diff options
| author | Tobi Oetiker <tobi@oetiker.ch> | 2008-03-18 09:10:40 +0100 |
|---|---|---|
| committer | Tobi Oetiker <tobi@oetiker.ch> | 2008-03-18 09:10:40 +0100 |
| commit | a002bbdae7018d7c23f857780074ef00e3e6f31e (patch) | |
| tree | 977aceaed2d4bb1a73b47695a4d1653567d74e2f /lib/Digest/HMAC.pm | |
| parent | efe9d8dafd6a8bc5845eae3b4dbc172ad68aa187 (diff) | |
| download | smokeping-a002bbdae7018d7c23f857780074ef00e3e6f31e.tar.gz smokeping-a002bbdae7018d7c23f857780074ef00e3e6f31e.tar.xz | |
switch to HMAC digest to avert extension attack
Diffstat (limited to 'lib/Digest/HMAC.pm')
| -rw-r--r-- | lib/Digest/HMAC.pm | 111 |
1 files changed, 111 insertions, 0 deletions
diff --git a/lib/Digest/HMAC.pm b/lib/Digest/HMAC.pm new file mode 100644 index 0000000..e2e6b60 --- /dev/null +++ b/lib/Digest/HMAC.pm @@ -0,0 +1,111 @@ +package Digest::HMAC; +$VERSION = "1.01"; + +use strict; + +# OO interface + +sub new +{ + my($class, $key, $hasher, $block_size) = @_; + $block_size ||= 64; + $key = $hasher->new->add($key)->digest if length($key) > $block_size; + + my $self = bless {}, $class; + $self->{k_ipad} = $key ^ (chr(0x36) x $block_size); + $self->{k_opad} = $key ^ (chr(0x5c) x $block_size); + $self->{hasher} = $hasher->new->add($self->{k_ipad}); + $self; +} + +sub reset +{ + my $self = shift; + $self->{hasher}->reset->add($self->{k_ipad}); + $self; +} + +sub add { my $self = shift; $self->{hasher}->add(@_); $self; } +sub addfile { my $self = shift; $self->{hasher}->addfile(@_); $self; } + +sub _digest +{ + my $self = shift; + my $inner_digest = $self->{hasher}->digest; + $self->{hasher}->reset->add($self->{k_opad}, $inner_digest); +} + +sub digest { shift->_digest->digest; } +sub hexdigest { shift->_digest->hexdigest; } +sub b64digest { shift->_digest->b64digest; } + + +# Functional interface + +require Exporter; +*import = \&Exporter::import; +use vars qw(@EXPORT_OK); +@EXPORT_OK = qw(hmac hmac_hex); + +sub hmac +{ + my($data, $key, $hash_func, $block_size) = @_; + $block_size ||= 64; + $key = &$hash_func($key) if length($key) > $block_size; + + my $k_ipad = $key ^ (chr(0x36) x $block_size); + my $k_opad = $key ^ (chr(0x5c) x $block_size); + + &$hash_func($k_opad, &$hash_func($k_ipad, $data)); +} + +sub hmac_hex { unpack("H*", &hmac); } + +1; + +__END__ + +=head1 NAME + +Digest::HMAC - Keyed-Hashing for Message Authentication + +=head1 SYNOPSIS + + # Functional style + use Digest::HMAC qw(hmac hmac_hex); + $digest = hmac($data, $key, \&myhash); + print hmac_hex($data, $key, \&myhash); + + # OO style + use Digest::HMAC; + $hmac = Digest::HMAC->new($key, "Digest::MyHash"); + + $hmac->add($data); + $hmac->addfile(*FILE); + + $digest = $hmac->digest; + $digest = $hmac->hexdigest; + $digest = $hmac->b64digest; + +=head1 DESCRIPTION + +HMAC is used for message integrity checks between two parties that +share a secret key, and works in combination with some other Digest +algorithm, usually MD5 or SHA-1. The HMAC mechanism is described in +RFC 2104. + +HMAC follow the common C<Digest::> interface, but the constructor +takes the secret key and the name of some other simple C<Digest::> +as argument. + +=head1 SEE ALSO + +L<Digest::HMAC_MD5>, L<Digest::HMAC_SHA1> + +RFC 2104 + +=head1 AUTHORS + +Graham Barr <gbarr@ti.com>, Gisle Aas <gisle@aas.no> + +=cut |