scrypt 0.8.1

Scrypt password-based key derivation function
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54

//! Implementation of the `password-hash` crate API.

use crate::{scrypt, Params};
use core::convert::TryInto;
use password_hash::{Decimal, Error, Ident, Output, PasswordHash, PasswordHasher, Result, Salt};

/// Algorithm identifier
pub const ALG_ID: Ident = Ident::new("scrypt");

/// scrypt type for use with [`PasswordHasher`].
#[derive(Copy, Clone, Debug, Eq, PartialEq)]
#[cfg_attr(docsrs, doc(cfg(feature = "simple")))]
pub struct Scrypt;

impl PasswordHasher for Scrypt {
    type Params = Params;

    fn hash_password_customized<'a>(
        &self,
        password: &[u8],
        alg_id: Option<Ident<'a>>,
        version: Option<Decimal>,
        params: Params,
        salt: impl Into<Salt<'a>>,
    ) -> Result<PasswordHash<'a>> {
        if !matches!(alg_id, Some(ALG_ID) | None) {
            return Err(Error::Algorithm);
        }

        // Versions unsupported
        if version.is_some() {
            return Err(Error::Version);
        }

        let salt = salt.into();
        let mut salt_arr = [0u8; 64];
        let salt_bytes = salt.b64_decode(&mut salt_arr)?;

        let output = Output::init_with(params.len, |out| {
            scrypt(password, salt_bytes, &params, out).map_err(|_e| {
                // TODO(tarcieri): handle output variants
                Error::OutputTooLong
            })
        })?;

        Ok(PasswordHash {
            algorithm: ALG_ID,
            version: None,
            params: params.try_into()?,
            salt: Some(salt),
            hash: Some(output),
        })
    }
}