Expand description
Message authentication codes (HMAC).
A thin, one-shot wrapper over the audited hmac RustCrypto crate. It
exposes no new or novel cryptography — it makes the keyed-MAC primitive the
rest of the Metamorphic stack needs available as public API.
§Why this exists
The IETF KEYTRANS protocol (draft-ietf-keytrans-protocol) specifies that
commitments in its standard cipher suites are computed as
HMAC(Kc, CommitmentValue) using the suite hash (SHA-256 for both currently
defined suites). metamorphic-log owns the KEYTRANS-specific framing (the
fixed key Kc and the CommitmentValue TLS encoding); this module supplies
only the generic HMAC-SHA256 primitive, keeping metamorphic-crypto the
single source of truth for cryptographic primitives.
§Security note
HMAC’s security rests on the key being secret when used as an
authenticator. In the KEYTRANS commitment construction the “key” is a
fixed, public per-suite constant and hiding comes from the random
opening inside the message — HMAC is used there as a committing PRF, not as
an authenticator. This primitive is generic; callers are responsible for
using it in a construction whose security properties they understand.
Constants§
- HMAC_
SHA256_ LEN - HMAC-SHA256 output length, in bytes (a SHA-256 digest).
Functions§
- hmac_
sha256 - Compute
HMAC-SHA256(key, msg), returning 32 bytes (RFC 2104 + FIPS 198-1).