MasterKey

async_snmp::v3::auth

Struct MasterKey 

Source 
pub struct MasterKey { /* private fields */ }
Expand description

Master authentication key (Ku) before engine localization.

This is the intermediate result of the RFC 3414 password-to-key algorithm, computed by expanding the password to 1MB and hashing it. This step is computationally expensive (~850μs for SHA-256) but can be cached and reused across multiple engines that share the same credentials.

§Performance

OperationTime
MasterKey::from_password (SHA-256)~850 μs
MasterKey::localize~1 μs

For applications polling many engines with shared credentials, caching the MasterKey provides significant performance benefits.

§Security

Key material is automatically zeroed from memory when dropped, using the zeroize crate. This provides defense-in-depth against memory scraping.

§Example

use async_snmp::{AuthProtocol, MasterKey};

// Derive master key once (expensive)
let master = MasterKey::from_password(AuthProtocol::Sha256, b"authpassword");

// Localize to different engines (cheap)
let engine1_id = b"\x80\x00\x1f\x88\x80\xe9\xb1\x04\x61\x73\x61\x00\x00\x00";
let engine2_id = b"\x80\x00\x1f\x88\x80\xe9\xb1\x04\x61\x73\x61\x00\x00\x01";

let key1 = master.localize(engine1_id);
let key2 = master.localize(engine2_id);

Implementations§

Source§

impl MasterKey

Source

pub fn from_password(protocol: AuthProtocol, password: &[u8]) -> Self

Derive a master key from a password.

This implements RFC 3414 Section A.2.1: expand the password to 1MB by repetition, then hash the result. This is computationally expensive (~850μs for SHA-256) but only needs to be done once per password.

§Empty and Short Passwords

Empty passwords result in an all-zero key. A warning is logged when the password is shorter than MIN_PASSWORD_LENGTH (8 characters).

Source

pub fn from_str_password(protocol: AuthProtocol, password: &str) -> Self

Derive a master key from a string password.

Source

pub fn from_bytes(protocol: AuthProtocol, key: impl Into<Vec<u8>>) -> Self

Create a master key from raw bytes.

Use this if you already have a master key (e.g., from configuration). The bytes should be the raw digest output from the 1MB password expansion.

Source

pub fn localize(&self, engine_id: &[u8]) -> LocalizedKey

Localize this master key to a specific engine ID.

This implements RFC 3414 Section A.2.2: localized_key = H(master_key || engine_id || master_key)

This operation is cheap (~1μs) compared to master key derivation.

Source

pub fn protocol(&self) -> AuthProtocol

Get the protocol this key is for.

Source

pub fn as_bytes(&self) -> &[u8]

Get the raw key bytes.

Trait Implementations§

Source§

impl Clone for MasterKey

Source§

fn clone(&self) -> MasterKey

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for MasterKey

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Drop for MasterKey

Source§

fn drop(&mut self)

Executes the destructor for this type. Read more
Source§

impl Zeroize for MasterKey

Source§

fn zeroize(&mut self)

Zero out this object from memory using Rust intrinsics which ensure the zeroization operation is not “optimized away” by the compiler.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> Same for T

Source§

type Output = T

Should always be Self
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more