nonce_auth::nonce

Enum NonceError

Source 
pub enum NonceError {
    DuplicateNonce,
    ExpiredNonce,
    InvalidSignature,
    TimestampOutOfWindow,
    DatabaseError(String),
    CryptoError(String),
}
Expand description

Error types that can occur during nonce authentication operations.

This enum represents all possible errors that can occur when using the nonce authentication library. Each variant corresponds to a specific failure mode in the authentication process.

§Error Categories

  • Authentication Errors: DuplicateNonce, ExpiredNonce, InvalidSignature, TimestampOutOfWindow
  • System Errors: DatabaseError, CryptoError

§Example

use nonce_auth::{NonceServer, NonceError, NonceClient};
use hmac::Mac;

let server = NonceServer::new(b"secret", None, None);
let client = NonceClient::new(b"secret");
let protection_data = client.create_protection_data(|mac, timestamp, nonce| {
    mac.update(timestamp.as_bytes());
    mac.update(nonce.as_bytes());
})?;

// Handle different error types
match server.verify_protection_data(&protection_data, None, |mac| {
    mac.update(protection_data.timestamp.to_string().as_bytes());
    mac.update(protection_data.nonce.as_bytes());
}).await {
    Ok(()) => println!("Request verified"),
    Err(NonceError::DuplicateNonce) => println!("Nonce already used"),
    Err(NonceError::InvalidSignature) => println!("Invalid signature"),
    Err(NonceError::TimestampOutOfWindow) => println!("Request too old"),
    Err(e) => println!("Other error: {e}"),
}

Variants§

§

DuplicateNonce

The nonce has already been used and cannot be reused.

This error occurs when a client attempts to use a nonce that has already been consumed by the server. This is the primary mechanism for preventing replay attacks.

§When This Occurs

  • A client sends the same signed request twice
  • A malicious actor attempts to replay a captured request
  • Network issues cause duplicate request delivery

§Resolution

The client should generate a new signed request with a fresh nonce.

§

ExpiredNonce

The nonce has expired and is no longer valid.

This error occurs when a nonce exists in the database but has exceeded its time-to-live (TTL) duration. Expired nonces are considered invalid and should be cleaned up.

§When This Occurs

  • A client uses a very old signed request
  • The server’s TTL is set too short for the use case
  • There are significant delays in request processing

§Resolution

The client should generate a new signed request with a fresh nonce.

§

InvalidSignature

The HMAC signature verification failed.

This error occurs when the provided signature doesn’t match the expected signature calculated by the server. This indicates either a tampered request or mismatched secrets.

§When This Occurs

  • Client and server are using different secret keys
  • The request has been tampered with in transit
  • There’s a bug in the signature generation/verification logic
  • The timestamp or nonce values have been modified

§Resolution

  • Verify that client and server use the same secret key
  • Check for request tampering or transmission errors
  • Ensure proper signature generation on the client side
§

TimestampOutOfWindow

The request timestamp is outside the allowed time window.

This error occurs when the timestamp in the signed request is either too old or too far in the future compared to the server’s current time, exceeding the configured time window.

§When This Occurs

  • Client and server clocks are significantly out of sync
  • Network delays cause old requests to arrive late
  • The time window is configured too strictly
  • A malicious actor attempts to use very old captured requests

§Resolution

  • Synchronize client and server clocks (e.g., using NTP)
  • Increase the time window if appropriate for your use case
  • Generate fresh requests closer to when they’ll be sent
§

DatabaseError(String)

A database operation failed.

This error occurs when there’s a problem with the underlying SQLite database operations, such as connection issues, disk space problems, or corruption.

§When This Occurs

  • Database file is corrupted or inaccessible
  • Insufficient disk space for database operations
  • Database is locked by another process
  • File permission issues

§Resolution

  • Check database file permissions and disk space
  • Verify database file integrity
  • Ensure proper database initialization
  • Check for competing database access
§

CryptoError(String)

A cryptographic operation failed.

This error occurs when there’s a problem with the HMAC signature generation or verification process, typically due to invalid key material or system-level crypto issues.

§When This Occurs

  • Invalid or corrupted secret key
  • System-level cryptographic library issues
  • Memory allocation failures during crypto operations

§Resolution

  • Verify the secret key is valid and properly formatted
  • Check system cryptographic library installation
  • Ensure sufficient system resources

Trait Implementations§

Source§

impl Debug for NonceError

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Display for NonceError

Source§

fn fmt(&self, __formatter: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Error for NonceError

1.30.0 · Source§

fn source(&self) -> Option<&(dyn Error + 'static)>

Returns the lower-level source of this error, if any. Read more
1.0.0 · Source§

fn description(&self) -> &str

👎Deprecated since 1.42.0: use the Display impl or to_string()
Read more
1.0.0 · Source§

fn cause(&self) -> Option<&dyn Error>

👎Deprecated since 1.33.0: replaced by Error::source, which can support downcasting
Source§

fn provide<'a>(&'a self, request: &mut Request<'a>)

🔬This is a nightly-only experimental API. (error_generic_member_access)
Provides type-based access to context intended for error reports. Read more
Source§

impl From<Error> for NonceError

Source§

fn from(err: Error) -> Self

Converts a rusqlite::Error into a NonceError.

This implementation provides automatic conversion from database errors to appropriate NonceError variants. It specifically handles UNIQUE constraint violations (which indicate duplicate nonces) and maps other database errors to DatabaseError.

§Conversion Rules
  • UNIQUE constraint failures → DuplicateNonce
  • All other database errors → DatabaseError

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToString for T
where T: Display + ?Sized,

Source§

fn to_string(&self) -> String

Converts the given value to a String. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.