Expand description
Message authentication.
Use case:
orion::auth
can be used to ensure message integrity and authenticity by
using a secret key.
An example of this could be securing API’s by having a user of a given API sign their API request and having the API server verify these signed API requests.
About:
- Uses HMAC-SHA512.
Parameters:
secret_key
: Secret key used to authenticatedata
.data
: Data to be authenticated.expected
: The expected authentication tag.
Exceptions:
An exception will be thrown if:
- The calculated
Tag
does not match the expected. - The
OsRng
fails to initialize or read from its source.
Security:
- The secret key should always be generated using a CSPRNG.
SecretKey::default()
can be used for this, it will generate aSecretKey
of 32 bytes. - The recommended minimum length for a
SecretKey
is 32.
Example:
use orion::auth;
let key = auth::SecretKey::default();
let msg = "Some message.".as_bytes();
let expected_tag = auth::authenticate(&key, msg).unwrap();
assert!(auth::authenticate_verify(&expected_tag, &key, &msg).unwrap());
Re-exports
pub use crate::hazardous::mac::hmac::Tag;
Structs
A type to represent a secret key.
Functions
Authenticate a message using HMAC-SHA512.
Authenticate and verify a message using HMAC-SHA512.