support hmac-sha2-256, hmac-sha2-512, hmac-sha2-256-96, hmac-sha2-512-96

8 files changed, 175 insertions, 0 deletions

diff --git a/lib/net/ssh/transport/hmac/sha2_256.rb b/lib/net/ssh/transport/hmac/sha2_256.rb
new file mode 100644
index 0000000..8191a90
--- /dev/null
+++ b/lib/net/ssh/transport/hmac/sha2_256.rb
@@ -0,0 +1,15 @@
+require 'net/ssh/transport/hmac/abstract'
+
+if defined?(OpenSSL::Digest::SHA256) # need openssl support
+  module Net::SSH::Transport::HMAC
+
+    # The SHA-256 HMAC algorithm. This has a mac and key length of 32, and
+    # uses the SHA-256 digest algorithm.
+    class SHA2_256 < Abstract
+      mac_length   32
+      key_length   32
+      digest_class OpenSSL::Digest::SHA256
+    end
+
+  end
+end
diff --git a/lib/net/ssh/transport/hmac/sha2_256_96.rb b/lib/net/ssh/transport/hmac/sha2_256_96.rb
new file mode 100644
index 0000000..15e36ff
--- /dev/null
+++ b/lib/net/ssh/transport/hmac/sha2_256_96.rb
@@ -0,0 +1,13 @@
+require 'net/ssh/transport/hmac/abstract'
+
+module Net::SSH::Transport::HMAC
+
+  if defined?(SHA2_256) # need openssl support
+    # The SHA256-96 HMAC algorithm. This returns only the first 12 bytes of
+    # the digest.
+    class SHA2_256_96 < SHA2_256
+      mac_length   12
+    end
+  end
+
+end
diff --git a/lib/net/ssh/transport/hmac/sha2_512.rb b/lib/net/ssh/transport/hmac/sha2_512.rb
new file mode 100644
index 0000000..e68df19
--- /dev/null
+++ b/lib/net/ssh/transport/hmac/sha2_512.rb
@@ -0,0 +1,14 @@
+require 'net/ssh/transport/hmac/abstract'
+
+module Net::SSH::Transport::HMAC
+
+  if defined?(OpenSSL::Digest::SHA512) # need openssl support
+    # The SHA-512 HMAC algorithm. This has a mac and key length of 64, and
+    # uses the SHA-512 digest algorithm.
+    class SHA2_512 < Abstract
+      mac_length   64
+      key_length   64
+      digest_class OpenSSL::Digest::SHA512
+    end
+  end
+end
diff --git a/lib/net/ssh/transport/hmac/sha2_512_96.rb b/lib/net/ssh/transport/hmac/sha2_512_96.rb
new file mode 100644
index 0000000..5cc7aed
--- /dev/null
+++ b/lib/net/ssh/transport/hmac/sha2_512_96.rb
@@ -0,0 +1,13 @@
+require 'net/ssh/transport/hmac/abstract'
+
+module Net::SSH::Transport::HMAC
+
+  if defined?(SHA2_512) # need openssl support
+    # The SHA2-512-96 HMAC algorithm. This returns only the first 12 bytes of
+    # the digest.
+    class SHA2_512_96 < SHA2_512
+      mac_length   12
+    end
+  end
+
+end
diff --git a/test/transport/hmac/test_sha2_256.rb b/test/transport/hmac/test_sha2_256.rb
new file mode 100644
index 0000000..a01fd24
--- /dev/null
+++ b/test/transport/hmac/test_sha2_256.rb
@@ -0,0 +1,35 @@
+require 'common'
+require 'net/ssh/transport/hmac/sha2_256'
+
+module Transport; module HMAC
+
+  class TestSHA2_256 < Test::Unit::TestCase
+    def test_expected_digest_class
+      assert_equal OpenSSL::Digest::SHA256, subject.digest_class
+      assert_equal OpenSSL::Digest::SHA256, subject.new.digest_class
+    end
+
+    def test_expected_key_length
+      assert_equal 32, subject.key_length
+      assert_equal 32, subject.new.key_length
+    end
+
+    def test_expected_mac_length
+      assert_equal 32, subject.mac_length
+      assert_equal 32, subject.new.mac_length
+    end
+
+    def test_expected_digest
+      hmac = subject.new("1234567890123456")
+      assert_equal "\x16^>\x9FhO}\xB1>(\xBAF\xFBW\xB8\xF2\xFA\x824+\xC0\x94\x95\xC2\r\xE6\x88/\xEF\t\xF5%", hmac.digest("hello world")
+
+    end
+
+    private
+
+      def subject
+        Net::SSH::Transport::HMAC::SHA2_256
+      end
+  end
+
+end; end
diff --git a/test/transport/hmac/test_sha2_256_96.rb b/test/transport/hmac/test_sha2_256_96.rb
new file mode 100644
index 0000000..8257a43
--- /dev/null
+++ b/test/transport/hmac/test_sha2_256_96.rb
@@ -0,0 +1,25 @@
+require 'common'
+require 'transport/hmac/test_sha2_256'
+require 'net/ssh/transport/hmac/sha2_256_96'
+
+module Transport; module HMAC
+
+  class TestSHA2_256_96 < TestSHA2_256
+    def test_expected_mac_length
+      assert_equal 12, subject.mac_length
+      assert_equal 12, subject.new.mac_length
+    end
+
+    def test_expected_digest
+      hmac = subject.new("1234567890123456")
+      assert_equal "\x16^>\x9FhO}\xB1>(\xBAF", hmac.digest("hello world")
+    end
+
+    private
+
+      def subject
+        Net::SSH::Transport::HMAC::SHA2_256_96
+      end
+  end
+
+end; end
diff --git a/test/transport/hmac/test_sha2_512.rb b/test/transport/hmac/test_sha2_512.rb
new file mode 100644
index 0000000..25a92af
--- /dev/null
+++ b/test/transport/hmac/test_sha2_512.rb
@@ -0,0 +1,35 @@
+require 'common'
+require 'net/ssh/transport/hmac/sha2_512'
+
+module Transport; module HMAC
+
+  class TestSHA2_512 < Test::Unit::TestCase
+    def test_expected_digest_class
+      assert_equal OpenSSL::Digest::SHA512, subject.digest_class
+      assert_equal OpenSSL::Digest::SHA512, subject.new.digest_class
+    end
+
+    def test_expected_key_length
+      assert_equal 64, subject.key_length
+      assert_equal 64, subject.new.key_length
+    end
+
+    def test_expected_mac_length
+      assert_equal 64, subject.mac_length
+      assert_equal 64, subject.new.mac_length
+    end
+
+    def test_expected_digest
+      hmac = subject.new("1234567890123456")
+      assert_equal "^\xB6\"\xED\x8B\xC4\xDE\xD4\xCF\xD0\r\x18\xA0<\xF4\xB5\x01Efz\xA80i\xFC\x18\xC1\x9A+\xDD\xFE<\xA2\xFDE1Ac\xF4\xADU\r\xFB^0\x90= \x837z\xCC\xD5p4a4\x83\xC6\x04m\xAA\xC1\xC0m", hmac.digest("hello world")
+
+    end
+
+    private
+
+      def subject
+        Net::SSH::Transport::HMAC::SHA2_512
+      end
+  end
+
+end; end
diff --git a/test/transport/hmac/test_sha2_512_96.rb b/test/transport/hmac/test_sha2_512_96.rb
new file mode 100644
index 0000000..6de7d2f
--- /dev/null
+++ b/test/transport/hmac/test_sha2_512_96.rb
@@ -0,0 +1,25 @@
+require 'common'
+require 'transport/hmac/test_sha2_512'
+require 'net/ssh/transport/hmac/sha2_512_96'
+
+module Transport; module HMAC
+
+  class TestSHA2_512_96 < TestSHA2_512
+    def test_expected_mac_length
+      assert_equal 12, subject.mac_length
+      assert_equal 12, subject.new.mac_length
+    end
+
+    def test_expected_digest
+      hmac = subject.new("1234567890123456")
+      assert_equal "^\xB6\"\xED\x8B\xC4\xDE\xD4\xCF\xD0\r\x18", hmac.digest("hello world")
+    end
+
+    private
+
+      def subject
+        Net::SSH::Transport::HMAC::SHA2_512_96
+      end
+  end
+
+end; end