HMAC - Code Metrics - simplesamlphp/xml-security - Measure and Improve Code Quality continuously with Scrutinizer

HMAC A
last analyzed 2025-10-21 15:23 UTC

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	68
Duplicated Lines	0 %

Importance

Changes

Metric	Value
eloc	10
dl	0
loc	68
rs	10
c	0
b	0
f	0
wmc	4

4 Methods

Rating	Name	Size	Complexity
A	__construct()	3	1
A	setDigestAlg()	10	1
A	sign()	6	1
A	verify()	7	1

<?php

declare(strict_types=1);

namespace SimpleSAML\XMLSecurity\Backend;

use SimpleSAML\Assert\Assert;
use SimpleSAML\XMLSecurity\Constants as C;
use SimpleSAML\XMLSecurity\Exception\InvalidArgumentException;
use SimpleSAML\XMLSecurity\Key\KeyInterface;

use function hash_equals;
use function hash_hmac;

/**
 * Backend for digital signatures based on hash-based message authentication codes.
 *
 * @package SimpleSAML\XMLSecurity\Backend
 */
final class HMAC implements SignatureBackend
{
    /** @var string */
    protected string $digest;


    /**
     * Build an HMAC backend.
     */
    public function __construct()
    {
        $this->digest = C::$DIGEST_ALGORITHMS[C::DIGEST_SHA256];
    }


    /**
     * Set the digest algorithm to be used by this backend.
     *
     * @param string $digest The identifier of the digest algorithm.
     *
     * @throws \SimpleSAML\XMLSecurity\Exception\InvalidArgumentException If the given digest is not valid.
     */
    public function setDigestAlg(string $digest): void
    {
        Assert::keyExists(
            C::$DIGEST_ALGORITHMS,
            $digest,
            'Unknown digest or non-cryptographic hash function.',
            InvalidArgumentException::class,
        );

        $this->digest = C::$DIGEST_ALGORITHMS[$digest];
    }


    /**
     * Sign a given plaintext with this cipher and a given key.
     *
     * @param \SimpleSAML\XMLSecurity\Key\KeyInterface $key The key to use to sign.
     * @param string $plaintext The original text to sign.
     *
     * @return string The (binary) signature corresponding to the given plaintext.
     */
    public function sign(
        #[\SensitiveParameter]
        KeyInterface $key,
        string $plaintext,
    ): string {
        return hash_hmac($this->digest, $plaintext, $key->getMaterial(), true);
    }


    /**
     * Verify a signature with this cipher and a given key.
     *
     * @param \SimpleSAML\XMLSecurity\Key\KeyInterface $key The key to use to verify the signature.
     * @param string $plaintext The original signed text.
     * @param string $signature The (binary) signature to verify.
     *
     * @return boolean True if the signature can be verified, false otherwise.
     */
    public function verify(
        #[\SensitiveParameter]
        KeyInterface $key,
        string $plaintext,
        string $signature,
    ): bool {
        return hash_equals(hash_hmac($this->digest, $plaintext, $key->getMaterial(), true), $signature);
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			namespace SimpleSAML\XMLSecurity\Backend;
6
7			use SimpleSAML\Assert\Assert;
8			use SimpleSAML\XMLSecurity\Constants as C;
9			use SimpleSAML\XMLSecurity\Exception\InvalidArgumentException;
10			use SimpleSAML\XMLSecurity\Key\KeyInterface;
11
12			use function hash_equals;
13			use function hash_hmac;
14
15			/**
16			* Backend for digital signatures based on hash-based message authentication codes.
17			*
18			* @package SimpleSAML\XMLSecurity\Backend
19			*/
20			final class HMAC implements SignatureBackend
21			{
22			/** @var string */
23			protected string $digest;
24
25
26			/**
27			* Build an HMAC backend.
28			*/
29			public function __construct()
30			{
31			$this->digest = C::$DIGEST_ALGORITHMS[C::DIGEST_SHA256];
32			}
33
34
35			/**
36			* Set the digest algorithm to be used by this backend.
37			*
38			* @param string $digest The identifier of the digest algorithm.
39			*
40			* @throws \SimpleSAML\XMLSecurity\Exception\InvalidArgumentException If the given digest is not valid.
41			*/
42			public function setDigestAlg(string $digest): void
43			{
44			Assert::keyExists(
45			C::$DIGEST_ALGORITHMS,
46			$digest,
47			'Unknown digest or non-cryptographic hash function.',
48			InvalidArgumentException::class,
49			);
50
51			$this->digest = C::$DIGEST_ALGORITHMS[$digest];
52			}
53
54
55			/**
56			* Sign a given plaintext with this cipher and a given key.
57			*
58			* @param \SimpleSAML\XMLSecurity\Key\KeyInterface $key The key to use to sign.
59			* @param string $plaintext The original text to sign.
60			*
61			* @return string The (binary) signature corresponding to the given plaintext.
62			*/
63			public function sign(
64			#[\SensitiveParameter]
65			KeyInterface $key,
66			string $plaintext,
67			): string {
68			return hash_hmac($this->digest, $plaintext, $key->getMaterial(), true);
69			}
70
71
72			/**
73			* Verify a signature with this cipher and a given key.
74			*
75			* @param \SimpleSAML\XMLSecurity\Key\KeyInterface $key The key to use to verify the signature.
76			* @param string $plaintext The original signed text.
77			* @param string $signature The (binary) signature to verify.
78			*
79			* @return boolean True if the signature can be verified, false otherwise.
80			*/
81			public function verify(
82			#[\SensitiveParameter]
83			KeyInterface $key,
84			string $plaintext,
85			string $signature,
86			): bool {
87			return hash_equals(hash_hmac($this->digest, $plaintext, $key->getMaterial(), true), $signature);
88			}
89			}
90

simplesamlphp / xml-security

HMAC A last analyzed 2025-10-21 15:23 UTC

Complexity

Size/Duplication

Importance

4 Methods

Duplication Side-by-Side

Filter issues like

HMAC A
last analyzed 2025-10-21 15:23 UTC