use crate::antihacker::{ct_eq, wipe};
use crate::kdf::KdfParams;
pub fn guard_ct_eq() -> bool {
ct_eq(b"clave-secreta", b"clave-secreta")
&& !ct_eq(b"clave-secreta", b"clave-secretX")
&& !ct_eq(b"corta", b"mas-larga")
}
pub fn guard_kdf_validation() -> bool {
let sane = KdfParams::default().is_sane();
let malicious = KdfParams {
mem_kib: u32::MAX,
iterations: u32::MAX,
parallelism: u32::MAX,
};
sane && !malicious.is_sane()
}
pub fn guard_wipe() -> bool {
let mut buf = [0xAAu8; 32];
wipe(&mut buf);
buf.iter().all(|&b| b == 0)
}
pub fn all_defenses_intact() -> bool {
guard_ct_eq() && guard_kdf_validation() && guard_wipe()
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn ct_eq_still_discriminates() {
assert!(guard_ct_eq());
}
#[test]
fn kdf_validation_still_rejects_malicious_params() {
assert!(guard_kdf_validation());
}
#[test]
fn wipe_still_zeroes_memory() {
assert!(guard_wipe());
}
#[test]
fn all_defenses_report_intact() {
assert!(all_defenses_intact());
}
}