Available on crate features
mac-hmac or mac-blake3 only.Expand description
Message Authentication Codes (MAC).
A MAC is a small fixed-size tag computed over (key, data) such that
anyone holding the key can verify the tag is intact. Three algorithms
ship in 0.5.0:
| Algorithm | One-shot | Streaming | Tag | Feature |
|---|---|---|---|---|
| HMAC-SHA256 | hmac_sha256() | HmacSha256 | 32 B | mac-hmac |
| HMAC-SHA512 | hmac_sha512() | HmacSha512 | 64 B | mac-hmac |
| BLAKE3 keyed | blake3_keyed() | Blake3Mac | 32 B | mac-blake3 |
Every algorithm exposes three operations:
- Compute (
hmac_sha256,blake3_keyed, …): produces the tag. - Verify (
hmac_sha256_verify,blake3_keyed_verify, …): computes the tag for the supplied(key, data)and compares it against an expected tag in constant time. - Streaming (
HmacSha256,Blake3Mac, …): for inputs that arrive in chunks.
§Constant-time verification — non-negotiable
Comparing two tags with == leaks how many leading bytes matched via
timing. That leak is enough to forge tags one byte at a time. The
*_verify functions and the streaming hashers’ HmacSha256::verify
/ HmacSha512::verify / Blake3Mac::verify methods all use
upstream constant-time comparators (subtle::ConstantTimeEq via
the hmac and blake3 crates).
Never compare a computed tag to an expected tag with ==. Use
the verify paths in this module.
§Choosing a MAC
- HMAC-SHA256 — universal interop. JWT (HS256), TLS PRF, AWS request signing, anything that names HMAC-SHA256 in a spec.
- HMAC-SHA512 — same as above when the wider tag is required.
- BLAKE3 keyed — fastest of the three on modern hardware, typically 4–10× faster than HMAC-SHA256 at the same security level. Pick this when you control both sides of the wire.
§Example
use crypt_io::mac;
let key = b"shared secret";
let data = b"message to authenticate";
let tag = mac::hmac_sha256(key, data)?;
assert!(mac::hmac_sha256_verify(key, data, &tag)?);Structs§
- Blake3
Mac mac-blake3 - Streaming BLAKE3 keyed-mode MAC for inputs that don’t fit in memory.
- Hmac
Sha256 mac-hmac - Streaming HMAC-SHA256 for inputs that don’t fit in memory.
- Hmac
Sha512 mac-hmac - Streaming HMAC-SHA512. Same shape as
HmacSha256with a 64-byte tag.
Constants§
- BLAK
E3_ MAC_ KEY_ LEN mac-blake3 - Required key length for BLAKE3 keyed mode, in bytes. Equal to
32. - BLAK
E3_ MAC_ OUTPUT_ LEN mac-blake3 - Length of a BLAKE3 keyed-mode tag, in bytes. Equal to
32. - HMAC_
SHA256_ OUTPUT_ LEN mac-hmac - Length of an HMAC-SHA256 tag, in bytes. Equal to
32. - HMAC_
SHA512_ OUTPUT_ LEN mac-hmac - Length of an HMAC-SHA512 tag, in bytes. Equal to
64.
Functions§
- blake3_
keyed mac-blake3 - Compute a BLAKE3 keyed-mode tag over
dataunderkey. - blake3_
keyed_ verify mac-blake3 - Verify a BLAKE3 keyed-mode tag in constant time.
- hmac_
sha256 mac-hmac - Compute an HMAC-SHA256 tag over
dataunderkey. - hmac_
sha512 mac-hmac - Compute an HMAC-SHA512 tag over
dataunderkey. - hmac_
sha256_ verify mac-hmac - Verify an HMAC-SHA256 tag in constant time.
- hmac_
sha512_ verify mac-hmac - Verify an HMAC-SHA512 tag in constant time. See
hmac_sha256_verify.