[−][src]Module orion::auth
Message authentication.
Use case:
orion::auth
can be used to ensure message integrity and authenticity by
using a secret key.
An example of this could be securing API's by having a user of a given API sign their API request and having the API server verify these signed API requests.
About:
- Uses HMAC-SHA512.
Parameters:
secret_key
: Secret key used to authenticatedata
.data
: Data to be authenticated.expected
: The expected authentication tag.
Exceptions:
An exception will be thrown if:
- The calculated
Tag
does not match the expected. - The
OsRng
fails to initialize or read from its source.
Security:
- The secret key should always be generated using a CSPRNG.
SecretKey::default()
can be used for this, it will generate aSecretKey
of 32 bytes. - The recommended minimum length for a
SecretKey
is 32.
Example:
use orion::auth; let key = auth::SecretKey::default(); let msg = "Some message.".as_bytes(); let expected_tag = auth::authenticate(&key, msg).unwrap(); assert!(auth::authenticate_verify(&expected_tag, &key, &msg).unwrap());
Re-exports
pub use crate::hazardous::mac::hmac::Tag; |
Structs
SecretKey | A type to represent a secret key. |
Functions
authenticate | Authenticate a message using HMAC-SHA512. |
authenticate_verify | Authenticate and verify a message using HMAC-SHA512. |