Skip to main content

AuthKey

Struct AuthKey 

Source
pub struct AuthKey { /* private fields */ }
Expand description

A 256-bit authentication key.

Sensitive material. Derives ZeroizeOnDrop which provides secure memory cleanup with compiler-resistant zeroization. The Copy derive was removed (br-asupersync-4pegj0) so a key cannot be silently bit-copied past the destructor; callers that need a logical duplicate must call .clone() explicitly, which preserves the zeroize-on-drop contract for both copies.

Implementations§

Source§

impl AuthKey

Source

pub fn from_seed(seed: u64) -> Self

Creates a new key from a 64-bit seed.

This uses domain-separated SHA-256 to deterministically expand the seed into 32 bytes without depending on DetRng’s zero-seed normalization.

SECURITY: Now enforces entropy validation to prevent weak seed attacks. Even with SHA-256 expansion, pathological seeds could theoretically produce low-entropy output. Validation prevents signature forgery via weak seeds.

Source

pub fn from_rng(rng: &mut DetRng) -> Self

Creates a new key from a deterministic RNG.

SECURITY: Now enforces entropy validation to prevent weak RNG attacks. A compromised or misconfigured RNG could produce predictable output that enables signature forgery. Validation provides defense-in-depth.

Source

pub fn from_bytes(bytes: [u8; 32]) -> Result<Self, AuthKeyError>

Creates a new key from raw bytes WITH ENTROPY VALIDATION.

br-asupersync-q3terg: rejects pathologically-low-entropy inputs (all-zero, all-0xFF, single-distinct-byte patterns, low-Hamming- weight extremes). HMAC-SHA256 security depends on the key having sufficient entropy; a key with zero entropy produces deterministic and predictable HMAC outputs — an attacker who learns of such a weak key (via leaked default, misconfig, or because the prior from_bytes(bytes) accepted any 32-byte buffer) can forge authentication tags for any symbol.

Validation rules (any failure rejects with AuthKeyError):

  • bytes must contain at least MIN_DISTINCT_BYTES (16) distinct byte values out of 32. Strengthened from previous dangerously-low threshold of 8.
  • The Hamming weight (count of 1-bits across all 256 bits) must lie in [MIN_HAMMING_WEIGHT, MAX_HAMMING_WEIGHT] (64, 192). Represents 25%-75% bit density, preventing entropy-starved keys. Previous thresholds (8, 248) were cryptographically dangerous.
  • No byte value may appear more than MAX_BYTE_FREQUENCY (4) times. Prevents concentration attacks and predictable patterns like repeating sequences.

For known-strong byte sources (e.g. HMAC outputs in the macaroon caveat chain — by construction uniformly random), use Self::from_hmac_derived for HMAC-derived sources. That constructor is pub(crate) to prevent external code from accidentally importing the bypass path.

Source

pub const fn as_bytes(&self) -> &[u8; 32]

Returns the raw bytes of the key.

Source

pub fn derive_subkey(&self, purpose: &[u8]) -> Self

Derives a subkey for a specific purpose using HMAC-SHA256.

Construction: derived = HMAC-SHA256(self, purpose).

Source

pub fn derive_with_salt(&self, salt: &[u8], context: &[u8]) -> Self

Derives a key using strengthened HMAC-SHA256 with salt and context.

This performs a two-step derivation that’s cryptographically stronger than simple HMAC derivation:

  1. Extract: PRK = HMAC-SHA256(salt, self)
  2. Expand: derived_key = HMAC-SHA256(PRK, context)

This provides domain separation and salt-based security enhancement.

Source

pub fn from_hmac_derived(bytes: [u8; 32]) -> Result<Self, AuthKeyError>

Creates a key from HMAC-derived bytes with validation.

This method is specifically designed for use with HMAC outputs, which are cryptographically strong by construction, but still validates the bytes to prevent attacks from weak or manipulated HMAC chains.

Use this instead of from_bytes_unchecked for HMAC-derived keys to maintain security while avoiding false positive entropy rejection.

Source

pub fn from_hkdf(ikm: &[u8], salt: Option<&[u8]>, info: &[u8]) -> Self

Creates a key using HKDF (HMAC-based Key Derivation Function).

Performs the HKDF Extract-and-Expand process with the given input key material, optional salt, and context information to derive a cryptographically strong key.

This is the recommended way to derive keys from potentially weak input material as HKDF provides security against entropy distribution issues.

§Parameters
  • ikm - Input Key Material (the source entropy)
  • salt - Optional salt value for the extract phase
  • info - Context information for the expand phase
§Security

The resulting key is guaranteed to pass entropy validation as HKDF produces uniformly distributed output by design.

Trait Implementations§

Source§

impl Clone for AuthKey

Source§

fn clone(&self) -> AuthKey

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for AuthKey

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Drop for AuthKey

Source§

fn drop(&mut self)

Executes the destructor for this type. Read more
Source§

fn pin_drop(self: Pin<&mut Self>)

🔬This is a nightly-only experimental API. (pin_ergonomics)
Execute the destructor for this type, but different to Drop::drop, it requires self to be pinned. Read more
Source§

impl Eq for AuthKey

Source§

impl Hash for AuthKey

Source§

fn hash<__H: Hasher>(&self, state: &mut __H)

Feeds this value into the given Hasher. Read more
1.3.0 · Source§

fn hash_slice<H>(data: &[Self], state: &mut H)
where H: Hasher, Self: Sized,

Feeds a slice of this type into the given Hasher. Read more
Source§

impl PartialEq for AuthKey

Source§

fn eq(&self, other: &AuthKey) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 (const: unstable) · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl StructuralPartialEq for AuthKey

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<ST, DT> CastableFrom<ST, Initialized, Initialized> for DT
where ST: ?Sized, DT: ?Sized,

Source§

impl<ST, DT> CastableFrom<ST, Uninit, Uninit> for DT
where ST: ?Sized, DT: ?Sized,

Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<Q, K> Equivalent<K> for Q
where Q: Eq + ?Sized, K: Borrow<Q> + ?Sized,

Source§

fn equivalent(&self, key: &K) -> bool

Compare self to key and return true if they are equal.
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, _span: NoopSpan) -> Self

Instruments this future with a span (no-op when disabled).
Source§

fn in_current_span(self) -> Self

Instruments this future with the current span (no-op when disabled).
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> IntoEither for T

Source§

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more
Source§

impl<T> Pointable for T

Source§

const ALIGN: usize

The alignment of pointer.
Source§

type Init = T

The type for initializers.
Source§

unsafe fn init(init: <T as Pointable>::Init) -> usize

Initializes a with the given initializer. Read more
Source§

unsafe fn deref<'a>(ptr: usize) -> &'a T

Dereferences the given pointer. Read more
Source§

unsafe fn deref_mut<'a>(ptr: usize) -> &'a mut T

Mutably dereferences the given pointer. Read more
Source§

unsafe fn drop(ptr: usize)

Drops the object pointed to by the given pointer. Read more
Source§

impl<T> Read<Exclusive, BecauseExclusive> for T
where T: ?Sized,

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V