security/
key_derivation.rs1use serde_json::Value;
2
3use crate::bridge;
4use crate::error::Result;
5
6#[derive(Debug)]
7pub struct DerivedKey {
8 handle: bridge::Handle,
9}
10
11impl DerivedKey {
12 pub fn type_id() -> usize {
13 crate::key::key_type_id()
14 }
15
16 pub fn attributes(&self) -> Result<Value> {
17 let mut status = 0;
18 let mut error = std::ptr::null_mut();
19 let raw = unsafe {
20 bridge::security_key_copy_attributes(self.handle.as_ptr(), &mut status, &mut error)
21 };
22 bridge::required_json("security_key_copy_attributes", raw, status, error)
23 }
24}
25
26pub struct KeyDerivation;
27
28impl KeyDerivation {
29 pub fn derive_pbkdf2_sha256(
30 password: &str,
31 salt: &[u8],
32 rounds: u32,
33 key_size_bits: usize,
34 ) -> Result<DerivedKey> {
35 let password = bridge::cstring(password)?;
36 let mut status = 0;
37 let mut error = std::ptr::null_mut();
38 let raw = unsafe {
39 bridge::security_key_derivation_derive_pbkdf2_sha256(
40 password.as_ptr(),
41 salt.as_ptr().cast(),
42 bridge::len_to_isize(salt.len())?,
43 isize::try_from(rounds).map_err(|_| {
44 crate::error::SecurityError::InvalidArgument(
45 "round count exceeds bridge size limits".to_owned(),
46 )
47 })?,
48 bridge::len_to_isize(key_size_bits)?,
49 &mut status,
50 &mut error,
51 )
52 };
53 bridge::required_handle(
54 "security_key_derivation_derive_pbkdf2_sha256",
55 raw,
56 status,
57 error,
58 )
59 .map(|handle| DerivedKey { handle })
60 }
61}