tor_hash_passwd/
lib.rs

1//! Tor hashed password algorithm
2//!
3//! Tor is controllable by making socket connections to the “ControlPort” usually on port 9051.
4//!
5//! .torrc requires a "HashedControlPassword" option to make use of password authentication. You can generate this
6//! value by running `tor --hash-password <secret>` on the command line. This module gives you that same functionality
7//! as a standalone Rust library.
8//!
9//! The salted hash is computed according to the S2K algorithm in RFC 2440 (OpenPGP), and prefixed with the s2k specifier.
10//! This is then encoded in hexadecimal, prefixed by the indicator sequence   "16:".
11//!
12//! Thus, for example, the password 'foo' could encode to:
13//! ```text
14//!      16:660537E3E1CD4999 60 44A3BF558097A981F539FEA2F9DA662B4626C1C2
15//!         ++++++++++++++++ ** ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
16//!            salt       indicator     hashed value
17//! ```
18//!
19//! ## Example use
20//!
21//!To generate a Tor password, use `hash_password`. You can verify challenges against the hash with `verify`:
22//! ```edition2018
23//!use tor_hash_passwd::EncryptedKey;
24//!
25//! let hash = EncryptedKey::hash_password("ride the wild Pony");
26//!assert!(hash.validate("ride the wild Pony"));
27//!assert!(!hash.validate("some other password"));
28//!
29//! ```
30//!
31//! The algorithm uses a random salt, so generating the same hashed password multiple times will deliver different
32//! hashes. To get reproducible hashes, you must supply the salt:
33//!
34//!```edition2018
35//!use tor_hash_passwd::EncryptedKey;
36//!use hex_literal::hex;
37//!
38//! let key = EncryptedKey::hash_with_salt("foo", hex!("85EE955FF128F012"));
39//! assert_eq!(key.to_string().as_str(), "16:85EE955FF128F01260A1CFA5C3BE947A512B8EFAD1BC410671E3DBBA2D");
40//! ```
41//!
42//! You can also convert a string to an Encrypted Key:
43//!
44//! ```edition2018
45//!# use std::convert::TryFrom;
46//!# use tor_hash_passwd::EncryptedKey;
47//! let key = EncryptedKey::try_from("16:29AAD7BADA64895D604EE18A5549712C9DADAF373B72D7DEF0D4AE97AE").unwrap();
48//! assert!(key.validate("tari"));
49//! ```
50
51mod encrypted_key;
52mod error;
53
54pub use encrypted_key::EncryptedKey;
55pub use error::EncryptedKeyError;