sha-crypt 0.6.0

Pure Rust implementation of the SHA-crypt password hashing algorithm based on SHA-256/SHA-512 as implemented by the POSIX crypt C library, including support for generating and verifying password hash strings in the Modular Crypt Format
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97

//! Algorithm parameters.

use crate::{Error, Result};
use core::{
    default::Default,
    fmt::{self, Display},
    str::FromStr,
};

/// Name of the parameter when serialized in an MCF string.
const ROUNDS_PARAM: &str = "rounds=";

/// Algorithm parameters.
#[derive(Clone, Copy, Debug, Eq, PartialEq)]
pub struct Params {
    /// Number of times to apply the digest function
    pub(crate) rounds: u32,
}

impl Params {
    /// Recommended parameters.
    pub const RECOMMENDED: Self = Self {
        rounds: Self::RECOMMENDED_ROUNDS,
    };

    /// Recommended number of rounds.
    pub const RECOMMENDED_ROUNDS: u32 = 5_000;

    /// Minimum number of rounds allowed.
    pub const ROUNDS_MIN: u32 = 1_000;

    /// Maximum number of rounds allowed.
    pub const ROUNDS_MAX: u32 = 999_999_999;

    /// Create new algorithm parameters.
    ///
    /// # Errors
    /// Returns [`Error::RoundsInvalid`] if `rounds` is outside the range [`Params::ROUNDS_MIN`]
    /// to [`Params::ROUNDS_MAX`] inclusive.
    pub fn new(rounds: u32) -> Result<Params> {
        match rounds {
            Self::ROUNDS_MIN..=Self::ROUNDS_MAX => Ok(Params { rounds }),
            _ => Err(Error::RoundsInvalid),
        }
    }
}

impl Default for Params {
    fn default() -> Self {
        Params::RECOMMENDED
    }
}

impl Display for Params {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        write!(f, "rounds={}", self.rounds)
    }
}

impl FromStr for Params {
    type Err = Error;

    fn from_str(s: &str) -> Result<Self> {
        if s.is_empty() {
            return Ok(Self::default());
        }

        if let Some(rounds_str) = s.strip_prefix(ROUNDS_PARAM) {
            Self::new(rounds_str.parse().map_err(|_| Error::RoundsInvalid)?)
        } else {
            Err(Error::ParamsInvalid)
        }
    }
}

#[cfg(test)]
mod tests {
    use super::Params;

    #[test]
    fn test_sha256_crypt_invalid_rounds() {
        let params = Params::new(Params::ROUNDS_MAX + 1);
        assert!(params.is_err());

        let params = Params::new(Params::ROUNDS_MIN - 1);
        assert!(params.is_err());
    }

    #[test]
    fn test_sha512_crypt_invalid_rounds() {
        let params = Params::new(Params::ROUNDS_MAX + 1);
        assert!(params.is_err());

        let params = Params::new(Params::ROUNDS_MIN - 1);
        assert!(params.is_err());
    }
}