pwgen2 0.8.2

password generator
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107

use anyhow::{Context, Result};
use bcrypt::{DEFAULT_COST, hash, verify};
use pbkdf2::{
    Pbkdf2,
    password_hash::{PasswordHasher, PasswordVerifier},
    phc::PasswordHash,
};
use sha_crypt::ShaCrypt;

/// Hashes a password using bcrypt.
///
/// # Errors
///
/// Returns an error if bcrypt hashing fails.
pub fn hash_bcrypt(password: &str) -> Result<String> {
    hash(password, DEFAULT_COST).context("Failed to hash password using bcrypt")
}

/// Verifies a password against a bcrypt hash.
///
/// # Errors
///
/// Returns an error if bcrypt verification fails.
pub fn verify_bcrypt(password: &str, hashed: &str) -> Result<bool> {
    verify(password, hashed).context("Failed to verify bcrypt password")
}

/// Hashes a password using PBKDF2.
///
/// # Errors
///
/// Returns an error if PBKDF2 hashing fails.
pub fn hash_pbkdf2(password: &str) -> Result<String> {
    let password_hash = Pbkdf2::default()
        .hash_password(password.as_bytes())
        .map_err(|err| anyhow::anyhow!("Failed to hash password using PBKDF2: {err}"))?;

    Ok(password_hash.to_string())
}

/// Verifies a password against a PBKDF2 hash.
///
/// # Errors
///
/// Returns an error if the hash cannot be parsed or verification fails.
pub fn verify_pbkdf2(password: &str, hashed: &str) -> Result<bool> {
    let parsed_hash = PasswordHash::new(hashed)
        .map_err(|err| anyhow::anyhow!("Failed to parse PBKDF2 hash: {err}"))?;

    Ok(Pbkdf2::default()
        .verify_password(password.as_bytes(), &parsed_hash)
        .is_ok())
}

/// Hashes a password using SHA-512 crypt.
///
/// # Errors
///
/// Returns an error if SHA-512 crypt parameter creation or hashing fails.
pub fn hash_sha512(password: &str) -> Result<String> {
    let password_hash = ShaCrypt::SHA512
        .hash_password(password.as_bytes())
        .map_err(|err| anyhow::anyhow!("Failed to hash password using SHA-512 crypt: {err}"))?;

    Ok(password_hash.to_string())
}

/// Verifies a password against a SHA-512 crypt hash.
///
/// # Errors
///
/// Returns an error if SHA-512 crypt verification fails.
pub fn verify_sha512(password: &str, hashed: &str) -> Result<bool> {
    Ok(ShaCrypt::SHA512
        .verify_password(password.as_bytes(), hashed)
        .is_ok())
}

#[cfg(test)]
mod tests {
    use super::*;
    use anyhow::Result;

    #[test]
    fn test_hash_bcrypt() -> Result<()> {
        let password = "password";
        let hashed = hash_bcrypt(password)?;
        assert!(verify_bcrypt(password, &hashed)?);
        Ok(())
    }

    #[test]
    fn test_hash_pbkdf2() -> Result<()> {
        let password = "password";
        let hashed = hash_pbkdf2(password)?;
        assert!(verify_pbkdf2(password, &hashed)?);
        Ok(())
    }

    #[test]
    fn test_hash_sha512() -> Result<()> {
        let password = "password";
        let hashed = hash_sha512(password)?;
        assert!(verify_sha512(password, &hashed)?);
        Ok(())
    }
}