apple-cryptokit-rs 0.2.0

A Rust wrapper around Apple's native CryptoKit framework for App Store compliant cryptography.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173

use crate::error::{CryptoKitError, Result};

/// HMAC algorithm trait providing a unified interface for different HMAC algorithms
pub trait HMAC {
    /// HMAC output size (bytes)
    const OUTPUT_SIZE: usize;

    /// Calculate HMAC
    fn authenticate(key: &[u8], data: &[u8]) -> Result<Vec<u8>> {
        let mut output = vec![0u8; Self::OUTPUT_SIZE];
        Self::authenticate_to(key, data, &mut output)?;
        Ok(output)
    }

    /// Calculate HMAC to the provided buffer (zero-allocation)
    ///
    /// # Parameters
    /// - `output`: Must be at least `OUTPUT_SIZE` bytes
    ///
    /// # Returns
    /// - `Ok(())`: Success
    /// - `Err`: Authentication failed
    fn authenticate_to(key: &[u8], data: &[u8], output: &mut [u8]) -> Result<()>;

    /// Get output size (deprecated, use OUTPUT_SIZE constant instead)
    fn output_size() -> usize {
        Self::OUTPUT_SIZE
    }
}

/// Message authentication code verification
pub fn verify_hmac<T: AsRef<[u8]>>(expected: T, computed: T) -> bool {
    let expected_bytes = expected.as_ref();
    let computed_bytes = computed.as_ref();

    if expected_bytes.len() != computed_bytes.len() {
        return false;
    }

    // Use constant-time comparison to prevent timing attacks
    constant_time_eq(expected_bytes, computed_bytes)
}

/// Constant-time byte comparison
pub fn constant_time_eq(a: &[u8], b: &[u8]) -> bool {
    if a.len() != b.len() {
        return false;
    }

    let mut result = 0u8;
    for (x, y) in a.iter().zip(b.iter()) {
        result |= x ^ y;
    }
    result == 0
}

/// HMAC algorithm enumeration
#[derive(Debug, Clone, Copy, PartialEq)]
pub enum HmacAlgorithm {
    /// SHA-1 (insecure, for compatibility only)
    Sha1,
    /// SHA-256
    Sha256,
    /// SHA-384
    Sha384,
    /// SHA-512
    Sha512,
}

impl HmacAlgorithm {
    /// Get output length
    pub fn output_size(&self) -> usize {
        match self {
            HmacAlgorithm::Sha1 => 20,
            HmacAlgorithm::Sha256 => 32,
            HmacAlgorithm::Sha384 => 48,
            HmacAlgorithm::Sha512 => 64,
        }
    }

    /// Calculate HMAC
    pub fn compute(&self, key: &[u8], data: &[u8]) -> Result<Vec<u8>> {
        let mut output = vec![0u8; self.output_size()];
        self.compute_to(key, data, &mut output)?;
        Ok(output)
    }

    /// Calculate HMAC to the provided buffer (zero-allocation)
    ///
    /// # Parameters
    /// - `output`: Must be at least `output_size()` bytes
    pub fn compute_to(&self, key: &[u8], data: &[u8], output: &mut [u8]) -> Result<()> {
        assert!(
            output.len() >= self.output_size(),
            "Output buffer too small: {} < {}",
            output.len(),
            self.output_size()
        );
        match self {
            HmacAlgorithm::Sha1 => {
                use crate::authentication::sha1::hmac_sha1_to;
                hmac_sha1_to(key, data, output)
            }
            HmacAlgorithm::Sha256 => {
                use crate::authentication::sha256::hmac_sha256_to;
                hmac_sha256_to(key, data, output)
            }
            HmacAlgorithm::Sha384 => {
                use crate::authentication::sha384::hmac_sha384_to;
                hmac_sha384_to(key, data, output)
            }
            HmacAlgorithm::Sha512 => {
                use crate::authentication::sha512::hmac_sha512_to;
                hmac_sha512_to(key, data, output)
            }
        }
    }

    /// Verify HMAC
    pub fn verify(&self, key: &[u8], data: &[u8], expected_hmac: &[u8]) -> Result<bool> {
        let computed = self.compute(key, data)?;
        Ok(constant_time_eq(&computed, expected_hmac))
    }
}

/// HMAC builder
pub struct HmacBuilder {
    algorithm: HmacAlgorithm,
    key: Vec<u8>,
}

impl HmacBuilder {
    /// Create a new HMAC builder
    pub fn new(algorithm: HmacAlgorithm) -> Self {
        Self {
            algorithm,
            key: Vec::new(),
        }
    }

    /// Set the key
    pub fn key(mut self, key: &[u8]) -> Self {
        self.key = key.to_vec();
        self
    }

    /// Calculate HMAC
    pub fn compute(&self, data: &[u8]) -> Result<Vec<u8>> {
        if self.key.is_empty() {
            return Err(CryptoKitError::InvalidKey);
        }
        self.algorithm.compute(&self.key, data)
    }

    /// Calculate HMAC to the provided buffer (zero-allocation)
    pub fn compute_to(&self, data: &[u8], output: &mut [u8]) -> Result<()> {
        if self.key.is_empty() {
            return Err(CryptoKitError::InvalidKey);
        }
        self.algorithm.compute_to(&self.key, data, output)
    }

    /// Verify HMAC
    pub fn verify(&self, data: &[u8], expected_hmac: &[u8]) -> Result<bool> {
        let computed = self.compute(data)?;
        Ok(constant_time_eq(&computed, expected_hmac))
    }

    /// Get output size
    pub fn output_size(&self) -> usize {
        self.algorithm.output_size()
    }
}