b612/starcrypto
1
0
Fork 0
Code Issues Pull Requests Projects Releases 8 Wiki Activity

feat: 新增XTS/CCM流式与KDF能力,补充安全测试并更新README/CHANGELOG

Browse Source
This commit is contained in:
兔子
2026-03-18 13:43:18 +08:00
parent e89350b56a
commit 4fa79744e8
44 changed files with 4636 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files
macx/hmac.go
+78
View File
@@ -8,6 +8,7 @@ import (
"crypto/sha512"
"encoding/hex"
"hash"
"strings"
"golang.org/x/crypto/md4"
"golang.org/x/crypto/ripemd160"
@@ -23,6 +24,19 @@ func chmacStr(message, key []byte, f func() hash.Hash) string {
return hex.EncodeToString(chmac(message, key, f))
}
func verifyHMAC(message, key, sum []byte, f func() hash.Hash) bool {
expected := chmac(message, key, f)
return hmac.Equal(expected, sum)
}
func verifyHMACStr(message, key []byte, hexSum string, f func() hash.Hash) bool {
sum, err := hex.DecodeString(strings.TrimSpace(hexSum))
if err != nil {
return false
}
return verifyHMAC(message, key, sum, f)
}
func HmacMd4(message, key []byte) []byte {
return chmac(message, key, md4.New)
}
@@ -31,6 +45,14 @@ func HmacMd4Str(message, key []byte) string {
return chmacStr(message, key, md4.New)
}
func VerifyHmacMd4(message, key, sum []byte) bool {
return verifyHMAC(message, key, sum, md4.New)
}
func VerifyHmacMd4Str(message, key []byte, hexSum string) bool {
return verifyHMACStr(message, key, hexSum, md4.New)
}
func HmacMd5(message, key []byte) []byte {
return chmac(message, key, md5.New)
}
@@ -39,6 +61,14 @@ func HmacMd5Str(message, key []byte) string {
return chmacStr(message, key, md5.New)
}
func VerifyHmacMd5(message, key, sum []byte) bool {
return verifyHMAC(message, key, sum, md5.New)
}
func VerifyHmacMd5Str(message, key []byte, hexSum string) bool {
return verifyHMACStr(message, key, hexSum, md5.New)
}
func HmacSHA1(message, key []byte) []byte {
return chmac(message, key, sha1.New)
}
@@ -47,6 +77,14 @@ func HmacSHA1Str(message, key []byte) string {
return chmacStr(message, key, sha1.New)
}
func VerifyHmacSHA1(message, key, sum []byte) bool {
return verifyHMAC(message, key, sum, sha1.New)
}
func VerifyHmacSHA1Str(message, key []byte, hexSum string) bool {
return verifyHMACStr(message, key, hexSum, sha1.New)
}
func HmacSHA256(message, key []byte) []byte {
return chmac(message, key, sha256.New)
}
@@ -55,6 +93,14 @@ func HmacSHA256Str(message, key []byte) string {
return chmacStr(message, key, sha256.New)
}
func VerifyHmacSHA256(message, key, sum []byte) bool {
return verifyHMAC(message, key, sum, sha256.New)
}
func VerifyHmacSHA256Str(message, key []byte, hexSum string) bool {
return verifyHMACStr(message, key, hexSum, sha256.New)
}
func HmacSHA384(message, key []byte) []byte {
return chmac(message, key, sha512.New384)
}
@@ -63,6 +109,14 @@ func HmacSHA384Str(message, key []byte) string {
return chmacStr(message, key, sha512.New384)
}
func VerifyHmacSHA384(message, key, sum []byte) bool {
return verifyHMAC(message, key, sum, sha512.New384)
}
func VerifyHmacSHA384Str(message, key []byte, hexSum string) bool {
return verifyHMACStr(message, key, hexSum, sha512.New384)
}
func HmacSHA512(message, key []byte) []byte {
return chmac(message, key, sha512.New)
}
@@ -71,6 +125,14 @@ func HmacSHA512Str(message, key []byte) string {
return chmacStr(message, key, sha512.New)
}
func VerifyHmacSHA512(message, key, sum []byte) bool {
return verifyHMAC(message, key, sum, sha512.New)
}
func VerifyHmacSHA512Str(message, key []byte, hexSum string) bool {
return verifyHMACStr(message, key, hexSum, sha512.New)
}
func HmacSHA224(message, key []byte) []byte {
return chmac(message, key, sha256.New224)
}
@@ -79,6 +141,14 @@ func HmacSHA224Str(message, key []byte) string {
return chmacStr(message, key, sha256.New224)
}
func VerifyHmacSHA224(message, key, sum []byte) bool {
return verifyHMAC(message, key, sum, sha256.New224)
}
func VerifyHmacSHA224Str(message, key []byte, hexSum string) bool {
return verifyHMACStr(message, key, hexSum, sha256.New224)
}
func HmacRipeMd160(message, key []byte) []byte {
return chmac(message, key, ripemd160.New)
}
@@ -86,3 +156,11 @@ func HmacRipeMd160(message, key []byte) []byte {
func HmacRipeMd160Str(message, key []byte) string {
return chmacStr(message, key, ripemd160.New)
}
func VerifyHmacRipeMd160(message, key, sum []byte) bool {
return verifyHMAC(message, key, sum, ripemd160.New)
}
func VerifyHmacRipeMd160Str(message, key []byte, hexSum string) bool {
return verifyHMACStr(message, key, hexSum, ripemd160.New)
}
macx/hmac_test.go
+58
View File
@@ -0,0 +1,58 @@
package macx
import "testing"
type hmacCase struct {
name string
sum func([]byte, []byte) []byte
sumStr func([]byte, []byte) string
verify func([]byte, []byte, []byte) bool
verifyStr func([]byte, []byte, string) bool
}
func TestHMACVerifyCases(t *testing.T) {
msg := []byte("macx-verify-message")
key := []byte("macx-verify-key")
cases := []hmacCase{
{"md4", HmacMd4, HmacMd4Str, VerifyHmacMd4, VerifyHmacMd4Str},
{"md5", HmacMd5, HmacMd5Str, VerifyHmacMd5, VerifyHmacMd5Str},
{"sha1", HmacSHA1, HmacSHA1Str, VerifyHmacSHA1, VerifyHmacSHA1Str},
{"sha224", HmacSHA224, HmacSHA224Str, VerifyHmacSHA224, VerifyHmacSHA224Str},
{"sha256", HmacSHA256, HmacSHA256Str, VerifyHmacSHA256, VerifyHmacSHA256Str},
{"sha384", HmacSHA384, HmacSHA384Str, VerifyHmacSHA384, VerifyHmacSHA384Str},
{"sha512", HmacSHA512, HmacSHA512Str, VerifyHmacSHA512, VerifyHmacSHA512Str},
{"ripemd160", HmacRipeMd160, HmacRipeMd160Str, VerifyHmacRipeMd160, VerifyHmacRipeMd160Str},
}
for _, tc := range cases {
t.Run(tc.name, func(t *testing.T) {
sum := tc.sum(msg, key)
if !tc.verify(msg, key, sum) {
t.Fatalf("verify bytes should pass")
}
hexSum := tc.sumStr(msg, key)
if !tc.verifyStr(msg, key, hexSum) {
t.Fatalf("verify hex should pass")
}
if !tc.verifyStr(msg, key, " \t"+hexSum+"\n") {
t.Fatalf("verify hex with spaces should pass")
}
bad := make([]byte, len(sum))
copy(bad, sum)
bad[0] ^= 0xff
if tc.verify(msg, key, bad) {
t.Fatalf("verify bytes should fail for tampered sum")
}
if tc.verifyStr(msg, key, "not-hex") {
t.Fatalf("verify hex should fail for invalid hex")
}
if tc.verify([]byte("wrong-msg"), key, sum) {
t.Fatalf("verify bytes should fail for wrong message")
}
})
}
}