[][src]Struct devolutions_crypto::DcDataBlob

pub struct DcDataBlob { /* fields omitted */ }

Data structure containing cryptographic information. It is made to be used as a black box for misuse resistance. It implements TryFrom<&[u8] and Into<Vec<u8>> to be serialized and parsed into raw bytes for use with other language and to send over a channel. If the channel does not support raw byte, the data can be encoded easily using base64.

Methods

impl DcDataBlob[src]

pub fn encrypt(
    data: &[u8],
    key: &[u8],
    version: Option<u16>
) -> Result<DcDataBlob, DevoCryptoError>[src]

Creates an encrypted data blob from cleartext data and a key.

Arguments

  • data - Data to encrypt.
  • key - Key to use. Can be of arbitrary size.
  • version - Version of the library to encrypt with. Use 0 for default.

Returns

Returns a DcDataBlob containing the encrypted data.

Example

use devolutions_crypto::DcDataBlob;

let data = b"somesecretdata";
let key = b"somesecretkey";

let encrypted_data = DcDataBlob::encrypt(data, key, None).unwrap();

pub fn decrypt(&self, key: &[u8]) -> Result<Vec<u8>, DevoCryptoError>[src]

Decrypt the data blob using a key.

Arguments

  • key - Key to use. Can be of arbitrary size.

Returns

Returns the decrypted data.

Example

use devolutions_crypto::DcDataBlob;

let data = b"somesecretdata";
let key = b"somesecretkey";

let encrypted_data = DcDataBlob::encrypt(data, key, None).unwrap();
let decrypted_data = encrypted_data.decrypt(key).unwrap();

assert_eq!(data.to_vec(), decrypted_data);

pub fn hash_password(
    password: &[u8],
    iterations: u32
) -> Result<DcDataBlob, DevoCryptoError>[src]

Creates a data blob containing a password hash.

Arguments

  • password - The password to hash.
  • iterations - The number of iterations of the password hash. A higher number is slower but harder to brute-force. The recommended is 10000, but the number can be set by the user.

Returns

Returns a DcDataBlob containing the hashed password.

Example

use devolutions_crypto::DcDataBlob;

let password = b"somesuperstrongpa$$w0rd!";

let hashed_password = DcDataBlob::hash_password(password, 10000);

pub fn verify_password(&self, password: &[u8]) -> Result<bool, DevoCryptoError>[src]

Verify if the blob matches with the specified password. Should execute in constant time.

Arguments

  • password - Password to verify.

Returns

Returns true if the password matches and false if it doesn't.

Example

use devolutions_crypto::DcDataBlob;

let password = b"somesuperstrongpa$$w0rd!";

let hashed_password = DcDataBlob::hash_password(password, 10000).unwrap();
assert!(hashed_password.verify_password(b"somesuperstrongpa$$w0rd!").unwrap());
assert!(!hashed_password.verify_password(b"someweakpa$$w0rd!").unwrap());

pub fn generate_key_exchange(
) -> Result<(DcDataBlob, DcDataBlob), DevoCryptoError>[src]

Generates a key pair to use in a key exchange. See mix_key_exchange for a complete usage.

Returns

Returns, in order, the private key and the public key in a DcDataBlob.

Example

use devolutions_crypto::DcDataBlob;

let (private, public) = DcDataBlob::generate_key_exchange().unwrap();

pub fn mix_key_exchange(
    self,
    public: DcDataBlob
) -> Result<Vec<u8>, DevoCryptoError>[src]

Mix a private key with another client public key to get a shared secret.

Arguments

  • self - The user's private key obtained through generate_key_exchange.
  • public - The peer public key.

Returns

Returns a shared secret in the form of a Vec<u8>, which can then be used as an encryption key between the two peers.

Example

use std::convert::TryFrom as _;
use devolutions_crypto::DcDataBlob;

// This happens on Bob's side.
let (bob_priv, bob_pub) = DcDataBlob::generate_key_exchange().unwrap();
let bob_serialized_pub: Vec<u8> = bob_pub.into();

send_key_to_alice(&bob_serialized_pub);

// This happens on Alice's side.
let (alice_priv, alice_pub) = DcDataBlob::generate_key_exchange().unwrap();
let alice_serialized_pub: Vec<u8> = alice_pub.into();

send_key_to_bob(&alice_serialized_pub);

// Bob can now generate the shared secret.
let alice_received_serialized_pub = receive_key_from_alice();
let alice_received_pub = DcDataBlob::try_from(alice_received_serialized_pub.as_slice()).unwrap();

let bob_shared = bob_priv.mix_key_exchange(alice_received_pub).unwrap();

// Alice can now generate the shared secret
let bob_received_serialized_pub = receive_key_from_bob();
let bob_received_pub = DcDataBlob::try_from(bob_received_serialized_pub.as_slice()).unwrap();

let alice_shared = alice_priv.mix_key_exchange(bob_received_pub).unwrap();

// They now have a shared secret!
assert_eq!(bob_shared, alice_shared);

Trait Implementations

impl From<DcDataBlob> for Vec<u8>[src]

fn from(blob: DcDataBlob) -> Vec<u8>[src]

Serialize the structure into a Vec<u8>, for storage, transmission or use in another language.

impl<'_> TryFrom<&'_ [u8]> for DcDataBlob[src]

type Error = DevoCryptoError

The type returned in the event of a conversion error.

fn try_from(data: &[u8]) -> Result<DcDataBlob, DevoCryptoError>[src]

Parses the data. Can return an Error of the data is invalid or unrecognized.

Auto Trait Implementations

Blanket Implementations

impl<T> From<T> for T[src]

impl<T, U> Into<U> for T where
    U: From<T>, [src]

impl<T, U> TryFrom<U> for T where
    U: Into<T>, [src]

type Error = !

The type returned in the event of a conversion error.

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, [src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

impl<T> Borrow<T> for T where
    T: ?Sized[src]

impl<T> BorrowMut<T> for T where
    T: ?Sized[src]

impl<T> Any for T where
    T: 'static + ?Sized[src]

impl<T> Same<T> for T

type Output = T

Should always be Self

impl<V, T> VZip<V> for T where
    V: MultiLane<T>,