rustls/crypto/
hmac.rs

1use alloc::boxed::Box;
2use core::mem;
3
4use zeroize::Zeroize;
5
6/// A concrete HMAC implementation, for a single cryptographic hash function.
7///
8/// You should have one object that implements this trait for HMAC-SHA256, another
9/// for HMAC-SHA384, etc.
10pub trait Hmac: Send + Sync {
11    /// Prepare to use `key` as a HMAC key.
12    fn with_key(&self, key: &[u8]) -> Box<dyn Key>;
13
14    /// Give the length of the underlying hash function.  In RFC2104 terminology this is `L`.
15    fn hash_output_len(&self) -> usize;
16
17    /// Return `true` if this is backed by a FIPS-approved implementation.
18    fn fips(&self) -> bool {
19        false
20    }
21}
22
23/// A secret HMAC tag, stored as a value.
24///
25/// The value is considered secret and sensitive, and is zeroized
26/// on drop.
27///
28/// This is suitable if the value is (for example) used as key
29/// material.
30#[derive(Clone)]
31pub struct Tag(PublicTag);
32
33impl Tag {
34    /// Build a tag by copying a byte slice.
35    ///
36    /// The slice can be up to [`Tag::MAX_LEN`] bytes in length.
37    pub fn new(bytes: &[u8]) -> Self {
38        Self(PublicTag::new(bytes))
39    }
40
41    /// Declare this tag is public.
42    ///
43    /// Uses of this function should explain why this tag is public.
44    pub(crate) fn into_public(self) -> PublicTag {
45        let public = self.0.clone();
46        mem::forget(self);
47        public
48    }
49
50    /// Maximum supported HMAC tag size: supports up to SHA512.
51    pub const MAX_LEN: usize = 64;
52}
53
54impl Drop for Tag {
55    fn drop(&mut self) {
56        self.0.buf.zeroize();
57    }
58}
59
60impl AsRef<[u8]> for Tag {
61    fn as_ref(&self) -> &[u8] {
62        self.0.as_ref()
63    }
64}
65
66/// A non-secret HMAC tag, stored as a value.
67///
68/// A value of this type is **not** zeroized on drop.
69///
70/// A tag is "public" if it is published on the wire, as opposed to
71/// being used as key material. For example, the `verify_data` field
72/// of TLS `Finished` messages are public (as they are published on
73/// the wire in TLS1.2, or sent encrypted under pre-authenticated
74/// secrets in TLS1.3).
75#[derive(Clone)]
76pub(crate) struct PublicTag {
77    buf: [u8; Tag::MAX_LEN],
78    used: usize,
79}
80
81impl PublicTag {
82    /// Build a tag by copying a byte slice.
83    ///
84    /// The slice can be up to [`Tag::MAX_LEN`] bytes in length.
85    pub(crate) fn new(bytes: &[u8]) -> Self {
86        let mut tag = Self {
87            buf: [0u8; Tag::MAX_LEN],
88            used: bytes.len(),
89        };
90        tag.buf[..bytes.len()].copy_from_slice(bytes);
91        tag
92    }
93}
94
95impl AsRef<[u8]> for PublicTag {
96    fn as_ref(&self) -> &[u8] {
97        &self.buf[..self.used]
98    }
99}
100
101/// A HMAC key that is ready for use.
102///
103/// The algorithm used is implicit in the `Hmac` object that produced the key.
104pub trait Key: Send + Sync {
105    /// Calculates a tag over `data` -- a slice of byte slices.
106    fn sign(&self, data: &[&[u8]]) -> Tag {
107        self.sign_concat(&[], data, &[])
108    }
109
110    /// Calculates a tag over the concatenation of `first`, the items in `middle`, and `last`.
111    fn sign_concat(&self, first: &[u8], middle: &[&[u8]], last: &[u8]) -> Tag;
112
113    /// Returns the length of the tag returned by a computation using
114    /// this key.
115    fn tag_len(&self) -> usize;
116}