kiska
/
transfer.sh
1
0
Fork 2
Code Issues 0 Pull Requests 0 Releases 11 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
309 Commits
9 Branches
34 MiB
 
 
 
Tree: 799031abf2
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '799031abf2'
${ noResults }
transfer.sh/vendor/golang.org/x/crypto/nacl/auth/auth.go

59 lines
2.0 KiB
Raw Blame History 

  1. // Copyright 2017 The Go Authors. All rights reserved.

  2. // Use of this source code is governed by a BSD-style

  3. // license that can be found in the LICENSE file.

  4. 

  5. /*

  6. Package auth authenticates a message using a secret key.

  7. 

  8. The Sum function, viewed as a function of the message for a uniform random

  9. key, is designed to meet the standard notion of unforgeability. This means

  10. that an attacker cannot find authenticators for any messages not authenticated

  11. by the sender, even if the attacker has adaptively influenced the messages

  12. authenticated by the sender. For a formal definition see, e.g., Section 2.4

  13. of Bellare, Kilian, and Rogaway, "The security of the cipher block chaining

  14. message authentication code," Journal of Computer and System Sciences 61 (2000),

  15. 362–399; http://www-cse.ucsd.edu/~mihir/papers/cbc.html.

  16. 

  17. auth does not make any promises regarding "strong" unforgeability; perhaps

  18. one valid authenticator can be converted into another valid authenticator for

  19. the same message. NaCl also does not make any promises regarding "truncated

  20. unforgeability."

  21. 

  22. This package is interoperable with NaCl: https://nacl.cr.yp.to/auth.html.

  23. */

  24. package auth

  25. 

  26. import (

  27. 	"crypto/hmac"

  28. 	"crypto/sha512"

  29. )

  30. 

  31. const (

  32. 	// Size is the size, in bytes, of an authenticated digest.

  33. 	Size = 32

  34. 	// KeySize is the size, in bytes, of an authentication key.

  35. 	KeySize = 32

  36. )

  37. 

  38. // Sum generates an authenticator for m using a secret key and returns the

  39. // 32-byte digest.

  40. func Sum(m []byte, key *[KeySize]byte) *[Size]byte {

  41. 	mac := hmac.New(sha512.New, key[:])

  42. 	mac.Write(m)

  43. 	out := new([KeySize]byte)

  44. 	copy(out[:], mac.Sum(nil)[:Size])

  45. 	return out

  46. }

  47. 

  48. // Verify checks that digest is a valid authenticator of message m under the

  49. // given secret key. Verify does not leak timing information.

  50. func Verify(digest []byte, m []byte, key *[KeySize]byte) bool {

  51. 	if len(digest) != Size {

  52. 		return false

  53. 	}

  54. 	mac := hmac.New(sha512.New, key[:])

  55. 	mac.Write(m)

  56. 	expectedMAC := mac.Sum(nil) // first 256 bits of 512-bit sum

  57. 	return hmac.Equal(digest, expectedMAC[:Size])

  58. }