Skip to main content

SecurityValidator

lib_q_core::security::validation

Struct SecurityValidator 

Source 
pub struct SecurityValidator { /* private fields */ }
Expand description

Centralized security validator for lib-Q

This validator provides comprehensive security validation for all cryptographic operations, including algorithm validation, key validation, timing attack prevention, and entropy validation.

Implementations§

Source§

impl SecurityValidator

Source

pub fn new() -> Result<Self>

Create a new security validator

§Returns

A new instance of SecurityValidator with all validation components initialized.

§Errors

Returns an error if any validation component fails to initialize.

Source

pub fn validate_algorithm_category( &self, algorithm: Algorithm, expected_category: AlgorithmCategory, ) -> Result<()>

Validate that an algorithm is appropriate for the given operation category

§Arguments
  • algorithm - The algorithm to validate
  • expected_category - The expected algorithm category
§Returns

Returns Ok(()) if the algorithm supports the category, or an error if it doesn’t.

Source

pub fn validate_key_size( &self, algorithm: Algorithm, key_data: &[u8], is_secret: bool, ) -> Result<()>

Validate key size for a given algorithm

§Arguments
  • algorithm - The algorithm to validate against
  • key_data - The key data to validate
  • is_secret - Whether this is a secret key (affects expected size)
§Returns

Returns Ok(()) if the key size is correct, or an error if it’s not.

Source

pub fn validate_key_material(&self, key_data: &[u8]) -> Result<()>

Validate that key material is not all zeros (security check)

§Arguments
  • key_data - The key data to validate
§Returns

Returns Ok(()) if the key material is valid, or an error if it’s not.

Source

pub fn validate_public_key( &self, algorithm: Algorithm, key_data: &[u8], ) -> Result<()>

Validate public key for a given algorithm

§Arguments
  • algorithm - The algorithm to validate against
  • key_data - The public key data to validate
§Returns

Returns Ok(()) if the public key is valid, or an error if it’s not.

Source

pub fn validate_secret_key( &self, algorithm: Algorithm, key_data: &[u8], ) -> Result<()>

Validate secret key for a given algorithm

§Arguments
  • algorithm - The algorithm to validate against
  • key_data - The secret key data to validate
§Returns

Returns Ok(()) if the secret key is valid, or an error if it’s not.

Source

pub fn validate_aead_message(&self, message: &[u8]) -> Result<()>

Validate AEAD plaintext, ciphertext, or associated data size for one operation.

Source

pub fn validate_hash_input(&self, data: &[u8]) -> Result<()>

Validate hash absorb input length.

Source

pub fn validate_signature_message(&self, message: &[u8]) -> Result<()>

Validate signature message preimage length (same policy as Self::validate_hash_input).

Source

pub fn security_constants(&self) -> &SecurityConstants

Immutable access to configured security constants.

Source

pub fn security_constants_mut(&mut self) -> &mut SecurityConstants

Mutable access to security constants (message size ceilings, nonce size, …).

Source

pub fn validate_nonce(&self, nonce: &[u8]) -> Result<()>

Validate nonce size and uniqueness for AEAD operations

§Arguments
  • nonce - The nonce to validate
§Returns

Returns Ok(()) if the nonce is valid, or an error if it’s not.

Source

pub fn validate_ciphertext( &self, algorithm: Algorithm, ciphertext: &[u8], ) -> Result<()>

Validate ciphertext size for a given algorithm

§Arguments
  • algorithm - The algorithm to validate against
  • ciphertext - The ciphertext to validate
§Returns

Returns Ok(()) if the ciphertext size is valid, or an error if it’s not.

Source

pub fn validate_signature( &self, algorithm: Algorithm, signature: &[u8], ) -> Result<()>

Validate signature size for a given algorithm

§Arguments
  • algorithm - The algorithm to validate against
  • signature - The signature to validate
§Returns

Returns Ok(()) if the signature size is valid, or an error if it’s not.

Source

pub fn validate_randomness(&self, randomness: &[u8]) -> Result<()>

Validate randomness for cryptographic operations

§Arguments
  • randomness - The randomness to validate
§Returns

Returns Ok(()) if the randomness is valid, or an error if it’s not.

Source

pub fn constant_time_compare(&self, a: &[u8], b: &[u8]) -> bool

Perform constant-time comparison of two byte slices

§Arguments
  • a - First byte slice
  • b - Second byte slice
§Returns

Returns true if the slices are equal, false otherwise. The comparison is performed in constant time to prevent timing attacks.

Source

pub fn entropy_validator(&self) -> &EntropyValidator

Get immutable access to the entropy validator

This method provides access to the entropy validator for configuration and inspection purposes.

Source

pub fn entropy_validator_mut(&mut self) -> &mut EntropyValidator

Get mutable access to the entropy validator

This method provides mutable access to the entropy validator for configuration purposes. Use with caution in production environments.

§Security Warning

Disabling entropy validation reduces security. Only use this for testing scenarios with deterministic randomness.

Trait Implementations§

Source§

impl Clone for SecurityValidator

Source§

fn clone(&self) -> SecurityValidator

Returns a duplicate of the value. Read more
1.0.0 (const: unstable) · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<S, T> Upcast<T> for S
where T: UpcastFrom<S> + ?Sized, S: ?Sized,

Source§

fn upcast(&self) -> &T
where Self: ErasableGeneric, T: ErasableGeneric<Repr = Self::Repr>,

Perform a zero-cost type-safe upcast to a wider ref type within the Wasm bindgen generics type system. Read more
Source§

fn upcast_into(self) -> T
where Self: Sized + ErasableGeneric, T: ErasableGeneric<Repr = Self::Repr>,

Perform a zero-cost type-safe upcast to a wider type within the Wasm bindgen generics type system. Read more