mac Algorithm
The Message Authentication Code (MAC) algorithm is a cryptographic technique that provides data integrity and authentication, ensuring that the message received has not been tampered with or altered during transmission. MACs are commonly used in secure communication protocols to verify the authenticity and integrity of data exchanged between two parties. They are generated using a symmetric key shared between the sender and receiver, and the MAC value is typically appended to the message before transmission. Upon receiving the message, the receiver computes the MAC using the same shared key and compares it with the received MAC. If the computed and received MACs match, the message is considered authentic and unaltered.
The MAC algorithm operates on the principle of combining the shared secret key with the message data through a cryptographic hash function or a symmetric encryption algorithm. Some popular MAC algorithms include HMAC (Hash-based Message Authentication Code), which uses a cryptographic hash function such as SHA-256 or MD5, and CMAC (Cipher-based Message Authentication Code), which uses a symmetric cipher like AES. The choice of the underlying cryptographic function determines the security and performance of the MAC algorithm. HMAC is widely used due to its strong security guarantees and compatibility with various hash functions, while CMAC offers better performance in hardware implementations. In either case, the security of the MAC algorithm relies on the secrecy of the shared key and the strength of the underlying cryptographic primitives.
// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
// http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your
// option. This file may not be copied, modified, or distributed
// except according to those terms.
/*!
* The mac module defines the Message Authentication Code (Mac) trait.
*/
use util::fixed_time_eq;
/**
* The Mac trait defines methods for a Message Authentication function.
*/
pub trait Mac {
/**
* Process input data.
*
* # Arguments
* * data - The input data to process.
*
*/
fn input(&mut self, data: &[u8]);
/**
* Reset the Mac state to begin processing another input stream.
*/
fn reset(&mut self);
/**
* Obtain the result of a Mac computation as a MacResult.
*/
fn result(&mut self) -> MacResult;
/**
* Obtain the result of a Mac computation as [u8]. This method should be used very carefully
* since incorrect use of the Mac code could result in permitting a timing attack which defeats
* the security provided by a Mac function.
*/
fn raw_result(&mut self, output: &mut [u8]);
/**
* Get the size of the Mac code, in bytes.
*/
fn output_bytes(&self) -> usize;
}
/**
* A MacResult wraps a Mac code and provides a safe Eq implementation that runs in fixed time.
*/
pub struct MacResult {
code: Vec<u8>
}
impl MacResult {
/**
* Create a new MacResult.
*/
pub fn new(code: &[u8]) -> MacResult {
MacResult {
code: code.to_vec()
}
}
/**
* Create a new MacResult taking ownership of the specified code value.
*/
pub fn new_from_owned(code: Vec<u8>) -> MacResult {
MacResult {
code: code
}
}
/**
* Get the code value. Be very careful using this method, since incorrect use of the code value
* may permit timing attacks which defeat the security provided by the Mac function.
*/
pub fn code<'s>(&'s self) -> &'s [u8] {
&self.code[..]
}
}
impl PartialEq for MacResult {
fn eq(&self, x: &MacResult) -> bool {
let lhs = self.code();
let rhs = x.code();
fixed_time_eq(lhs, rhs)
}
}
impl Eq for MacResult { }
