// // PBKDF2 derivation // use std::num::NonZeroU32; use ring::{digest, hmac, pbkdf2}; use crate::error::Error; static DIGEST_ALG: pbkdf2::Algorithm = pbkdf2::PBKDF2_HMAC_SHA256; const OUTPUT_LEN: usize = digest::SHA256_OUTPUT_LEN; pub fn hash_password(secret: &[u8], salt: &[u8], iterations: u32) -> Vec { let mut out = vec![0u8; OUTPUT_LEN]; // Initialize array with zeros let iterations = NonZeroU32::new(iterations).expect("Iterations can't be zero"); pbkdf2::derive(DIGEST_ALG, iterations, salt, secret, &mut out); out } pub fn verify_password_hash(secret: &[u8], salt: &[u8], previous: &[u8], iterations: u32) -> bool { let iterations = NonZeroU32::new(iterations).expect("Iterations can't be zero"); pbkdf2::verify(DIGEST_ALG, iterations, salt, secret, previous).is_ok() } // // HMAC // pub fn hmac_sign(key: &str, data: &str) -> String { use data_encoding::HEXLOWER; let key = hmac::Key::new(hmac::HMAC_SHA1_FOR_LEGACY_USE_ONLY, key.as_bytes()); let signature = hmac::sign(&key, data.as_bytes()); HEXLOWER.encode(signature.as_ref()) } // // Random values // pub fn get_random_64() -> Vec { get_random(vec![0u8; 64]) } pub fn get_random(mut array: Vec) -> Vec { use ring::rand::{SecureRandom, SystemRandom}; SystemRandom::new() .fill(&mut array) .expect("Error generating random values"); array } pub fn generate_token(token_size: u32) -> Result { // A u64 can represent all whole numbers up to 19 digits long. if token_size > 19 { err!("Token size is limited to 19 digits") } let low: u64 = 0; let high: u64 = 10u64.pow(token_size); // Generate a random number in the range [low, high), then format it as a // token of fixed width, left-padding with 0 as needed. use rand::{thread_rng, Rng}; let mut rng = thread_rng(); let number: u64 = rng.gen_range(low, high); let token = format!("{:0size$}", number, size = token_size as usize); Ok(token) } // // Constant time compare // pub fn ct_eq, U: AsRef<[u8]>>(a: T, b: U) -> bool { use ring::constant_time::verify_slices_are_equal; verify_slices_are_equal(a.as_ref(), b.as_ref()).is_ok() }