MAC#

A Message Authentication Code (MAC) provides data integrity and authenticity of a message.

HMAC#

An HMAC is a specific construction of a MAC that involves a cryptographic hash function (see RFC 2104). Thus, an HMAC comes in multiple instantiations. HACL Packages supports the following ones:

  • HMAC-BLAKE2b,

  • HMAC-BLAKE2s,

  • HMAC-SHA-2-256,

  • HMAC-SHA-2-384,

  • HMAC-SHA-2-512, and

  • HMAC-SHA-1.

Keys must be chosen using a cryptographically strong pseudo-random generator and periodically refreshed. Note that the key can be of any length up to the specific block length of the used hash algorithm. This is also mentioned in the API reference below.

Available Implementations#

This implementation works on any CPU.

API Reference#

Example

// Note: HACL Packages will provide these in a later version.
#define HACL_MAC_HMAC_BLAKE2B_KEY_LEN_MAX 128
#define HACL_MAC_HMAC_BLAKE2S_KEY_LEN_MAX 64
#define HACL_MAC_HMAC_SHA2_256_KEY_LEN_MAX 64
#define HACL_MAC_HMAC_SHA2_384_KEY_LEN_MAX 128
#define HACL_MAC_HMAC_SHA2_512_KEY_LEN_MAX 128
#define HACL_MAC_HMAC_SHA1_KEY_LEN_MAX 64

#define HACL_MAC_HMAC_BLAKE2B_TAG_LEN 64
#define HACL_MAC_HMAC_BLAKE2S_TAG_LEN 32
#define HACL_MAC_HMAC_SHA2_256_TAG_LEN 32
#define HACL_MAC_HMAC_SHA2_384_TAG_LEN 48
#define HACL_MAC_HMAC_SHA2_512_TAG_LEN 64
#define HACL_MAC_HMAC_SHA1_TAG_LEN 20

const char* data = "Hello, World!";
uint32_t data_len = strlen(data);

uint8_t key[HACL_MAC_HMAC_SHA2_256_KEY_LEN_MAX];
// Note: This function is not from HACL*.
//       You need to bring your own random.
generate_sha2_256_hmac_key(key);

uint8_t dst[HACL_MAC_HMAC_SHA2_256_TAG_LEN];

Hacl_HMAC_compute_sha2_256(
  dst, key, HACL_MAC_HMAC_SHA2_256_KEY_LEN_MAX, (uint8_t*)data, data_len);

BLAKE2b#

void Hacl_HMAC_compute_blake2b_32(uint8_t *dst, uint8_t *key, uint32_t key_len, uint8_t *data, uint32_t data_len)#

Write the HMAC-BLAKE2b MAC of a message (data) by using a key (key) into dst.

The key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes. dst must point to 64 bytes of memory.

BLAKE2s#

void Hacl_HMAC_compute_blake2s_32(uint8_t *dst, uint8_t *key, uint32_t key_len, uint8_t *data, uint32_t data_len)#

Write the HMAC-BLAKE2s MAC of a message (data) by using a key (key) into dst.

The key can be any length and will be hashed if it is longer and padded if it is shorter than 64 bytes. dst must point to 32 bytes of memory.

SHA-2#

void Hacl_HMAC_compute_sha2_256(uint8_t *dst, uint8_t *key, uint32_t key_len, uint8_t *data, uint32_t data_len)#

Write the HMAC-SHA-2-256 MAC of a message (data) by using a key (key) into dst.

The key can be any length and will be hashed if it is longer and padded if it is shorter than 64 bytes. dst must point to 32 bytes of memory.

void Hacl_HMAC_compute_sha2_384(uint8_t *dst, uint8_t *key, uint32_t key_len, uint8_t *data, uint32_t data_len)#

Write the HMAC-SHA-2-384 MAC of a message (data) by using a key (key) into dst.

The key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes. dst must point to 48 bytes of memory.

void Hacl_HMAC_compute_sha2_512(uint8_t *dst, uint8_t *key, uint32_t key_len, uint8_t *data, uint32_t data_len)#

Write the HMAC-SHA-2-512 MAC of a message (data) by using a key (key) into dst.

The key can be any length and will be hashed if it is longer and padded if it is shorter than 128 bytes. dst must point to 64 bytes of memory.

SHA-1#

Warning

doxygenfunction: Cannot find function “Hacl_HMAC_legacy_compute_sha1” in doxygen xml output for project “HACL Packages” from directory: ../../build/doxygen/xml/