From 93205f942a1b82b307d39eceb7973ea9476feae6 Mon Sep 17 00:00:00 2001 From: Dietmar Maurer Date: Fri, 2 Aug 2019 08:55:37 +0200 Subject: [PATCH] src/backup/crypt_config.rs: new compute_auth_tag helper --- src/backup/crypt_config.rs | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/backup/crypt_config.rs b/src/backup/crypt_config.rs index a87d74dc..bd754b66 100644 --- a/src/backup/crypt_config.rs +++ b/src/backup/crypt_config.rs @@ -62,6 +62,19 @@ impl CryptConfig { digest } + /// Compute authentication tag (hmac/sha256) + /// + /// Computes an SHA256 HMAC using some secret data (derived + /// from the secret key) and the provided data. + pub fn compute_auth_tag(&self, data: &[u8]) -> [u8; 32] { + let key = openssl::pkey::PKey::hmac(&self.id_key).unwrap(); + let mut signer = openssl::sign::Signer::new(MessageDigest::sha256(), &key).unwrap(); + signer.update(data).unwrap(); + let mut tag = [0u8; 32]; + signer.sign(&mut tag).unwrap(); + tag + } + /// Encrypt data using a random 16 byte IV. /// /// Writes encrypted data to ``output``, Return the used IV and computed MAC.