diff options
Diffstat (limited to 'src/crypto/hmac')
| -rw-r--r-- | src/crypto/hmac/hmac.go | 9 | ||||
| -rw-r--r-- | src/crypto/hmac/hmac_test.go | 62 |
2 files changed, 71 insertions, 0 deletions
diff --git a/src/crypto/hmac/hmac.go b/src/crypto/hmac/hmac.go index a6ba71c275..2c4fc2db91 100644 --- a/src/crypto/hmac/hmac.go +++ b/src/crypto/hmac/hmac.go @@ -26,6 +26,8 @@ import ( "hash" ) +import "crypto/internal/boring" + // FIPS 198-1: // https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf @@ -124,6 +126,13 @@ func (h *hmac) Reset() { // the returned Hash does not implement encoding.BinaryMarshaler // or encoding.BinaryUnmarshaler. func New(h func() hash.Hash, key []byte) hash.Hash { + if boring.Enabled { + hm := boring.NewHMAC(h, key) + if hm != nil { + return hm + } + // BoringCrypto did not recognize h, so fall through to standard Go code. + } hm := new(hmac) hm.outer = h() hm.inner = h() diff --git a/src/crypto/hmac/hmac_test.go b/src/crypto/hmac/hmac_test.go index 453bfb3b7f..7be8b1bbcf 100644 --- a/src/crypto/hmac/hmac_test.go +++ b/src/crypto/hmac/hmac_test.go @@ -5,6 +5,7 @@ package hmac import ( + "bytes" "crypto/md5" "crypto/sha1" "crypto/sha256" @@ -518,6 +519,31 @@ var hmacTests = []hmacTest{ sha512.Size, sha512.BlockSize, }, + // HMAC without key is dumb but should probably not fail. + { + sha1.New, + []byte{}, + []byte("message"), + "d5d1ed05121417247616cfc8378f360a39da7cfa", + sha1.Size, + sha1.BlockSize, + }, + { + sha256.New, + []byte{}, + []byte("message"), + "eb08c1f56d5ddee07f7bdf80468083da06b64cf4fac64fe3a90883df5feacae4", + sha256.Size, + sha256.BlockSize, + }, + { + sha512.New, + []byte{}, + []byte("message"), + "08fce52f6395d59c2a3fb8abb281d74ad6f112b9a9c787bcea290d94dadbc82b2ca3e5e12bf2277c7fedbb0154d5493e41bb7459f63c8e39554ea3651b812492", + sha512.Size, + sha512.BlockSize, + }, } func TestHMAC(t *testing.T) { @@ -580,6 +606,42 @@ func TestEqual(t *testing.T) { } } +func TestWriteAfterSum(t *testing.T) { + h := New(sha1.New, nil) + h.Write([]byte("hello")) + sumHello := h.Sum(nil) + + h = New(sha1.New, nil) + h.Write([]byte("hello world")) + sumHelloWorld := h.Sum(nil) + + // Test that Sum has no effect on future Sum or Write operations. + // This is a bit unusual as far as usage, but it's allowed + // by the definition of Go hash.Hash, and some clients expect it to work. + h = New(sha1.New, nil) + h.Write([]byte("hello")) + if sum := h.Sum(nil); !bytes.Equal(sum, sumHello) { + t.Fatalf("1st Sum after hello = %x, want %x", sum, sumHello) + } + if sum := h.Sum(nil); !bytes.Equal(sum, sumHello) { + t.Fatalf("2nd Sum after hello = %x, want %x", sum, sumHello) + } + + h.Write([]byte(" world")) + if sum := h.Sum(nil); !bytes.Equal(sum, sumHelloWorld) { + t.Fatalf("1st Sum after hello world = %x, want %x", sum, sumHelloWorld) + } + if sum := h.Sum(nil); !bytes.Equal(sum, sumHelloWorld) { + t.Fatalf("2nd Sum after hello world = %x, want %x", sum, sumHelloWorld) + } + + h.Reset() + h.Write([]byte("hello")) + if sum := h.Sum(nil); !bytes.Equal(sum, sumHello) { + t.Fatalf("Sum after Reset + hello = %x, want %x", sum, sumHello) + } +} + func BenchmarkHMACSHA256_1K(b *testing.B) { key := make([]byte, 32) buf := make([]byte, 1024) |