InsecureKey

wolf_crypto::kdf

Struct InsecureKey 

Source 
pub struct InsecureKey<'k, SZ: KeySz> { /* private fields */ }
Expand description

Represents a key associated with the desired hashing function which can be insecure.

§Security

It is not recommended to use this unless you have a very good reason. This reason in general should be legacy system compatibility, modern systems without this constant should not leverage this, instead, use the KeySlice, or provide the exact key corresponding to the digest size of the underlying hashing function.

§FIPS Compliance

Using this plays into FIPS compliance, without this crate’s allow-non-fips feature enabled, this cannot be constructed with a key smaller than the acceptable FIPS standard of 14 bytes.

For more information, See FIPS 198-1, Section 3 Cryptographic Keys reference to NIST SP 800-107. Which discusses this minimum security strength of 112 bits (14 bytes) in SP 800-107, Section 5.2 Digital Signatures and SP 800-107 Section 5.3.2 The HMAC Key.

Implementations§

Source§

impl<'k, SZ: KeySz> InsecureKey<'k, SZ>

Source

pub const fn new(slice: &'k [u8]) -> Result<Self, InvalidSize>

Create a new InsecureKey instance.

§Security

Please read the InsecureKey’s type documentation regarding security, and why it is strongly recommended to use safer, more secure alternatives like KeySlice or passing a key of the underlying hash functions digest length for compile-time checks.

§Errors

This will return InvalidSize on conditions dependent on the allow-non-fips feature flag.

  • allow-non-fips enabled: This will return InvalidSize if the provided key is empty.
  • allow-non-fips disabled: Pursuant to the FIPS requirements for HMAC and KDFs (for more information again read the InsecureKey’s type documentation), this will return InvalidSize if the provided key is shorter than the minimum acceptable FIPS standard of 14 bytes.
  • any configuration: Regardless of the enabled feature flags, if the length of the key is greater than u32::MAX this will return InvalidSize.

Trait Implementations§

Source§

impl<'k, SZ: KeySz> GenericKey for InsecureKey<'k, SZ>

Source§

type Size = SZ

The desired size of the key.
Source§

fn size(&self) -> u32

Returns the size of the key in bytes.
Source§

fn cleanup(self)

Zeroes the memory of the key if is owned.
Source§

impl<'k, SZ: KeySz> TryFrom<&'k [u8]> for InsecureKey<'k, SZ>

Source§

fn try_from(value: &'k [u8]) -> Result<Self, Self::Error>

Create a new InsecureKey instance.

§Security

Please read the InsecureKey’s type documentation regarding security, and why it is strongly recommended to use safer, more secure alternatives like KeySlice or passing a key of the underlying hash functions digest length for compile-time checks.

§Errors

This will return InvalidSize on conditions dependent on the allow-non-fips feature flag.

  • allow-non-fips enabled: This will return InvalidSize if the provided key is empty.
  • allow-non-fips disabled: Pursuant to the FIPS requirements for HMAC and KDFs (for more information again read the InsecureKey’s type documentation), this will return InvalidSize if the provided key is shorter than the minimum acceptable FIPS standard of 14 bytes.
  • any configuration: Regardless of the enabled feature flags, if the length of the key is greater than u32::MAX this will return InvalidSize.
Source§

type Error = InvalidSize

The type returned in the event of a conversion error.

Auto Trait Implementations§

§

impl<'k, SZ> Freeze for InsecureKey<'k, SZ>

§

impl<'k, SZ> RefUnwindSafe for InsecureKey<'k, SZ>
where SZ: RefUnwindSafe,

§

impl<'k, SZ> Send for InsecureKey<'k, SZ>
where SZ: Send,

§

impl<'k, SZ> Sync for InsecureKey<'k, SZ>
where SZ: Sync,

§

impl<'k, SZ> Unpin for InsecureKey<'k, SZ>
where SZ: Unpin,

§

impl<'k, SZ> UnwindSafe for InsecureKey<'k, SZ>
where SZ: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.