diff options
Diffstat (limited to 'vendor/github.com/pion/stun/internal/hmac/hmac.go')
-rw-r--r-- | vendor/github.com/pion/stun/internal/hmac/hmac.go | 101 |
1 files changed, 101 insertions, 0 deletions
diff --git a/vendor/github.com/pion/stun/internal/hmac/hmac.go b/vendor/github.com/pion/stun/internal/hmac/hmac.go new file mode 100644 index 0000000..801ece6 --- /dev/null +++ b/vendor/github.com/pion/stun/internal/hmac/hmac.go @@ -0,0 +1,101 @@ +// Copyright 2009 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +/* +Package hmac implements the Keyed-Hash Message Authentication Code (HMAC) as +defined in U.S. Federal Information Processing Standards Publication 198. +An HMAC is a cryptographic hash that uses a key to sign a message. +The receiver verifies the hash by recomputing it using the same key. + +Receivers should be careful to use Equal to compare MACs in order to avoid +timing side-channels: + + // ValidMAC reports whether messageMAC is a valid HMAC tag for message. + func ValidMAC(message, messageMAC, key []byte) bool { + mac := hmac.New(sha256.New, key) + mac.Write(message) + expectedMAC := mac.Sum(nil) + return hmac.Equal(messageMAC, expectedMAC) + } +*/ +package hmac + +import ( + "crypto/subtle" + "hash" +) + +// FIPS 198-1: +// https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf + +// key is zero padded to the block size of the hash function +// ipad = 0x36 byte repeated for key length +// opad = 0x5c byte repeated for key length +// hmac = H([key ^ opad] H([key ^ ipad] text)) + +type hmac struct { + size int + blocksize int + opad, ipad []byte + outer, inner hash.Hash +} + +func (h *hmac) Sum(in []byte) []byte { + origLen := len(in) + in = h.inner.Sum(in) + h.outer.Reset() + h.outer.Write(h.opad) + h.outer.Write(in[origLen:]) + return h.outer.Sum(in[:origLen]) +} + +func (h *hmac) Write(p []byte) (n int, err error) { + return h.inner.Write(p) +} + +func (h *hmac) Size() int { return h.size } + +func (h *hmac) BlockSize() int { return h.blocksize } + +func (h *hmac) Reset() { + h.inner.Reset() + h.inner.Write(h.ipad) +} + +// New returns a new HMAC hash using the given hash.Hash type and key. +// Note that unlike other hash implementations in the standard library, +// the returned Hash does not implement encoding.BinaryMarshaler +// or encoding.BinaryUnmarshaler. +func New(h func() hash.Hash, key []byte) hash.Hash { + hm := new(hmac) + hm.outer = h() + hm.inner = h() + hm.size = hm.inner.Size() + hm.blocksize = hm.inner.BlockSize() + hm.ipad = make([]byte, hm.blocksize) + hm.opad = make([]byte, hm.blocksize) + if len(key) > hm.blocksize { + // If key is too big, hash it. + hm.outer.Write(key) + key = hm.outer.Sum(nil) + } + copy(hm.ipad, key) + copy(hm.opad, key) + for i := range hm.ipad { + hm.ipad[i] ^= 0x36 + } + for i := range hm.opad { + hm.opad[i] ^= 0x5c + } + hm.inner.Write(hm.ipad) + return hm +} + +// Equal compares two MACs for equality without leaking timing information. +func Equal(mac1, mac2 []byte) bool { + // We don't have to be constant time if the lengths of the MACs are + // different as that suggests that a completely different hash function + // was used. + return subtle.ConstantTimeCompare(mac1, mac2) == 1 +} |