Unless I'm missing something obvious, it looks like the open-source implementation of HashedAuthenticationCode
has no public initializers, meaning that trying to generate an authentication code and storing it somewhere for later verification requires creating a dummy value and then overwriting the underlying memory.
For instance, this is the only way I could figure to add Decodable
conformance:
extension HashedAuthenticationCode: Decodable {
public init(from decoder: Decoder) throws {
let container = try decoder.singleValueContainer()
// This at least needs checks for data length before copying below
let data = try container.decode(Data.self)
let newSelf = HMAC<H>.authenticationCode(for: [], using: .init(data: []))
newSelf.withUnsafeBytes { bufferPointer in
let mutableBufferPointer = UnsafeMutableRawBufferPointer(mutating: bufferPointer)
data.copyBytes(to: mutableBufferPointer)
}
self = newSelf
}
}
Is there really no better way to decode a stored authentication tag to compare against a value being computed now?