Struct Blake3Xof

pub struct Blake3Xof { /* private fields */ }

BLAKE3 extendable output function

This struct implements the BLAKE3 algorithm as an XOF, capable of producing outputs of arbitrary length. It maintains the internal state required for incremental hashing and supports all three BLAKE3 modes of operation.

Internal Structure

The implementation uses:

• A chunk state for processing input data in 1024-byte chunks
• A stack of chaining values for the tree structure
• Secure key storage using SecretBuffer
• Flags to indicate the current mode of operation

Security

All sensitive data (keys and intermediate values) are:

• Stored in secure memory containers
• Properly zeroized on drop
• Protected against timing attacks

Thread Safety

Blake3Xof is not thread-safe for concurrent access. Each thread should use its own instance.

Implementations

impl Blake3Xof

pub fn generate(data: &[u8], len: usize) -> Result<Vec<u8>>

Utility function for digest generation

This is a convenience function that creates a BLAKE3 XOF instance, processes the input data, and returns the requested number of output bytes.

Arguments

• data - The input data to hash
• len - The desired output length in bytes

Returns

A vector containing len bytes of output, or an error if the length is invalid.

Example

let hash = Blake3Xof::generate(b"hello world", 32)?;
assert_eq!(hash.len(), 32);

Trait Implementations

impl Clone for Blake3Xof

fn clone(&self) -> Blake3Xof

Returns a duplicate of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl DeriveKeyXof for Blake3Xof

fn for_derive_key(context: &[u8]) -> Result<Self>

Creates a new BLAKE3 XOF instance in key derivation mode.

This mode is designed for deriving keys from input key material. It first hashes the context string to create a context-specific key, then uses that key to process the actual key material.

Arguments

• context - A context string that domain-separates different uses

Security Note

The context string should be unique for each application to ensure that keys derived for one purpose cannot be used for another.

fn derive_key(context: &[u8], data: &[u8], len: usize) -> Result<Vec<u8>>

where Self: Sized,

Derives key material in a single call

impl Drop for Blake3Xof

fn drop(&mut self)

Executes the destructor for this type.

impl ExtendableOutputFunction for Blake3Xof

fn new() -> Self

Creates a new BLAKE3 XOF instance in standard hashing mode.

The instance is initialized with the standard BLAKE3 IV and is ready to accept input data via the update method.

fn update(&mut self, input: &[u8]) -> Result<()>

Updates the XOF state with new data

fn finalize(&mut self) -> Result<()>

Finalizes the XOF state for output

fn squeeze(&mut self, output: &mut [u8]) -> Result<()>

Squeezes output bytes into the provided buffer

fn squeeze_into_vec(&mut self, len: usize) -> Result<Vec<u8>>

Squeezes the specified number of output bytes into a new vector

fn reset(&mut self) -> Result<()>

Resets the XOF state

fn security_level() -> usize

Returns the security level in bits

fn generate(data: &[u8], len: usize) -> Result<Vec<u8>>

where Self: Sized,

Convenience method to generate output in a single call

impl KeyedXof for Blake3Xof

fn with_key(key: &[u8]) -> Result<Self>

Creates a new BLAKE3 XOF instance in keyed hashing mode.

This mode uses a 256-bit key to create a MAC (Message Authentication Code). The key is mixed into the initial state, providing authentication.

Arguments

• key - A 32-byte (256-bit) key

Errors

Returns an error if the key length is not exactly 32 bytes.

fn keyed_generate(key: &[u8], data: &[u8], len: usize) -> Result<Vec<u8>>

where Self: Sized,

Generates keyed output in a single call

impl Zeroize for Blake3Xof

fn zeroize(&mut self)

Zero out this object from memory using Rust intrinsics which ensure the zeroization operation is not “optimized away” by the compiler.

impl ZeroizeOnDrop for Blake3Xof