Skip to main content

HmacSm3

gmcrypto_core::hmac

Struct HmacSm3 

Source 
pub struct HmacSm3 { /* private fields */ }
Expand description

Streaming HMAC-SM3 (v0.3 W5).

Construct with new(&key), feed message chunks via update, finalize with finalize (32-byte tag) or verify (constant- time compare against an expected tag).

Equivalent to hmac_sm3 for the same (key, message) byte sequence — chunking does not affect the output.

§Zeroization

The pre-computed outer keyed-state (SM3 after absorbing K' XOR opad) holds key-derived material. HmacSm3::finalize and HmacSm3::verify consume self and zeroize it before returning. If the caller drops the HmacSm3 without calling either method, the Drop impl wipes the state.

Implementations§

Source§

impl HmacSm3

Source

pub fn new(key: &[u8]) -> Self

Construct a new keyed HMAC-SM3 instance.

key may be any length; the standard RFC 2104 hash-first reduction applies for key.len() > 64. Both intermediate K' / K' XOR ipad / K' XOR opad buffers are zeroized after the inner/outer SM3 instances absorb them.

Source

pub fn update(&mut self, data: &[u8])

Absorb message bytes into the inner hash.

Source

pub fn finalize(self) -> [u8; 32]

Consume the instance and produce the 32-byte MAC tag.

The outer keyed-state and the inner final state are both dropped after consuming self; Sm3’s Drop impl is the one we rely on here. To be defensive against a future change where Sm3 is no longer ZeroizeOnDrop, both fields are explicitly wiped via clone-then-drop would be safer — but Sm3 does not currently implement Zeroize directly. The state is consumed by outer.finalize() which produces the public output and discards the rest.

Source

pub fn verify(self, expected: &[u8; 32]) -> bool

Constant-time verify a candidate tag against the finalized HMAC. Returns true on match.

Trait Implementations§

Source§

impl Mac for HmacSm3

Source§

type Output = [u8; 32]

The fixed-size MAC tag output.
Source§

fn new(key: &[u8]) -> Self

Construct a fresh MAC keyed with key.
Source§

fn update(&mut self, data: &[u8])

Absorb message bytes.
Source§

fn finalize(self) -> Self::Output

Consume the MAC instance and produce the final tag.
Source§

fn verify(self, expected: &Self::Output) -> bool

Verify a candidate tag against the computed one in constant-time. Returns true on match. Implementations MUST use a constant-time comparison primitive (e.g. subtle::ConstantTimeEq).

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.