Expand description
One-Time Password generation, validation, and lifecycle for EST enrollment.
Provides OTP creation, cryptographic storage, and consumption for EST enrollment authentication per RHELBU-3536 R7-R12:
- R7: Minimum 128-bit entropy for generated tokens
- R8: Timing-safe comparison during validation
- R9: Single-use and multi-use token support
- R10: Configurable expiration and max-use limits
- R11: Tokens stored as SHA-256 hashes (never plaintext)
- R12: Periodic cleanup of expired tokens
Re-exports§
pub use generate::OtpGenerator;pub use generate::OtpGeneratorConfig;pub use generate::OtpMetadata;pub use store::DbOtpStore;pub use store::InMemoryOtpStore;pub use store::OtpRecord;pub use store::OtpStore as OtpStoreTrait;pub use validate::OtpValidator;pub use validate::ValidationResult;
Modules§
- generate
- OTP token generation with configurable entropy.
- store
- Pluggable OTP storage backends.
- validate
- OTP validation and consumption with timing-safe comparison.
Structs§
- OtpStore
- Placeholder OTP storage and validation engine.
Enums§
- OtpError
- Errors produced by OTP operations.
Type Aliases§
- OtpResult
- Convenience alias for OTP operation results.