extern crate byteorder;
extern crate crypto;
extern crate hmac;
extern crate sha2;
use byteorder::{BigEndian, WriteBytesExt};
const KEY_LEN: usize = 64;
const SEED_LEN: usize = 32;
const MAGIC: &'static [u8] = b"com.lyndir.masterpassword";
const VEC_IO_ERROR_STR: &'static str = "IO error while writing to Vec";
pub const CHAR_CLASS_N: &'static [char] = &['0', '1', '2', '3', '4', '5', '6', '7', '8', '9'];
pub const TEMPLATES_PIN: &'static [Template] =
&[&[CHAR_CLASS_N, CHAR_CLASS_N, CHAR_CLASS_N, CHAR_CLASS_N]];
pub type Template<'a> = &'a [&'a [char]];
#[derive(Debug, Eq, PartialEq, Clone, Copy, Hash, Ord, PartialOrd)]
pub struct Seed {
pub raw: [u8; SEED_LEN],
}
impl Seed {
pub fn create_password(&self, templates: &[Template]) -> String {
for template in templates {
debug_assert!(template.len() < SEED_LEN);
}
let template = templates[self.raw[0] as usize % templates.len()];
assert!(template.len() < SEED_LEN);
let mut password = String::with_capacity(template.len());
for (characters, &seed) in template.iter().zip(self.raw[1..].iter()) {
password.push(characters[seed as usize % characters.len()]);
}
return password;
}
}
pub struct SeedGenerator {
key: [u8; KEY_LEN],
}
impl SeedGenerator {
pub fn new(identity: &[u8], password: &[u8]) -> Self {
use crypto::scrypt::{scrypt, ScryptParams};
const LOG_N: u8 = 15;
const R: u32 = 8;
const P: u32 = 2;
let mut key = [0; KEY_LEN];
let mut seed = MAGIC.to_vec();
seed.write_u32::<BigEndian>(identity.len() as u32)
.expect(VEC_IO_ERROR_STR);
seed.extend_from_slice(identity);
scrypt(password, &seed, &ScryptParams::new(LOG_N, R, P), &mut key);
SeedGenerator { key: key }
}
pub fn calculate_password_seed(&self, message: &[u8], counter: u32) -> Seed {
use hmac::{Hmac, Mac};
use sha2::Sha256;
let mut hmac = Hmac::<Sha256>::new(&self.key);
let mut input = MAGIC.to_vec();
input
.write_u32::<BigEndian>(message.len() as u32)
.expect(VEC_IO_ERROR_STR);
input.extend(message);
input
.write_u32::<BigEndian>(counter)
.expect(VEC_IO_ERROR_STR);
hmac.input(&input);
Seed {
raw: {
let mut array_seed = [0; SEED_LEN];
let result = hmac.result();
let slice_seed = result.code();
for (left, right) in array_seed.iter_mut().zip(slice_seed.iter()) {
*left = *right;
}
array_seed
},
}
}
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
pub fn test_pins() {
const TESTS: &'static [(&'static str, &'static str, &'static str, u32, &'static str)] = &[
("John Doe", "password", "tomato", 1, "5914"),
("John Doe", "password", "potato", 1, "7329"),
("John Doe", "password", "carrot", 1, "0762"),
("John Doe", "password", "tomato", 2, "2525"),
("John Doe", "password", "potato", 2, "9390"),
("John Doe", "password", "carrot", 2, "2750"),
("Nice Guy", "verysafe", "tomato", 2, "6380"),
("Nice Guy", "verysafe", "potato", 2, "1749"),
("Nice Guy", "verysafe", "carrot", 2, "7846"),
];
for test in TESTS {
let &(identity, master, message, counter, result) = test;
let generator = SeedGenerator::new(identity.as_bytes(), master.as_bytes());
let generated = generator
.calculate_password_seed(message.as_bytes(), counter)
.create_password(TEMPLATES_PIN);
assert_eq!(generated, result);
}
}
}