Module dryoc::auth

source ·
Expand description

Secret-key message authentication

Auth implements libsodium’s secret-key authentication, based on HMAC-SHA512-256.

Use Auth to authenticate messages when:

  • you want to authenticate arbitrary messages
  • you have a pre-shared key between both parties
  • (optionally) you want to share the authentication tag publicly

Rustaceous API example, one-time interface

use dryoc::auth::*;
use dryoc::types::*;

// Generate a random key
let key = Key::gen();

// Compute the mac in one shot. Here we clone the key for the purpose of this
// example, but normally you would not do this as you never want to re-use a
// key.
let mac = Auth::compute_to_vec(key.clone(), b"Data to authenticate");

// Verify the mac
Auth::compute_and_verify(&mac, key, b"Data to authenticate").expect("verify failed");

Rustaceous API example, incremental interface

use dryoc::auth::*;
use dryoc::types::*;

// Generate a random key
let key = Key::gen();

// Initialize the MAC, clone the key (don't do this)
let mut mac = Auth::new(key.clone());
mac.update(b"Multi-part");
mac.update(b"data");
let mac = mac.finalize_to_vec();

// Verify it's correct, clone the key (don't do this)
let mut verify_mac = Auth::new(key.clone());
verify_mac.update(b"Multi-part");
verify_mac.update(b"data");
verify_mac.verify(&mac).expect("verify failed");

// Check that invalid data fails, consume the key
let mut verify_mac = Auth::new(key);
verify_mac.update(b"Multi-part");
verify_mac.update(b"bad data");
verify_mac
    .verify(&mac)
    .expect_err("verify should have failed");

Modules

Structs

  • secret-key authentication implementation based on Poly1305, compatible with libsodium’s crypto_Auth_* functions.

Type Aliases

  • Stack-allocated key for secret-key authentication.
  • Stack-allocated message authentication code for secret-key authentication.