Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add multiple strings to hmac-sha1 and get digest #66

Closed
objmagic opened this issue May 23, 2015 · 5 comments
Closed

add multiple strings to hmac-sha1 and get digest #66

objmagic opened this issue May 23, 2015 · 5 comments

Comments

@objmagic
Copy link

Hi,

I am writing an OAuth module that can work on both Unix and Mirage (Xen). I need to generate random bytes and do HMAC_SHA1

For Unix, I use Cryptokit
The code is here:

module HMAC_SHA1_unix : Oauth.HMAC_SHA1 = struct
  open Cryptokit

  type t = Cryptokit.hash

  let init = MAC.hmac_sha1

  let add_string hash s = hash#add_string s; hash

  let result hash = hash#result
end

However, for Mirage, I read the API doc of nocrypto and I am not sure if there is an equivalent function to perform hash#add_string as in Cryptokit.

Is it possible to initialize a hmac_sha1 box with a key and keep adding strings one at a time until I want to get the digest?

Thank you
@objmagic
Copy link
Author

Seems that the only solution is to keep an internal buffer. add_string stores the incoming string into this buffer. result call nocrypto's hmac with a key

@pqwy
Copy link
Contributor

pqwy commented May 27, 2015

So... if there is one design principle behind nocrypto, it would be to get rid of cryptokit's API because I found it unpleasant to work with. Expect unbounded problems while trying to write code that works with both.

Why are you not using nocrypto on Unix, too?

@objmagic
Copy link
Author

I decide to use nocrypto only for my project. Thanks a lot.

and, is my idea of using internal buffer OK?

@pqwy
Copy link
Contributor

pqwy commented May 28, 2015

I didn't mean to push nocrypto on you or anything. It's just... if it fits your bill, why use two libraries for the same thing? 😄

As for the buffer, looks ok. I would bypass several copies just on principle and do something more like this:

let cs_of_strings ss =
  let res = Cstruct.create (List.fold_left (fun a s -> a + String.length s) 0 ss) in
  List.fold_left (fun i s ->
      let n = String.length s in Cstruct.blit_from_string s 0 res i n ; i + n)
    0 ss ;
  res

... and then use a string list ref where you use the buffer and finish it off with converting and computing a MAC in a single go. But it's more-less equivalent.

Then again, looking at how you use incremental hashing, I think it could be made simpler still:

let hmacv ~key ss = Hash.SHA1.hmac ~key (cs_of_strings ss)

With this, you can just massage the parts of the string you are trying to hash over into a list and MAC it in a single go, essentially replacing your |+ with :: and @ and prepending hmacv to the expression. It would get rid of some code and give it a simpler touch. There is a bit of tension between your code being string-centric and nocrypto being cstruct-centric, but nothing too bad.

@pqwy pqwy closed this as completed May 28, 2015
@objmagic
Copy link
Author

Thanks for you advice. I don't want to use two crypto libraries either and I really want to use one if possible... :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pqwy @objmagic