new(key, digest) hmac << data hmac.hexdigest end |
Instance Method Details
#==(other) ⇒ Object
Securely compare with another HMAC instance in constant time.
6 7 8 9 10 11 |
# File 'lib/openssl/hmac.rb', line 6 def ==(other) return false unless HMAC === other return false unless self.digest.bytesize == other.digest.bytesize OpenSSL.fixed_length_secure_compare(self.digest, other.digest) end |
#base64digest ⇒ Object
:call-seq:
hmac.base64digest -> string
Returns the authentication code an a Base64-encoded string.
17 18 19 |
# File 'lib/openssl/hmac.rb', line 17 def base64digest [digest].pack("m0") end |
#digest ⇒ String
Returns the authentication code an instance represents as a binary string.
Example
instance = OpenSSL::HMAC.new(‘key’, ‘SHA1’) #=> f42bb0eeb018ebbd4597ae7213711ec60760843f instance.digest #=> “xF4+xB0xEExB0x18xEBxBDEx97xAErx13qx1ExC6a‘x84?”
174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 |
# File 'ext/openssl/ossl_hmac.c', line 174
static VALUE
ossl_hmac_digest(VALUE self)
{
EVP_MD_CTX *ctx;
size_t buf_len = EVP_MAX_MD_SIZE;
VALUE ret;
GetHMAC(self, ctx);
ret = rb_str_new(NULL, EVP_MAX_MD_SIZE);
if (EVP_DigestSignFinal(ctx, (unsigned char *)RSTRING_PTR(ret),
&buf_len) != 1)
ossl_raise(eHMACError, "EVP_DigestSignFinal");
rb_str_set_len(ret, (long)buf_len);
return ret;
}
|
#hexdigest ⇒ String Also known as: inspect, to_s
Returns the authentication code an instance represents as a hex-encoded string.
198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 |
# File 'ext/openssl/ossl_hmac.c', line 198
static VALUE
ossl_hmac_hexdigest(VALUE self)
{
EVP_MD_CTX *ctx;
unsigned char buf[EVP_MAX_MD_SIZE];
size_t buf_len = EVP_MAX_MD_SIZE;
VALUE ret;
GetHMAC(self, ctx);
if (EVP_DigestSignFinal(ctx, buf, &buf_len) != 1)
ossl_raise(eHMACError, "EVP_DigestSignFinal");
ret = rb_str_new(NULL, buf_len * 2);
ossl_bin2hex(buf, RSTRING_PTR(ret), buf_len);
return ret;
}
|
#initialize_copy(other) ⇒ Object
116 117 118 119 120 121 122 123 124 125 126 127 128 129 |
# File 'ext/openssl/ossl_hmac.c', line 116
static VALUE
ossl_hmac_copy(VALUE self, VALUE other)
{
EVP_MD_CTX *ctx1, *ctx2;
rb_check_frozen(self);
if (self == other) return self;
GetHMAC(self, ctx1);
GetHMAC(other, ctx2);
if (EVP_MD_CTX_copy(ctx1, ctx2) != 1)
ossl_raise(eHMACError, "EVP_MD_CTX_copy");
return self;
}
|
#reset ⇒ self
Returns hmac as it was when it was first initialized, with all processed data cleared from it.
Example
data = “The quick brown fox jumps over the lazy dog” instance = OpenSSL::HMAC.new(‘key’, ‘SHA1’) #=> f42bb0eeb018ebbd4597ae7213711ec60760843f
instance.update(data) #=> de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9 instance.reset #=> f42bb0eeb018ebbd4597ae7213711ec60760843f
234 235 236 237 238 239 240 241 242 243 244 245 246 |
# File 'ext/openssl/ossl_hmac.c', line 234
static VALUE
ossl_hmac_reset(VALUE self)
{
EVP_MD_CTX *ctx;
EVP_PKEY *pkey;
GetHMAC(self, ctx);
pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_get_pkey_ctx(ctx));
if (EVP_DigestSignInit(ctx, NULL, EVP_MD_CTX_get0_md(ctx), NULL, pkey) != 1)
ossl_raise(eHMACError, "EVP_DigestSignInit");
return self;
}
|
#update(string) ⇒ self Also known as: <<
Returns hmac updated with the message to be authenticated. Can be called repeatedly with chunks of the message.
Example
first_chunk = ‘The quick brown fox jumps ’ second_chunk = ‘over the lazy dog’
instance.update(first_chunk) #=> 5b9a8038a65d571076d97fe783989e52278a492a instance.update(second_chunk) #=> de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9
149 150 151 152 153 154 155 156 157 158 159 160 |
# File 'ext/openssl/ossl_hmac.c', line 149
static VALUE
ossl_hmac_update(VALUE self, VALUE data)
{
EVP_MD_CTX *ctx;
StringValue(data);
GetHMAC(self, ctx);
if (EVP_DigestSignUpdate(ctx, RSTRING_PTR(data), RSTRING_LEN(data)) != 1)
ossl_raise(eHMACError, "EVP_DigestSignUpdate");
return self;
}
|