[][src]Module orion::auth

Message authentication.

Use case:

orion::auth can be used to ensure message integrity and authenticity by using a secret key.

An example of this could be securing API's by having a user of a given API sign their API request and having the API server verify these signed API requests.

About:

  • Uses HMAC-SHA512.

Parameters:

  • secret_key: Secret key used to authenticate data.
  • data: Data to be authenticated.
  • expected: The expected authentication tag.

Exceptions:

An exception will be thrown if:

  • The calculated Tag does not match the expected.

Security:

  • The secret key should always be generated using a CSPRNG. SecretKey::default() can be used for this, it will generate a SecretKey of 32 bytes.
  • The recommended minimum length for a SecretKey is 32.

Example:

use orion::auth;

let key = auth::SecretKey::default();
let msg = "Some message.".as_bytes();

let expected_tag = auth::authenticate(&key, msg).unwrap();
assert!(auth::authenticate_verify(&expected_tag, &key, &msg).unwrap());

Re-exports

pub use crate::hazardous::mac::hmac::Tag;

Structs

SecretKey

A type to represent a secret key.

Functions

authenticate

Authenticate a message using HMAC-SHA512.

authenticate_verify

Authenticate and verify a message using HMAC-SHA512.