pub struct AuthKey { /* private fields */ }Expand description
A 256-bit authentication key.
Sensitive material. Derives ZeroizeOnDrop which provides secure
memory cleanup with compiler-resistant zeroization. The Copy derive was
removed (br-asupersync-4pegj0) so a key cannot be silently bit-copied past
the destructor; callers that need a logical duplicate must call .clone()
explicitly, which preserves the zeroize-on-drop contract for both copies.
Implementations§
Source§impl AuthKey
impl AuthKey
Sourcepub fn from_seed(seed: u64) -> Self
pub fn from_seed(seed: u64) -> Self
Creates a new key from a 64-bit seed.
This uses domain-separated SHA-256 to deterministically expand the seed
into 32 bytes without depending on DetRng’s zero-seed normalization.
SECURITY: Now enforces entropy validation to prevent weak seed attacks. Even with SHA-256 expansion, pathological seeds could theoretically produce low-entropy output. Validation prevents signature forgery via weak seeds.
Sourcepub fn from_rng(rng: &mut DetRng) -> Self
pub fn from_rng(rng: &mut DetRng) -> Self
Creates a new key from a deterministic RNG.
SECURITY: Now enforces entropy validation to prevent weak RNG attacks. A compromised or misconfigured RNG could produce predictable output that enables signature forgery. Validation provides defense-in-depth.
Sourcepub fn from_bytes(bytes: [u8; 32]) -> Result<Self, AuthKeyError>
pub fn from_bytes(bytes: [u8; 32]) -> Result<Self, AuthKeyError>
Creates a new key from raw bytes WITH ENTROPY VALIDATION.
br-asupersync-q3terg: rejects pathologically-low-entropy inputs
(all-zero, all-0xFF, single-distinct-byte patterns, low-Hamming-
weight extremes). HMAC-SHA256 security depends on the key
having sufficient entropy; a key with zero entropy produces
deterministic and predictable HMAC outputs — an attacker who
learns of such a weak key (via leaked default, misconfig, or
because the prior from_bytes(bytes) accepted any 32-byte
buffer) can forge authentication tags for any symbol.
Validation rules (any failure rejects with AuthKeyError):
bytesmust contain at leastMIN_DISTINCT_BYTES(16) distinct byte values out of 32. Strengthened from previous dangerously-low threshold of 8.- The Hamming weight (count of 1-bits across all 256 bits)
must lie in
[MIN_HAMMING_WEIGHT, MAX_HAMMING_WEIGHT](64, 192). Represents 25%-75% bit density, preventing entropy-starved keys. Previous thresholds (8, 248) were cryptographically dangerous. - No byte value may appear more than
MAX_BYTE_FREQUENCY(4) times. Prevents concentration attacks and predictable patterns like repeating sequences.
For known-strong byte sources (e.g. HMAC outputs in the
macaroon caveat chain — by construction uniformly random),
use Self::from_hmac_derived for HMAC-derived sources.
That constructor is pub(crate) to prevent external code from
accidentally importing the bypass path.
Sourcepub fn derive_subkey(&self, purpose: &[u8]) -> Self
pub fn derive_subkey(&self, purpose: &[u8]) -> Self
Derives a subkey for a specific purpose using HMAC-SHA256.
Construction: derived = HMAC-SHA256(self, purpose).
Sourcepub fn derive_with_salt(&self, salt: &[u8], context: &[u8]) -> Self
pub fn derive_with_salt(&self, salt: &[u8], context: &[u8]) -> Self
Derives a key using strengthened HMAC-SHA256 with salt and context.
This performs a two-step derivation that’s cryptographically stronger than simple HMAC derivation:
- Extract: PRK = HMAC-SHA256(salt, self)
- Expand: derived_key = HMAC-SHA256(PRK, context)
This provides domain separation and salt-based security enhancement.
Sourcepub fn from_hmac_derived(bytes: [u8; 32]) -> Result<Self, AuthKeyError>
pub fn from_hmac_derived(bytes: [u8; 32]) -> Result<Self, AuthKeyError>
Creates a key from HMAC-derived bytes with validation.
This method is specifically designed for use with HMAC outputs, which are cryptographically strong by construction, but still validates the bytes to prevent attacks from weak or manipulated HMAC chains.
Use this instead of from_bytes_unchecked for HMAC-derived
keys to maintain security while avoiding false positive
entropy rejection.
Sourcepub fn from_hkdf(ikm: &[u8], salt: Option<&[u8]>, info: &[u8]) -> Self
pub fn from_hkdf(ikm: &[u8], salt: Option<&[u8]>, info: &[u8]) -> Self
Creates a key using HKDF (HMAC-based Key Derivation Function).
Performs the HKDF Extract-and-Expand process with the given input key material, optional salt, and context information to derive a cryptographically strong key.
This is the recommended way to derive keys from potentially weak input material as HKDF provides security against entropy distribution issues.
§Parameters
ikm- Input Key Material (the source entropy)salt- Optional salt value for the extract phaseinfo- Context information for the expand phase
§Security
The resulting key is guaranteed to pass entropy validation as HKDF produces uniformly distributed output by design.
Trait Implementations§
impl Eq for AuthKey
impl StructuralPartialEq for AuthKey
Auto Trait Implementations§
impl Freeze for AuthKey
impl RefUnwindSafe for AuthKey
impl Send for AuthKey
impl Sync for AuthKey
impl Unpin for AuthKey
impl UnsafeUnpin for AuthKey
impl UnwindSafe for AuthKey
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
impl<ST, DT> CastableFrom<ST, Initialized, Initialized> for DT
impl<ST, DT> CastableFrom<ST, Uninit, Uninit> for DT
Source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
Source§impl<Q, K> Equivalent<K> for Q
impl<Q, K> Equivalent<K> for Q
Source§fn equivalent(&self, key: &K) -> bool
fn equivalent(&self, key: &K) -> bool
key and return true if they are equal.Source§impl<T> Instrument for T
impl<T> Instrument for T
Source§fn instrument(self, _span: NoopSpan) -> Self
fn instrument(self, _span: NoopSpan) -> Self
Source§fn in_current_span(self) -> Self
fn in_current_span(self) -> Self
Source§impl<T> IntoEither for T
impl<T> IntoEither for T
Source§fn into_either(self, into_left: bool) -> Either<Self, Self> ⓘ
fn into_either(self, into_left: bool) -> Either<Self, Self> ⓘ
self into a Left variant of Either<Self, Self>
if into_left is true.
Converts self into a Right variant of Either<Self, Self>
otherwise. Read moreSource§fn into_either_with<F>(self, into_left: F) -> Either<Self, Self> ⓘ
fn into_either_with<F>(self, into_left: F) -> Either<Self, Self> ⓘ
self into a Left variant of Either<Self, Self>
if into_left(&self) returns true.
Converts self into a Right variant of Either<Self, Self>
otherwise. Read more