traits icon indicating copy to clipboard operation
traits copied to clipboard
verified publisher icon RustCrypto

[WIP] `kdf` crate

Open tarcieri opened this issue 8 months ago • 5 comments

Traits which provide an API for interacting with Key Derivation Functions.

We have several of these located at https://github.com/rustcrypto/kdfs and password-based KDFs at https://github.com/RustCrypto/password-hashes but the APIs for using these are typically just free functions, whereas traits could provide a common API.

tarcieri avatar May 31 '25 14:05 tarcieri

I opened this up for discussion primarily, and also reserved the kdf crate name with the minimal proposed API.

I think we probably need a lot more traits than this, particularly ones for representing the "expand" and "extract" steps in proper KDFs like HKDF.

tarcieri avatar May 31 '25 14:05 tarcieri

Another important question: output size limits and fallibility. Should we have a try_derive/try_expand and an Error type?

How about a trait with an associated constant or typenum type that defines the maximum output size?

tarcieri avatar May 31 '25 16:05 tarcieri

I am assuming that "key stretching functions", e.g. Argon2, Scrypt and such, don't fall under this trait?

daxpedda avatar Jun 02 '25 12:06 daxpedda

@daxpedda I think it would be good to eventually support password-based KDFs. I think they wind up having a very similar API to other KDFs, to the point it might just be a marker trait and some usage guidelines.

That said, it would probably be good to focus on traits for what's in https://github.com/rustcrypto/kdfs for now

tarcieri avatar Jun 02 '25 12:06 tarcieri

FWIW: I don't have much feedback for this kind of interface, but for OPAQUE we would like to have a trait for key stretching functions.

daxpedda avatar Jun 02 '25 12:06 daxpedda