From 662d01e11276c717bdbfb4e053248cbdfe142a4f Mon Sep 17 00:00:00 2001
From: siddharth <s@ricketyspace.net>
Date: Tue, 29 Mar 2022 21:43:09 -0400
Subject: lib: add HmacSha256

---
 lib/sha256.go      | 38 ++++++++++++++++++++++++++++++++++++++
 lib/sha256_test.go | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 70 insertions(+)

(limited to 'lib')

diff --git a/lib/sha256.go b/lib/sha256.go
index da6dd7c..10b96b5 100644
--- a/lib/sha256.go
+++ b/lib/sha256.go
@@ -190,3 +190,41 @@ func (s *Sha256) Hash() []byte {
 
 	return d
 }
+
+func (s *Sha256) Mac(secret, msg []byte) []byte {
+	s.Message(append(secret, msg...))
+	return s.Hash()
+}
+
+func (s *Sha256) MacVerify(secret, msg, mac []byte) bool {
+	s.Message(append(secret, msg...))
+	if BytesEqual(s.Hash(), mac) {
+		return true
+	}
+	return false
+}
+
+// HMAC-SHA256.
+func HmacSha256(key, msg []byte) []byte {
+	// Initialize SHA-256 object.
+	sha := Sha256{}
+	sha.Init([]uint32{})
+
+	// Modify key based on it's size.
+	if len(key) > 64 { // > blocksize (64 bytes)
+		sha.Message(key)
+		key = sha.Hash()
+	}
+	if len(key) < 64 { // < blocksize (64 bytes)
+		// Pad with zeroes up to 64 bytes.
+		key = append(key, make([]byte, 64-len(key))...)
+	}
+
+	// Outer padded key.
+	opk := FixedXORBytes(key, FillBytes(0x5c, 64))
+
+	// Inner padded key.
+	ipk := FixedXORBytes(key, FillBytes(0x36, 64))
+
+	return sha.Mac(opk, sha.Mac(ipk, msg))
+}
diff --git a/lib/sha256_test.go b/lib/sha256_test.go
index ca429fd..5b1a797 100644
--- a/lib/sha256_test.go
+++ b/lib/sha256_test.go
@@ -29,3 +29,35 @@ func TestSha256Hash(t *testing.T) {
 		t.Errorf("sha256 test 1 failed: %x != %s\n", h, e)
 	}
 }
+
+// Tests from
+// https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/documents/mac/hmactestvectors.zip
+// L=32
+func TestHmacSha256(t *testing.T) {
+	// Test 1
+	k := HexStrToBytes("6f35628d65813435534b5d67fbdb54cb33403d04e843103e6399f806cb5df95febbdd61236f33245")
+	m := HexStrToBytes("752cff52e4b90768558e5369e75d97c69643509a5e5904e0a386cbe4d0970ef73f918f675945a9aefe26daea27587e8dc909dd56fd0468805f834039b345f855cfe19c44b55af241fff3ffcd8045cd5c288e6c4e284c3720570b58e4d47b8feeedc52fd1401f698a209fccfa3b4c0d9a797b046a2759f82a54c41ccd7b5f592b")
+	h := HmacSha256(k, m)
+	e := "05d1243e6465ed9620c9aec1c351a1868e2251b933a394752ab17bff99b80e29" // Expected HMAC-SHA256
+	if BytesToHexStr(h) != e {
+		t.Errorf("hmac-sha256 test 1 failed: %x != %s\n", h, e)
+	}
+
+	// Test 2
+	k = HexStrToBytes("42521bc3f168b2b3434cb4e44d92f526b41c5f10bfe0a0e6b0eb20c055a636e9da599b86e1ed1f78d4f69a837af126afc9c98beefca1fb00e5cd00948321b2b0")
+	m = HexStrToBytes("5a600c468ec22e42af5ba93eb79452864ebe469a86f83632c85201800f3288b553f7bec649ddfe704920a27a8f65d13aa755985a238b3cdc8fb0cf5ca7e40295c7603a27a25ae69837290f9801aa30896ee2493e93e52f031ef626de8cefb1159ce4a9f003038dc061be1920742d1a7b8bad80cf3eceb5b05d6c2d8f261b3f3c")
+	h = HmacSha256(k, m)
+	e = "e1c3c6d90820511c8d685c73bb757ee216ce143989cd540ae27c8eb09bff33ed" // Expected HMAC-SHA256
+	if BytesToHexStr(h) != e {
+		t.Errorf("hmac-sha256 test 2 failed: %x != %s\n", h, e)
+	}
+
+	// Test 3
+	k = HexStrToBytes("1abf71698a7d52b41caa5c26558d46e8cf27a490d270168c23e4c0c4213efa7b0d844876aa438c61061c7a6e977f4d3f89b7b806572720eb99d308ae1d22cd8d38e293685e8c")
+	m = HexStrToBytes("aa02f0b377f161ee60b0fbd6c56a537c0358cb8da62b63d5daaad203239cd6ac4ee8c892a8fb73256d6a264a83d8085c681bac706a9ae5de16f9dcfdf2f95f2d6f997c1b19824f4011a118abbd169001be4d7ec2226a85cddbeb4027708891f8f35e35d6334d9c46329ff880daea9573eb3768093863eaac13c6270906131114")
+	h = HmacSha256(k, m)
+	e = "8cbd8f921c55d36e5b7db27f7891def17ed6ff32d155b2660b7fe26870a0b243" // Expected HMAC-SHA256
+	if BytesToHexStr(h) != e {
+		t.Errorf("hmac-sha256 test 3 failed: %x != %s\n", h, e)
+	}
+}
-- 
cgit v1.2.3