vault-core 0.1.1

Password based encryption/decryption
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

use argon2::Argon2;
use rand::rngs::OsRng;
use rand::RngCore;
use zeroize::Zeroize;

use crate::err::KeyGenerationError;

pub(crate) struct GeneratedKey {
    pub key: Vec<u8>,
    pub salt: Vec<u8>,
    pub nonce: Vec<u8>,
}

impl GeneratedKey {
    pub fn cleanup(&mut self) {
        self.key.zeroize();
        self.salt.zeroize();
        self.nonce.zeroize();
    }
}

pub(crate) fn generate_key(password: &str) -> Result<GeneratedKey, KeyGenerationError> {
    let salt = generate_random_salt(32);
    let nonce = generate_random_nonce(19);

    derive_key(password, salt, nonce)
}

pub(crate) fn derive_key(
    password: &str,
    salt: Vec<u8>,
    nonce: Vec<u8>,
) -> Result<GeneratedKey, KeyGenerationError> {
    let argon = setup_argon();
    let mut key_buffer = vec![0u8; 32];

    argon
        .hash_password_into(password.as_bytes(), &salt, &mut key_buffer)
        .map_err(|_| KeyGenerationError {})?;

    Ok(GeneratedKey {
        salt,
        nonce,
        key: key_buffer,
    })
}

fn generate_random_salt(size: usize) -> Vec<u8> {
    generate_random_buffer(size)
}

fn generate_random_nonce(size: usize) -> Vec<u8> {
    generate_random_buffer(size)
}

fn generate_random_buffer(size: usize) -> Vec<u8> {
    let mut buffer = vec![0u8; size];
    OsRng.fill_bytes(&mut buffer);

    buffer
}

fn setup_argon() -> Argon2<'static> {
    Argon2::default()
}