Add HMAC transformer

fixes #11

Author: patrickfav

CHANGELOG

@@ -10,6 +10,7 @@
  * use EMPTY constant instance for empty byte array to safe memory #16
  * add `startsWith()` and `endsWidth()` methods #12
  * add cache for calculating the hashCode
+ * add HMAC byte transformer #11
 
 ## v0.6.0
 

README.md

@@ -245,6 +245,14 @@ can be statically imported for a less verbose syntax:
 import static at.favre.lib.bytes.BytesTransformers.*;
 ```
 
+**HMAC** used to calculate [keyed-hash message authentication code](https://en.wikipedia.org/wiki/HMAC):
+
+```java
+Bytes.wrap(array).transform(hmacSha256(macKey32Byte));
+Bytes.wrap(array).transform(hmacSha1(macKey20Byte));
+Bytes.wrap(array).transform(hmac(macKey20Byte,"HmacMd5"));
+```
+
 **Checksum** can be calculated or automatically appended:
 
 ```java

src/main/java/at/favre/lib/bytes/BytesTransformers.java

@@ -1,5 +1,7 @@
 package at.favre.lib.bytes;
 
+import javax.crypto.Mac;
+import javax.crypto.spec.SecretKeySpec;
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
@@ -113,6 +115,37 @@ public static BytesTransformer decompressGzip() {
         return new GzipCompressor(false);
     }
 
+    /**
+     * Create a {@link BytesTransformer} which returns the HMAC-SHA1 with given key, of the target byte array
+     *
+     * @param key to use for HMAC
+     * @return hmac
+     */
+    public static BytesTransformer hmacSha1(byte[] key) {
+        return new HmacTransformer(key, HmacTransformer.HMAC_SHA1);
+    }
+
+    /**
+     * Create a {@link BytesTransformer} which returns the HMAC-SHA256 with given key, of the target byte array
+     *
+     * @param key to use for HMAC
+     * @return hmac
+     */
+    public static BytesTransformer hmacSha256(byte[] key) {
+        return new HmacTransformer(key, HmacTransformer.HMAC_SHA256);
+    }
+
+    /**
+     * Create a {@link BytesTransformer} which returns the HMAC with given key, algorithm of the target byte array
+     *
+     * @param key           to use for HMAC
+     * @param algorithmName e.g. 'HmacSHA256' - check if the algorithm is supported on your JVM/runtime
+     * @return hmac (length depends on algorithm)
+     */
+    public static BytesTransformer hmac(byte[] key, String algorithmName) {
+        return new HmacTransformer(key, algorithmName);
+    }
+
     /**
      * Shuffles the internal byte array
      */
@@ -303,4 +336,36 @@ public boolean supportInPlaceTransformation() {
             return false;
         }
     }
+
+    /**
+     * HMAC transformer
+     */
+    public static final class HmacTransformer implements BytesTransformer {
+        static final String HMAC_SHA1 = "HmacSHA1";
+        static final String HMAC_SHA256 = "HmacSHA256";
+
+        private final byte[] secretKey;
+        private final String macAlgorithmName;
+
+        public HmacTransformer(byte[] secretKey, String macAlgorithmName) {
+            this.macAlgorithmName = macAlgorithmName;
+            this.secretKey = secretKey;
+        }
+
+        @Override
+        public byte[] transform(byte[] currentArray, boolean inPlace) {
+            try {
+                Mac mac = Mac.getInstance(macAlgorithmName);
+                mac.init(new SecretKeySpec(secretKey, macAlgorithmName));
+                return mac.doFinal(currentArray);
+            } catch (Exception e) {
+                throw new IllegalArgumentException(e);
+            }
+        }
+
+        @Override
+        public boolean supportInPlaceTransformation() {
+            return false;
+        }
+    }
 }

src/test/java/at/favre/lib/bytes/BytesTransformTest.java

@@ -445,4 +445,21 @@ public int compare(Byte o1, Byte o2) {
         }).supportInPlaceTransformation());
         assertTrue(new BytesTransformers.ShuffleTransformer(new SecureRandom()).supportInPlaceTransformation());
     }
+
+    @Test
+    public void transformHmac() {
+        System.out.println(Bytes.parseHex("d8b6239569b184eb7991").transform(new HmacTransformer(Bytes.parseHex("671536819982").array(), "HmacSHA256")).encodeHex());
+
+        assertEquals(Bytes.parseHex("d8f0eda7a00192091ad8fefa501753ae"), Bytes.allocate(16).transform(new HmacTransformer(new byte[16], "HmacMd5")));
+        assertEquals(Bytes.parseHex("c69c13e005ae8ec628ec1869f334ca056bb38958"), Bytes.allocate(16).transform(new HmacTransformer(new byte[20], "HmacSHA1")));
+        assertEquals(Bytes.parseHex("c69c13e005ae8ec628ec1869f334ca056bb38958"), Bytes.allocate(16).transform(BytesTransformers.hmacSha1(new byte[20])));
+        assertEquals(Bytes.parseHex("853c7403937d8b6239569b184eb7993fc5f751aefcea28f2c863858e2d29c50b"), Bytes.allocate(16).transform(new HmacTransformer(new byte[32], "HmacSHA256")));
+        assertEquals(Bytes.parseHex("9aff87db4fd8df58c9081d8386ccc71c9a0f5fe9491235b7bb17e1be20bbe82b"), Bytes.parseHex("d8b6239569b184eb7991").transform(new HmacTransformer(Bytes.parseHex("671536819982").array(), "HmacSHA256")));
+        assertEquals(Bytes.parseHex("9aff87db4fd8df58c9081d8386ccc71c9a0f5fe9491235b7bb17e1be20bbe82b"), Bytes.parseHex("d8b6239569b184eb7991").transform(BytesTransformers.hmacSha256(Bytes.parseHex("671536819982").array())));
+        assertEquals(Bytes.parseHex("9aff87db4fd8df58c9081d8386ccc71c9a0f5fe9491235b7bb17e1be20bbe82b"), Bytes.parseHex("d8b6239569b184eb7991").transform(BytesTransformers.hmac(Bytes.parseHex("671536819982").array(), "HmacSHA256")));
+
+        //reference test vectors - see https://tools.ietf.org/html/rfc2104
+        assertEquals(Bytes.parseHex("9294727a3638bb1c13f48ef8158bfc9d"), Bytes.from("Hi There").transform(new HmacTransformer(Bytes.parseHex("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b").array(), "HmacMd5")));
+        assertEquals(Bytes.parseHex("56be34521d144c88dbb8c733f0e8b3f6"), Bytes.parseHex("DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD").transform(new HmacTransformer(Bytes.parseHex("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA").array(), "HmacMd5")));
+    }
 }