123456789_123456789_123456789_123456789_123456789_

Class: OpenSSL::HMAC

Relationships & Source Files
Inherits: Object
Defined in: ext/openssl/ossl_hmac.c,
ext/openssl/ossl_hmac.c

Overview

HMAC allows computing Hash-based Message Authentication Code (HMAC). It is a type of message authentication code (MAC) involving a hash function in combination with a key. HMAC can be used to verify the integrity of a message as well as the authenticity.

HMAC has a similar interface to Digest.

HMAC-SHA256 using one-shot interface

key = "key"
data = "message-to-be-authenticated"
mac = OpenSSL::HMAC.hexdigest("SHA256", key, data)
#=> "cddb0db23f469c8bf072b21fd837149bd6ace9ab771cceef14c9e517cc93282e"

HMAC-SHA256 using incremental interface

data1 = File.read("file1")
data2 = File.read("file2")
key = "key"
digest = OpenSSL::Digest::SHA256.new
hmac = OpenSSL::HMAC.new(key, digest)
hmac << data1
hmac << data2
mac = hmac.digest

Class Method Summary

Instance Method Summary

Constructor Details

.new(key, digest) ⇒ HMAC

Returns an instance of HMAC set with the key and digest algorithm to be used. The instance represents the initial state of the message authentication code before any data has been processed. To process data with it, use the instance method #update with your data as an argument.

Example

key = 'key'
digest = OpenSSL::Digest.new('sha1')
instance = OpenSSL::HMAC.new(key, digest)
#=> f42bb0eeb018ebbd4597ae7213711ec60760843f
instance.class
#=> OpenSSL::HMAC

A note about comparisons

Two instances won’t be equal when they’re compared, even if they have the same value. Use #to_s or #hexdigest to return the authentication code that the instance represents. For example:

other_instance = OpenSSL::HMAC.new('key', OpenSSL::Digest.new('sha1'))
#=> f42bb0eeb018ebbd4597ae7213711ec60760843f
instance
#=> f42bb0eeb018ebbd4597ae7213711ec60760843f
instance == other_instance
#=> false
instance.to_s == other_instance.to_s
#=> true
[ GitHub ]

  
# File 'ext/openssl/ossl_hmac.c', line 101

static VALUE
ossl_hmac_initialize(VALUE self, VALUE key, VALUE digest)
{
    HMAC_CTX *ctx;

    StringValue(key);
    GetHMAC(self, ctx);
    HMAC_Init_ex(ctx, RSTRING_PTR(key), RSTRING_LENINT(key),
		 ossl_evp_get_digestbyname(digest), NULL);

    return self;
}

Class Method Details

.digest(digest, key, data) ⇒ String

Returns the authentication code as a binary string. The digest parameter specifies the digest algorithm to use. This may be a String representing the algorithm name or an instance of Digest.

Example

key = 'key'
data = 'The quick brown fox jumps over the lazy dog'

hmac = OpenSSL::HMAC.digest('sha1', key, data)
#=> "\xDE|\x9B\x85\xB8\xB7\x8A\xA6\xBC\x8Az6\xF7\n\x90p\x1C\x9D\xB4\xD9"
[ GitHub ]

  
# File 'ext/openssl/ossl_hmac.c', line 276

static VALUE
ossl_hmac_s_digest(VALUE klass, VALUE digest, VALUE key, VALUE data)
{
    unsigned char *buf;
    unsigned int buf_len;

    StringValue(key);
    StringValue(data);
    buf = HMAC(ossl_evp_get_digestbyname(digest), RSTRING_PTR(key),
	       RSTRING_LENINT(key), (unsigned char *)RSTRING_PTR(data),
	       RSTRING_LEN(data), NULL, &buf_len);

    return rb_str_new((const char *)buf, buf_len);
}

.to_s(digest, key, data) ⇒ String .hexdigest(digest, key, data) ⇒ String

Alias for .to_s.

.to_s(digest, key, data) ⇒ String .inspect(digest, key, data) ⇒ String

Alias for .to_s.

.to_s(digest, key, data) ⇒ String Also known as: .hexdigest, .inspect

Returns the authentication code as a hex-encoded string. The digest parameter specifies the digest algorithm to use. This may be a String representing the algorithm name or an instance of Digest.

Example

key = 'key'
data = 'The quick brown fox jumps over the lazy dog'

hmac = OpenSSL::HMAC.hexdigest('sha1', key, data)
#=> "de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9"
[ GitHub ]

  
# File 'ext/openssl/ossl_hmac.c', line 308

static VALUE
ossl_hmac_s_hexdigest(VALUE klass, VALUE digest, VALUE key, VALUE data)
{
    unsigned char buf[EVP_MAX_MD_SIZE];
    unsigned int buf_len;
    VALUE ret;

    StringValue(key);
    StringValue(data);

    if (!HMAC(ossl_evp_get_digestbyname(digest), RSTRING_PTR(key),
	      RSTRING_LENINT(key), (unsigned char *)RSTRING_PTR(data),
	      RSTRING_LEN(data), buf, &buf_len))
	ossl_raise(eHMACError, "HMAC");

    ret = rb_str_new(NULL, buf_len * 2);
    ossl_bin2hex(buf, RSTRING_PTR(ret), buf_len);

    return ret;
}

Instance Method Details

#<<(string) ⇒ self Also known as: #update

Returns hmac updated with the message to be authenticated. Can be called repeatedly with chunks of the message.

Example

first_chunk = 'The quick brown fox jumps '
second_chunk = 'over the lazy dog'

instance.update(first_chunk)
#=> 5b9a8038a65d571076d97fe783989e52278a492a
instance.update(second_chunk)
#=> de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9
[ GitHub ]

  
# File 'ext/openssl/ossl_hmac.c', line 148

static VALUE
ossl_hmac_update(VALUE self, VALUE data)
{
    HMAC_CTX *ctx;

    StringValue(data);
    GetHMAC(self, ctx);
    HMAC_Update(ctx, (unsigned char *)RSTRING_PTR(data), RSTRING_LEN(data));

    return self;
}

#digestString

Returns the authentication code an instance represents as a binary string.

Example

instance = OpenSSL::HMAC.new('key', OpenSSL::Digest.new('sha1'))
#=> f42bb0eeb018ebbd4597ae7213711ec60760843f
instance.digest
#=> "\xF4+\xB0\xEE\xB0\x18\xEB\xBDE\x97\xAEr\x13q\x1E\xC6\a`\x84?"
[ GitHub ]

  
# File 'ext/openssl/ossl_hmac.c', line 190

static VALUE
ossl_hmac_digest(VALUE self)
{
    HMAC_CTX *ctx;
    unsigned int buf_len;
    VALUE ret;

    GetHMAC(self, ctx);
    ret = rb_str_new(NULL, EVP_MAX_MD_SIZE);
    hmac_final(ctx, (unsigned char *)RSTRING_PTR(ret), &buf_len);
    assert(buf_len <= EVP_MAX_MD_SIZE);
    rb_str_set_len(ret, buf_len);

    return ret;
}

#hexdigestString

Returns the authentication code an instance represents as a hex-encoded string.

[ GitHub ]

  
# File 'ext/openssl/ossl_hmac.c', line 213

static VALUE
ossl_hmac_hexdigest(VALUE self)
{
    HMAC_CTX *ctx;
    unsigned char buf[EVP_MAX_MD_SIZE];
    unsigned int buf_len;
    VALUE ret;

    GetHMAC(self, ctx);
    hmac_final(ctx, buf, &buf_len);
    ret = rb_str_new(NULL, buf_len * 2);
    ossl_bin2hex(buf, RSTRING_PTR(ret), buf_len);

    return ret;
}

#initialize_copy(other)

[ GitHub ]

  
# File 'ext/openssl/ossl_hmac.c', line 114

static VALUE
ossl_hmac_copy(VALUE self, VALUE other)
{
    HMAC_CTX *ctx1, *ctx2;

    rb_check_frozen(self);
    if (self == other) return self;

    GetHMAC(self, ctx1);
    GetHMAC(other, ctx2);

    if (!HMAC_CTX_copy(ctx1, ctx2))
	ossl_raise(eHMACError, "HMAC_CTX_copy");
    return self;
}

#resetself

Returns hmac as it was when it was first initialized, with all processed data cleared from it.

Example

data = "The quick brown fox jumps over the lazy dog"
instance = OpenSSL::HMAC.new('key', OpenSSL::Digest.new('sha1'))
#=> f42bb0eeb018ebbd4597ae7213711ec60760843f

instance.update(data)
#=> de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9
instance.reset
#=> f42bb0eeb018ebbd4597ae7213711ec60760843f
[ GitHub ]

  
# File 'ext/openssl/ossl_hmac.c', line 248

static VALUE
ossl_hmac_reset(VALUE self)
{
    HMAC_CTX *ctx;

    GetHMAC(self, ctx);
    HMAC_Init_ex(ctx, NULL, 0, NULL, NULL);

    return self;
}

#<<(string) ⇒ self #update(string) ⇒ self

Alias for #<<.