enigma-storage 0.0.1

Encrypted local storage for Enigma with mandatory at-rest encryption and cross-platform key vault providers.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

use argon2::{Algorithm, Argon2, ParamsBuilder, Version};

use crate::error::{EnigmaStorageError, Result};

#[derive(Clone, Copy)]
pub struct KdfParams {
    pub memory_kib: u32,
    pub iterations: u32,
    pub parallelism: u32,
}

impl Default for KdfParams {
    fn default() -> Self {
        KdfParams {
            memory_kib: 16384,
            iterations: 2,
            parallelism: 1,
        }
    }
}

pub fn derive_wrapping_key(password: &[u8], salt: &[u8], params: &KdfParams) -> Result<[u8; 32]> {
    let mut builder = ParamsBuilder::new();
    builder.m_cost(params.memory_kib);
    builder.t_cost(params.iterations);
    builder.p_cost(params.parallelism);
    builder.output_len(32);
    let params = builder
        .build()
        .map_err(|e| EnigmaStorageError::KdfError(e.to_string()))?;
    let argon = Argon2::new(Algorithm::Argon2id, Version::V0x13, params);
    let mut output = [0u8; 32];
    argon
        .hash_password_into(password, salt, &mut output)
        .map_err(|e| EnigmaStorageError::KdfError(e.to_string()))?;
    Ok(output)
}