2 // HMACAlgorithm.cs: Handles HMAC with any hash algorithm
5 // Sebastien Pouliot (spouliot@motus.com)
7 // (C) 2002, 2003 Motus Technologies Inc. (http://www.motus.com)
11 // Copyright (C) 2004 Novell, Inc (http://www.novell.com)
13 // Permission is hereby granted, free of charge, to any person obtaining
14 // a copy of this software and associated documentation files (the
15 // "Software"), to deal in the Software without restriction, including
16 // without limitation the rights to use, copy, modify, merge, publish,
17 // distribute, sublicense, and/or sell copies of the Software, and to
18 // permit persons to whom the Software is furnished to do so, subject to
19 // the following conditions:
21 // The above copyright notice and this permission notice shall be
22 // included in all copies or substantial portions of the Software.
24 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
25 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
26 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
27 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
28 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
29 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
30 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
34 using System.Security.Cryptography;
36 namespace Mono.Security.Cryptography {
39 // a. FIPS PUB 198: The Keyed-Hash Message Authentication Code (HMAC), 2002 March.
40 // http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf
41 // b. Internet RFC 2104, HMAC, Keyed-Hashing for Message Authentication
42 // (include C source for HMAC-MD5)
43 // http://www.ietf.org/rfc/rfc2104.txt
44 // c. IETF RFC2202: Test Cases for HMAC-MD5 and HMAC-SHA-1
45 // (include C source for HMAC-MD5 and HAMAC-SHA1)
46 // http://www.ietf.org/rfc/rfc2202.txt
47 // d. ANSI X9.71, Keyed Hash Message Authentication Code.
49 // http://webstore.ansi.org/ansidocstore/product.asp?sku=ANSI+X9%2E71%2D2000
51 // Generic HMAC mechanisms - most of HMAC work is done in here.
52 // It should work with any hash function e.g. MD5 for HMACMD5 (RFC2104)
53 internal class HMACAlgorithm {
57 private HashAlgorithm algo;
58 private string hashName;
59 private BlockProcessor block;
61 public HMACAlgorithm (string algoName)
63 CreateHash (algoName);
71 private void CreateHash (string algoName)
73 algo = HashAlgorithm.Create (algoName);
75 block = new BlockProcessor (algo, 8);
78 public void Dispose ()
81 Array.Clear (key, 0, key.Length);
84 public HashAlgorithm Algo {
88 public string HashName {
89 get { return hashName; }
90 set { CreateHash (value); }
96 if ((value != null) && (value.Length > 64))
97 key = algo.ComputeHash (value);
99 key = (byte[]) value.Clone();
103 public void Initialize ()
107 byte[] buf = KeySetup (key, 0x36);
111 Array.Clear (buf, 0, buf.Length);
114 private byte[] KeySetup (byte[] key, byte padding)
116 byte[] buf = new byte [64];
118 for (int i = 0; i < key.Length; ++i)
119 buf [i] = (byte) ((byte) key [i] ^ padding);
121 for (int i = key.Length; i < 64; ++i)
127 public void Core (byte[] rgb, int ib, int cb)
129 block.Core (rgb, ib, cb);
132 public byte[] Final ()
135 byte[] intermediate = algo.Hash;
137 byte[] buf = KeySetup (key, 0x5C);
139 algo.TransformBlock (buf, 0, buf.Length, buf, 0);
140 algo.TransformFinalBlock (intermediate, 0, intermediate.Length);
143 // zeroize sensitive data
144 Array.Clear (buf, 0, buf.Length);
145 Array.Clear (intermediate, 0, intermediate.Length);