[−][src]Module orion::auth

Message authentication.

Use case:

orion::auth can be used to ensure message integrity and authenticity by using a secret key.

An example of this could be securing APIs by having a user of a given API sign their API request and having the API server verify these signed API requests.

About:

Uses BLAKE2b-256 in keyed mode.

Parameters:

secret_key: Secret key used to authenticate data.
data: Data to be authenticated.
expected: The expected authentication Tag.

Errors:

An error will be returned if:

The calculated Tag does not match the expected.
The SecretKey supplied is less than 32 bytes or greater than 64 bytes.

Panics:

A panic will occur if:

More than 2*(2^64-1) bytes of data are authenticated.

Security:

The secret key should always be generated using a CSPRNG. SecretKey::default() can be used for this; it will generate a SecretKey of 32 bytes.
The required minimum length for a SecretKey is 32 bytes.

Example:

use orion::auth;

let key = auth::SecretKey::default();
let msg = "Some message.".as_bytes();

let expected_tag = auth::authenticate(&key, msg)?;
assert!(auth::authenticate_verify(&expected_tag, &key, &msg).is_ok());

Structs

SecretKey	A type to represent a secret key.
Tag	A type to represent the `Tag` output by BLAKE2b-256 in keyed mode.

Functions

authenticate	Authenticate a message using BLAKE2b-256 in keyed mode.
authenticate_verify	Authenticate and verify a message using BLAKE2b-256 in keyed mode.