Skip to main content

Module message_authenticator

Module message_authenticator 

Source
Expand description

Message authentication with HMAC-like construction and replay attack prevention.

Provides production-quality message signing and verification using pure-Rust crypto primitives (FNV-1a based HMAC, xorshift64 PRNG) without any external crypto crates.

§Design

  • MessageAuthenticator manages a keystore of named AuthKey entries.
  • Each key carries an AuthAlgorithm variant that controls how HMAC is computed.
  • A ReplayWindow tracks recently seen nonces to block replay attacks.
  • Policy flags (AuthPolicy) let callers enforce sequential nonces or key rotation.
  • All significant events (sign, verify, error) are recorded in an internal audit log drainable via drain_events().

§Collision notes (lib.rs re-export)

  • fnv1a_64 / xorshift64 are already exported under ntm_ / smx_ / etc. aliases. The helpers in this module are re-exported as mau_fnv1a_64 and mau_xorshift64 to avoid collisions.
  • No other types in this module collide with existing crate-root exports as of the time of writing (confirmed by grepping lib.rs for each name before creating this file).

Structs§

AuthKey
A named secret key used for signing and verifying messages.
AuthStats
Cumulative counters collected by MessageAuthenticator.
MessageAuthenticator
Production-quality message authenticator with:
ReplayWindow
Sliding window of recently observed nonces used to detect replay attacks.
SignedMessage
A payload together with its authentication tag and metadata.

Enums§

AuthAlgorithm
Authentication algorithm selection.
AuthError
All errors that can be returned by MessageAuthenticator.
AuthPolicy
Authentication enforcement policy.

Functions§

fnv1a_64
FNV-1a 64-bit hash over data.
hmac_fnv64
HMAC-FNV64 simplified construction.
xorshift64
Xorshift-64 PRNG.