Skip to main content

rustls/crypto/
hmac.rs

1use alloc::boxed::Box;
2use core::mem;
3
4use pki_types::FipsStatus;
5use zeroize::Zeroize;
6
7/// A concrete HMAC implementation, for a single cryptographic hash function.
8///
9/// You should have one object that implements this trait for HMAC-SHA256, another
10/// for HMAC-SHA384, etc.
11pub trait Hmac: Send + Sync {
12    /// Prepare to use `key` as a HMAC key.
13    fn with_key(&self, key: &[u8]) -> Box<dyn Key>;
14
15    /// Give the length of the underlying hash function.  In RFC2104 terminology this is `L`.
16    fn hash_output_len(&self) -> usize;
17
18    /// Return the FIPS validation status of this implementation.
19    fn fips(&self) -> FipsStatus {
20        FipsStatus::Unvalidated
21    }
22}
23
24/// A secret HMAC tag, stored as a value.
25///
26/// The value is considered secret and sensitive, and is zeroized
27/// on drop.
28///
29/// This is suitable if the value is (for example) used as key
30/// material.
31#[derive(Clone)]
32pub struct Tag(PublicTag);
33
34impl Tag {
35    /// Build a tag by copying a byte slice.
36    ///
37    /// The slice can be up to [`Tag::MAX_LEN`] bytes in length.
38    pub fn new(bytes: &[u8]) -> Self {
39        Self(PublicTag::new(bytes))
40    }
41
42    /// Declare this tag is public.
43    ///
44    /// Uses of this function should explain why this tag is public.
45    pub(crate) fn into_public(self) -> PublicTag {
46        let public = self.0.clone();
47        mem::forget(self);
48        public
49    }
50
51    /// Maximum supported HMAC tag size: supports up to SHA512.
52    pub const MAX_LEN: usize = 64;
53}
54
55impl Drop for Tag {
56    fn drop(&mut self) {
57        self.0.buf.zeroize();
58    }
59}
60
61impl AsRef<[u8]> for Tag {
62    fn as_ref(&self) -> &[u8] {
63        self.0.as_ref()
64    }
65}
66
67/// A non-secret HMAC tag, stored as a value.
68///
69/// A value of this type is **not** zeroized on drop.
70///
71/// A tag is "public" if it is published on the wire, as opposed to
72/// being used as key material. For example, the `verify_data` field
73/// of TLS `Finished` messages are public (as they are published on
74/// the wire in TLS1.2, or sent encrypted under pre-authenticated
75/// secrets in TLS1.3).
76#[derive(Clone)]
77pub(crate) struct PublicTag {
78    buf: [u8; Tag::MAX_LEN],
79    used: usize,
80}
81
82impl PublicTag {
83    /// Build a tag by copying a byte slice.
84    ///
85    /// The slice can be up to [`Tag::MAX_LEN`] bytes in length.
86    pub(crate) fn new(bytes: &[u8]) -> Self {
87        let mut tag = Self {
88            buf: [0u8; Tag::MAX_LEN],
89            used: bytes.len(),
90        };
91        tag.buf[..bytes.len()].copy_from_slice(bytes);
92        tag
93    }
94}
95
96impl AsRef<[u8]> for PublicTag {
97    fn as_ref(&self) -> &[u8] {
98        &self.buf[..self.used]
99    }
100}
101
102/// A HMAC key that is ready for use.
103///
104/// The algorithm used is implicit in the `Hmac` object that produced the key.
105pub trait Key: Send + Sync {
106    /// Calculates a tag over `data` -- a slice of byte slices.
107    fn sign(&self, data: &[&[u8]]) -> Tag {
108        self.sign_concat(&[], data, &[])
109    }
110
111    /// Calculates a tag over the concatenation of `first`, the items in `middle`, and `last`.
112    fn sign_concat(&self, first: &[u8], middle: &[&[u8]], last: &[u8]) -> Tag;
113
114    /// Returns the length of the tag returned by a computation using
115    /// this key.
116    fn tag_len(&self) -> usize;
117}