1. OpenSSL::
  2. HMAC

class OpenSSL::HMAC

OpenSSL::HMAC allows computing Hash-based Message Authentication Code (HMAC). It is a type of message authentication code (MAC) involving a hash function in combination with a key.HMAC can be used to verify the integrity of a message as well as the authenticity.

OpenSSL::HMAC has a similar interface toOpenSSL::Digest.

HMAC-SHA256 using one-shot interface

key ="key"data ="message-to-be-authenticated"mac =OpenSSL::HMAC.hexdigest("SHA256",key,data)#=> "cddb0db23f469c8bf072b21fd837149bd6ace9ab771cceef14c9e517cc93282e"

HMAC-SHA256 using incremental interface

data1 =File.binread("file1")data2 =File.binread("file2")key ="key"hmac =OpenSSL::HMAC.new(key,'SHA256')hmac<<data1hmac<<data2mac =hmac.digest

Public Class Methods

Source
# File ext/openssl/lib/openssl/hmac.rb, line 73defbase64digest(digest,key,data)  [digest(digest,key,data)].pack("m0")end

Returns the authentication code as a Base64-encoded string. Thedigest parameter specifies the digest algorithm to use. This may be aString representing the algorithm name or an instance ofOpenSSL::Digest.

Example

key ='key'data ='The quick brown fox jumps over the lazy dog'hmac =OpenSSL::HMAC.base64digest('SHA1',key,data)#=> "3nybhbi3iqa8ino29wqQcBydtNk="
Source
# File ext/openssl/lib/openssl/hmac.rb, line 35defdigest(digest,key,data)hmac =new(key,digest)hmac<<datahmac.digestend

Returns the authentication code as a binary string. Thedigest parameter specifies the digest algorithm to use. This may be aString representing the algorithm name or an instance ofOpenSSL::Digest.

Example

key ='key'data ='The quick brown fox jumps over the lazy dog'hmac =OpenSSL::HMAC.digest('SHA1',key,data)#=> "\xDE|\x9B\x85\xB8\xB7\x8A\xA6\xBC\x8Az6\xF7\n\x90p\x1C\x9D\xB4\xD9"
Source
# File ext/openssl/lib/openssl/hmac.rb, line 54defhexdigest(digest,key,data)hmac =new(key,digest)hmac<<datahmac.hexdigestend

Returns the authentication code as a hex-encoded string. Thedigest parameter specifies the digest algorithm to use. This may be aString representing the algorithm name or an instance ofOpenSSL::Digest.

Example

key ='key'data ='The quick brown fox jumps over the lazy dog'hmac =OpenSSL::HMAC.hexdigest('SHA1',key,data)#=> "de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9"
Source
static VALUEossl_hmac_initialize(VALUE self, VALUE key, VALUE digest){    EVP_MD_CTX *ctx;    EVP_PKEY *pkey;    const EVP_MD *md;    VALUE md_holder;    GetHMAC(self, ctx);    StringValue(key);    md = ossl_evp_md_fetch(digest, &md_holder);    pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC, NULL,                                        (unsigned char *)RSTRING_PTR(key),                                        RSTRING_LENINT(key));    if (!pkey)        ossl_raise(eHMACError, "EVP_PKEY_new_raw_private_key");    if (EVP_DigestSignInit(ctx, NULL, md, NULL, pkey) != 1) {        EVP_PKEY_free(pkey);        ossl_raise(eHMACError, "EVP_DigestSignInit");    }    rb_ivar_set(self, id_md_holder, md_holder);    /* Decrement reference counter; EVP_MD_CTX still keeps it */    EVP_PKEY_free(pkey);    return self;}

Returns an instance ofOpenSSL::HMAC set with the key and digest algorithm to be used. The instance represents the initial state of the message authentication code before any data has been processed. To process data with it, use the instance methodupdate with your data as an argument.

Example

key ='key'instance =OpenSSL::HMAC.new(key,'SHA1')#=> f42bb0eeb018ebbd4597ae7213711ec60760843finstance.class#=> OpenSSL::HMAC

A note about comparisons

Two instances can be securely compared with== in constant time:

other_instance =OpenSSL::HMAC.new('key','SHA1')#=> f42bb0eeb018ebbd4597ae7213711ec60760843finstance==other_instance#=> true

Public Instance Methods

Alias for:update
Source
# File ext/openssl/lib/openssl/hmac.rb, line 6def==(other)returnfalseunlessHMAC===otherreturnfalseunlessself.digest.bytesize==other.digest.bytesizeOpenSSL.fixed_length_secure_compare(self.digest,other.digest)end

Securely compare with anotherHMAC instance in constant time.

Source
# File ext/openssl/lib/openssl/hmac.rb, line 17defbase64digest  [digest].pack("m0")end

Returns the authentication code an a Base64-encoded string.

Source
static VALUEossl_hmac_digest(VALUE self){    EVP_MD_CTX *ctx;    size_t buf_len = EVP_MAX_MD_SIZE;    VALUE ret;    GetHMAC(self, ctx);    ret = rb_str_new(NULL, EVP_MAX_MD_SIZE);    if (EVP_DigestSignFinal(ctx, (unsigned char *)RSTRING_PTR(ret),                            &buf_len) != 1)        ossl_raise(eHMACError, "EVP_DigestSignFinal");    rb_str_set_len(ret, (long)buf_len);    return ret;}

Returns the authentication code an instance represents as a binary string.

Example

instance =OpenSSL::HMAC.new('key','SHA1')#=> f42bb0eeb018ebbd4597ae7213711ec60760843finstance.digest#=> "\xF4+\xB0\xEE\xB0\x18\xEB\xBDE\x97\xAEr\x13q\x1E\xC6\a`\x84?"
Source
static VALUEossl_hmac_hexdigest(VALUE self){    EVP_MD_CTX *ctx;    unsigned char buf[EVP_MAX_MD_SIZE];    size_t buf_len = EVP_MAX_MD_SIZE;    VALUE ret;    GetHMAC(self, ctx);    if (EVP_DigestSignFinal(ctx, buf, &buf_len) != 1)        ossl_raise(eHMACError, "EVP_DigestSignFinal");    ret = rb_str_new(NULL, buf_len * 2);    ossl_bin2hex(buf, RSTRING_PTR(ret), buf_len);    return ret;}

Returns the authentication code an instance represents as a hex-encoded string.

Also aliased as:inspect,to_s
Alias for:hexdigest
Source
static VALUEossl_hmac_reset(VALUE self){    EVP_MD_CTX *ctx;    EVP_PKEY *pkey;    GetHMAC(self, ctx);    pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_get_pkey_ctx(ctx));    if (EVP_DigestSignInit(ctx, NULL, EVP_MD_CTX_get0_md(ctx), NULL, pkey) != 1)        ossl_raise(eHMACError, "EVP_DigestSignInit");    return self;}

Returnshmac as it was when it was first initialized, with all processed data cleared from it.

Example

data ="The quick brown fox jumps over the lazy dog"instance =OpenSSL::HMAC.new('key','SHA1')#=> f42bb0eeb018ebbd4597ae7213711ec60760843finstance.update(data)#=> de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9instance.reset#=> f42bb0eeb018ebbd4597ae7213711ec60760843f
Alias for:hexdigest
Source
static VALUEossl_hmac_update(VALUE self, VALUE data){    EVP_MD_CTX *ctx;    StringValue(data);    GetHMAC(self, ctx);    if (EVP_DigestSignUpdate(ctx, RSTRING_PTR(data), RSTRING_LEN(data)) != 1)        ossl_raise(eHMACError, "EVP_DigestSignUpdate");    return self;}

Returnshmac updated with the message to be authenticated. Can be called repeatedly with chunks of the message.

Example

first_chunk ='The quick brown fox jumps 'second_chunk ='over the lazy dog'instance.update(first_chunk)#=> 5b9a8038a65d571076d97fe783989e52278a492ainstance.update(second_chunk)#=> de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9
Also aliased as:<<