rust-crypto-utils 2.0.0

Memory-safe cryptographic utilities for secure key handling, encryption, and post-quantum readiness
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119

//! Password hashing example using Argon2id
//!
//! This example demonstrates secure password hashing and verification
//! for user authentication systems.

use rust_crypto_utils::{password, SecurePassword};

fn main() {
    println!("=== Password Hashing Example ===\n");

    // Simulate user registration
    println!("1. User Registration");
    let user_password = SecurePassword::new(b"MySecurePassword123!".to_vec());

    println!("   Hashing password with Argon2id...");
    let password_hash = password::hash_password(&user_password).expect("Failed to hash password");

    println!("   Password hash: {}...", &password_hash[..50]);
    println!("   ✓ Hash stored in database\n");

    // Simulate user login with correct password
    println!("2. User Login - Correct Password");
    let login_password = SecurePassword::new(b"MySecurePassword123!".to_vec());

    println!("   Verifying password...");
    match password::verify_password(&login_password, &password_hash) {
        Ok(true) => println!("   ✓ Authentication successful!\n"),
        Ok(false) => println!("   ✗ Authentication failed - wrong password\n"),
        Err(e) => println!("   ✗ Verification error: {}\n", e),
    }

    // Simulate login attempt with wrong password
    println!("3. User Login - Wrong Password");
    let wrong_password = SecurePassword::new(b"WrongPassword".to_vec());

    println!("   Verifying password...");
    match password::verify_password(&wrong_password, &password_hash) {
        Ok(true) => println!("   ✓ Authentication successful!\n"),
        Ok(false) => println!("   ✗ Authentication failed - wrong password\n"),
        Err(e) => println!("   ✗ Verification error: {}\n", e),
    }

    // Demonstrate multiple users with different passwords
    println!("4. Multiple User Accounts");

    let users: Vec<(&str, &[u8])> = vec![
        ("alice", b"AlicePass123!"),
        ("bob", b"BobSecure456@"),
        ("charlie", b"Charlie789#Pwd"),
    ];

    let mut hashes = Vec::new();

    for (username, password) in &users {
        let pwd = SecurePassword::new(password.to_vec());
        let hash = password::hash_password(&pwd).unwrap();
        hashes.push((username, hash));
        println!("   ✓ User '{}' registered", username);
    }

    println!("\n5. Authenticating Multiple Users");

    // Authenticate Alice correctly
    let alice_pwd = SecurePassword::new(b"AlicePass123!".to_vec());
    let (_, alice_hash) = &hashes[0];
    let is_valid = password::verify_password(&alice_pwd, alice_hash).unwrap();
    println!(
        "   Alice authentication: {}",
        if is_valid {
            "✓ Success"
        } else {
            "✗ Failed"
        }
    );

    // Try to authenticate Bob with wrong password
    let wrong_bob_pwd = SecurePassword::new(b"WrongPassword".to_vec());
    let (_, bob_hash) = &hashes[1];
    let is_valid = password::verify_password(&wrong_bob_pwd, bob_hash).unwrap();
    println!(
        "   Bob authentication (wrong pwd): {}",
        if is_valid {
            "✓ Success"
        } else {
            "✗ Failed"
        }
    );

    // Authenticate Charlie correctly
    let charlie_pwd = SecurePassword::new(b"Charlie789#Pwd".to_vec());
    let (_, charlie_hash) = &hashes[2];
    let is_valid = password::verify_password(&charlie_pwd, charlie_hash).unwrap();
    println!(
        "   Charlie authentication: {}",
        if is_valid {
            "✓ Success"
        } else {
            "✗ Failed"
        }
    );

    println!("\n=== Security Features ===");
    println!("✓ Argon2id algorithm (resistant to GPU attacks)");
    println!("✓ Secure salt generation (cryptographically random)");
    println!("✓ Memory-safe implementation (no buffer overflows)");
    println!("✓ Automatic zeroization (passwords cleared from memory)");
    println!("✓ Same password produces different hashes (due to unique salts)");

    // Demonstrate that same password produces different hashes
    println!("\n6. Salt Uniqueness Demonstration");
    let same_pwd = SecurePassword::new(b"SamePassword123".to_vec());
    let hash1 = password::hash_password(&same_pwd).unwrap();
    let hash2 = password::hash_password(&same_pwd).unwrap();

    println!("   Hash 1: {}...", &hash1[..50]);
    println!("   Hash 2: {}...", &hash2[..50]);
    println!("   Hashes different: {}", hash1 != hash2);
    println!("   ✓ Each hash uses unique salt for security");
}