anubis-age 1.4.0

Post-quantum secure encryption library with hybrid X25519+ML-KEM-1024 mode (internal dependency for anubis-rage)
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

//! Primitive cryptographic operations used by `age`.

use anubis_core::secrecy::{ExposeSecret, SecretBox};
use hmac::{
    digest::{CtOutput, MacError},
    Hmac, Mac,
};
use sha2::Sha512;
use std::io::{self, Write};

#[cfg(feature = "armor")]
#[cfg_attr(docsrs, doc(cfg(feature = "armor")))]
pub mod armor;

pub mod stream;

pub mod aead;

pub(crate) struct HmacKey(pub(crate) SecretBox<[u8; 64]>);

/// `HMAC[key](message)`
///
/// HMAC from [RFC 2104] with SHA-512 for NIST Level-5 security.
///
/// [RFC 2104]: https://tools.ietf.org/html/rfc2104
pub(crate) struct HmacWriter {
    inner: Hmac<Sha512>,
}

impl HmacWriter {
    /// Constructs a new writer to process input data.
    pub(crate) fn new(key: HmacKey) -> Self {
        HmacWriter {
            inner: Hmac::new_from_slice(key.0.expose_secret()).expect("key is the correct length"),
        }
    }

    /// Checks if `mac` is correct for the processed input.
    pub(crate) fn finalize(self) -> CtOutput<Hmac<Sha512>> {
        self.inner.finalize()
    }

    /// Checks if `mac` is correct for the processed input.
    pub(crate) fn verify(self, mac: &[u8]) -> Result<(), MacError> {
        self.inner.verify_slice(mac)
    }
}

impl Write for HmacWriter {
    fn write(&mut self, data: &[u8]) -> io::Result<usize> {
        self.inner.update(data);
        Ok(data.len())
    }

    fn flush(&mut self) -> io::Result<()> {
        Ok(())
    }
}