Refactoring crypto module, moving `auth` into `users` module

author: Katharina Fey <kookie@spacekookie.de> 2018-07-02 18:37:15 +0200
committer: Katharina Fey <kookie@spacekookie.de> 2018-07-02 18:37:15 +0200
commit: f2156e21b830ebc3cfd0f9eab4e7e01112e023b4 (patch)
tree: 410372dd1d2c47a0af1e0aa71541cd48eb9efaa0
parent: 99ff8f0ebae37069de690936f79c4d599851f952 (diff)
11 files changed, 134 insertions, 118 deletions
diff --git a/Cargo.lock b/Cargo.lock
index ae40581..f4275fe 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -470,6 +470,15 @@ dependencies = [
 ]
 
 [[package]]
+name = "diceware"
+version = "0.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+dependencies = [
+ "getopts 0.2.17 (registry+https://github.com/rust-lang/crates.io-index)",
+ "rand 0.3.22 (registry+https://github.com/rust-lang/crates.io-index)",
+]
+
+[[package]]
 name = "digest"
 version = "0.7.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -650,6 +659,11 @@ dependencies = [
 ]
 
 [[package]]
+name = "getopts"
+version = "0.2.17"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+
+[[package]]
 name = "glob"
 version = "0.2.11"
 source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -836,6 +850,7 @@ dependencies = [
  "bcrypt 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "blake2 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)",
  "chrono 0.4.4 (registry+https://github.com/rust-lang/crates.io-index)",
+ "diceware 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "keybob 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "nix 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "pam-auth 0.5.4 (registry+https://github.com/rust-lang/crates.io-index)",
@@ -1977,6 +1992,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 "checksum crypto-mac 0.6.2 (registry+https://github.com/rust-lang/crates.io-index)" = "7afa06d05a046c7a47c3a849907ec303504608c927f4e85f7bfff22b7180d971"
 "checksum dbghelp-sys 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "97590ba53bcb8ac28279161ca943a924d1fd4a8fb3fa63302591647c4fc5b850"
 "checksum dbl 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "920e117b69060a961c4164ccf83af573292cb167ccdd918950bcf0f5afc32c1c"
+"checksum diceware 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "40ae2a903b5091f517c51370d36234a5ec344732b946ba8443850acb530753bf"
 "checksum digest 0.7.4 (registry+https://github.com/rust-lang/crates.io-index)" = "3cae2388d706b52f2f2f9afe280f9d768be36544bd71d1b8120cb34ea6450b55"
 "checksum dtoa 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)" = "09c3753c3db574d215cba4ea76018483895d7bff25a31b49ba45db21c48e50ab"
 "checksum encoding 0.2.33 (registry+https://github.com/rust-lang/crates.io-index)" = "6b0d943856b990d12d3b55b359144ff341533e516d94098b1d3fc1ac666d36ec"
@@ -2000,6 +2016,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 "checksum futures-cpupool 0.1.8 (registry+https://github.com/rust-lang/crates.io-index)" = "ab90cde24b3319636588d0c35fe03b1333857621051837ed769faefb4c2162e4"
 "checksum gcc 0.3.54 (registry+https://github.com/rust-lang/crates.io-index)" = "5e33ec290da0d127825013597dbdfc28bee4964690c7ce1166cbc2a7bd08b1bb"
 "checksum generic-array 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)" = "ef25c5683767570c2bbd7deba372926a55eaae9982d7726ee2a1050239d45b9d"
+"checksum getopts 0.2.17 (registry+https://github.com/rust-lang/crates.io-index)" = "b900c08c1939860ce8b54dc6a89e26e00c04c380fd0e09796799bd7f12861e05"
 "checksum glob 0.2.11 (registry+https://github.com/rust-lang/crates.io-index)" = "8be18de09a56b60ed0edf84bc9df007e30040691af7acd1c41874faac5895bfb"
 "checksum h2 0.1.10 (registry+https://github.com/rust-lang/crates.io-index)" = "6229ac66d3392dd83288fe04defd4b353354b15bbe07820d53dda063a736afcc"
 "checksum hmac 0.6.2 (registry+https://github.com/rust-lang/crates.io-index)" = "efb895368093a17d136b1d9eecdb607c7aa038a452e646c74e37ded2da106285"
diff --git a/lockchain-core/Cargo.toml b/lockchain-core/Cargo.toml
index 87d3f65..34a5a7c 100644
--- a/lockchain-core/Cargo.toml
+++ b/lockchain-core/Cargo.toml
@@ -22,4 +22,4 @@ bcrypt = "0.2"
 rand = "0.4"
 blake2 = "0.7"
 
-keybob = "0.3"
-\ No newline at end of file
+keybob = "0.3"
diff --git a/lockchain-core/src/crypto/encoding.rs b/lockchain-core/src/crypto/encoding.rs
new file mode 100644
index 0000000..0c49490
--- /dev/null
+++ b/lockchain-core/src/crypto/encoding.rs
@@ -0,0 +1,24 @@
+//! Easy to use encoding utility functions
+
+use base64;
+use std::fmt::Write;
+
+/// Encode a piece of arbitary data into a bse64 string
+pub fn base64_encode(data: &Vec<u8>) -> String {
+    return base64::encode(data);
+}
+
+/// Decode a base64 string into arbitrary data
+pub fn base64_decode(data: &String) -> Vec<u8> {
+    return base64::decode(data).unwrap();
+}
+
+/// Simply encode a byte-string as hexadecimal symbols
+pub fn encode_hex(data: &str) -> String {
+    let mut s = String::new();
+    for &byte in data.as_bytes() {
+        write!(&mut s, "{:X}", byte).expect("Unable to HEX encode!");
+    }
+
+    return s;
+}
+\ No newline at end of file
diff --git a/lockchain-core/src/crypto/hashing.rs b/lockchain-core/src/crypto/hashing.rs
new file mode 100644
index 0000000..4a24a17
--- /dev/null
+++ b/lockchain-core/src/crypto/hashing.rs
@@ -0,0 +1,25 @@
+//! Hashing utility functions for various applications
+
+use blake2::digest::{Input, VariableOutput};
+use blake2::Blake2s;
+
+const BLAKE_16_LENGTH: usize = 16;
+
+/// Hash a value with blake2
+pub fn blake2(data: &str, salt: &str) -> [u8; BLAKE_16_LENGTH] {
+    let mut hasher = match Blake2s::new(BLAKE_16_LENGTH) {
+        Ok(res) => res,
+        Err(some) => panic!(some),
+    };
+
+    let to_hash = format!("{}{}", data, salt);
+    hasher.process(to_hash.as_bytes());
+
+    let mut buffer = [0u8; BLAKE_16_LENGTH];
+    match hasher.variable_result(&mut buffer) {
+        Ok(res) => res,
+        Err(e) => panic!(e),
+    };
+
+    return buffer;
+}
diff --git a/lockchain-core/src/crypto/mod.rs b/lockchain-core/src/crypto/mod.rs
index cbc9fb7..6fa17bb 100644
--- a/lockchain-core/src/crypto/mod.rs
+++ b/lockchain-core/src/crypto/mod.rs
@@ -1,20 +1,22 @@
-//! Shared cryptographic primitives for the lockchain ecosystem
-//!
-//! This is a secure storage vault after all, we need some
-//! shared crypto helpers for all the other crates :)
+//! Shared cryptographic primitives and utilities
+//! 
+//! 
 
 mod data;
-mod utils;
 
 /// We re-export keybob's API here
 mod keys {
-    use traits::AutoEncoder;
     pub use keybob::{Key, KeyType};
+    use traits::AutoEncoder;
 
     impl AutoEncoder for Key {}
     impl AutoEncoder for KeyType {}
 }
 
+pub mod passwords;
+pub mod encoding;
+pub mod hashing;
+pub mod random;
+
 pub use self::data::PackedData;
 pub use self::keys::{Key, KeyType};
-pub use self::utils::*;
diff --git a/lockchain-core/src/crypto/passwords/mod.rs b/lockchain-core/src/crypto/passwords/mod.rs
new file mode 100644
index 0000000..331ec9d
--- /dev/null
+++ b/lockchain-core/src/crypto/passwords/mod.rs
@@ -0,0 +1,7 @@
+//! A series of password generators for user-facing applications
+
+
+
+pub enum PwType {
+    
+}
diff --git a/lockchain-core/src/crypto/random.rs b/lockchain-core/src/crypto/random.rs
new file mode 100644
index 0000000..7d31992
--- /dev/null
+++ b/lockchain-core/src/crypto/random.rs
@@ -0,0 +1,46 @@
+//! A small convenience wrapper around `rand`
+
+use rand::{thread_rng, Rng};
+
+/// Generate a random number with an upper bound
+pub fn number(bound: u64) -> u64 {
+    return thread_rng().next_u64() % bound;
+}
+
+/// Generate a sequence of random bytes that are returned
+/// as a vector.
+///
+/// Can at most allocate 2048 bytes at a time
+/// FIXME: That shouldn't have a limit!
+pub fn bytes(length: usize) -> Vec<u8> {
+    let mut vec: Vec<u8> = Vec::new();
+
+    if length > 2048 {
+        return vec;
+    }
+
+    let mut random_data = [0u8; 2048];
+    thread_rng().fill_bytes(&mut random_data);
+
+    for i in 0..length {
+        vec.push(random_data[i]);
+    }
+
+    return vec;
+}
+
+/// A small utility wraper around bcrypt to allow
+/// easy password checking.
+pub mod passwd {
+    use bcrypt::{self, DEFAULT_COST};
+
+    /// Create a new password, returning a hash
+    pub fn create(pw: &str) -> Option<String> {
+        Some(bcrypt::hash(pw, DEFAULT_COST).ok()?)
+    }
+
+    /// Verify a password against it's stored hash
+    pub fn verify(pw: &str, hash: &str) -> Option<bool> {
+        bcrypt::verify(pw, hash).ok()
+    }
+}
diff --git a/lockchain-core/src/crypto/utils.rs b/lockchain-core/src/crypto/utils.rs
deleted file mode 100644
index 192703f..0000000
--- a/lockchain-core/src/crypto/utils.rs
+++ /dev/null
@@ -1,105 +0,0 @@
-//! A collection of utility submodules
-
-/// Encoding module
-pub mod encoding {
-    use base64;
-    use std::fmt::Write;
-
-    /// Encode a piece of arbitary data into a bse64 string
-    pub fn base64_encode(data: &Vec<u8>) -> String {
-        return base64::encode(data);
-    }
-
-    /// Decode a base64 string into arbitrary data
-    pub fn base64_decode(data: &String) -> Vec<u8> {
-        return base64::decode(data).unwrap();
-    }
-
-    /// Simply encode a byte-string as hexadecimal symbols
-    pub fn encode_hex(data: &str) -> String {
-        let mut s = String::new();
-        for &byte in data.as_bytes() {
-            write!(&mut s, "{:X}", byte).expect("Unable to HEX encode!");
-        }
-
-        return s;
-    }
-}
-
-/// A hashing utility module
-pub mod hashing {
-    use blake2::digest::{Input, VariableOutput};
-    use blake2::Blake2s;
-
-    const BLAKE_16_LENGTH: usize = 16;
-
-    /// Hash a value with blake2
-    pub fn blake2(data: &str, salt: &str) -> [u8; BLAKE_16_LENGTH] {
-        let mut hasher = match Blake2s::new(BLAKE_16_LENGTH) {
-            Ok(res) => res,
-            Err(some) => panic!(some),
-        };
-
-        let to_hash = format!("{}{}", data, salt);
-        hasher.process(to_hash.as_bytes());
-
-        let mut buffer = [0u8; BLAKE_16_LENGTH];
-        match hasher.variable_result(&mut buffer) {
-            Ok(res) => res,
-            Err(e) => panic!(e),
-        };
-
-        return buffer;
-    }
-}
-
-/// Random number utility module for lockchain
-///
-/// Provides stateless secure random number and byte generation
-pub mod random {
-    use rand::{thread_rng, Rng};
-
-    /// Generate a random number with an upper bound
-    pub fn number(bound: u64) -> u64 {
-        return thread_rng().next_u64() % bound;
-    }
-
-    /// Generate a sequence of random bytes that are returned
-    /// as a vector.
-    ///
-    /// Can at most allocate 2048 bytes at a time
-    /// FIXME: That shouldn't have a limit!
-    pub fn bytes(length: usize) -> Vec<u8> {
-        let mut vec: Vec<u8> = Vec::new();
-
-        if length > 2048 {
-            return vec;
-        }
-
-        let mut random_data = [0u8; 2048];
-        thread_rng().fill_bytes(&mut random_data);
-
-        for i in 0..length {
-            vec.push(random_data[i]);
-        }
-
-        return vec;
-
-    }
-    
-    /// A small utility wraper around bcrypt to allow
-    /// easy password checking.
-    pub mod passwd {
-        use bcrypt::{self, DEFAULT_COST};
-
-        /// Create a new password, returning a hash
-        pub fn create(pw: &str) -> Option<String> {
-            Some(bcrypt::hash(pw, DEFAULT_COST).ok()?)
-        }
-
-        /// Verify a password against it's stored hash
-        pub fn verify(pw: &str, hash: &str) -> Option<bool> {
-            bcrypt::verify(pw, hash).ok()
-        }
-    }
-}
diff --git a/lockchain-core/src/lib.rs b/lockchain-core/src/lib.rs
index 2c5b0d7..cb02caf 100644
--- a/lockchain-core/src/lib.rs
+++ b/lockchain-core/src/lib.rs
@@ -21,9 +21,7 @@ pub mod crypto;
 pub mod users;
 mod meta;
 mod record;
-mod auth;
 
 pub use self::crypto::PackedData;
 pub use self::record::{Header, Payload, Record, EncryptedBody};
 pub use self::meta::{MetaDomain, VaultMetadata};
-pub use self::auth::pam_authenticate;
-\ No newline at end of file
diff --git a/lockchain-core/src/auth.rs b/lockchain-core/src/users/auth.rs
index eceece0..538bd04 100644
--- a/lockchain-core/src/auth.rs
+++ b/lockchain-core/src/users/auth.rs
@@ -3,10 +3,10 @@
 //! The way a user is authenticated is via the `lockchain` group
 //! and a simple writing/ deleting of a lock file.
 
-use nix::sys::wait::*;
-use nix::unistd::{fork, ForkResult};
+// use nix::sys::wait::*;
+// use nix::unistd::{fork, ForkResult};
 
-use pam_auth::{self, Authenticator, PamError, Result as PamResult};
+// use pam_auth::{self, Authenticator, PamError, Result as PamResult};
 
 #[derive(Debug)]
 pub enum AuthError {
diff --git a/lockchain-core/src/users/mod.rs b/lockchain-core/src/users/mod.rs
index 29be002..927bfb0 100644
--- a/lockchain-core/src/users/mod.rs
+++ b/lockchain-core/src/users/mod.rs
@@ -13,8 +13,10 @@
 //! `User` is also a serialisable struct which contains important
 //! data to load and store them into a metadata store.
 
+mod auth;
 mod tokens;
 pub use self::tokens::Token;
+pub use self::auth::{AuthError, pam_authenticate};
 
 use crypto::{encoding, hashing, random};
 use std::collections::HashMap;
author	Katharina Fey <kookie@spacekookie.de>	2018-07-02 18:37:15 +0200
committer	Katharina Fey <kookie@spacekookie.de>	2018-07-02 18:37:15 +0200
commit	f2156e21b830ebc3cfd0f9eab4e7e01112e023b4 (patch)
tree	410372dd1d2c47a0af1e0aa71541cd48eb9efaa0
parent	99ff8f0ebae37069de690936f79c4d599851f952 (diff)