Class: OpenSSL::HMAC
| Relationships & Source Files | |
| Inherits: | Object |
| Defined in: | ext/openssl/ossl_hmac.c, ext/openssl/ossl_hmac.c, ext/openssl/lib/openssl/hmac.rb |
Overview
HMAC allows computing Hash-based Message Authentication Code (HMAC). It is a type of message authentication code (MAC) involving a hash function in combination with a key. HMAC can be used to verify the integrity of a message as well as the authenticity.
HMAC has a similar interface to Digest.
HMAC-SHA256 using one-shot interface
key = "key"
data = "message-to-be-authenticated"
mac = OpenSSL::HMAC.hexdigest("SHA256", key, data)
#=> "cddb0db23f469c8bf072b21fd837149bd6ace9ab771cceef14c9e517cc93282e"HMAC-SHA256 using incremental interface
data1 = File.binread("file1")
data2 = File.binread("file2")
key = "key"
hmac = OpenSSL::HMAC.new(key, 'SHA256')
hmac << data1
hmac << data2
mac = hmac.digestClass Method Summary
-
.base64digest(digest, key, data) ⇒ String
Returns the authentication code as a Base64-encoded string.
-
.digest(digest, key, data) ⇒ String
Returns the authentication code as a binary string.
-
.hexdigest(digest, key, data) ⇒ String
Returns the authentication code as a hex-encoded string.
-
.new(key, digest) ⇒ HMAC
constructor
Returns an instance of
HMACset with the key and digest algorithm to be used.
Instance Method Summary
-
#<<(string) ⇒ self
(also: #update)
Returns hmac updated with the message to be authenticated.
-
#==(other)
Securely compare with another
HMACinstance in constant time. -
#base64digest ⇒ String
Returns the authentication code an a Base64-encoded string.
-
#digest ⇒ String
Returns the authentication code an instance represents as a binary string.
-
#hexdigest ⇒ String
Alias for #to_s.
- #initialize_copy(other)
-
#inspect ⇒ String
Alias for #to_s.
-
#reset ⇒ self
Returns hmac as it was when it was first initialized, with all processed data cleared from it.
-
#to_s ⇒ String
(also: #hexdigest, #inspect)
Returns the authentication code an instance represents as a hex-encoded string.
-
#update(string) ⇒ self
Alias for #<<.
Constructor Details
.new(key, digest) ⇒ HMAC
Returns an instance of HMAC set with the key and digest algorithm to be used. The instance represents the initial state of the message authentication code before any data has been processed. To process data with it, use the instance method #update with your data as an argument.
Example
key = 'key'
instance = OpenSSL::HMAC.new(key, 'SHA1')
#=> f42bb0eeb018ebbd4597ae7213711ec60760843f
instance.class
#=> OpenSSL::HMACA note about comparisons
Two instances can be securely compared with #== in constant time:
other_instance = OpenSSL::HMAC.new('key', 'SHA1')
#=> f42bb0eeb018ebbd4597ae7213711ec60760843f
instance == other_instance
#=> true# File 'ext/openssl/ossl_hmac.c', line 92
static VALUE
ossl_hmac_initialize(VALUE self, VALUE key, VALUE digest)
{
EVP_MD_CTX *ctx;
EVP_PKEY *pkey;
GetHMAC(self, ctx);
StringValue(key);
#ifdef HAVE_EVP_PKEY_NEW_RAW_PRIVATE_KEY
pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,
(unsigned char *)RSTRING_PTR(key),
RSTRING_LENINT(key));
if (!pkey)
ossl_raise(eHMACError, "EVP_PKEY_new_raw_private_key");
#else
pkey = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL,
(unsigned char *)RSTRING_PTR(key),
RSTRING_LENINT(key));
if (!pkey)
ossl_raise(eHMACError, "EVP_PKEY_new_mac_key");
#endif
if (EVP_DigestSignInit(ctx, NULL, ossl_evp_get_digestbyname(digest),
NULL, pkey) != 1) {
EVP_PKEY_free(pkey);
ossl_raise(eHMACError, "EVP_DigestSignInit");
}
/* Decrement reference counter; EVP_MD_CTX still keeps it */
EVP_PKEY_free(pkey);
return self;
}
Class Method Details
.base64digest(digest, key, data) ⇒ String
Returns the authentication code as a Base64-encoded string. The digest parameter specifies the digest algorithm to use. This may be a String representing the algorithm name or an instance of Digest.
Example
key = 'key'
data = 'The quick brown fox jumps over the lazy dog'
hmac = OpenSSL::HMAC.base64digest('SHA1', key, data)
#=> "3nybhbi3iqa8ino29wqQcBydtNk="
.digest(digest, key, data) ⇒ String
Returns the authentication code as a binary string. The digest parameter specifies the digest algorithm to use. This may be a String representing the algorithm name or an instance of Digest.
Example
key = 'key'
data = 'The quick brown fox jumps over the lazy dog'
hmac = OpenSSL::HMAC.digest('SHA1', key, data)
#=> "\xDE|\x9B\x85\xB8\xB7\x8A\xA6\xBC\x8Az6\xF7\n\x90p\x1C\x9D\xB4\xD9"# File 'ext/openssl/lib/openssl/hmac.rb', line 35
def digest(digest, key, data) hmac = new(key, digest) hmac << data hmac.digest end
.hexdigest(digest, key, data) ⇒ String
Returns the authentication code as a hex-encoded string. The digest parameter specifies the digest algorithm to use. This may be a String representing the algorithm name or an instance of Digest.
Example
key = 'key'
data = 'The quick brown fox jumps over the lazy dog'
hmac = OpenSSL::HMAC.hexdigest('SHA1', key, data)
#=> "de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9"Instance Method Details
#<<(string) ⇒ self Also known as: #update
Returns hmac updated with the message to be authenticated. Can be called repeatedly with chunks of the message.
Example
first_chunk = 'The quick brown fox jumps '
second_chunk = 'over the lazy dog'
instance.update(first_chunk)
#=> 5b9a8038a65d571076d97fe783989e52278a492a
instance.update(second_chunk)
#=> de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9# File 'ext/openssl/ossl_hmac.c', line 157
static VALUE
ossl_hmac_update(VALUE self, VALUE data)
{
EVP_MD_CTX *ctx;
StringValue(data);
GetHMAC(self, ctx);
if (EVP_DigestSignUpdate(ctx, RSTRING_PTR(data), RSTRING_LEN(data)) != 1)
ossl_raise(eHMACError, "EVP_DigestSignUpdate");
return self;
}
#==(other)
Securely compare with another HMAC instance in constant time.
#base64digest ⇒ String
Returns the authentication code an a Base64-encoded string.
# File 'ext/openssl/lib/openssl/hmac.rb', line 17
def base64digest [digest].pack("m0") end
#digest ⇒ String
# File 'ext/openssl/ossl_hmac.c', line 182
static VALUE
ossl_hmac_digest(VALUE self)
{
EVP_MD_CTX *ctx;
size_t buf_len = EVP_MAX_MD_SIZE;
VALUE ret;
GetHMAC(self, ctx);
ret = rb_str_new(NULL, EVP_MAX_MD_SIZE);
if (EVP_DigestSignFinal(ctx, (unsigned char *)RSTRING_PTR(ret),
&buf_len) != 1)
ossl_raise(eHMACError, "EVP_DigestSignFinal");
rb_str_set_len(ret, (long)buf_len);
return ret;
}
#to_s ⇒ String
#hexdigest ⇒ String
String
#hexdigest ⇒ String
Alias for #to_s.
#initialize_copy(other)
[ GitHub ]# File 'ext/openssl/ossl_hmac.c', line 124
static VALUE
ossl_hmac_copy(VALUE self, VALUE other)
{
EVP_MD_CTX *ctx1, *ctx2;
rb_check_frozen(self);
if (self == other) return self;
GetHMAC(self, ctx1);
GetHMAC(other, ctx2);
if (EVP_MD_CTX_copy(ctx1, ctx2) != 1)
ossl_raise(eHMACError, "EVP_MD_CTX_copy");
return self;
}
#to_s ⇒ String
#inspect ⇒ String
String
#inspect ⇒ String
Alias for #to_s.
#reset ⇒ self
Returns hmac as it was when it was first initialized, with all processed data cleared from it.
Example
data = "The quick brown fox jumps over the lazy dog"
instance = OpenSSL::HMAC.new('key', 'SHA1')
#=> f42bb0eeb018ebbd4597ae7213711ec60760843f
instance.update(data)
#=> de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9
instance.reset
#=> f42bb0eeb018ebbd4597ae7213711ec60760843f# File 'ext/openssl/ossl_hmac.c', line 242
static VALUE
ossl_hmac_reset(VALUE self)
{
EVP_MD_CTX *ctx;
EVP_PKEY *pkey;
GetHMAC(self, ctx);
pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_get_pkey_ctx(ctx));
if (EVP_DigestSignInit(ctx, NULL, EVP_MD_CTX_get0_md(ctx), NULL, pkey) != 1)
ossl_raise(eHMACError, "EVP_DigestSignInit");
return self;
}
#to_s ⇒ String Also known as: #hexdigest, #inspect
Returns the authentication code an instance represents as a hex-encoded string.
# File 'ext/openssl/ossl_hmac.c', line 206
static VALUE
ossl_hmac_hexdigest(VALUE self)
{
EVP_MD_CTX *ctx;
unsigned char buf[EVP_MAX_MD_SIZE];
size_t buf_len = EVP_MAX_MD_SIZE;
VALUE ret;
GetHMAC(self, ctx);
if (EVP_DigestSignFinal(ctx, buf, &buf_len) != 1)
ossl_raise(eHMACError, "EVP_DigestSignFinal");
ret = rb_str_new(NULL, buf_len * 2);
ossl_bin2hex(buf, RSTRING_PTR(ret), buf_len);
return ret;
}
#<<(string) ⇒ self
#update(string) ⇒ self
self
#update(string) ⇒ self
Alias for #<<.