nodejs · tniessen · Aug 12, 2019 · Aug 11, 2019 · Aug 11, 2019
diff --git a/lib/algorithms.js b/lib/algorithms.js
@@ -2,6 +2,7 @@
 
 const { AES_CTR, AES_CBC, AES_GCM, AES_KW } = require('./algorithms/aes');
 const { HKDF } = require('./algorithms/hkdf');
+const { HMAC } = require('./algorithms/hmac');
 const { PBKDF2 } = require('./algorithms/pbkdf2');
 const { SHA_1, SHA_256, SHA_384, SHA_512 } = require('./algorithms/sha');
 const { NotSupportedError } = require('./errors');
@@ -14,6 +15,8 @@ const algorithms = [
 
   HKDF,
 
+  HMAC,
+
   PBKDF2,
 
   SHA_1,
@@ -46,7 +49,8 @@ const supportedAlgorithms = objectFromArray([
   'get key length',
 
   // The following APIs are for internal use only.
-  'get hash function'
+  'get hash function',
+  'get hash block size'
 ], (opsByName, op) => {
   opsByName[op] = objectFromArray(algorithms, (algsByName, alg) => {
     if (typeof alg[op] === 'function')

diff --git a/lib/algorithms/hmac.js b/lib/algorithms/hmac.js
@@ -0,0 +1,95 @@
+'use strict';
+
+const {
+  createHmac,
+  randomBytes: randomBytesCallback,
+  timingSafeEqual
+} = require('crypto');
+const { promisify } = require('util');
+
+const algorithms = require('../algorithms');
+const { DataError, NotSupportedError } = require('../errors');
+const { kKeyMaterial, CryptoKey } = require('../key');
+const {
+  limitUsages,
+  opensslHashFunctionName,
+  getHashBlockSize
+} = require('../util');
+
+const randomBytes = promisify(randomBytesCallback);
+
+module.exports.HMAC = {
+  name: 'HMAC',
+
+  sign(algorithm, key, data) {
+    const hashFn = opensslHashFunctionName(key.algorithm.hash);
+    return createHmac(hashFn, key[kKeyMaterial]).update(data).digest();
+  },
+
+  verify(algorithm, key, signature, data) {
+    return timingSafeEqual(this.sign(algorithm, key, data), signature);
+  },
+
+  async generateKey(algorithm, extractable, usages) {
+    let { length } = algorithm;
+
+    limitUsages(usages, ['sign', 'verify']);
+
+    const hashAlg = {
+      name: algorithms.getAlgorithm(algorithm.hash, 'digest').name
+    };
+
+    if (length === undefined)
+      length = getHashBlockSize(hashAlg.name);
+    else if (length === 0)
+      throw new DataError();
+
+    const bits = await randomBytes(length >> 3);
+
+    return new CryptoKey('secret', {
+      name: this.name,
+      hash: hashAlg,
+      length
+    }, extractable, usages, bits);
+  },
+
+  importKey(keyFormat, keyData, params, extractable, keyUsages) {
+    if (keyFormat !== 'raw')
+      throw new NotSupportedError();
+
+    let { length } = params;
+
+    limitUsages(keyUsages, ['sign', 'verify']);
+
+    const hashAlg = {
+      name: algorithms.getAlgorithm(params.hash, 'digest').name
+    };
+
+    const data = Buffer.from(keyData);
+    if (data.length === 0)
+      throw new DataError();
+
+    const dataLength = data.length << 3;
+    if (length === undefined) {
+      length = dataLength;
+    } else if (length > dataLength || length <= dataLength - 8) {
+      throw new DataError();
+    }
+
+    const alg = {
+      name: this.name,
+      hash: hashAlg,
+      length
+    };
+
+    return new CryptoKey('secret', alg, extractable, keyUsages, data);
+  },
+
+  exportKey(format, key) {
+    if (format !== 'raw')
+      throw new NotSupportedError();
+
+    const bits = key[kKeyMaterial];
+    return Buffer.from(bits);
+  }
+};
diff --git a/lib/algorithms/sha.js b/lib/algorithms/sha.js
@@ -2,7 +2,7 @@
 
 const { createHash } = require('crypto');
 
-function implement(name, opensslName) {
+function implement(name, opensslName, blockSize) {
   return {
     name,
 
@@ -12,11 +12,15 @@ function implement(name, opensslName) {
 
     'get hash function'() {
       return opensslName;
+    },
+
+    'get hash block size'() {
+      return blockSize;
     }
   };
 }
 
-module.exports.SHA_1 = implement('SHA-1', 'sha1');
-module.exports.SHA_256 = implement('SHA-256', 'sha256');
-module.exports.SHA_384 = implement('SHA-384', 'sha384');
-module.exports.SHA_512 = implement('SHA-512', 'sha512');
+module.exports.SHA_1 = implement('SHA-1', 'sha1', 512);
+module.exports.SHA_256 = implement('SHA-256', 'sha256', 512);
+module.exports.SHA_384 = implement('SHA-384', 'sha384', 1024);
+module.exports.SHA_512 = implement('SHA-512', 'sha512', 1024);
diff --git a/lib/util.js b/lib/util.js
@@ -10,14 +10,16 @@ module.exports.toBuffer = (source) => {
   }
 };
 
-module.exports.opensslHashFunctionName = (algorithm) => {
-  const op = 'get hash function';
-  return algorithms.getAlgorithm(algorithm, op)[op]();
-};
+function callOp(op) {
+  return (algorithm) => algorithms.getAlgorithm(algorithm, op)[op]();
+}
+
+module.exports.opensslHashFunctionName = callOp('get hash function');
+module.exports.getHashBlockSize = callOp('get hash block size');
 
-module.exports.limitUsages = (usages, allowed) => {
+module.exports.limitUsages = (usages, allowed, err = SyntaxError) => {
   for (const usage of usages) {
     if (!allowed.includes(usage))
-      throw new SyntaxError();
+      throw new err();
   }
 };
diff --git a/test/algorithms/hmac.js b/test/algorithms/hmac.js
@@ -0,0 +1,66 @@
+'use strict';
+
+const assert = require('assert');
+const { randomBytes } = require('crypto');
+
+const { subtle } = require('../../');
+
+describe('HMAC', () => {
+  it('should generate, import and export keys', async () => {
+    for (const [length, keyLength] of [[undefined, 1024], [3000, 3000]]) {
+      const key = await subtle.generateKey({
+        name: 'HMAC',
+        hash: 'SHA-384',
+        length
+      }, true, ['sign', 'verify']);
+
+      assert.strictEqual(key.type, 'secret');
+      assert.strictEqual(key.algorithm.name, 'HMAC');
+      assert.strictEqual(key.algorithm.length, keyLength);
+      assert.strictEqual(key.algorithm.hash.name, 'SHA-384');
+
+      const expKey = await subtle.exportKey('raw', key);
+      assert(Buffer.isBuffer(expKey));
+      assert.strictEqual(expKey.length, keyLength >> 3);
+
+      const impKey = await subtle.importKey('raw', expKey, {
+        name: 'HMAC',
+        hash: 'SHA-384'
+      }, true, ['verify']);
+
+      assert.deepStrictEqual(await subtle.exportKey('raw', impKey), expKey);
+    }
+  });
+
+  it('should sign and verify data', async () => {
+    const key = await subtle.generateKey({
+      name: 'HMAC',
+      hash: 'SHA-256'
+    }, false, ['sign', 'verify']);
+
+    const data = randomBytes(200);
+    const signature = await subtle.sign('HMAC', key, data);
+
+    const ok = await subtle.verify('HMAC', key, signature, data);
+    assert.strictEqual(ok, true);
+  });
+
+  it('should verify externally signed data', async () => {
+    const keyData = '99fc199e37c3a4ba9b15ba215758e2f55df4debc3f5aeffa45d4cb84' +
+                    '6328b1e297092a076efa70fa414da741d945d2defa9c4c5fa44e5222' +
+                    'e4548c43e7c35e82';
+    const keyBuffer = Buffer.from(keyData, 'hex');
+    const key = await subtle.importKey('raw', keyBuffer, {
+      name: 'HMAC',
+      hash: 'SHA-256'
+    }, false, ['verify']);
+
+    const data = Buffer.from('0a0b0c0d0e0f', 'hex');
+    const signatureData = 'f4c0917359ed070531cc079660b9e88541073c7d31ff417be1' +
+                          'fc6c7d5c5aa94f';
+    const signature = Buffer.from(signatureData, 'hex');
+
+    const ok = await subtle.verify('HMAC', key, signature, data);
+    assert.strictEqual(ok, true);
+  });
+});