libpasta 0.0.5

data/ext/pasta-bindings/libpasta/src/primitives/argon2.rs

@@ -0,0 +1,180 @@
+pub use self::native::Argon2;
+
+mod native {
+    extern crate argon2rs;
+
+    use primitives::Primitive;
+    use sod::Sod;
+
+    use serde_mcf::Hashes;
+
+    use std::fmt;
+
+    /// Parameter set for Argon2.
+    ///
+    /// This implementation is backed by the `argon2rs` crate.
+    pub struct Argon2 {
+        algorithm: argon2rs::Argon2,
+    }
+
+    impl ::primitives::PrimitiveImpl for Argon2 {
+        fn compute<'a>(&'a self, password: &[u8], salt: &[u8]) -> Vec<u8> {
+            let mut hash = [0_u8; 32];
+            self.algorithm.hash(&mut hash, password, salt, &[], &[]);
+            hash.to_vec()
+        }
+
+        fn params_as_vec(&self) -> Vec<(&'static str, String)> {
+            let (_, kib, passes, lanes) = self.algorithm.params();
+            vec![("m", kib.to_string()), ("t", passes.to_string()), ("p", lanes.to_string())]
+        }
+
+        fn hash_id(&self) -> Hashes {
+            Hashes::Argon2i
+        }
+    }
+
+    lazy_static! {
+        pub static ref DEFAULT: Argon2 = {
+            Argon2 {
+                algorithm: argon2rs::Argon2::default(argon2rs::Variant::Argon2i)
+            }
+        };
+    }
+
+    impl Argon2 {
+        /// Get the default Argon2i parameter set
+        pub fn default() -> Primitive {
+            Primitive(Sod::Static(&*DEFAULT))
+        }
+
+        fn new_impl(passes: u32, lanes: u32, kib: u32) -> Self {
+            Self {
+                algorithm: argon2rs::Argon2::new(passes, lanes, kib, argon2rs::Variant::Argon2i)
+                    .expect("invalid Argon2 parameters"),
+            }
+        }
+
+        /// Creates a new Argon2i instance
+        pub fn new(passes: u32, lanes: u32, kib: u32) -> Primitive {
+            Self::new_impl(passes, lanes, kib).into()
+        }
+    }
+
+    impl fmt::Debug for Argon2 {
+        fn fmt(&self, f: &mut fmt::Formatter) -> Result<(), fmt::Error> {
+            write!(f, "Argon2i: {:?}", self.algorithm.params())
+        }
+    }
+}
+
+
+benches!(Argon2);
+
+#[cfg(test)]
+mod test {
+    use data_encoding::HEXLOWER;
+    use serde_mcf;
+    use super::*;
+    use hashing::*;
+
+    #[test]
+    fn sanity_check() {
+        let password = "hunter2";
+        let params = super::Argon2::default();
+        println!("{:?}", params);
+        let salt = ::get_salt();
+        let hash = params.compute(password.as_bytes(), &salt);
+        let hash2 = params.compute(password.as_bytes(), &salt);
+        assert_eq!(hash, hash2);
+        let out = Output {
+            alg: Algorithm::Single(params.into()),
+            salt: salt,
+            hash: hash,
+        };
+        println!("{:?}", serde_mcf::to_string(&out).unwrap());
+    }
+
+    fn hashtest(passes: u32,
+                m: u32,
+                lanes: u32,
+                password: &str,
+                salt: &str,
+                hexpected: &str,
+                encoded: &str) {
+        let alg = Argon2::new(passes, lanes, 1 << m);
+        let hash = alg.compute(password.as_bytes(), salt.as_bytes());
+        assert_eq!(HEXLOWER.encode(&hash), hexpected);
+        assert_eq!(serde_mcf::from_str::<Output>(encoded).unwrap().hash, hash);
+        let output = Output {
+            alg: Algorithm::Single(alg.into()),
+            hash: hash,
+            salt: salt.as_bytes().to_vec(),
+        };
+        assert_eq!(&serde_mcf::to_string(&output).unwrap()[1..], encoded);
+    }
+
+    #[test]
+    fn argon2i_ref_tests() {
+        hashtest(2,
+                 8,
+                 1,
+                 "password",
+                 "somesalt",
+                 "fd4dd83d762c49bdeaf57c47bdcd0c2f1babf863fdeb490df63ede9975fccf06",
+                 "$argon2i$m=256,t=2,p=1$c29tZXNhbHQ\
+                 $/U3YPXYsSb3q9XxHvc0MLxur+GP960kN9j7emXX8zwY");
+        hashtest(2,
+                 8,
+                 2,
+                 "password",
+                 "somesalt",
+                 "b6c11560a6a9d61eac706b79a2f97d68b4463aa3ad87e00c07e2b01e90c564fb",
+                 "$argon2i$m=256,t=2,p=2$c29tZXNhbHQ\
+                 $tsEVYKap1h6scGt5ovl9aLRGOqOth+AMB+KwHpDFZPs");
+        hashtest(1,
+                 16,
+                 1,
+                 "password",
+                 "somesalt",
+                 "81630552b8f3b1f48cdb1992c4c678643d490b2b5eb4ff6c4b3438b5621724b2",
+                 "$argon2i$m=65536,t=1,p=1$c29tZXNhbHQ\
+                 $gWMFUrjzsfSM2xmSxMZ4ZD1JCytetP9sSzQ4tWIXJLI");
+        hashtest(4,
+                 16,
+                 1,
+                 "password",
+                 "somesalt",
+                 "f212f01615e6eb5d74734dc3ef40ade2d51d052468d8c69440a3a1f2c1c2847b",
+                 "$argon2i$m=65536,t=4,p=1$c29tZXNhbHQ\
+                 $8hLwFhXm6110c03D70Ct4tUdBSRo2MaUQKOh8sHChHs");
+        hashtest(2,
+                 16,
+                 1,
+                 "differentpassword",
+                 "somesalt",
+                 "e9c902074b6754531a3a0be519e5baf404b30ce69b3f01ac3bf21229960109a3",
+                 "$argon2i$m=65536,t=2,p=1$c29tZXNhbHQ\
+                 $6ckCB0tnVFMaOgvlGeW69ASzDOabPwGsO/ISKZYBCaM");
+        hashtest(2,
+                 16,
+                 1,
+                 "password",
+                 "diffsalt",
+                 "79a103b90fe8aef8570cb31fc8b22259778916f8336b7bdac3892569d4f1c497",
+                 "$argon2i$m=65536,t=2,p=1$ZGlmZnNhbHQ\
+                 $eaEDuQ/orvhXDLMfyLIiWXeJFvgza3vaw4kladTxxJc");
+    }
+
+    #[test] #[cfg(feature = "long_tests")]
+    fn argon2i_ref_tests() {
+        hashtest(2,
+                 18,
+                 1,
+                 "password",
+                 "somesalt",
+                 "3e689aaa3d28a77cf2bc72a51ac53166761751182f1ee292e3f677a7da4c2467",
+                 "$argon2i$m=262144,t=2,p=1$c29tZXNhbHQ\
+                 $Pmiaqj0op3zyvHKlGsUxZnYXURgvHuKS4/Z3p9pMJGc");
+    }
+}

data/ext/pasta-bindings/libpasta/src/primitives/bcrypt.rs

@@ -0,0 +1,165 @@
+pub use self::native::Bcrypt;
+
+mod native {
+    #![allow(shadow_reuse)]
+
+    extern crate crypto;
+    use self::crypto::bcrypt::bcrypt;
+
+    use primitives::{Primitive, PrimitiveImpl};
+    use sod::Sod;
+
+    use serde_mcf::Hashes;
+
+    use std::fmt;
+    use std::sync::Arc;
+
+    /// `bcrypt` parameter set.
+    ///
+    /// Holds the cost value.
+    /// This implementation is backed by `rust-crypto`.
+    #[derive(Clone, Deserialize, Serialize)]
+    pub struct Bcrypt {
+        cost: u32,
+    }
+
+    lazy_static! {
+        static ref DEFAULT: Arc<Box<PrimitiveImpl>> = {
+            Arc::new(Box::new(Bcrypt::new_impl(12)))
+        };
+    }
+
+    impl PrimitiveImpl for Bcrypt {
+        fn compute<'a>(&'a self, password: &[u8], salt: &[u8]) -> Vec<u8> {
+            let mut hash = [0_u8; 24];
+            let mut pw = [0_u8; 72];
+            // Bcrypt inputs need to be at most 72 bytes
+            // with a trailing zero byte only if < 72 bytes
+            let pw = if password.len() > 71 {
+                pw[..72].copy_from_slice(&password[..72]);
+                &pw[..]
+            } else {
+                pw[..password.len()].copy_from_slice(password);
+                &pw[..password.len() + 1]
+            };
+            bcrypt(self.cost, salt, pw, &mut hash);
+            hash[..23].to_vec()
+        }
+
+        fn params_as_vec(&self) -> Vec<(&'static str, String)> {
+            vec![("cost", self.cost.to_string())]
+        }
+
+        fn hash_id(&self) -> Hashes {
+            Hashes::BcryptMcf
+        }
+    }
+
+
+    impl fmt::Debug for Bcrypt {
+        fn fmt(&self, f: &mut fmt::Formatter) -> Result<(), fmt::Error> {
+            write!(f, "Bcrypt, cost: {:?}", self.cost)
+        }
+    }
+
+    impl Bcrypt {
+        /// Construct a new `Bcrypt` parameter set.
+        pub fn new(cost: u32) -> Primitive {
+            Self::new_impl(cost).into()
+        }
+
+        fn new_impl(cost: u32) -> Self {
+            Self { cost: cost }
+        }
+
+        /// Get the default `Bcrypt` parameter set.
+        pub fn default() -> Primitive {
+            Primitive(Sod::Dynamic(Arc::clone(&DEFAULT)))
+        }
+    }
+}
+
+benches!(Bcrypt);
+
+#[cfg(test)]
+mod bcrypt_test {
+    use hashing::*;
+    use serde_mcf as mcf;
+
+    #[test]
+    fn sanity_check() {
+        let password = "hunter2";
+        let params = super::Bcrypt::default();
+        println!("{:?}", params);
+        let salt = ::get_salt();
+        let hash = params.compute(password.as_bytes(), &salt);
+        let hash2 = params.compute(password.as_bytes(), &salt);
+        assert_eq!(hash, hash2);
+        let out = Output {
+            alg: Algorithm::Single(params.into()),
+            salt: salt,
+            hash: hash,
+        };
+        println!("{:?}", mcf::to_string(&out).unwrap());
+    }
+
+    #[test]
+    fn verifies_bcrypt_hashes() {
+        let password = "hunter2";
+        let hash = "$2a$10$ckjEeyTD6estWyoofn4EROM9Ik2PqVcfcrepX.uGp6.aqRdCMN/Oe";
+        assert!(::verify_password(&hash, password));
+    }
+
+    fn openwall_test(hash: &str, password: &[u8]) {
+        let pwd_hash: Output = mcf::from_str(&hash).unwrap();
+        assert_eq!(pwd_hash.hash,
+                   pwd_hash.alg.hash_with_salt(password, &pwd_hash.salt));
+    }
+
+    // Test the internal Bcrypt implementation against the openwall test vectors.
+    // Note that we currently are non compatible with "2x" variant hashes.
+    #[test]
+    fn openwall_test_vectors() {
+        openwall_test("$2a$05$CCCCCCCCCCCCCCCCCCCCC.E5YPO9kmyuRGyh0XouQYb4YMJKvyOeW",
+                      b"U*U");
+        openwall_test("$2a$05$CCCCCCCCCCCCCCCCCCCCC.VGOzA784oUp/Z0DY336zx7pLYAy0lwK",
+                      b"U*U*");
+        openwall_test("$2a$05$XXXXXXXXXXXXXXXXXXXXXOAcXxm9kjPGEMsLznoKqmqw7tc8WCx4a",
+                      b"U*U*U");
+        openwall_test("$2a$05$CCCCCCCCCCCCCCCCCCCCC.7uG0VCzI2bS7j6ymqJi9CdcdxiRTWNy",
+                      b"");
+        openwall_test("$2a$05$abcdefghijklmnopqrstuu5s2v8.iXieOjg/.AySBTTZIIVFJeBui",
+                      b"0123456789abcdefghijklmnopqrstuvwxyz\
+             ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789\
+             chars after 72 are ignored");
+        // openwall_test("$2x$05$/OK.fbVrR/bpIqNJ5ianF.CE5elHaaO4EbggVDjb8P19RukzXSM3e", b"\xa3");
+        openwall_test("$2y$05$/OK.fbVrR/bpIqNJ5ianF.Sa7shbm4.OzKpvFnX1pQLmQW96oUlCq",
+                      b"\xa3");
+        // openwall_test("$2x$05$6bNw2HLQYeqHYyBfLMsv/OiwqTymGIGzFsA4hOTWebfehXHNprcAS", b"\xd1\x91");
+        // openwall_test("$2x$05$6bNw2HLQYeqHYyBfLMsv/O9LIGgn8OMzuDoHfof8AQimSGfcSWxnS", b"\xd0\xc1\xd2\xcf\xcc\xd8");
+        openwall_test("$2a$05$/OK.fbVrR/bpIqNJ5ianF.swQOIzjOiJ9GHEPuhEkvqrUyvWhEMx6",
+                      b"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\
+             \xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\
+             \xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\
+             \xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\
+             \xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\
+             \xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\
+             chars after 72 are ignored as usual");
+        openwall_test("$2a$05$/OK.fbVrR/bpIqNJ5ianF.R9xrDjiycxMbQE2bp.vgqlYpW5wx2yy",
+                      b"\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\
+              \xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\
+              \xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\
+              \xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\
+              \xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\
+              \xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55\xaa\x55");
+        openwall_test("$2a$05$CCCCCCCCCCCCCCCCCCCCC.7uG0VCzI2bS7j6ymqJi9CdcdxiRTWNy",
+                      b"");
+        openwall_test("$2a$05$/OK.fbVrR/bpIqNJ5ianF.9tQZzcJfm3uj2NvJ/n5xkhpqLrMpWCe",
+                      b"\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\
+              \x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\
+              \x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\
+              \x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\
+              \x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\
+              \x55\xaa\xff\x55\xaa\xff\x55\xaa\xff\x55\xaa\xff");
+    }
+}

data/ext/pasta-bindings/libpasta/src/primitives/hmac.rs

@@ -0,0 +1,134 @@
+pub use self::hmac_ring::Hmac;
+
+mod hmac_ring {
+    use config;
+    use errors::*;
+    use key;
+    use key::Store;
+    use primitives::Primitive;
+
+    use ring::{digest, hkdf, hmac, rand};
+    use serde_mcf::Hashes;
+
+    use std::fmt;
+
+    /// Password storage strengthening using HMAC.
+    ///
+    /// This struct holds the parameters used.
+    /// Represents the `ring` implementation.
+    pub struct Hmac {
+        h: &'static digest::Algorithm,
+        key: Option<hmac::SigningKey>,
+        key_id: String,
+    }
+
+    impl Hmac {
+        /// Construct a new `Hmac` instance with a specified key identifier
+        pub fn with_key_id(h: &'static digest::Algorithm, key_id: &str) -> Primitive {
+            Self {
+                h: h,
+                key: key::get_global().get_key(key_id).map(|k| hmac::SigningKey::new(h, &k)),
+                key_id: key_id.to_string(),
+            }.into()
+        }
+
+        /// Gets a default HMAC instance, generating a fresh new key.
+        pub fn default() -> Primitive {
+            Self::new().into()
+        }
+
+        fn new() -> Self {
+            let rng = rand::SystemRandom::new();
+            let mut key_bytes = [0_u8; 32];
+            let key = hmac::SigningKey::generate_serializable(&digest::SHA256, &rng, &mut key_bytes)
+                .expect("could not generate random bytes for key");
+            let key_id = key::get_global().insert(&key_bytes);
+            Self {
+                h: &digest::SHA256,
+                key: Some(key),
+                key_id: key_id,
+            }
+        }
+    }
+
+    impl ::primitives::PrimitiveImpl for Hmac {
+        /// Compute the scrypt hash
+        fn compute(&self, password: &[u8], _salt: &[u8]) -> Vec<u8> {
+            let mut hash = vec![0_u8; 32];
+            let key = self.key.as_ref().expect_report("key not found");
+            hkdf::extract_and_expand(key, password, b"libpasta password hashing", &mut hash);
+            hash
+        }
+
+        /// Convert parameters into a vector of (key, value) tuples
+        /// for serializing.
+        fn params_as_vec(&self) -> Vec<(&'static str, String)> {
+            vec![("key_id", self.key_id.clone()),
+                 ("h", super::super::hash_to_id(self.h))]
+        }
+
+        fn hash_id(&self) -> Hashes {
+            Hashes::Hmac
+        }
+
+        fn update_key(&self, config: &config::Config) -> Option<Primitive> {
+            Some(Self {
+                h: self.h,
+                key: config.get_key(&self.key_id).map(|k| hmac::SigningKey::new(self.h, &k)),
+                key_id: self.key_id.clone(),
+            }.into())
+        }
+    }
+
+    impl fmt::Debug for Hmac {
+        fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+            write!(f,
+                   "Hmac, KeyID: {}, Hash: {}",
+                   self.key_id,
+                   super::super::hash_to_id(self.h))
+        }
+    }
+}
+
+
+#[cfg(test)]
+mod test {
+    use ::hashing::*;
+    use serde_mcf;
+
+    #[test]
+    fn sanity_check() {
+        let password = "hunter2";
+        let hmac_params = super::Hmac::default();
+        println!("{:?}", hmac_params);
+        let inner_params = ::primitives::scrypt::Scrypt::default();
+        let salt = ::get_salt();
+        let hash = hmac_params.compute(&inner_params.compute(password.as_bytes(), &salt), &salt);
+        let hash2 = hmac_params.compute(&inner_params.compute(password.as_bytes(), &salt), &salt);
+        let params = Algorithm::Nested {
+            outer: hmac_params.into(),
+            inner: Box::new(Algorithm::Single(inner_params.into())),
+        };
+        assert_eq!(hash, hash2);
+        let out = Output {
+            alg: params,
+            salt: salt,
+            hash: hash,
+        };
+        println!("{:?}", serde_mcf::to_string(&out).unwrap());
+    }
+
+    #[test]
+    fn hash_verify_works() {
+        let password = "hunter2";
+        let algorithm = Algorithm::Nested {
+            outer: super::Hmac::default().into(),
+            inner: Box::new(Algorithm::Single(::primitives::Scrypt::default())),
+        };
+        let hash = algorithm.hash(&password);
+        assert!(hash.verify(&password));
+    }
+
+}
+
+benches!(Hmac);