Skip to main content

AuthCredential

arkhe_forge_core::user

Struct AuthCredential

pub struct AuthCredential {
    pub schema_version: u16,
    pub kind: AuthKind,
    pub kdf: KdfKind,
    pub salt: [u8; 16],
    pub credential_hash: [u8; 32],
    pub kdf_params: KdfParams,
    pub expires_tick: Option<Tick>,
    pub bound_tick: Tick,
}

Expand description

Stored authentication credential — at least one per User (invariant E-user-2). Secret material is a KDF output; no raw password is stored.

Fields§

§schema_version: u16

Wire-level schema version tag.

§kind: AuthKind

Channel family.

§kdf: KdfKind

Hash family. Argon2id is the runtime default.

§salt: [u8; 16]

Per-credential random salt (16 bytes).

§credential_hash: [u8; 32]

KDF output: kdf(password, salt, params).

§kdf_params: KdfParams

Cost parameters used for credential_hash.

§expires_tick: Option<Tick>

Optional rotation deadline (S8 anchor).

§bound_tick: Tick

Tick at which the credential was bound.

Implementations§

impl AuthCredential

pub const DEFAULT_KDF: KdfKind = KdfKind::Argon2id

Runtime default KDF — OWASP 2024 recommendation.

pub const MIN_ARGON2ID_M_COST: u32 = 19_456

Minimum Argon2id memory cost (19 MiB).

pub const MIN_ARGON2ID_T_COST: u32 = 2

Minimum Argon2id iteration count.

pub const MIN_ARGON2ID_P_COST: u32 = 1

Minimum Argon2id parallelism.

pub const MIN_SCRYPT_N_COST: u32

Minimum Scrypt cost N (power-of-two, ≥ 2^15).

pub const MIN_SCRYPT_R_COST: u32 = 8

Minimum Scrypt block-size r.

pub fn validate_kdf_params(kdf: KdfKind, p: &KdfParams) -> bool

L1-compute validator for KDF parameters — rejects weak settings.

Trait Implementations§

impl ArkheComponent for AuthCredential

const TYPE_CODE: u32 = 196610u32

Globally stable dispatch code within the runtime TypeCode registry.

const SCHEMA_VERSION: u16 = 1u16

Monotone schema version. Bump on field addition (#[serde(default)] paired); field removal / reorder forbidden.

fn type_code() -> TypeCode

TypeCode wrapper convenience.

fn approx_size(&self) -> usize

Approximate payload size for quota tracking. Default returns size_of::<Self>(); override for bytes::Bytes-carrying Components.

impl Clone for AuthCredential

fn clone(&self) -> AuthCredential

Returns a duplicate of the value. Read more

1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

impl Debug for AuthCredential

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

impl<'de> Deserialize<'de> for AuthCredential

fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer. Read more

impl PartialEq for AuthCredential

fn eq(&self, other: &AuthCredential) -> bool

Tests for self and other values to be equal, and is used by ==.

1.0.0 (const: unstable) · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for AuthCredential

fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
where S: Serializer,

Serialize this value into the given Serde serializer. Read more

impl Eq for AuthCredential

impl StructuralPartialEq for AuthCredential

Auto Trait Implementations§

impl Freeze for AuthCredential

impl RefUnwindSafe for AuthCredential

impl Send for AuthCredential

impl Sync for AuthCredential

impl Unpin for AuthCredential

impl UnsafeUnpin for AuthCredential

impl UnwindSafe for AuthCredential

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> CloneToUninit for T
where T: Clone,

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)

Performs copy-assignment from self to dest. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T, U> Into<U> for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T> Same for T

type Output = T

Should always be Self

impl<T> ToOwned for T
where T: Clone,

type Owned = T

The resulting type after obtaining ownership.

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more

impl<T, U> TryFrom<U> for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,