libreauth 0.18.1

Collection of user authentication tools.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114

use crate::hash::HashFunction;
use crate::pass::hasher::pbkdf2::{
	DEFAULT_HASH_FUNCTION as PBKDF2_DEF_HASH, DEFAULT_ITER as PBKDF2_DEF_ITER,
};
use crate::pass::{Algorithm, HashBuilder, LengthCalculationMethod, Normalization};

pub const DEFAULT_NORMALIZATION: Normalization = Normalization::Nfkc;
pub const DEFAULT_PASSWORD_MIN_LEN: usize = 8;
pub const DEFAULT_PASSWORD_MAX_LEN: usize = 128;
pub const DEFAULT_ALGORITHM: Algorithm = Algorithm::Pbkdf2;
pub const DEFAULT_LENGTH_CALCULATION: LengthCalculationMethod = LengthCalculationMethod::CodePoints;
pub const DEFAULT_SALT_LEN: usize = 16; // In bytes
pub const DEFAULT_XHMAC_ALGORITHM: HashFunction = HashFunction::Sha512;
pub const MIN_SALT_LEN: usize = 4; // In bytes
pub const PASS_MIN_MIN_LEN: usize = 8;
pub const PASS_MIN_MAX_LEN: usize = 64;
pub const NB_ITER_MIN: u32 = 10_000;

pub fn is_valid(h: &HashBuilder) -> bool {
	// Length calculation
	if h.length_calculation != LengthCalculationMethod::CodePoints {
		return false;
	}

	// Salt length.
	let sl = match h.ref_salt {
		Some(ref s) => s.len(),
		None => h.salt_len,
	};
	if sl < MIN_SALT_LEN {
		return false;
	}

	// Password length
	if h.min_len < PASS_MIN_MIN_LEN {
		return false;
	}
	if h.max_len < PASS_MIN_MAX_LEN {
		return false;
	}

	// Hashing function
	match h.algorithm {
		Algorithm::Argon2 => {
			return false;
		}
		#[cfg(feature = "balloon")]
		Algorithm::Balloon => {
			return false; // TODO
		}
		Algorithm::Pbkdf2 => {
			match h.parameters.get("iter") {
				Some(si) => match si.parse::<u32>() {
					Ok(i) => {
						if i < NB_ITER_MIN {
							return false;
						}
					}
					Err(_) => {
						return false;
					}
				},
				None => {
					if PBKDF2_DEF_ITER < NB_ITER_MIN {
						return false;
					}
				}
			};
			match h.parameters.get("hmac") {
				Some(h) => match h.as_str() {
					"sha1" => {}
					"sha224" => {}
					"sha256" => {}
					"sha384" => {}
					"sha512" => {}
					"sha512t224" => {}
					"sha512t256" => {}
					"sha3-224" => {}
					"sha3-256" => {}
					"sha3-384" => {}
					"sha3-512" => {}
					_ => {
						return false;
					}
				},
				None => match PBKDF2_DEF_HASH {
					HashFunction::Sha1 => {}
					HashFunction::Sha224 => {}
					HashFunction::Sha256 => {}
					HashFunction::Sha384 => {}
					HashFunction::Sha512 => {}
					HashFunction::Sha512Trunc224 => {}
					HashFunction::Sha512Trunc256 => {}
					HashFunction::Sha3_224 => {}
					HashFunction::Sha3_256 => {}
					HashFunction::Sha3_384 => {}
					HashFunction::Sha3_512 => {}
					_ => {
						return false;
					}
				},
			};
		}
	};

	// Normalization
	match h.normalization {
		Normalization::Nfd => false,
		Normalization::Nfkd => true,
		Normalization::Nfc => false,
		Normalization::Nfkc => true,
		Normalization::None => false,
	}
}