pwhash 1.0.0

A collection of password hashing routines in pure Rust.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171

// Common routines for SHA-2 hashing.
//
// Copyright (c) 2016 Ivan Nejgebauer <inejge@gmail.com>
//
// Licensed under the MIT license <LICENSE-MIT or
// http://opensource.org/licenses/MIT>. This file may not be copied,
// modified, or distributed except according to the terms of this
// license.

use std::cmp::min;
use sha2::Digest;
use crate::enc_dec::{md5_sha2_hash64_encode, bcrypt_hash64_decode};
use super::{Result, HashSetup};
use crate::error::Error;
use crate::parse::{self, HashIterator};
use crate::random;

/// Minimum rounds.
pub const MIN_ROUNDS: u32 = 1000;
/// Maximum rounds.
pub const MAX_ROUNDS: u32 = 999999999;
/// Default number of rounds.
pub const DEFAULT_ROUNDS: u32 = 5000;
/// Maximum (and default) salt length.
pub const MAX_SALT_LEN: usize = 16;

pub fn sha2_crypt<D: Digest>(pass: &[u8], salt: &str, rounds: Option<u32>,
			     new_digest: fn() -> D, trn_table: &[u8],
			     magic: &str) -> Result<String> {
    let mut dummy_buf = [0u8; 12];
    bcrypt_hash64_decode(salt, &mut dummy_buf)?;

    let mut dgst_b = new_digest();
    let dsize = D::output_size();
    dgst_b.update(pass);
    dgst_b.update(salt.as_bytes());
    dgst_b.update(pass);
    let mut hash_b = dgst_b.finalize();

    let mut dgst_a = new_digest();
    dgst_a.update(pass);
    dgst_a.update(salt.as_bytes());

    let plen = pass.len();
    let mut p = plen;
    while p > 0 {
	dgst_a.update(&hash_b[..min(p, dsize)]);
	if p < dsize {
	    break;
	}
	p -= dsize;
    }

    p = plen;
    while p > 0 {
	match p & 1 {
	    0 => dgst_a.update(pass),
	    1 => dgst_a.update(&hash_b[..dsize]),
	    _ => unreachable!()
	}
	p >>= 1;
    }

    let mut hash_a = dgst_a.finalize();

    let mut dgst_b = new_digest();
    for _ in 0..plen {
	dgst_b.update(pass);
    }
    hash_b = dgst_b.finalize();
    let mut dgst_b = new_digest();
    let mut seq_p = Vec::<u8>::with_capacity(((plen + dsize - 1) / dsize) * dsize);
    p = plen;
    while p > 0 {
	seq_p.extend(&hash_b[..min(p, dsize)]);
	if p < dsize {
	    break;
	}
	p -= dsize;
    }

    for _ in 0..MAX_SALT_LEN+(hash_a[0] as usize) {
	dgst_b.update(salt.as_bytes());
    }
    hash_b = dgst_b.finalize();
    let mut seq_s = Vec::<u8>::with_capacity(MAX_SALT_LEN);
    seq_s.extend(&hash_b[..salt.len()]);

    for r in 0..rounds.unwrap_or(DEFAULT_ROUNDS) {
	let mut dgst_a = new_digest();
	if r % 2 == 1 {
	    dgst_a.update(&seq_p[..]);
	} else {
	    dgst_a.update(&hash_a[..dsize]);
	}
	if r % 3 > 0 {
	    dgst_a.update(&seq_s[..]);
	}
	if r % 7 > 0 {
	    dgst_a.update(&seq_p[..]);
	}
	if r % 2 == 1 {
	    dgst_a.update(&hash_a[..dsize]);
	} else {
	    dgst_a.update(&seq_p[..]);
	}
	hash_a = dgst_a.finalize();
    }
    for (i, &ti) in trn_table.iter().enumerate() {
	hash_b[i] = hash_a[ti as usize];
    }

    match rounds {
	Some(rounds) => Ok(format!("{}rounds={}${}${}", magic, rounds, salt,
				   md5_sha2_hash64_encode(&hash_b[..dsize]))),
	None => Ok(format!("{}{}${}", magic, salt,
			   md5_sha2_hash64_encode(&hash_b[..dsize])))
    }
}

const MAGIC_LEN: usize = 3;

pub fn parse_sha2_hash<'a>(hash: &'a str, magic: &str) -> Result<HashSetup<'a>> {
    let mut hs = parse::HashSlice::new(hash);
    if hs.take(MAGIC_LEN).unwrap_or("X") != magic {
	return Err(Error::InvalidHashString);
    }
    let maybe_rounds = if let Some(elem) = hs.take_until(b'$') {
	elem
    } else {
	return Err(Error::InvalidHashString);
    };
    let rounds = if maybe_rounds.starts_with("rounds=") {
	let mut rhs = parse::HashSlice::new(maybe_rounds);
	rhs.take_until(b'=');
	Some(rhs.take_until(b'$').unwrap().parse::<u32>().map_err(|_e| Error::InvalidRounds)?)
    } else { None };
    let salt = if rounds.is_none() {
	maybe_rounds
    } else if let Some(salt) = hs.take_until(b'$') {
	salt
    } else {
	return Err(Error::InvalidHashString);
    };
    Ok(HashSetup { salt: Some(salt), rounds })
}

pub fn sha2_hash_with(param: HashSetup, pass: &[u8], hf: fn(&[u8], &str, Option<u32>) -> Result<String>) -> Result<String> {
    let rounds = if let Some(r) = param.rounds {
	if r < MIN_ROUNDS {
	    Some(MIN_ROUNDS)
	} else if r > MAX_ROUNDS {
	    Some(MAX_ROUNDS)
	} else {
	    Some(r)
	}
    } else { None };
    if let Some(salt) = param.salt {
	let salt = if salt.len() <= MAX_SALT_LEN {
	    salt
	} else if let Some(truncated_salt) = parse::HashSlice::new(salt).take(MAX_SALT_LEN) {
	    truncated_salt
	} else {
	    return Err(Error::InvalidHashString);
	};
	hf(pass, salt, rounds)
    } else {
	let salt = random::gen_salt_str(MAX_SALT_LEN);
	hf(pass, &salt, rounds)
    }
}