Skip to main content

Module kdf

crypt_io

Module kdf 

Source
Available on crate features kdf-hkdf or kdf-argon2 only.
Expand description

Key Derivation Functions (KDF).

Two algorithms ship in 0.6.0, addressing different needs:

AlgorithmPurposeSpeedFeature
HKDF-SHA256Derive one-or-many subkeys from a high-entropy IKMFast (µs)kdf-hkdf
HKDF-SHA512Same, wider underlying digestFast (µs)kdf-hkdf
Argon2idDerive a key from a password (low-entropy input)Slow (~100ms)kdf-argon2

§Which one do I want?

  • HKDF (RFC 5869) for deriving subkeys from a master key, a shared secret from a key exchange, or anything else already high-entropy. HKDF does not protect against weak inputs — feeding it a password is a security mistake.

  • Argon2id (RFC 9106) for deriving a key from a password. The memory-hardness and tuneable cost are what protect against brute-force attempts; the slowness is the point.

§Examples

Deriving a 32-byte subkey from a master:

use crypt_io::kdf;
let master = [0x42u8; 32];
let subkey = kdf::hkdf_sha256(&master, Some(b"salt"), b"app:session:v1", 32)?;
assert_eq!(subkey.len(), 32);

Hashing and verifying a password:

use crypt_io::kdf;
let phc = kdf::argon2_hash(b"correct horse battery staple")?;
assert!(kdf::argon2_verify(&phc, b"correct horse battery staple")?);
assert!(!kdf::argon2_verify(&phc, b"wrong guess")?);

Structs§

Argon2Paramskdf-argon2
Tuneable Argon2id parameters.

Constants§

ARGON2_DEFAULT_OUTPUT_LENkdf-argon2
Default Argon2id output length, in bytes. Equal to 32 (256 bits).
ARGON2_DEFAULT_SALT_LENkdf-argon2
Default Argon2id salt length, in bytes. Equal to 16 (128 bits, the PHC-recommended minimum).
HKDF_MAX_OUTPUT_SHA256kdf-hkdf
Maximum HKDF-SHA256 output length, in bytes. Equal to 255 * 32 = 8160.
HKDF_MAX_OUTPUT_SHA512kdf-hkdf
Maximum HKDF-SHA512 output length, in bytes. Equal to 255 * 64 = 16320.

Functions§

argon2_hashkdf-argon2
Hash password with Argon2id using the default parameter set and a fresh random salt. Returns the PHC-encoded hash string.
argon2_hash_with_paramskdf-argon2
Like argon2_hash but uses caller-supplied parameters.
argon2_verifykdf-argon2
Verify password against a PHC-encoded Argon2 hash string.
hkdf_sha256kdf-hkdf
Derive len bytes of output keying material via HKDF-SHA256.
hkdf_sha512kdf-hkdf
Derive len bytes of output keying material via HKDF-SHA512.