class RbNaCl::HMAC::SHA512

Computes an authenticator as HMAC-SHA-512

The authenticator can be used at a later time to verify the provenance of the message by recomputing the HMAC over the message and then comparing it to the provided authenticator. The class provides methods for generating signatures and also has a constant-time implementation for checking them.

This is a secret key authenticator, i.e. anyone who can verify signatures can also create them.

@see nacl.cr.yp.to/auth.html

Public Class Methods

new(key) click to toggle source

Create instance without checking key length

RFC 2104 HMAC The key for HMAC can be of any length.

see tools.ietf.org/html/rfc2104#section-3

# File lib/rbnacl/hmac/sha512.rb, line 43
def initialize(key)
  @key = Util.check_hmac_key(key, "#{self.class} key")
  @state = State.new
  @authenticator = Util.zeros(tag_bytes)

  self.class.auth_hmacsha512_init(@state, key, key.bytesize)
end

Public Instance Methods

digest() click to toggle source

Return the authenticator, as raw bytes

@return [String] The authenticator, as raw bytes

# File lib/rbnacl/hmac/sha512.rb, line 64
def digest
  @authenticator
end
hexdigest() click to toggle source

Return the authenticator, as hex string

@return [String] The authenticator, as hex string

# File lib/rbnacl/hmac/sha512.rb, line 71
def hexdigest
  @authenticator.unpack("H*").last
end
update(message) click to toggle source

Compute authenticator for message

@params [#to_str] message message to construct an authenticator for

# File lib/rbnacl/hmac/sha512.rb, line 54
def update(message)
  self.class.auth_hmacsha512_update(@state, message, message.bytesize)
  self.class.auth_hmacsha512_final(@state.clone, @authenticator)

  hexdigest
end

Private Instance Methods

compute_authenticator(authenticator, message) click to toggle source
# File lib/rbnacl/hmac/sha512.rb, line 77
def compute_authenticator(authenticator, message)
  state = State.new

  self.class.auth_hmacsha512_init(state, key, key.bytesize)
  self.class.auth_hmacsha512_update(state, message, message.bytesize)
  self.class.auth_hmacsha512_final(state, authenticator)
end
verify_message(authenticator, message) click to toggle source

libsodium crypto_auth_hmacsha512_verify works only for 32 byte keys ref: github.com/jedisct1/libsodium/blob/master/src/libsodium/crypto_auth/hmacsha512/auth_hmacsha512.c#L109

# File lib/rbnacl/hmac/sha512.rb, line 87
def verify_message(authenticator, message)
  correct = Util.zeros(BYTES)
  compute_authenticator(correct, message)
  Util.verify64(correct, authenticator)
end