Skip to main content

StreamingHashHmac

oxicrypto_mac::hmac_streaming_hash

Struct StreamingHashHmac

pub struct StreamingHashHmac<H, F>where
    H: StreamingHash,
    F: Fn() -> H + Send,
{ /* private fields */ }

Expand description

Generic HMAC over any StreamingHash implementation.

The type parameter H is the underlying hash; F is the factory that creates fresh instances of H. Both H and F must be Send to allow the MAC to cross thread boundaries.

§Construction

Use StreamingHashHmac::new to provide a key, block size, and hash factory. The resulting value implements one-shot StreamingHashHmac::mac_oneshot and incremental StreamingHashHmac::streaming_session.

§Example

use oxicrypto_hash::Sha256Streaming;
use oxicrypto_mac::hmac_streaming_hash::StreamingHashHmac;

let key = b"secret-key-for-hmac";
let msg = b"hello, world";
let mut tag = [0u8; 32];
let mut hmac = StreamingHashHmac::new(key, 64, || Sha256Streaming::new())?;
hmac.mac_oneshot(msg, &mut tag)?;

Implementations§

impl<H, F> StreamingHashHmac<H, F>
where H: StreamingHash, F: Fn() -> H + Send,

pub fn new( key: &[u8], block_size: usize, output_len: usize, factory: F, ) -> Result<Self, CryptoError>

Construct an HMAC instance with the given key, hash block_size, and output_len of the underlying H.

If key.len() > block_size the key is pre-hashed using a fresh hasher from factory.
The padded key is zero-extended to exactly block_size bytes.

§Errors

Returns CryptoError::BadInput when block_size or output_len is zero, or when key pre-hashing would write into a zero-length buffer.

pub fn mac_oneshot(&self, msg: &[u8], out: &mut [u8]) -> Result<(), CryptoError>

Compute a one-shot HMAC tag over msg, writing into out.

out.len() must be at least self.output_len().

§Errors

CryptoError::BufferTooSmall if out.len() < output_len.

pub fn output_len(&self) -> usize

The hash output length in bytes.

pub fn block_size(&self) -> usize

The hash block size in bytes.

pub fn verify(&self, msg: &[u8], expected: &[u8]) -> Result<(), CryptoError>

Constant-time verification: compute the HMAC and compare to expected.

Returns Ok(()) if they match, CryptoError::InvalidTag otherwise.

pub fn streaming_session(&self) -> StreamingHashHmacSession<H, F>
where F: Clone,

Create an incremental streaming HMAC session.

Returns a StreamingHashHmacSession that accepts data via update() and produces the final tag via finalize().

Auto Trait Implementations§

impl<H, F> Freeze for StreamingHashHmac<H, F>
where F: Freeze,

impl<H, F> RefUnwindSafe for StreamingHashHmac<H, F>
where F: RefUnwindSafe,

impl<H, F> Send for StreamingHashHmac<H, F>

impl<H, F> Sync for StreamingHashHmac<H, F>
where F: Sync,

impl<H, F> Unpin for StreamingHashHmac<H, F>
where F: Unpin,

impl<H, F> UnsafeUnpin for StreamingHashHmac<H, F>
where F: UnsafeUnpin,

impl<H, F> UnwindSafe for StreamingHashHmac<H, F>
where F: UnwindSafe,

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> MaybeDebug for T

impl<T> Same for T

type Output = T

Should always be Self

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.