src/crypto/hmac/hmac.go - go - Git at Google

 // Copyright 2009 The Go Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.

 /*
 Package hmac implements the Keyed-Hash Message Authentication Code (HMAC) as
 defined in U.S. Federal Information Processing Standards Publication 198.
 An HMAC is a cryptographic hash that uses a key to sign a message.
 The receiver verifies the hash by recomputing it using the same key.

 Receivers should be careful to use Equal to compare MACs in order to avoid
 timing side-channels:

 	// ValidMAC reports whether messageMAC is a valid HMAC tag for message.
 	func ValidMAC(message, messageMAC, key []byte) bool {
 		mac := hmac.New(sha256.New, key)
 		mac.Write(message)
 		expectedMAC := mac.Sum(nil)
 		return hmac.Equal(messageMAC, expectedMAC)
 	}
 */
 package hmac

 import (
 	"crypto/subtle"
 	"hash"
 )

 // FIPS 198-1:
 // https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf

 // key is zero padded to the block size of the hash function
 // ipad = 0x36 byte repeated for key length
 // opad = 0x5c byte repeated for key length
 // hmac = H([key ^ opad] H([key ^ ipad] text))

 type hmac struct {
 	size         int
 	blocksize    int
 	opad, ipad   []byte
 	outer, inner hash.Hash
 }

 func (h *hmac) Sum(in []byte) []byte {
 	origLen := len(in)
 	in = h.inner.Sum(in)
 	h.outer.Reset()
 	h.outer.Write(h.opad)
 	h.outer.Write(in[origLen:])
 	return h.outer.Sum(in[:origLen])
 }

 func (h *hmac) Write(p []byte) (n int, err error) {
 	return h.inner.Write(p)
 }

 func (h *hmac) Size() int { return h.size }

 func (h *hmac) BlockSize() int { return h.blocksize }

 func (h *hmac) Reset() {
 	h.inner.Reset()
 	h.inner.Write(h.ipad)
 }

 // New returns a new HMAC hash using the given hash.Hash type and key.
 // Note that unlike other hash implementations in the standard library,
 // the returned Hash does not implement encoding.BinaryMarshaler
 // or encoding.BinaryUnmarshaler.
 func New(h func() hash.Hash, key []byte) hash.Hash {
 	hm := new(hmac)
 	hm.outer = h()
 	hm.inner = h()
 	hm.size = hm.inner.Size()
 	hm.blocksize = hm.inner.BlockSize()
 	hm.ipad = make([]byte, hm.blocksize)
 	hm.opad = make([]byte, hm.blocksize)
 	if len(key) > hm.blocksize {
 		// If key is too big, hash it.
 		hm.outer.Write(key)
 		key = hm.outer.Sum(nil)
 	}
 	copy(hm.ipad, key)
 	copy(hm.opad, key)
 	for i := range hm.ipad {
 		hm.ipad[i] ^= 0x36
 	}
 	for i := range hm.opad {
 		hm.opad[i] ^= 0x5c
 	}
 	hm.inner.Write(hm.ipad)
 	return hm
 }

 // Equal compares two MACs for equality without leaking timing information.
 func Equal(mac1, mac2 []byte) bool {
 	// We don't have to be constant time if the lengths of the MACs are
 	// different as that suggests that a completely different hash function
 	// was used.
 	return subtle.ConstantTimeCompare(mac1, mac2) == 1
 }
	// Copyright 2009 The Go Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style
	// license that can be found in the LICENSE file.

	/*
	Package hmac implements the Keyed-Hash Message Authentication Code (HMAC) as
	defined in U.S. Federal Information Processing Standards Publication 198.
	An HMAC is a cryptographic hash that uses a key to sign a message.
	The receiver verifies the hash by recomputing it using the same key.

	Receivers should be careful to use Equal to compare MACs in order to avoid
	timing side-channels:

	// ValidMAC reports whether messageMAC is a valid HMAC tag for message.
	func ValidMAC(message, messageMAC, key []byte) bool {
	mac := hmac.New(sha256.New, key)
	mac.Write(message)
	expectedMAC := mac.Sum(nil)
	return hmac.Equal(messageMAC, expectedMAC)
	}
	*/
	package hmac

	import (
	"crypto/subtle"
	"hash"
	)

	// FIPS 198-1:
	// https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf

	// key is zero padded to the block size of the hash function
	// ipad = 0x36 byte repeated for key length
	// opad = 0x5c byte repeated for key length
	// hmac = H([key ^ opad] H([key ^ ipad] text))

	type hmac struct {
	size int
	blocksize int
	opad, ipad []byte
	outer, inner hash.Hash
	}

	func (h *hmac) Sum(in []byte) []byte {
	origLen := len(in)
	in = h.inner.Sum(in)
	h.outer.Reset()
	h.outer.Write(h.opad)
	h.outer.Write(in[origLen:])
	return h.outer.Sum(in[:origLen])
	}

	func (h *hmac) Write(p []byte) (n int, err error) {
	return h.inner.Write(p)
	}

	func (h *hmac) Size() int { return h.size }

	func (h *hmac) BlockSize() int { return h.blocksize }

	func (h *hmac) Reset() {
	h.inner.Reset()
	h.inner.Write(h.ipad)
	}

	// New returns a new HMAC hash using the given hash.Hash type and key.
	// Note that unlike other hash implementations in the standard library,
	// the returned Hash does not implement encoding.BinaryMarshaler
	// or encoding.BinaryUnmarshaler.
	func New(h func() hash.Hash, key []byte) hash.Hash {
	hm := new(hmac)
	hm.outer = h()
	hm.inner = h()
	hm.size = hm.inner.Size()
	hm.blocksize = hm.inner.BlockSize()
	hm.ipad = make([]byte, hm.blocksize)
	hm.opad = make([]byte, hm.blocksize)
	if len(key) > hm.blocksize {
	// If key is too big, hash it.
	hm.outer.Write(key)
	key = hm.outer.Sum(nil)
	}
	copy(hm.ipad, key)
	copy(hm.opad, key)
	for i := range hm.ipad {
	hm.ipad[i] ^= 0x36
	}
	for i := range hm.opad {
	hm.opad[i] ^= 0x5c
	}
	hm.inner.Write(hm.ipad)
	return hm
	}

	// Equal compares two MACs for equality without leaking timing information.
	func Equal(mac1, mac2 []byte) bool {
	// We don't have to be constant time if the lengths of the MACs are
	// different as that suggests that a completely different hash function
	// was used.
	return subtle.ConstantTimeCompare(mac1, mac2) == 1
	}