Struct AuthenticatedData

Source

pub struct AuthenticatedData<const W: usize = { options::DEFAULT_GRID_WIDTH }, const H: usize = { options::DEFAULT_GRID_HEIGHT }> {
    pub mac: [u8; 32],
    pub encrypted_data: EncryptedData<W, H>,
}

Expand description

Authenticated encryption data containing both MAC tag and encrypted data.

This structure represents the output of the authentication process, combining a 32-byte HMAC-SHA256 tag with the original EncryptedData.

§Layout

When serialized to bytes, the format is:

[32-byte HMAC-SHA256 tag][serialized encrypted grids]

§Fields

mac: The 32-byte HMAC-SHA256 authentication tag.
encrypted_data: The original EncryptedData containing encrypted grids, nonce, and key.

§Notes

The MAC is computed over the serialized grids (nonce + ciphertext).
The nonce is included in the authenticated data to ensure freshness.
This structure preserves the original grid structure for easy decryption.

Fields§

§mac: [u8; 32]§encrypted_data: EncryptedData<W, H>

Implementations§

Source §

impl<const W: usize, const H: usize> AuthenticatedData<W, H>

Source

pub fn authenticate( encrypted_data: EncryptedData<W, H>, mac_key: &[u8; 32], ) -> Self

Computes HMAC-SHA256 authentication tag for encrypted data.

This function serializes the encrypted grids into big-endian bytes, computes an HMAC-SHA256 tag using the provided MAC key, and returns an AuthenticatedData structure containing both the tag and the original EncryptedData.

§Algorithm

The authentication process follows these steps:

Serialization: Convert encrypted grids to bytes: $ C = \text{nonce} \mathbin| G_0 \mathbin| G_1 \mathbin| \cdots \mathbin| G_n $ where each grid cell is encoded as big-endian i64.
MAC Computation: Calculate HMAC-SHA256: $ \text{tag} = \text{HMAC-SHA256}(K_{\text{mac}}, C) $
Package Construction: Return structure with tag and original data: $ \text{output} = (\text{tag}, \text{EncryptedData}) $

§Parameters

encrypted_data: The EncryptedData structure containing:
- output: Vector of encrypted Grids
- nonce: The CTR mode initialization vector
- key: The encryption key (not used in MAC computation)
mac_key: A 32-byte key for HMAC-SHA256 computation.

§Returns

An AuthenticatedData structure containing:

mac: The 32-byte HMAC-SHA256 tag
encrypted_data: The original EncryptedData

§Security Notes

The MAC key must be derived independently from the encryption key.
The nonce is included in the authenticated data to prevent replay attacks.
Use HKDF or similar KDF to derive separate encryption and MAC keys.

Source

pub fn verify(&self, mac_key: &[u8; 32]) -> bool

Verifies the integrity and authenticity of the encrypted data.

This function re-computes the HMAC-SHA256 tag over the stored encrypted grids and compares it with the attached authentication tag (self.mac).

§Algorithm

The verification process mirrors the authentication steps to ensure consistency:

Re-serialization: The internal nonce and ciphertext grids are serialized into bytes using the exact same order as during authentication (Big-Endian).
MAC Re-computation: Calculate the expected tag using the provided key: $$ T’ = \text{HMAC-SHA256}(K_{\text{mac}}, C) $$
Constant-Time Comparison: Compare the calculated tag with the stored self.mac: $$ \text{valid} \iff T’ \stackrel{?}{=} T $$

where $T$ is the stored tag and $T’$ is the recomputed tag.

§Parameters

mac_key: The 32-byte key used for HMAC-SHA256 computation. Must be the same key used to generate the authentication tag.

§Returns

true: If the computed tag matches self.mac (data is authentic).
false: If the tags do not match (integrity check failed).

§Security Notes

This function uses constant-time comparison (verify_slice) to prevent timing side-channel attacks.
If this function returns false, the encrypted_data MUST be discarded and NOT treated as valid ciphertext.

Trait Implementations§

Source §

impl<const W: usize, const H: usize> From<AuthenticatedData<W, H>> for Vec<u8>

Source §

fn from(data: AuthenticatedData<W, H>) -> Self

Converts to this type from the input type.

Source §

impl<const W: usize, const H: usize> TryFrom<&[u8]> for AuthenticatedData<W, H>

Source §

type Error = GridError

The type returned in the event of a conversion error.

Source §

fn try_from(bytes: &[u8]) -> Result<Self, Self::Error>

Performs the conversion.

Source §

impl<const W: usize, const H: usize> Zeroize for AuthenticatedData<W, H>

Source §

fn zeroize(&mut self)

Zero out this object from memory using Rust intrinsics which ensure the zeroization operation is not “optimized away” by the compiler.

Auto Trait Implementations§

§

impl<const W: usize, const H: usize> UnwindSafe for AuthenticatedData<W, H>

Blanket Implementations§

Source §

impl<T> Any for T
where T: 'static + ?Sized,

Source §

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

Source §

impl<T> Borrow<T> for T
where T: ?Sized,

Source §

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

Source §

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source §

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

Source §

impl<T> From<T> for T

Source §

fn from(t: T) -> T

Returns the argument unchanged.

Source §

impl<T, U> Into for T
where U: From<T>,

Source §

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source §

impl<T> IntoEither for T

Source §

fn into_either(self, into_left: bool) -> Either<Self, Self>

Converts self into a Left variant of Either<Self, Self> if into_left is true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more

Source §

fn into_either_with<F>(self, into_left: F) -> Either<Self, Self>
where F: FnOnce(&Self) -> bool,

Converts self into a Left variant of Either<Self, Self> if into_left(&self) returns true. Converts self into a Right variant of Either<Self, Self> otherwise. Read more

Source §