forked from psanford/emacs-oauth
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhmac-sha1.el
103 lines (87 loc) · 4.22 KB
/
hmac-sha1.el
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
;;; Return an HMAC-SHA1 authentication code for KEY and MESSAGE.
;;;
;;; KEY and MESSAGE must be unibyte strings. The result is a unibyte
;;; string. Use the function `encode-hex-string' or the function
;;; `base64-encode-string' to produce human-readable output.
;;;
;;; See URL:<http://en.wikipedia.org/wiki/HMAC> for more information
;;; on the HMAC-SHA1 algorithm.
;;;
;;; The Emacs multibyte representation actually uses a series of
;;; 8-bit values under the hood, so we could have allowed multibyte
;;; strings as arguments. However, internal 8-bit values don't
;;; correspond to any external representation \(at least for major
;;; version 22). This makes multibyte strings useless for generating
;;; hashes.
;;;
;;; Instead, callers must explicitly pick and use an encoding for
;;; their multibyte data. Most callers will want to use UTF-8
;;; encoding, which we can generate as follows:
;;;
;;; (let ((unibyte-key (encode-coding-string key 'utf-8 t))
;;; (unibyte-value (encode-coding-string value 'utf-8 t)))
;;; (hmac-sha1 unibyte-key unibyte-value))
;;;
;;; For keys and values that are already unibyte, the
;;; `encode-coding-string' calls just return the same string.
;;;
;;; Author: Derek Upham - sand (at) blarg.net
;;;
;;; Copyright: This code is in the public domain.
(require 'sha1)
(defun hmac-sha1 (key message)
"Return an HMAC-SHA1 authentication code for KEY and MESSAGE.
KEY and MESSAGE must be unibyte strings. The result is a unibyte
string. Use the function `encode-hex-string' or the function
`base64-encode-string' to produce human-readable output.
See URL:<http://en.wikipedia.org/wiki/HMAC> for more information
on the HMAC-SHA1 algorithm.
The Emacs multibyte representation actually uses a series of
8-bit values under the hood, so we could have allowed multibyte
strings as arguments. However, internal 8-bit values don't
correspond to any external representation \(at least for major
version 22). This makes multibyte strings useless for generating
hashes.
Instead, callers must explicitly pick and use an encoding for
their multibyte data. Most callers will want to use UTF-8
encoding, which we can generate as follows:
(let ((unibyte-key (encode-coding-string key 'utf-8 t))
(unibyte-value (encode-coding-string value 'utf-8 t)))
(hmac-sha1 unibyte-key unibyte-value))
For keys and values that are already unibyte, the
`encode-coding-string' calls just return the same string."
(when (multibyte-string-p key)
(error "key %s must be unibyte" key))
(when (multibyte-string-p message)
(error "message %s must be unibyte" message))
;; The key block is always exactly the block size of the hash
;; algorithm. If the key is too small, we pad it with zeroes (or
;; instead, we initialize the key block with zeroes and copy the
;; key onto the nulls). If the key is too large, we run it
;; through the hash algorithm and use the hashed value (strange
;; but true).
(let ((+hmac-sha1-block-size-bytes+ 64)) ; SHA-1 uses 512-bit blocks
(when (< +hmac-sha1-block-size-bytes+ (length key))
(setq key (sha1 key nil nil t)))
(let ((key-block (make-vector +hmac-sha1-block-size-bytes+ 0)))
(dotimes (i (length key))
(aset key-block i (aref key i)))
(let ((opad (make-vector +hmac-sha1-block-size-bytes+ #x5c))
(ipad (make-vector +hmac-sha1-block-size-bytes+ #x36)))
(dotimes (i +hmac-sha1-block-size-bytes+)
(aset ipad i (logxor (aref ipad i) (aref key-block i)))
(aset opad i (logxor (aref opad i) (aref key-block i))))
(when (fboundp 'unibyte-string)
;; `concat' of Emacs23 (and later?) generates a multi-byte
;; string from a vector of characters with eight bit.
;; Since `opad' and `ipad' must be unibyte, we have to
;; convert them by using `unibyte-string'.
;; We cannot use `string-as-unibyte' here because it encodes
;; bytes with the manner of UTF-8.
(setq opad (apply 'unibyte-string (mapcar 'identity opad)))
(setq ipad (apply 'unibyte-string (mapcar 'identity ipad))))
(sha1 (concat opad
(sha1 (concat ipad message)
nil nil t))
nil nil t)))))
(provide 'hmac-sha1)