Skip to main content

Module mac

Module mac 

Source
Expand description

Message authentication codes (HMAC).

A thin, one-shot wrapper over the audited hmac RustCrypto crate. It exposes no new or novel cryptography — it makes the keyed-MAC primitive the rest of the Metamorphic stack needs available as public API.

§Why this exists

The IETF KEYTRANS protocol (draft-ietf-keytrans-protocol) specifies that commitments in its standard cipher suites are computed as HMAC(Kc, CommitmentValue) using the suite hash (SHA-256 for both currently defined suites). metamorphic-log owns the KEYTRANS-specific framing (the fixed key Kc and the CommitmentValue TLS encoding); this module supplies only the generic HMAC-SHA256 primitive, keeping metamorphic-crypto the single source of truth for cryptographic primitives.

§Security note

HMAC’s security rests on the key being secret when used as an authenticator. In the KEYTRANS commitment construction the “key” is a fixed, public per-suite constant and hiding comes from the random opening inside the message — HMAC is used there as a committing PRF, not as an authenticator. This primitive is generic; callers are responsible for using it in a construction whose security properties they understand.

Constants§

HMAC_SHA256_LEN
HMAC-SHA256 output length, in bytes (a SHA-256 digest).

Functions§

hmac_sha256
Compute HMAC-SHA256(key, msg), returning 32 bytes (RFC 2104 + FIPS 198-1).