Expand description
Message authentication with HMAC-like construction and replay attack prevention.
Provides production-quality message signing and verification using pure-Rust crypto primitives (FNV-1a based HMAC, xorshift64 PRNG) without any external crypto crates.
§Design
MessageAuthenticatormanages a keystore of namedAuthKeyentries.- Each key carries an
AuthAlgorithmvariant that controls how HMAC is computed. - A
ReplayWindowtracks recently seen nonces to block replay attacks. - Policy flags (
AuthPolicy) let callers enforce sequential nonces or key rotation. - All significant events (sign, verify, error) are recorded in an internal audit log
drainable via
drain_events().
§Collision notes (lib.rs re-export)
fnv1a_64/xorshift64are already exported underntm_/smx_/ etc. aliases. The helpers in this module are re-exported asmau_fnv1a_64andmau_xorshift64to avoid collisions.- No other types in this module collide with existing crate-root exports as of the time of writing (confirmed by grepping lib.rs for each name before creating this file).
Structs§
- AuthKey
- A named secret key used for signing and verifying messages.
- Auth
Stats - Cumulative counters collected by
MessageAuthenticator. - Message
Authenticator - Production-quality message authenticator with:
- Replay
Window - Sliding window of recently observed nonces used to detect replay attacks.
- Signed
Message - A payload together with its authentication tag and metadata.
Enums§
- Auth
Algorithm - Authentication algorithm selection.
- Auth
Error - All errors that can be returned by
MessageAuthenticator. - Auth
Policy - Authentication enforcement policy.
Functions§
- fnv1a_
64 - FNV-1a 64-bit hash over
data. - hmac_
fnv64 - HMAC-FNV64 simplified construction.
- xorshift64
- Xorshift-64 PRNG.