crypt-config 0.2.2

A crypt module that encrypt/decrypt json data based on the configuration. This might be used as a layer before saving data in Mongo DB or after fetching the data from the DB in order to decrypt them.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69

extern crate crypto;

use crypto::hmac::Hmac;
use crypto::pbkdf2::pbkdf2;
use crypto::sha2::Sha256;

use crate::hasher::IHasher;

pub struct Pbkdf2Hasher {
  rounds: u32,
  salt:   Vec<u8>
}

impl IHasher for Pbkdf2Hasher {
  fn encrypt(&self, password: &str) -> Vec<u8> {
    let mut output = vec![0u8; 32];
    let mut mac = Hmac::new(Sha256::new(), password.as_bytes());

    pbkdf2(&mut mac, &self.salt, self.rounds, &mut output);

    output.to_vec()
  }

  fn verify(&self, encrypted: &[u8], password: &str) -> bool {
    let mut output = vec![0u8; 32];
    let mut mac = Hmac::new(Sha256::new(), password.as_bytes());

    pbkdf2(&mut mac, &self.salt, self.rounds, &mut output);

    output == encrypted
  }

  fn set_salt(&mut self, salt: &[u8]) {
    self.salt = salt.to_vec();
  }
}

impl Pbkdf2Hasher {
  #[allow(dead_code)]
  pub fn new(rounds: u32, salt: &[u8]) -> Pbkdf2Hasher {
    Pbkdf2Hasher { rounds: rounds, salt: salt.to_vec() }
  }
}

#[cfg(test)]
mod tests {
  use crate::hasher::IHasher;

  #[test]
  fn encode_verify() {
    let rounds = 10;
    let salt = [10u8, 16];

    let password = "password";
    let password2 = "password2";

    let mut hasher = super::Pbkdf2Hasher::new(rounds, &salt);

    let hash = hasher.encrypt(password);

    assert!(hasher.verify(&hash, password));
    assert!(!hasher.verify(&hash, password2));

    let salt = [11u8, 16];
    hasher.set_salt(&salt);

    assert!(!hasher.verify(&hash, password));
  }
}