use std::str;
use crate::crypto_utils;
#[derive(PartialEq, Debug)]
pub enum HasherError {
UnknownAlgorithm,
BadHash,
EmptyHash,
InvalidIterations,
InvalidArgon2Salt,
}
pub trait Hasher {
fn verify(&self, password: &str, encoded: &str) -> Result<bool, HasherError>;
fn encode(&self, password: &str, salt: &str, iterations: u32) -> String;
}
#[cfg(feature="with_pbkdf2")]
pub struct PBKDF2Hasher;
#[cfg(feature="with_pbkdf2")]
impl Hasher for PBKDF2Hasher {
fn verify(&self, password: &str, encoded: &str) -> Result<bool, HasherError> {
let mut encoded_part = encoded.split('$').skip(1);
let iterations = encoded_part.next().ok_or(HasherError::BadHash)?
.parse::<u32>().map_err(|_| HasherError::InvalidIterations)?;
let salt = encoded_part.next().ok_or(HasherError::BadHash)?;
let hash = encoded_part.next().ok_or(HasherError::BadHash)?;
Ok(crypto_utils::safe_eq(hash, crypto_utils::hash_pbkdf2_sha256(password, salt, iterations)))
}
fn encode(&self, password: &str, salt: &str, iterations: u32) -> String {
let hash = crypto_utils::hash_pbkdf2_sha256(password, salt, iterations);
format!("{}${}${}${}", "pbkdf2_sha256", iterations, salt, hash)
}
}
#[cfg(feature="with_pbkdf2")]
pub struct PBKDF2SHA1Hasher;
#[cfg(feature="with_pbkdf2")]
impl Hasher for PBKDF2SHA1Hasher {
fn verify(&self, password: &str, encoded: &str) -> Result<bool, HasherError> {
let mut encoded_part = encoded.split('$').skip(1);
let iterations = encoded_part.next().ok_or(HasherError::BadHash)?
.parse::<u32>().map_err(|_| HasherError::InvalidIterations)?;
let salt = encoded_part.next().ok_or(HasherError::BadHash)?;
let hash = encoded_part.next().ok_or(HasherError::BadHash)?;
Ok(crypto_utils::safe_eq(hash, crypto_utils::hash_pbkdf2_sha1(password, salt, iterations)))
}
fn encode(&self, password: &str, salt: &str, iterations: u32) -> String {
let hash = crypto_utils::hash_pbkdf2_sha1(password, salt, iterations);
format!("{}${}${}${}", "pbkdf2_sha1", iterations, salt, hash)
}
}
#[cfg(feature="with_argon2")]
pub struct Argon2Hasher;
#[cfg(feature="with_argon2")]
const OLD_ARGON2_VERSION: u32 = 0x10;
#[cfg(feature="with_argon2")]
const NEW_ARGON2_VERSION: u32 = 0x13;
#[cfg(feature="with_argon2")]
impl Hasher for Argon2Hasher {
fn verify(&self, password: &str, encoded: &str) -> Result<bool, HasherError> {
let encoded_part: Vec<&str> = encoded.split('$').collect();
let version = match encoded_part.len() {
6 => NEW_ARGON2_VERSION,
5 => OLD_ARGON2_VERSION,
_ => return Err(HasherError::BadHash),
};
let segment_shift = 6 - encoded_part.len();
let settings = encoded_part[3 - segment_shift];
let salt = encoded_part[4 - segment_shift];
let string_hash = encoded_part[5 - segment_shift].replace('+', "-");
let hash = string_hash.as_str();
let settings_part: Vec<&str> = settings.split(',').collect();
let memory_cost: u32 = settings_part[0].split('=').collect::<Vec<&str>>()[1].parse::<u32>().unwrap();
let time_cost: u32 = settings_part[1].split('=').collect::<Vec<&str>>()[1].parse::<u32>().unwrap();
let parallelism: u32 = settings_part[2].split('=').collect::<Vec<&str>>()[1].parse::<u32>().unwrap();
match base64::decode_config(salt, base64::URL_SAFE_NO_PAD) {
Ok(_) => {},
Err(_) => return Err(HasherError::InvalidArgon2Salt)
};
let hash_length = match base64::decode_config(hash, base64::URL_SAFE_NO_PAD) {
Ok(value) => value.len() as u32,
Err(_) => return Ok(false)
};
Ok(crypto_utils::safe_eq(hash, crypto_utils::hash_argon2(password, salt, time_cost, memory_cost, parallelism, version, hash_length)))
}
fn encode(&self, password: &str, salt: &str, _: u32) -> String {
let memory_cost: u32 = 512;
let time_cost: u32 = 2;
let parallelism: u32 = 2;
let version: u32 = NEW_ARGON2_VERSION;
let hash_length: u32 = 16;
let hash = crypto_utils::hash_argon2(password, salt, time_cost, memory_cost, parallelism, version, hash_length);
format!("argon2$argon2i$v=19$m={},t={},p={}${}${}", memory_cost, time_cost, parallelism, salt, hash)
}
}
#[cfg(feature="with_bcrypt")]
pub struct BCryptSHA256Hasher;
#[cfg(feature="with_bcrypt")]
impl Hasher for BCryptSHA256Hasher {
fn verify(&self, password: &str, encoded: &str) -> Result<bool, HasherError> {
let bcrypt_encoded_part: Vec<&str> = encoded.splitn(2, '$').collect();
let hash = bcrypt_encoded_part[1];
let hashed_password = crypto_utils::hash_sha256(password);
match bcrypt::verify(&hashed_password, hash) {
Ok(valid) => Ok(valid),
Err(_) => Ok(false)
}
}
fn encode(&self, password: &str, _: &str, iterations: u32) -> String {
let hashed_password = crypto_utils::hash_sha256(password);
let hash = bcrypt::hash(&hashed_password, iterations).unwrap();
format!("{}${}", "bcrypt_sha256", hash)
}
}
#[cfg(feature="with_bcrypt")]
pub struct BCryptHasher;
#[cfg(feature="with_bcrypt")]
impl Hasher for BCryptHasher {
fn verify(&self, password: &str, encoded: &str) -> Result<bool, HasherError> {
let bcrypt_encoded_part: Vec<&str> = encoded.splitn(2, '$').collect();
let hash = bcrypt_encoded_part[1];
match bcrypt::verify(password, hash) {
Ok(valid) => Ok(valid),
Err(_) => Ok(false)
}
}
fn encode(&self, password: &str, _: &str, iterations: u32) -> String {
let hash = bcrypt::hash(password, iterations).unwrap();
format!("{}${}", "bcrypt", hash)
}
}
#[cfg(feature="with_legacy")]
pub struct SHA1Hasher;
#[cfg(feature="with_legacy")]
impl Hasher for SHA1Hasher {
fn verify(&self, password: &str, encoded: &str) -> Result<bool, HasherError> {
let mut encoded_part = encoded.split('$').skip(1);
let salt = encoded_part.next().ok_or(HasherError::BadHash)?;
let hash = encoded_part.next().ok_or(HasherError::BadHash)?;
Ok(crypto_utils::safe_eq(hash, crypto_utils::hash_sha1(password, salt)))
}
fn encode(&self, password: &str, salt: &str, _: u32) -> String {
let hash = crypto_utils::hash_sha1(password, salt);
format!("{}${}${}", "sha1", salt, hash)
}
}
#[cfg(feature="with_legacy")]
pub struct MD5Hasher;
#[cfg(feature="with_legacy")]
impl Hasher for MD5Hasher {
fn verify(&self, password: &str, encoded: &str) -> Result<bool, HasherError> {
let mut encoded_part = encoded.split('$').skip(1);
let salt = encoded_part.next().ok_or(HasherError::BadHash)?;
let hash = encoded_part.next().ok_or(HasherError::BadHash)?;
Ok(crypto_utils::safe_eq(hash, crypto_utils::hash_md5(password, salt)))
}
fn encode(&self, password: &str, salt: &str, _: u32) -> String {
let hash = crypto_utils::hash_md5(password, salt);
format!("{}${}${}", "md5", salt, hash)
}
}
#[cfg(feature="with_legacy")]
pub struct UnsaltedSHA1Hasher;
#[cfg(feature="with_legacy")]
impl Hasher for UnsaltedSHA1Hasher {
fn verify(&self, password: &str, encoded: &str) -> Result<bool, HasherError> {
let mut encoded_part = encoded.split('$').skip(2);
let hash = encoded_part.next().ok_or(HasherError::BadHash)?;
Ok(crypto_utils::safe_eq(hash, crypto_utils::hash_sha1(password, "")))
}
fn encode(&self, password: &str, _: &str, _: u32) -> String {
let hash = crypto_utils::hash_sha1(password, "");
format!("{}$${}", "sha1", hash)
}
}
#[cfg(feature="with_legacy")]
pub struct UnsaltedMD5Hasher;
#[cfg(feature="with_legacy")]
impl Hasher for UnsaltedMD5Hasher {
fn verify(&self, password: &str, encoded: &str) -> Result<bool, HasherError> {
Ok(crypto_utils::safe_eq(encoded, crypto_utils::hash_md5(password, "")))
}
fn encode(&self, password: &str, _: &str, _: u32) -> String {
crypto_utils::hash_md5(password, "").to_string()
}
}
#[cfg(feature="with_legacy")]
pub struct CryptHasher;
#[cfg(feature="with_legacy")]
impl Hasher for CryptHasher {
fn verify(&self, password: &str, encoded: &str) -> Result<bool, HasherError> {
let mut encoded_part = encoded.split('$').skip(2);
let hash = encoded_part.next().ok_or(HasherError::BadHash)?;
Ok(crypto_utils::safe_eq(hash, crypto_utils::hash_unix_crypt(password, hash)))
}
fn encode(&self, password: &str, salt: &str, _: u32) -> String {
let hash = crypto_utils::hash_unix_crypt(password, salt);
format!("{}$${}", "crypt", hash)
}
}