Expand description
Pure Rust KDF implementations for the OxiCrypto stack.
| Function | Module | Backend |
|---|---|---|
| HKDF-SHA-256 / SHA-512 | (inline) | hkdf |
| HKDF-Expand-Label (TLS 1.3 / QUIC) | hkdf_label | hkdf |
| PBKDF2-SHA-256 / SHA-512 | pbkdf2_kdf | pbkdf2 |
| Argon2id | argon2_kdf | argon2 |
| scrypt | scrypt_kdf | scrypt |
| Balloon (SHA-256 / SHA-512) | balloon | sha2 |
Re-exports§
pub use argon2_kdf::argon2d_derive;pub use argon2_kdf::argon2i_derive;pub use argon2_kdf::argon2id_derive;pub use argon2_kdf::argon2id_to_phc_string;pub use argon2_kdf::argon2id_verify_phc;pub use argon2_kdf::Argon2Params;pub use argon2_kdf::Argon2idHasher;pub use balloon::balloon_sha256;pub use balloon::balloon_sha256_secret;pub use balloon::balloon_sha512;pub use balloon::balloon_sha512_secret;pub use balloon::BalloonHasher;pub use balloon::BalloonParams;pub use balloon::BalloonVariant;pub use balloon::BALLOON_DELTA;pub use hkdf_label::hkdf_expand_label_sha256;pub use hkdf_label::hkdf_expand_label_sha384;pub use kbkdf::kbkdf_counter_hmac_sha256;pub use kbkdf::kbkdf_counter_hmac_sha256_secret;pub use kbkdf::kbkdf_counter_hmac_sha384;pub use kbkdf::kbkdf_counter_hmac_sha512;pub use pbkdf2_kdf::pbkdf2_sha256;pub use pbkdf2_kdf::pbkdf2_sha512;pub use pbkdf2_kdf::Pbkdf2Params;pub use pbkdf2_kdf::Pbkdf2Sha256Hasher;pub use pbkdf2_kdf::Pbkdf2Sha512Hasher;pub use scrypt_kdf::scrypt_derive;pub use scrypt_kdf::ScryptHasher;pub use scrypt_kdf::ScryptParams;pub use stretcher::Argon2idStretchParams;pub use stretcher::BalloonStretchParams;pub use stretcher::KeyStretcher;pub use stretcher::Pbkdf2StretchParams;pub use stretcher::ScryptStretchParams;pub use stretcher::StretchParams;pub use stretcher::Stretcher;
Modules§
- argon2_
kdf - Argon2id password hashing / key derivation for the OxiCrypto stack.
- balloon
- Balloon memory-hard password hashing for the OxiCrypto stack.
- hkdf_
label - TLS 1.3
HKDF-Expand-Label(RFC 8446 §7.1). - kbkdf
- KBKDF counter mode per NIST SP 800-108 Rev. 1, Section 4.1.
- pbkdf2_
kdf - PBKDF2 password-based key derivation for the OxiCrypto stack.
- scrypt_
kdf - Scrypt password-based key derivation for the OxiCrypto stack.
- stretcher
- A unifying
KeyStretcherabstraction over the crate’s memory-hard and iteration-hard password-based key-derivation functions.
Structs§
- Hkdf
Sha256 - HKDF-SHA-256 key derivation function.
- Hkdf
Sha384 - HKDF-SHA-384 key derivation function.
- Hkdf
Sha512 - HKDF-SHA-512 key derivation function.
Constants§
- PBKD
F2_ SHA256_ MIN_ ITERATIONS - OWASP 2023 Password Storage Cheat Sheet minimum iteration count for PBKDF2-HMAC-SHA-256.
- PBKD
F2_ SHA512_ MIN_ ITERATIONS - OWASP 2023 Password Storage Cheat Sheet minimum iteration count for PBKDF2-HMAC-SHA-512.
Functions§
- generate_
salt_ 16 - Generate a random 16-byte salt using the system CSPRNG.
- generate_
salt_ 32 - Generate a random 32-byte salt using the system CSPRNG.
- hkdf_
sha256_ derive_ to_ vec - Derive
lenbytes fromikm,salt, andinfousing HKDF-SHA-256, returning the output as an ownedVec<u8>. - hkdf_
sha256_ expand - Perform HKDF-Expand with SHA-256 from a pre-extracted PRK.
- hkdf_
sha256_ extract - Perform HKDF-Extract with SHA-256, returning the pseudorandom key (PRK).
- hkdf_
sha384_ derive_ to_ vec - Derive
lenbytes fromikm,salt, andinfousing HKDF-SHA-384, returning the output as an ownedVec<u8>. - hkdf_
sha384_ expand - Perform HKDF-Expand with SHA-384 from a pre-extracted PRK.
- hkdf_
sha384_ extract - Perform HKDF-Extract with SHA-384, returning the pseudorandom key (PRK).
- hkdf_
sha512_ derive_ to_ vec - Derive
lenbytes fromikm,salt, andinfousing HKDF-SHA-512, returning the output as an ownedVec<u8>. - hkdf_
sha512_ expand - Perform HKDF-Expand with SHA-512 from a pre-extracted PRK.
- hkdf_
sha512_ extract - Perform HKDF-Extract with SHA-512, returning the pseudorandom key (PRK).
- verify_
password - Verify a password by re-hashing and comparing in constant time.