Merge pull request #2 from guzba/ryan

guzba · web-flow · commit 4a89ce8a9d17 · 2023-01-12T21:41:38.000-06:00
add hmac-sha256 and pbkdf2
diff --git a/crunchy.nimble b/crunchy.nimble
@@ -1,4 +1,4 @@
-version     = "0.1.1"
+version     = "0.1.2"
 author      = "Ryan Oldenburg"
 description = "SIMD-optimized hashing, checksums and CRCs"
 license     = "MIT"
diff --git a/src/crunchy/sha256.nim b/src/crunchy/sha256.nim
@@ -134,6 +134,83 @@ proc sha256*(data: openarray[byte]): array[32, uint8] {.inline.} =
 proc sha256*(data: string): array[32, uint8] {.inline.} =
   sha256(data.cstring, data.len)
 
+proc hmacSha256*(key, data: openarray[uint8]): array[32, uint8] =
+  const
+    blockSize = 64
+    ipad = 0x36
+    opad = 0x5c
+
+  var blockSizeKey: array[blockSize, uint8]
+  if key.len > blockSize:
+    let hash = sha256(key)
+    copyMem(blockSizeKey[0].addr, hash[0].unsafeAddr, hash.len)
+  else:
+    copyMem(blockSizeKey[0].addr, key[0].unsafeAddr, key.len)
+
+  proc applyXor(s: array[64, uint8], value: uint8): array[64, uint8] =
+    result = s
+    for c in result.mitems:
+      c = (c xor value)
+
+  let ipadXor = applyXor(blockSizeKey, ipad)
+
+  let h1 =
+    if data.len > 0:
+      var s = newString(ipadXor.len + data.len)
+      copyMem(s[0].addr, ipadXor[0].unsafeAddr, ipadXor.len)
+      copyMem(s[ipadXor.len].addr, data[0].unsafeAddr, data.len)
+      sha256(s)
+    else:
+      sha256(ipadXor)
+
+  let opadXor = applyXor(blockSizeKey, opad)
+
+  var s2 = newString(opadXor.len + 32)
+  copyMem(s2[0].addr, opadXor[0].unsafeAddr, opadXor.len)
+  copyMem(s2[opadXor.len].addr, h1[0].unsafeAddr, 32)
+
+  sha256(s2)
+
+proc hmacSha256*(
+  key, data: string
+): array[32, uint8] {.inline.} =
+  hmacSha256(
+    key.toOpenArrayByte(0, key.high),
+    data.toOpenArrayByte(0, data.high)
+  )
+
+proc hmacSha256*(
+  key: string,
+  data: openarray[byte]
+): array[32, uint8] {.inline.} =
+  hmacSha256(
+    key.toOpenArrayByte(0, key.high),
+    data
+  )
+
+proc hmacSha256*(
+  key: openarray[byte],
+  data: string
+): array[32, uint8] {.inline.} =
+  hmacSha256(
+    key,
+    data.toOpenArrayByte(0, data.high)
+  )
+
+proc pbkdf2*(password, salt: string, iterations: int): array[32, uint8] =
+  ## PBKDF2-HMAC-SHA256
+
+  result = hmacSha256(password, salt & "\0\0\0\1")
+
+  var
+    buf1 = result
+    buf2: array[32, uint8]
+  for _ in 1 ..< iterations:
+    swap(buf1, buf2)
+    buf1 = hmacSha256(password, buf2)
+    for i in 0 ..< 32:
+      result[i] = result[i] xor buf1[i]
+
 proc toHex*(a: array[32, uint8]): string =
   result = newStringOfCap(64)
   for i in 0 ..< a.len:
diff --git a/tests/test_sha256.nim b/tests/test_sha256.nim
@@ -25,3 +25,36 @@ const sha256Tests = [
 
 for (a, b) in sha256Tests:
   doAssert sha256(a).toHex() == b
+
+const hmacSha256Tests = [
+  (
+    "abc",
+    "def",
+    "20ebc0f09344470134f35040f63ea98b1d8e414212949ee5c500429d15eab081"
+  ),
+  (
+    "asdf3q5q23rfasf3a",
+    "dfasdfasfd3qr3fqfaefa3fa3rfasadfasfdasdfasdfasdfasfdasd",
+    "a1629e21b02776e7eacef6f615165d08894963a12dfbd304a47e7a8aff0a2dc5"
+  ),
+  (
+    "awjieops;oi4etaawjieops;oi4etaawjieops;oi4etaawjieops;oi4etaawjieops;oi4",
+    "p890y6t3q9ah2pqh8t6q3pth8qa3whu",
+    "a1b7d6b597ae74f950dad4eb4dc1700420281b186abfaa321f728f38d675b099"
+  )
+]
+
+for (a, b, c) in hmacSha256Tests:
+  doAssert hmacSha256(a, b).toHex() == c
+
+const pbkdf2Tests = [
+  (
+    "password",
+    "salt",
+    30000,
+    "76639c203f99c73c1151d8dee2ca9d5055c932a2b0a4708c10dc21b60c921ca7"
+  )
+]
+
+for (a, b, c, d) in pbkdf2Tests:
+  doAssert pbkdf2(a, b, c).toHex() == d

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-version = "0.1.1"`
	`1`	`+version = "0.1.2"`
`2`	`2`	`author = "Ryan Oldenburg"`
`3`	`3`	`description = "SIMD-optimized hashing, checksums and CRCs"`
`4`	`4`	`license = "MIT"`