Expand description
HMAC-based authentication for message integrity.
This module provides HMAC (Hash-based Message Authentication Code) functionality for ensuring message integrity and authenticity in the CHIE protocol.
§Features
- HMAC-SHA256 and HMAC-BLAKE3 support
- Constant-time MAC verification
- Key derivation for HMAC keys
- Tagged authentication for different message types
§Examples
use chie_crypto::hmac::{HmacKey, HmacTag, compute_hmac, verify_hmac};
// Generate a random HMAC key
let key = HmacKey::generate();
// Compute HMAC for a message
let message = b"Hello, CHIE!";
let tag = compute_hmac(&key, message);
// Verify the HMAC tag
assert!(verify_hmac(&key, message, &tag));
// Verification fails for wrong message
assert!(!verify_hmac(&key, b"Wrong message", &tag));§Security Considerations
- HMAC keys should be at least 32 bytes (256 bits)
- Use constant-time comparison for MAC verification
- Never reuse HMAC keys across different protocols
- Rotate HMAC keys periodically
Structs§
- Authenticated
Message - Authenticated message containing both data and HMAC tag.
- HmacKey
- HMAC key for message authentication.
- HmacTag
- HMAC tag (authentication code).
Enums§
- Hmac
Error - HMAC errors.
Constants§
- HMAC_
BLAK E3_ TAG_ SIZE - HMAC tag size for BLAKE3 in bytes.
- HMAC_
KEY_ SIZE - HMAC key size in bytes.
- HMAC_
SHA256_ TAG_ SIZE - HMAC tag size for SHA256 in bytes.
Functions§
- compute_
hmac - Compute HMAC for a message (defaults to BLAKE3 for performance).
- compute_
hmac_ blake3 - Compute HMAC-BLAKE3 for a message (using keyed BLAKE3).
- compute_
hmac_ sha256 - Compute HMAC-SHA256 for a message.
- compute_
tagged_ hmac - Tagged HMAC for domain separation.
- verify_
hmac - Verify HMAC tag in constant time.
- verify_
hmac_ blake3 - Verify HMAC-BLAKE3 tag in constant time.
- verify_
hmac_ sha256 - Verify HMAC-SHA256 tag in constant time.
- verify_
tagged_ hmac - Verify tagged HMAC in constant time.
Type Aliases§
- Hmac
Result - HMAC result type.