libpasta 0.0.5

data/ext/pasta-bindings/libpasta/src/hashing/de.rs

@@ -0,0 +1,284 @@
+//! Serde deserialize for password hashes
+//!
+//! The output from a hashing algorithm typically includes: the hash itself,
+//! the salt, and the parameters used in the hashing.
+//! This allows us to store the output in an unambigous fashion.
+//!
+//! However, not all algorithms had this foresight, and many instead wrote
+//! simple formats which simply included the hash output and salt concatenated.
+//!
+//! This module attempts to deserialize various formats into the `libpasta`
+//! supported form.
+
+use hashing::{Algorithm, Output};
+use primitives::Primitive;
+
+use serde::{Deserialize, Deserializer};
+use serde::de::{self, Visitor};
+use serde::de::Error;
+use serde_mcf;
+use serde_mcf::{base64, base64bcrypt, Hashes};
+
+use std::fmt;
+
+
+/// Currently supported hashing variants.
+///
+/// `Bcrypt`: `$(2a|2b|2x|2y)$<cost>$<salthash>`
+///    where salthash is a non-standard base64 encoding.
+/// `Mcf`: `$<alg-id>$<params map>$<salt>$<hash>`
+/// `Pasta`: `$<MCF-hash>` or `$!<Pasta-hash>` (recursively)
+#[derive(Debug, PartialEq)]
+enum SupportedVariants {
+    Bcrypt(Hashes),
+    Mcf(Hashes),
+    Pasta(PastaVariants),
+}
+
+/// A Pasta hash is either a sing hash parameterisation, or a recursive
+/// structure, containing many hash parameters.
+#[derive(Debug, PartialEq)]
+enum PastaVariants {
+    Single,
+    Nested,
+}
+
+static VAR_STRUCT: [&'static str; 2] = ["variant", "remaining"];
+
+// The *Fields structs define the layout of the various supported variants,
+// as detailed above. After parsing the algorithm identifier, one of these
+// structs are used to attempt to deserialize.
+
+#[derive(Deserialize)]
+struct BcryptFields {
+    cost: u32,
+    #[serde(with = "base64bcrypt")]
+    salthash: (Vec<u8>, Vec<u8>),
+}
+
+#[derive(Deserialize)]
+struct McfFields {
+    params: serde_mcf::Map<String, serde_mcf::Value>,
+    #[serde(with = "base64")]
+    pub salt: Vec<u8>,
+    #[serde(with = "base64")]
+    pub hash: Vec<u8>,
+}
+
+/// The nested Pasta format is specified by a $<id>$<params> parameterising the
+/// outer layer hash algorithm, followed by another set of algorithm parameters.
+/// This inner hash may also a further layer of nested params.
+#[derive(Deserialize)]
+struct PastaNest {
+    outer_id: Hashes,
+    outer_params: serde_mcf::Map<String, serde_mcf::Value>,
+    inner: Output,
+}
+
+// Deserialize Output using OutputVisitor
+impl<'de> Deserialize<'de> for Output {
+    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
+        where D: Deserializer<'de>
+    {
+        deserializer.deserialize_struct("var_container", &VAR_STRUCT, OutputVisitor)
+    }
+}
+
+/// `OutputVisitor` does most of the heavy lifting of the deserializing.
+/// First, we use the `SupportedVariants` enum to identify which type of hash
+/// we are dealing with.
+/// Second, the remaining values are deserialized into the suitable *Field struct.
+/// Finally, the fields are unified into the `Output` struct and returned.
+struct OutputVisitor;
+impl<'de> Visitor<'de> for OutputVisitor {
+    type Value = Output;
+
+    fn expecting(&self, formatter: &mut fmt::Formatter) -> fmt::Result {
+        formatter.write_str("an identifier")
+    }
+
+    fn visit_map<V>(self, mut map: V) -> Result<Self::Value, V::Error>
+        where V: de::MapAccess<'de>
+    {
+
+        // The first step is to detect which variant we are dealing with.
+        let _: Option<String> = map.next_key()?;
+        let var: SupportedVariants = map.next_value()?;
+
+        match var {
+            // Deserialize each variant using specific format.
+            // Note that let fields: SomeFields = map.next_value()?;
+            // is automatically calling the deserializer for SomeFields.
+            SupportedVariants::Bcrypt(_) => {
+                let _: Option<String> = map.next_key()?;
+                let fields: BcryptFields = map.next_value()?;
+                let prim = ::primitives::Bcrypt::new(fields.cost);
+                if prim == ::primitives::Poisoned.into() {
+                    #[allow(use_debug)]
+                    return Err(V::Error::custom(format!("failed to deserialize as {:?}", var)));
+                }
+                Ok(Output {
+                    alg: Algorithm::Single(prim),
+                    salt: fields.salthash.0,
+                    hash: fields.salthash.1,
+                })
+            }
+            SupportedVariants::Mcf(var) => {
+                let _: Option<String> = map.next_key()?;
+                let fields: McfFields = map.next_value()?;
+                let prim = ::primitives::Primitive::from((&var, &fields.params));
+                if prim == ::primitives::Poisoned.into() {
+                    #[allow(use_debug)]
+                    return Err(V::Error::custom(format!("failed to deserialize as {:?}", var)));
+                }
+                Ok(Output {
+                    alg: Algorithm::Single(prim),
+                    salt: fields.salt,
+                    hash: fields.hash,
+                })
+            }
+            SupportedVariants::Pasta(var) => {
+                match var {
+                    PastaVariants::Single => {
+                        let _: Option<String> = map.next_key()?;
+                        let output: serde_mcf::McfHash = map.next_value()?;
+                        let prim = ::primitives::Primitive::from((&output.algorithm,
+                                                                  &output.parameters));
+                        if prim == ::primitives::Poisoned.into() {
+                            #[allow(use_debug)]
+                            return Err(V::Error::custom(format!("failed to deserialize as {:?}", var)));
+                        }
+                        Ok(Output {
+                            alg: Algorithm::Single(prim),
+                            salt: output.salt,
+                            hash: output.hash,
+                        })
+                    }
+                    PastaVariants::Nested => {
+                        let _: Option<String> = map.next_key()?;
+                        // Note that in this case, PastaNest deserializer is
+                        // recursively deserializing PastaVariants until
+                        // reaching the end.
+                        let fields: PastaNest = map.next_value()?;
+                        let prim = ::primitives::Primitive::from((&fields.outer_id,
+                                                                  &fields.outer_params));
+                        if prim == ::primitives::Poisoned.into() {
+                            #[allow(use_debug)]
+                            return Err(V::Error::custom(format!("failed to deserialize as {:?}", var)));
+                        }
+                        Ok(Output {
+                            alg: Algorithm::Nested {
+                                outer: prim,
+                                inner: Box::new(fields.inner.alg.clone()),
+                            },
+                            salt: fields.inner.salt,
+                            hash: fields.inner.hash,
+                        })
+                    }
+                }
+            }
+        }
+    }
+}
+
+impl<'de> Deserialize<'de> for SupportedVariants {
+    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
+        where D: Deserializer<'de>
+    {
+        deserializer.deserialize_identifier(VariantVisitor)
+
+    }
+}
+
+/// Visitor to deserialize the `SupportedVariants` enum.
+/// Currently is able to detect the variant by how the string starts.
+/// For example, `$$` or `$!$` indicates a Pasta variant, whereas `$2a` would
+/// be a regular `Bcrypt` hash.
+struct VariantVisitor;
+impl<'de> Visitor<'de> for VariantVisitor {
+    type Value = SupportedVariants;
+
+    fn expecting(&self, formatter: &mut fmt::Formatter) -> fmt::Result {
+        formatter.write_str("an identifier")
+    }
+
+    fn visit_borrowed_str<E>(self, val: &str) -> Result<Self::Value, E>
+        where E: Error
+    {
+        let var = match val {
+            "" => SupportedVariants::Pasta(PastaVariants::Single),
+            "!" => SupportedVariants::Pasta(PastaVariants::Nested),
+            var => {
+                let variant = Hashes::from_id(var).ok_or_else(|| {
+                        E::custom(format!("unknown MCF variant: {}", var))
+                    })?;
+
+                match variant {
+                    Hashes::Bcrypt |
+                    Hashes::Bcrypta |
+                    Hashes::Bcryptx |
+                    Hashes::Bcrypty |
+                    Hashes::Bcryptb => {
+                        SupportedVariants::Bcrypt(variant)
+                    },
+                    _ => SupportedVariants::Mcf(variant),
+                }
+            }
+        };
+        Ok(var)
+    }
+}
+
+// The deserializing of a `Primitive` is used in the nested `Pasta` variants.
+impl<'de> Deserialize<'de> for Primitive {
+    fn deserialize<D>(deserializer: D) -> Result<Self, D::Error>
+        where D: Deserializer<'de>
+    {
+        #[derive(Deserialize)]
+        struct PrimitiveStruct {
+            id: Hashes,
+            params: serde_mcf::Map<String, serde_mcf::Value>,
+        }
+        let prim = PrimitiveStruct::deserialize(deserializer)?;
+        let prim = (&prim.id, &prim.params).into();
+        if prim == ::primitives::Poisoned.into() {
+            #[allow(use_debug)]
+            return Err(D::Error::custom("failed to deserialize"));
+        }
+        Ok(prim)
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use serde_mcf;
+    use serde_yaml;
+    use super::*;
+
+    #[test]
+    fn variant_tests() {
+        let variant = "$argon2i";
+        assert_eq!(serde_mcf::from_str::<SupportedVariants>(variant).unwrap(),
+        SupportedVariants::Mcf(Hashes::Argon2i));
+
+        let not_a_variant = "12";
+        assert!(serde_yaml::from_str::<SupportedVariants>(not_a_variant).is_err());
+    }
+
+    #[test]
+    fn hash_tests() {
+        let hash = "$$non-existant$$$";
+        assert!(serde_mcf::from_str::<Output>(hash).is_err());
+
+        let hash = "$argon2i$fake_map=12$salt$hash";
+        assert!(serde_mcf::from_str::<Output>(hash).is_err());
+    }
+
+    #[test]
+    fn de_bcrypt() {
+        let hash = "$2a$10$175ikf/E6E.73e83.fJRbODnYWBwmfS0ENdzUBZbedUNGO.99wJfa";
+        assert!(serde_mcf::from_str::<Output>(hash).is_ok());
+        let broken_hash = "$2a$purple$175ikf/E6E.73e83.fJRbODnYWBwmfS0ENdzUBZbedUNGO.99wJfa";
+        assert!(serde_mcf::from_str::<Output>(broken_hash).is_err());
+    }
+}

data/ext/pasta-bindings/libpasta/src/hashing/mod.rs

@@ -0,0 +1,161 @@
+//! Password hashing functionality
+//!
+//! While the `primitives` module handles the raw implementations of hashing
+//! algorithms, this module contains the `libpasta` hashing functionality
+//! itself. In particular, a `libpasta` hashing `Algorithm` is defined as a
+//! recursive structure, containing either a single `Primitive`, or a
+//! `Primitive` and a further layer of `Algorithm`. This is the hashing onion.
+
+use std::default::Default;
+
+use config;
+use primitives::Primitive;
+
+mod de;
+mod ser;
+
+#[derive(Clone, Debug, PartialEq)]
+/// `libpasta` password hashing algorithms can be nested, which is captured
+/// by this recursive enum.
+pub enum Algorithm {
+    /// A single instance of a password-hashing primitive.
+    Single(Primitive),
+    /// The password-hashing algorithm is composed of nested primitives.
+    Nested {
+        /// The outermost layer of the algorithm is a single primitive
+        outer: Primitive,
+        /// The rest of the layers
+        inner: Box<Algorithm>,
+    },
+}
+
+
+#[derive(Debug)]
+/// Represents the output of a password hashing algorithm.
+pub struct Output {
+    /// The algorithm used
+    pub alg: Algorithm,
+    /// The salt
+    pub salt: Vec<u8>,
+    /// The hash output
+    pub hash: Vec<u8>,
+}
+
+
+impl Default for Algorithm {
+    fn default() -> Self {
+        config::DEFAULT_ALG.clone()
+    }
+}
+
+impl Output {
+    /// Verifies that the supplied password matches the hashed value.
+    pub fn verify(&self, password: &str) -> bool {
+        self.alg.verify(password.as_bytes(), &self.salt, &self.hash)
+    }
+
+    pub(crate) fn check_keys(&mut self, config: &config::Config) {
+        self.alg.update_key(config);
+    }
+}
+
+impl Algorithm {
+    /// Type-safe function to compute the hash of a password.
+    pub fn hash(&self, password: &str) -> Output {
+        let salt = super::gen_salt(&**config::RANDOMNESS_SOURCE);
+        let output = self.hash_with_salt(password.as_bytes(), &salt);
+        Output {
+            hash: output,
+            salt: salt,
+            alg: self.clone(),
+        }
+    }
+
+    /// Computes the hash output for given password and salt.
+    pub fn hash_with_salt(&self, password: &[u8], salt: &[u8]) -> Vec<u8> {
+        match *self {
+            Algorithm::Single(ref p) => p.compute(password, salt),
+            Algorithm::Nested { ref inner, ref outer } => {
+                let innerput = inner.hash_with_salt(password, salt);
+                outer.compute(&innerput, salt)
+            }
+        }
+    }
+
+    /// Verifies the password, salt and hash are matching by recursively
+    /// re-computing the hash and verifying the final value.
+    pub fn verify(&self, password: &[u8], salt: &[u8], hash: &[u8]) -> bool {
+        match *self {
+            Algorithm::Single(ref p) => p.verify(password, salt, hash),
+            Algorithm::Nested { ref inner, ref outer } => {
+                let innerput = inner.hash_with_salt(password, salt);
+                outer.verify(&innerput, salt, hash)
+            }
+        }
+    }
+
+    /// Test whether the current 'Algorithm` is sufficiently secure.
+    pub fn needs_migrating(&self) -> bool {
+        let default: &Primitive = &*config::DEFAULT_PRIM;
+
+        match *self {
+            Algorithm::Single(ref a2) |
+            Algorithm::Nested { outer: ref a2, .. } => a2.ge(default),
+        }
+    }
+
+    /// Copies `self` into a new `Algorithm` wrapped by `outer`
+    pub fn to_wrapped(&self, outer: Primitive) -> Self {
+        Algorithm::Nested {
+            outer: outer,
+            inner: Box::new(self.clone()),
+        }
+    }
+
+    /// Moves `self` into a new `Algorithm` wrapped by `outer`
+    pub fn into_wrapped(self, outer: Primitive) -> Self {
+        Algorithm::Nested {
+            outer: outer,
+            inner: Box::new(self),
+        }
+    }
+
+    pub(crate) fn update_key(&mut self, config: &config::Config) {
+        match *self {
+            Algorithm::Single(ref mut p) =>  {
+                if let Some(newp) = p.update_key(config) {
+                    *p = newp;
+                }
+            },
+            Algorithm::Nested { ref mut inner, ref mut outer } => {
+                inner.update_key(config);
+                // outer.update_key(config).and_then(|new_outer| *outer = new_outer);
+                if let Some(newp) = outer.update_key(config) {
+                    *outer = newp;
+                }
+
+            }
+        }
+    }
+}
+
+#[cfg(test)]
+mod test {
+    use super::*;
+    use serde_mcf;
+
+    #[test]
+    fn test_hash() {
+        let alg = Algorithm::default();
+        let output = alg.hash(&"hunter2");
+        println!("{:?}", serde_mcf::to_string(&output).unwrap());
+    }
+
+    #[test]
+    fn test_wrapped() {
+        let alg = Algorithm::default();
+        let prim = &*config::DEFAULT_PRIM;
+        let _alg1 = alg.to_wrapped(prim.clone());
+        let _alg = alg.into_wrapped(prim.clone());
+    }
+}

data/ext/pasta-bindings/libpasta/src/hashing/ser.rs

@@ -0,0 +1,67 @@
+/// Serialization of password hashes using serde.
+///
+/// Compared to the complext deserialization logic, this is comparatively
+/// simpler, since we only support serializing to our own standardised format.
+///
+/// In practice, `serde_mcf` will be used to produce the serialized output.
+/// However, this same structure can help to produce configuration files.
+
+use hashing::{Algorithm, Output};
+use primitives::Primitive;
+
+use serde::{Serialize, Serializer};
+use serde::ser::{SerializeStruct, SerializeStructVariant};
+use serde_mcf;
+use serde_mcf::{Hashes, Map, Value};
+
+#[derive(Serialize)]
+struct Base64Encoded<'a>(#[serde(with="serde_mcf::base64")]
+                         &'a [u8]);
+
+impl Serialize for Output {
+    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
+        where S: Serializer
+    {
+        let mut state = serializer.serialize_struct("Output", 2)?;
+        state.serialize_field("algorithm", &self.alg)?;
+        state.serialize_field("salt", &Base64Encoded(&self.salt))?;
+        state.serialize_field("hash", &Base64Encoded(&self.hash))?;
+        state.end()
+    }
+}
+
+impl<'a> Serialize for Algorithm {
+    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
+        where S: Serializer
+    {
+        match *self {
+            Algorithm::Single(ref alg) => {
+                let mut state = serializer.serialize_struct_variant("algorithm", 0, "", 2)?;
+                let (algorithm, params): (Hashes, Map<String, Value>) = alg.into();
+                state.serialize_field("id", &algorithm)?;
+                state.serialize_field("params", &params)?;
+                state.end()
+            }
+            Algorithm::Nested { ref outer, ref inner } => {
+                let mut state = serializer.serialize_struct_variant("algorithm", 1, "!", 3)?;
+                let (algorithm, params): (Hashes, Map<String, Value>) = outer.into();
+                state.serialize_field("outer_id", &algorithm)?;
+                state.serialize_field("outer_params", &params)?;
+                state.serialize_field("inner", &inner)?;
+                state.end()
+            }
+        }
+    }
+}
+
+impl<'a> Serialize for Primitive {
+    fn serialize<S>(&self, serializer: S) -> Result<S::Ok, S::Error>
+        where S: Serializer
+    {
+        let mut state = serializer.serialize_struct("primitive", 2)?;
+        let (algorithm, params): (Hashes, Map<String, Value>) = self.into();
+        state.serialize_field("id", &algorithm)?;
+        state.serialize_field("params", &params)?;
+        state.end()
+    }
+}