pub struct CShake256 { /* private fields */ }Implementations§
Source§impl CShake256
impl CShake256
Sourcepub fn shake256() -> Self
pub fn shake256() -> Self
Creates a plain SHAKE256 instance with no domain separation.
Discouraged. Without a customization string, different uses of this
hash in the same application share an output space, making it trivial to
confuse outputs across contexts. Prefer digest with a
hardcoded, application-specific customization string instead.
Sourcepub fn digest(customization: &[u8]) -> Self
pub fn digest(customization: &[u8]) -> Self
Creates a domain-separated cSHAKE256 instance (N="", S=customization).
Use customization to distinguish independent hash uses within the same
application. When customization is empty the output is identical to SHAKE256.
Sourcepub fn hmac(key: &[u8], customization: &[u8]) -> Self
pub fn hmac(key: &[u8], customization: &[u8]) -> Self
Creates a KMAC256 instance (SP 800-185 §4).
Initialises cSHAKE256 with N="KMAC" and S=customization, then absorbs
bytepad(encode_string(key), 136). Subsequent update calls
feed the message X. Finalization automatically appends right_encode(L) where
L is the requested output length in bits.
Sourcepub fn kdf(key_material: &[u8], customization: &[u8]) -> Self
pub fn kdf(key_material: &[u8], customization: &[u8]) -> Self
Creates a KMAC256-based KDF instance (NIST SP 800-185 §4 / SP 800-108r1 §4.1).
KMAC256 is a NIST-approved KDF construction: its cSHAKE256 core provides
domain separation via N="KMAC", while the keyed sponge ensures that an
attacker who knows the output cannot recover the key or predict outputs
under a different key or customization string.
Usage pattern:
// Derive a 32-byte subkey, domain-separated by purpose.
let mut kdf = CShake256::kdf(master_key, b"myapp v1 enc key");
kdf.update(context_or_label); // optional: bind to additional context
let subkey: [u8; 32] = kdf.finalize_xof();key_material: the secret from which subkeys are derived.customization: a hardcoded, globally unique, application-specific string that domain-separates this derivation from all others.
Sourcepub fn update_read<R: Read>(&mut self, reader: &mut BufReader<R>) -> Result<()>
pub fn update_read<R: Read>(&mut self, reader: &mut BufReader<R>) -> Result<()>
Feeds the contents of reader into the absorb phase.
Sourcepub fn finalize(&mut self) -> [u8; 64]
pub fn finalize(&mut self) -> [u8; 64]
Returns DIGEST_LEN bytes of output.
Sourcepub fn finalize_xof<const N: usize>(&mut self) -> [u8; N]
pub fn finalize_xof<const N: usize>(&mut self) -> [u8; N]
Returns N bytes of output.
Sourcepub fn finalize_xof_into(&mut self, out: &mut [u8])
pub fn finalize_xof_into(&mut self, out: &mut [u8])
Fills out with output.
In KMAC mode (constructed via hmac), appends
right_encode(out.len() * 8) per SP 800-185 before squeezing.
Sourcepub fn finalize_reader(&mut self) -> Reader ⓘ
pub fn finalize_reader(&mut self) -> Reader ⓘ
Returns a streaming Reader that produces an unbounded XOF output.
Unlike finalize_xof_into, the output length does
not need to be known at call time: pull as many bytes as needed via repeated
Reader::read calls.
In KMAC mode, right_encode(0) is appended before squeezing (KMACXOF256
per SP 800-185 §4.3.1), which produces output distinct from
finalize_xof_into for any non-zero length.