[][src]Module orion::hazardous::hash::blake2b

BLAKE2b as specified in the RFC 7693.

Parameters:

  • secret_key: An optional secret key.
  • size: The desired output length for the digest.
  • data: The data to be hashed.
  • expected: The expected digest when verifying.

Errors:

An error will be returned if:

  • size is 0.
  • size is greater than 64.
  • finalize() is called twice without a reset() in between.
  • update() is called after finalize() without a reset() in between.
  • reset() is called with Some(secret_key) but the struct was initialized with None.
  • reset() is called with None as secret_key but the struct was initialized with Some(secret_key).

Panics:

A panic will occur if:

  • More than 2*(2^64-1) bytes of data are hashed.

Security:

  • The secret key should always be generated using a CSPRNG. SecretKey::generate() can be used for this. It generates a secret key of 64 bytes.
  • The minimum recommended size for a secret key is 32 bytes.
  • When using Blake2b with a secret key, then the output can be used as a MAC. If this is the intention, avoid using as_ref() to compare such MACs and use instead verify(), which will compare the MAC in constant time.
  • The recommended minimum output size is 32.

Example:

use orion::hazardous::hash::blake2b;

// Using the streaming interface without a key.
let mut state = blake2b::init(None, 64)?;
state.update(b"Some data")?;
let digest = state.finalize()?;

// Using the streaming interface with a key.
let secret_key = blake2b::SecretKey::generate();
let mut state_keyed = blake2b::init(Some(&secret_key), 64)?;
state_keyed.update(b"Some data")?;
let mac = state_keyed.finalize()?;
assert!(blake2b::verify(&mac, &secret_key, 64, b"Some data")?);

// Using the `Hasher` for convenience functions.
let digest = blake2b::Hasher::Blake2b512.digest(b"Some data")?;

Structs

Blake2b

BLAKE2b streaming state.

Digest

A type to represent the Digest that BLAKE2b returns.

SecretKey

A type to represent the secret key that BLAKE2b uses for keyed mode.

Enums

Hasher

Convenience functions for common BLAKE2b operations.

Functions

init

Initialize a Blake2b struct with a given size and an optional key.

verify

Verify a Blake2b Digest in constant time.