From d5925fd52258bfdaddd434e8c610cdcb0a16a0cd Mon Sep 17 00:00:00 2001 From: Jon Bonazza Date: Sat, 14 Nov 2020 04:42:47 -0800 Subject: feat: HMAC support in Crypto APIs --- doc/classes/Crypto.xml | 26 ++++++++++++++ doc/classes/HMACContext.xml | 88 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 114 insertions(+) create mode 100644 doc/classes/HMACContext.xml (limited to 'doc/classes') diff --git a/doc/classes/Crypto.xml b/doc/classes/Crypto.xml index b3bbbae94f..1f6cb40cde 100644 --- a/doc/classes/Crypto.xml +++ b/doc/classes/Crypto.xml @@ -73,6 +73,18 @@ + + + + + + + + + Compares two [PackedByteArray]s for equality without leaking timing information in order to prevent timing attacks. + See [url=https://paragonie.com/blog/2015/11/preventing-timing-attacks-on-string-comparison-with-double-hmac-strategy]this blog post[/url] for more information. + + @@ -147,6 +159,20 @@ [/codeblocks] + + + + + + + + + + + Generates an [url=https://en.wikipedia.org/wiki/HMAC]HMAC[/url] digest of [code]msg[/code] using [code]key[/code]. The [code]hash_type[/code] parameter is the hashing algorithm that is used for the inner and outer hashes. + Currently, only [constant HashingContext.HASH_SHA256] and [constant HashingContext.HASH_SHA1] are supported. + + diff --git a/doc/classes/HMACContext.xml b/doc/classes/HMACContext.xml new file mode 100644 index 0000000000..00d528ef8f --- /dev/null +++ b/doc/classes/HMACContext.xml @@ -0,0 +1,88 @@ + + + + Used to create an HMAC for a message using a key. + + + The HMACContext class is useful for advanced HMAC use cases, such as streaming the message as it supports creating the message over time rather than providing it all at once. + [codeblocks] + [gdscript] + extends Node + var ctx = HMACContext.new() + + func _ready(): + var key = "supersecret".to_utf8() + var err = ctx.start(HashingContext.HASH_SHA256, key) + assert(err == OK) + var msg1 = "this is ".to_utf8() + var msg2 = "vewy vewy secret".to_utf8() + err = ctx.update(msg1) + assert(err == OK) + err = ctx.update(msg2) + assert(err == OK) + var hmac = ctx.finish() + print(hmac.hex_encode()) + + [/gdscript] + [csharp] + using Godot; + using System; + using System.Diagnostics; + + public class CryptoNode : Node + { + private HMACContext ctx = new HMACContext(); + public override void _Ready() + { + PackedByteArray key = String("supersecret").to_utf8(); + Error err = ctx.Start(HashingContext.HASH_SHA256, key); + GD.Assert(err == OK); + PackedByteArray msg1 = String("this is ").to_utf8(); + PackedByteArray msg2 = String("vewy vew secret").to_utf8(); + err = ctx.Update(msg1); + GD.Assert(err == OK); + err = ctx.Update(msg2); + GD.Assert(err == OK); + PackedByteArray hmac = ctx.Finish(); + GD.Print(hmac.HexEncode()); + } + } + + [/csharp] + [/codeblocks] + [b]Note:[/b] Not available in HTML5 exports. + + + + + + + + + Returns the resulting HMAC. If the HMAC failed, an empty [PackedByteArray] is returned. + + + + + + + + + + + Initializes the HMACContext. This method cannot be called again on the same HMACContext until [method finish] has been called. + + + + + + + + + Updates the message to be HMACed. This can be called multiple times before [method finish] is called to append [code]data[/code] to the message, but cannot be called until [method start] has been called. + + + + + + -- cgit v1.2.3