divinity76/shitmac.php

## shitmac.php
<?php

function shitmac_xor(string $str, int $with){
    $ret = "";
    for($i=0,$imax=strlen($str);$i<$imax;++$i){
        $ret .= chr( ord($str[$i]) ^ $with );
    }
    return $ret;
}

function shitmac(string $key, string $message, string $hash_algorithm = "SHA1",
int $hash_algorithm_block_size = 64, int $hash_algorithm_output_size = 20){
    if(strlen($key) > $hash_algorithm_block_size){
        // this is probably a bad idea, but php is doing it anyway.
        // > RFC 2104 requires that "keys longer than B bytes are first hashed using H" which leads to a confusing pseudo-collision: if the key is longer than the hash block size (e.g. 64 characters for SHA-1), then HMAC(k, m) is computed as HMAC(H(k), m).This property is sometimes raised as a possible weakness of HMAC in password-hashing scenarios: it has been demonstrated that it's possible to find a long ASCII string and a random value whose hash will be also an ASCII string, and both values will produce the same HMAC output.

        // die("TODO: hash(hash_algo, key");
        $key = hash($hash_algorithm, $key, true);
    }
    if(strlen($key) < $hash_algorithm_block_size){
        // die("TODO: key=str_pad(key,x00,block_size,pad_left");
        $key = str_pad($key, $hash_algorithm_block_size, "\x00", STR_PAD_RIGHT);
    }
    $o_key_pad = shitmac_xor($key, 0x5C);
    $i_key_pad = shitmac_xor($key, 0x36);
    $ret = hash($hash_algorithm, $i_key_pad.$message, true);
    $ret = hash($hash_algorithm, $o_key_pad . $ret, true);
    return $ret;
}
$hash_algorithm = "SHA1";
$hash_algorithm_block_size = 64;
$hash_algorithm_output_size = 20;

$results=[];
for($i=1;$i<100;++$i){
    $key=str_repeat("\x00", $i);
    $message = "Hello World".random_bytes($i);
    $hmac = hash_hmac($hash_algorithm, $message, $key, true);
    $shitmac = shitmac($key, $message, $hash_algorithm, $hash_algorithm_block_size, $hash_algorithm_output_size);
    if($hmac === $shitmac){
        echo "{$i}: success!\n";
    }else{
        var_dump($i,$hmac,$shitmac);
        die("ERROR!");
    }
}
	<?php

	function shitmac_xor(string $str, int $with){
	$ret = "";
	for($i=0,$imax=strlen($str);$i<$imax;++$i){
	$ret .= chr( ord($str[$i]) ^ $with );
	}
	return $ret;
	}

	function shitmac(string $key, string $message, string $hash_algorithm = "SHA1",
	int $hash_algorithm_block_size = 64, int $hash_algorithm_output_size = 20){
	if(strlen($key) > $hash_algorithm_block_size){
	// this is probably a bad idea, but php is doing it anyway.
	// > RFC 2104 requires that "keys longer than B bytes are first hashed using H" which leads to a confusing pseudo-collision: if the key is longer than the hash block size (e.g. 64 characters for SHA-1), then HMAC(k, m) is computed as HMAC(H(k), m).This property is sometimes raised as a possible weakness of HMAC in password-hashing scenarios: it has been demonstrated that it's possible to find a long ASCII string and a random value whose hash will be also an ASCII string, and both values will produce the same HMAC output.

	// die("TODO: hash(hash_algo, key");
	$key = hash($hash_algorithm, $key, true);
	}
	if(strlen($key) < $hash_algorithm_block_size){
	// die("TODO: key=str_pad(key,x00,block_size,pad_left");
	$key = str_pad($key, $hash_algorithm_block_size, "\x00", STR_PAD_RIGHT);
	}
	$o_key_pad = shitmac_xor($key, 0x5C);
	$i_key_pad = shitmac_xor($key, 0x36);
	$ret = hash($hash_algorithm, $i_key_pad.$message, true);
	$ret = hash($hash_algorithm, $o_key_pad . $ret, true);
	return $ret;
	}
	$hash_algorithm = "SHA1";
	$hash_algorithm_block_size = 64;
	$hash_algorithm_output_size = 20;

	$results=[];
	for($i=1;$i<100;++$i){
	$key=str_repeat("\x00", $i);
	$message = "Hello World".random_bytes($i);
	$hmac = hash_hmac($hash_algorithm, $message, $key, true);
	$shitmac = shitmac($key, $message, $hash_algorithm, $hash_algorithm_block_size, $hash_algorithm_output_size);
	if($hmac === $shitmac){
	echo "{$i}: success!\n";
	}else{
	var_dump($i,$hmac,$shitmac);
	die("ERROR!");
	}
	}