argon2/
algorithm.rs

1//! Argon2 algorithms (e.g. Argon2d, Argon2i, Argon2id).
2
3use crate::{Error, Result};
4use core::{
5    fmt::{self, Display},
6    str::FromStr,
7};
8
9#[cfg(feature = "password-hash")]
10use password_hash::Ident;
11
12/// Argon2d algorithm identifier
13#[cfg(feature = "password-hash")]
14#[cfg_attr(docsrs, doc(cfg(feature = "password-hash")))]
15pub const ARGON2D_IDENT: Ident<'_> = Ident::new_unwrap("argon2d");
16
17/// Argon2i algorithm identifier
18#[cfg(feature = "password-hash")]
19#[cfg_attr(docsrs, doc(cfg(feature = "password-hash")))]
20pub const ARGON2I_IDENT: Ident<'_> = Ident::new_unwrap("argon2i");
21
22/// Argon2id algorithm identifier
23#[cfg(feature = "password-hash")]
24#[cfg_attr(docsrs, doc(cfg(feature = "password-hash")))]
25pub const ARGON2ID_IDENT: Ident<'_> = Ident::new_unwrap("argon2id");
26
27/// Argon2 primitive type: variants of the algorithm.
28#[derive(Copy, Clone, Debug, Eq, PartialEq, PartialOrd, Default, Ord)]
29pub enum Algorithm {
30    /// Optimizes against GPU cracking attacks but vulnerable to side-channels.
31    ///
32    /// Accesses the memory array in a password dependent order, reducing the
33    /// possibility of time–memory tradeoff (TMTO) attacks.
34    Argon2d = 0,
35
36    /// Optimized to resist side-channel attacks.
37    ///
38    /// Accesses the memory array in a password independent order, increasing the
39    /// possibility of time-memory tradeoff (TMTO) attacks.
40    Argon2i = 1,
41
42    /// Hybrid that mixes Argon2i and Argon2d passes (*default*).
43    ///
44    /// Uses the Argon2i approach for the first half pass over memory and
45    /// Argon2d approach for subsequent passes. This effectively places it in
46    /// the "middle" between the other two: it doesn't provide as good
47    /// TMTO/GPU cracking resistance as Argon2d, nor as good of side-channel
48    /// resistance as Argon2i, but overall provides the most well-rounded
49    /// approach to both classes of attacks.
50    #[default]
51    Argon2id = 2,
52}
53
54impl Algorithm {
55    /// Parse an [`Algorithm`] from the provided string.
56    pub fn new(id: impl AsRef<str>) -> Result<Self> {
57        id.as_ref().parse()
58    }
59
60    /// Get the identifier string for this PBKDF2 [`Algorithm`].
61    pub const fn as_str(&self) -> &'static str {
62        match self {
63            Algorithm::Argon2d => "argon2d",
64            Algorithm::Argon2i => "argon2i",
65            Algorithm::Argon2id => "argon2id",
66        }
67    }
68
69    /// Get the [`Ident`] that corresponds to this Argon2 [`Algorithm`].
70    #[cfg(feature = "password-hash")]
71    #[cfg_attr(docsrs, doc(cfg(feature = "password-hash")))]
72    pub const fn ident(&self) -> Ident<'static> {
73        match self {
74            Algorithm::Argon2d => ARGON2D_IDENT,
75            Algorithm::Argon2i => ARGON2I_IDENT,
76            Algorithm::Argon2id => ARGON2ID_IDENT,
77        }
78    }
79
80    /// Serialize primitive type as little endian bytes
81    pub(crate) const fn to_le_bytes(self) -> [u8; 4] {
82        (self as u32).to_le_bytes()
83    }
84}
85
86impl AsRef<str> for Algorithm {
87    fn as_ref(&self) -> &str {
88        self.as_str()
89    }
90}
91
92impl Display for Algorithm {
93    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
94        f.write_str(self.as_str())
95    }
96}
97
98impl FromStr for Algorithm {
99    type Err = Error;
100
101    fn from_str(s: &str) -> Result<Algorithm> {
102        match s {
103            "argon2d" => Ok(Algorithm::Argon2d),
104            "argon2i" => Ok(Algorithm::Argon2i),
105            "argon2id" => Ok(Algorithm::Argon2id),
106            _ => Err(Error::AlgorithmInvalid),
107        }
108    }
109}
110
111#[cfg(feature = "password-hash")]
112#[cfg_attr(docsrs, doc(cfg(feature = "password-hash")))]
113impl From<Algorithm> for Ident<'static> {
114    fn from(alg: Algorithm) -> Ident<'static> {
115        alg.ident()
116    }
117}
118
119#[cfg(feature = "password-hash")]
120#[cfg_attr(docsrs, doc(cfg(feature = "password-hash")))]
121impl<'a> TryFrom<Ident<'a>> for Algorithm {
122    type Error = password_hash::Error;
123
124    fn try_from(ident: Ident<'a>) -> password_hash::Result<Algorithm> {
125        match ident {
126            ARGON2D_IDENT => Ok(Algorithm::Argon2d),
127            ARGON2I_IDENT => Ok(Algorithm::Argon2i),
128            ARGON2ID_IDENT => Ok(Algorithm::Argon2id),
129            _ => Err(password_hash::Error::Algorithm),
130        }
131    }
132}
argon2/algorithm.rs

argon2/
algorithm.rs
