Updates regarding moving to source.pztrn.name and dependencies bundling with golang/dep.
This commit is contained in:
		
							
								
								
									
										58
									
								
								vendor/golang.org/x/crypto/nacl/auth/auth.go
									
									
									
										generated
									
									
										vendored
									
									
										Normal file
									
								
							
							
						
						
									
										58
									
								
								vendor/golang.org/x/crypto/nacl/auth/auth.go
									
									
									
										generated
									
									
										vendored
									
									
										Normal file
									
								
							| @@ -0,0 +1,58 @@ | ||||
| // Copyright 2017 The Go Authors. All rights reserved. | ||||
| // Use of this source code is governed by a BSD-style | ||||
| // license that can be found in the LICENSE file. | ||||
|  | ||||
| /* | ||||
| Package auth authenticates a message using a secret key. | ||||
|  | ||||
| The Sum function, viewed as a function of the message for a uniform random | ||||
| key, is designed to meet the standard notion of unforgeability. This means | ||||
| that an attacker cannot find authenticators for any messages not authenticated | ||||
| by the sender, even if the attacker has adaptively influenced the messages | ||||
| authenticated by the sender. For a formal definition see, e.g., Section 2.4 | ||||
| of Bellare, Kilian, and Rogaway, "The security of the cipher block chaining | ||||
| message authentication code," Journal of Computer and System Sciences 61 (2000), | ||||
| 362–399; http://www-cse.ucsd.edu/~mihir/papers/cbc.html. | ||||
|  | ||||
| auth does not make any promises regarding "strong" unforgeability; perhaps | ||||
| one valid authenticator can be converted into another valid authenticator for | ||||
| the same message. NaCl also does not make any promises regarding "truncated | ||||
| unforgeability." | ||||
|  | ||||
| This package is interoperable with NaCl: https://nacl.cr.yp.to/auth.html. | ||||
| */ | ||||
| package auth | ||||
|  | ||||
| import ( | ||||
| 	"crypto/hmac" | ||||
| 	"crypto/sha512" | ||||
| ) | ||||
|  | ||||
| const ( | ||||
| 	// Size is the size, in bytes, of an authenticated digest. | ||||
| 	Size = 32 | ||||
| 	// KeySize is the size, in bytes, of an authentication key. | ||||
| 	KeySize = 32 | ||||
| ) | ||||
|  | ||||
| // Sum generates an authenticator for m using a secret key and returns the | ||||
| // 32-byte digest. | ||||
| func Sum(m []byte, key *[KeySize]byte) *[Size]byte { | ||||
| 	mac := hmac.New(sha512.New, key[:]) | ||||
| 	mac.Write(m) | ||||
| 	out := new([KeySize]byte) | ||||
| 	copy(out[:], mac.Sum(nil)[:Size]) | ||||
| 	return out | ||||
| } | ||||
|  | ||||
| // Verify checks that digest is a valid authenticator of message m under the | ||||
| // given secret key. Verify does not leak timing information. | ||||
| func Verify(digest []byte, m []byte, key *[KeySize]byte) bool { | ||||
| 	if len(digest) != Size { | ||||
| 		return false | ||||
| 	} | ||||
| 	mac := hmac.New(sha512.New, key[:]) | ||||
| 	mac.Write(m) | ||||
| 	expectedMAC := mac.Sum(nil) // first 256 bits of 512-bit sum | ||||
| 	return hmac.Equal(digest, expectedMAC[:Size]) | ||||
| } | ||||
		Reference in New Issue
	
	Block a user