nonce_auth

Struct ProtectionData

Source 
pub struct ProtectionData {
    pub timestamp: u64,
    pub nonce: String,
    pub signature: String,
}
Expand description

Authentication data for nonce-based request verification.

This structure contains the cryptographic authentication information that is embedded within or sent alongside application requests. It is specifically designed for nonce-based authentication and replay attack prevention, not as a complete request structure.

§Purpose

ProtectionData represents only the authentication portion of a request:

  • It does not contain application payload or business logic data
  • It focuses solely on cryptographic verification and replay prevention
  • It can be embedded in larger request structures or sent as headers

§Fields

  • timestamp: Unix timestamp (seconds since epoch) when the auth data was created
  • nonce: A unique identifier (typically UUID) that prevents request reuse
  • signature: HMAC-SHA256 signature that can include various data fields

§Serialization

This struct implements Serialize and Deserialize for easy JSON/binary serialization when sending authentication data over the network.

§Example

use nonce_auth::{NonceClient, ProtectionData};
use hmac::Mac;

let client = NonceClient::new(b"secret");
let protection_data: ProtectionData = client.create_protection_data(|mac, timestamp, nonce| {
    mac.update(timestamp.as_bytes());
    mac.update(nonce.as_bytes());
}).unwrap();

// Embed in a larger request structure
#[derive(serde::Serialize)]
struct ApiRequest {
    payload: String,
    auth: ProtectionData,
}

let request = ApiRequest {
    payload: "application data".to_string(),
    auth: protection_data,
};

§Security Notes

  • The timestamp prevents very old authentication attempts from being replayed
  • The nonce ensures each authentication attempt is unique and can only be used once
  • The signature proves the authentication data hasn’t been tampered with
  • The signature algorithm is flexible and can include additional request data

Fields§

§timestamp: u64

Unix timestamp (seconds since epoch) when this authentication data was created.

Used by the server to validate that the authentication attempt is within the acceptable time window and not too old.

§nonce: String

A unique nonce value, typically a UUID string.

This value must be unique and is used to prevent the same authentication data from being processed multiple times.

§signature: String

HMAC-SHA256 signature that can include various data fields.

The signature algorithm is flexible and can be customized to include timestamp, nonce, payload, HTTP method, path, or any other relevant data. This proves that the authentication data was created by someone who knows the shared secret and that the included data hasn’t been tampered with.

Trait Implementations§

Source§

impl Clone for ProtectionData

Source§

fn clone(&self) -> ProtectionData

Returns a copy of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for ProtectionData

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl<'de> Deserialize<'de> for ProtectionData

Source§

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more
Source§

impl Serialize for ProtectionData

Source§

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>
where __S: Serializer,

Serialize this value into the given Serde serializer. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,