Enum nuts_container::container::Kdf

pub enum Kdf {
    None,
    Pbkdf2 {
        digest: Digest,
        iterations: u32,
        salt: Vec<u8>,
    },
}

Supported key derivation functions.

Defines data used to calculate a wrapping key.

The wrapping key is created used by an algorithm defined as a variant of this enum. The variants holds fields to customize the algorithm.

Based on a password provided by the user one of the algorithms are used to calculate a wrapping key. The wrapping key then is used for encryption of the secret in the header of the container.

Variants

None

No key derivation

Pbkdf2

Fields

digest: Digest

Digest used by PBKDF2.

iterations: u32

Number of iterations used by PBKDF2.

salt: Vec<u8>

A salt value used by PBKDF2.

PBKDF2

Implementations

impl Kdf

pub fn pbkdf2(digest: Digest, iterations: u32, salt: &[u8]) -> Kdf

Creates a Kdf instance for the PBKDF2 algorithm.

The digest, iterations and the salt values are used to customize the PBKDF2 algorithm.

Examples

use nuts_container::container::*;

let pbkdf2 = Kdf::pbkdf2(Digest::Sha1, 5, &[1, 2, 3]);

match pbkdf2 {
    Kdf::Pbkdf2 {
        digest,
        iterations,
        salt,
    } => {
        assert_eq!(digest, Digest::Sha1);
        assert_eq!(iterations, 5);
        assert_eq!(salt, [1, 2, 3]);
    }
    _ => panic!("invalid kdf"),
}

pub fn generate_pbkdf2( digest: Digest, iterations: u32, salt_len: u32 ) -> Result<Kdf, ErrorStack>

Generates a Kdf instance for the PBKDF2 algorithm.

The digestand iterations value is used to customize the PBKDF2 algorithm. For the salt salt_len bytes of random data are generated.

Errors

This method will return an Error::OpenSSL error if there was an error generating the random data.

Examples

use nuts_container::container::*;

let kdf = Kdf::generate_pbkdf2(Digest::Sha1, 5, 3).unwrap();

match kdf {
    Kdf::Pbkdf2 {
        digest,
        iterations,
        salt,
    } => {
        assert_eq!(digest, Digest::Sha1);
        assert_eq!(iterations, 5);
        assert_eq!(salt.len(), 3); // salt filled with random data
    }
    _ => panic!("invalid kdf"),
}

Trait Implementations

impl Clone for Kdf

fn clone(&self) -> Kdf

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Kdf

fn fmt(&self, fmt: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl<'de> Deserialize<'de> for Kdf

fn deserialize<__D>(__deserializer: __D) -> Result<Self, __D::Error>where __D: Deserializer<'de>,

Deserialize this value from the given Serde deserializer.

impl Display for Kdf

fn fmt(&self, fmt: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl FromStr for Kdf

type Err = KdfError

The associated error which can be returned from parsing.

fn from_str(s: &str) -> Result<Self, KdfError>

Parses a string s to return a value of this type.

impl PartialEq for Kdf

fn eq(&self, other: &Kdf) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Serialize for Kdf

fn serialize<__S>(&self, __serializer: __S) -> Result<__S::Ok, __S::Error>where __S: Serializer,

Serialize this value into the given Serde serializer.

impl StructuralPartialEq for Kdf