-
Notifications
You must be signed in to change notification settings - Fork 107
Expand file tree
/
Copy pathalgorithm.rs
More file actions
121 lines (102 loc) · 3.6 KB
/
algorithm.rs
File metadata and controls
121 lines (102 loc) · 3.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
//! Argon2 algorithms (e.g. Argon2d, Argon2i, Argon2id).
use crate::{Error, Result};
use core::{
fmt::{self, Display},
str::FromStr,
};
#[cfg(feature = "password-hash")]
use password_hash::phc::Ident;
/// Argon2d algorithm identifier
#[cfg(feature = "password-hash")]
pub const ARGON2D_IDENT: Ident<'_> = Ident::new_unwrap("argon2d");
/// Argon2i algorithm identifier
#[cfg(feature = "password-hash")]
pub const ARGON2I_IDENT: Ident<'_> = Ident::new_unwrap("argon2i");
/// Argon2id algorithm identifier
#[cfg(feature = "password-hash")]
pub const ARGON2ID_IDENT: Ident<'_> = Ident::new_unwrap("argon2id");
/// Argon2 primitive type: variants of the algorithm.
#[derive(Copy, Clone, Debug, Eq, PartialEq, PartialOrd, Default, Ord)]
pub enum Algorithm {
/// Optimizes against GPU cracking attacks but vulnerable to side-channels.
///
/// Accesses the memory array in a password dependent order, reducing the
/// possibility of time–memory tradeoff (TMTO) attacks.
Argon2d = 0,
/// Optimized to resist side-channel attacks.
///
/// Accesses the memory array in a password independent order, increasing the
/// possibility of time-memory tradeoff (TMTO) attacks.
Argon2i = 1,
/// Hybrid that mixes Argon2i and Argon2d passes (*default*).
///
/// Uses the Argon2i approach for the first half pass over memory and
/// Argon2d approach for subsequent passes. This effectively places it in
/// the "middle" between the other two: it doesn't provide as good
/// TMTO/GPU cracking resistance as Argon2d, nor as good of side-channel
/// resistance as Argon2i, but overall provides the most well-rounded
/// approach to both classes of attacks.
#[default]
Argon2id = 2,
}
impl Algorithm {
/// Parse an [`Algorithm`] from the provided string.
pub fn new(id: impl AsRef<str>) -> Result<Self> {
id.as_ref().parse()
}
/// Get the identifier string for this PBKDF2 [`Algorithm`].
pub const fn as_str(&self) -> &'static str {
match self {
Algorithm::Argon2d => "argon2d",
Algorithm::Argon2i => "argon2i",
Algorithm::Argon2id => "argon2id",
}
}
/// Get the [`Ident`] that corresponds to this Argon2 [`Algorithm`].
#[cfg(feature = "password-hash")]
pub const fn ident(&self) -> Ident<'static> {
match self {
Algorithm::Argon2d => ARGON2D_IDENT,
Algorithm::Argon2i => ARGON2I_IDENT,
Algorithm::Argon2id => ARGON2ID_IDENT,
}
}
/// Serialize primitive type as little endian bytes
pub(crate) const fn to_le_bytes(self) -> [u8; 4] {
(self as u32).to_le_bytes()
}
}
impl AsRef<str> for Algorithm {
fn as_ref(&self) -> &str {
self.as_str()
}
}
impl Display for Algorithm {
fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
f.write_str(self.as_str())
}
}
impl FromStr for Algorithm {
type Err = Error;
fn from_str(name: &str) -> Result<Algorithm> {
match name {
"argon2d" => Ok(Algorithm::Argon2d),
"argon2i" => Ok(Algorithm::Argon2i),
"argon2id" => Ok(Algorithm::Argon2id),
_ => Err(Error::AlgorithmInvalid),
}
}
}
#[cfg(feature = "password-hash")]
impl From<Algorithm> for Ident<'static> {
fn from(alg: Algorithm) -> Ident<'static> {
alg.ident()
}
}
#[cfg(feature = "password-hash")]
impl TryFrom<&str> for Algorithm {
type Error = password_hash::Error;
fn try_from(name: &str) -> password_hash::Result<Algorithm> {
name.parse().map_err(|_| password_hash::Error::Algorithm)
}
}