diff options
author | Katharina Fey <kookie@spacekookie.de> | 2018-07-02 18:37:15 +0200 |
---|---|---|
committer | Katharina Fey <kookie@spacekookie.de> | 2018-07-02 18:37:15 +0200 |
commit | f2156e21b830ebc3cfd0f9eab4e7e01112e023b4 (patch) | |
tree | 410372dd1d2c47a0af1e0aa71541cd48eb9efaa0 | |
parent | 99ff8f0ebae37069de690936f79c4d599851f952 (diff) |
Refactoring crypto module, moving `auth` into `users` module
-rw-r--r-- | Cargo.lock | 17 | ||||
-rw-r--r-- | lockchain-core/Cargo.toml | 2 | ||||
-rw-r--r-- | lockchain-core/src/crypto/encoding.rs | 24 | ||||
-rw-r--r-- | lockchain-core/src/crypto/hashing.rs | 25 | ||||
-rw-r--r-- | lockchain-core/src/crypto/mod.rs | 16 | ||||
-rw-r--r-- | lockchain-core/src/crypto/passwords/mod.rs | 7 | ||||
-rw-r--r-- | lockchain-core/src/crypto/random.rs | 46 | ||||
-rw-r--r-- | lockchain-core/src/crypto/utils.rs | 105 | ||||
-rw-r--r-- | lockchain-core/src/lib.rs | 2 | ||||
-rw-r--r-- | lockchain-core/src/users/auth.rs (renamed from lockchain-core/src/auth.rs) | 6 | ||||
-rw-r--r-- | lockchain-core/src/users/mod.rs | 2 |
11 files changed, 134 insertions, 118 deletions
@@ -470,6 +470,15 @@ dependencies = [ ] [[package]] +name = "diceware" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +dependencies = [ + "getopts 0.2.17 (registry+https://github.com/rust-lang/crates.io-index)", + "rand 0.3.22 (registry+https://github.com/rust-lang/crates.io-index)", +] + +[[package]] name = "digest" version = "0.7.4" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -650,6 +659,11 @@ dependencies = [ ] [[package]] +name = "getopts" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" + +[[package]] name = "glob" version = "0.2.11" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -836,6 +850,7 @@ dependencies = [ "bcrypt 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)", "blake2 0.7.1 (registry+https://github.com/rust-lang/crates.io-index)", "chrono 0.4.4 (registry+https://github.com/rust-lang/crates.io-index)", + "diceware 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)", "keybob 0.3.0 (registry+https://github.com/rust-lang/crates.io-index)", "nix 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)", "pam-auth 0.5.4 (registry+https://github.com/rust-lang/crates.io-index)", @@ -1977,6 +1992,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum crypto-mac 0.6.2 (registry+https://github.com/rust-lang/crates.io-index)" = "7afa06d05a046c7a47c3a849907ec303504608c927f4e85f7bfff22b7180d971" "checksum dbghelp-sys 0.2.0 (registry+https://github.com/rust-lang/crates.io-index)" = "97590ba53bcb8ac28279161ca943a924d1fd4a8fb3fa63302591647c4fc5b850" "checksum dbl 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "920e117b69060a961c4164ccf83af573292cb167ccdd918950bcf0f5afc32c1c" +"checksum diceware 0.1.0 (registry+https://github.com/rust-lang/crates.io-index)" = "40ae2a903b5091f517c51370d36234a5ec344732b946ba8443850acb530753bf" "checksum digest 0.7.4 (registry+https://github.com/rust-lang/crates.io-index)" = "3cae2388d706b52f2f2f9afe280f9d768be36544bd71d1b8120cb34ea6450b55" "checksum dtoa 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)" = "09c3753c3db574d215cba4ea76018483895d7bff25a31b49ba45db21c48e50ab" "checksum encoding 0.2.33 (registry+https://github.com/rust-lang/crates.io-index)" = "6b0d943856b990d12d3b55b359144ff341533e516d94098b1d3fc1ac666d36ec" @@ -2000,6 +2016,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" "checksum futures-cpupool 0.1.8 (registry+https://github.com/rust-lang/crates.io-index)" = "ab90cde24b3319636588d0c35fe03b1333857621051837ed769faefb4c2162e4" "checksum gcc 0.3.54 (registry+https://github.com/rust-lang/crates.io-index)" = "5e33ec290da0d127825013597dbdfc28bee4964690c7ce1166cbc2a7bd08b1bb" "checksum generic-array 0.9.0 (registry+https://github.com/rust-lang/crates.io-index)" = "ef25c5683767570c2bbd7deba372926a55eaae9982d7726ee2a1050239d45b9d" +"checksum getopts 0.2.17 (registry+https://github.com/rust-lang/crates.io-index)" = "b900c08c1939860ce8b54dc6a89e26e00c04c380fd0e09796799bd7f12861e05" "checksum glob 0.2.11 (registry+https://github.com/rust-lang/crates.io-index)" = "8be18de09a56b60ed0edf84bc9df007e30040691af7acd1c41874faac5895bfb" "checksum h2 0.1.10 (registry+https://github.com/rust-lang/crates.io-index)" = "6229ac66d3392dd83288fe04defd4b353354b15bbe07820d53dda063a736afcc" "checksum hmac 0.6.2 (registry+https://github.com/rust-lang/crates.io-index)" = "efb895368093a17d136b1d9eecdb607c7aa038a452e646c74e37ded2da106285" diff --git a/lockchain-core/Cargo.toml b/lockchain-core/Cargo.toml index 87d3f65..34a5a7c 100644 --- a/lockchain-core/Cargo.toml +++ b/lockchain-core/Cargo.toml @@ -22,4 +22,4 @@ bcrypt = "0.2" rand = "0.4" blake2 = "0.7" -keybob = "0.3"
\ No newline at end of file +keybob = "0.3" diff --git a/lockchain-core/src/crypto/encoding.rs b/lockchain-core/src/crypto/encoding.rs new file mode 100644 index 0000000..0c49490 --- /dev/null +++ b/lockchain-core/src/crypto/encoding.rs @@ -0,0 +1,24 @@ +//! Easy to use encoding utility functions + +use base64; +use std::fmt::Write; + +/// Encode a piece of arbitary data into a bse64 string +pub fn base64_encode(data: &Vec<u8>) -> String { + return base64::encode(data); +} + +/// Decode a base64 string into arbitrary data +pub fn base64_decode(data: &String) -> Vec<u8> { + return base64::decode(data).unwrap(); +} + +/// Simply encode a byte-string as hexadecimal symbols +pub fn encode_hex(data: &str) -> String { + let mut s = String::new(); + for &byte in data.as_bytes() { + write!(&mut s, "{:X}", byte).expect("Unable to HEX encode!"); + } + + return s; +}
\ No newline at end of file diff --git a/lockchain-core/src/crypto/hashing.rs b/lockchain-core/src/crypto/hashing.rs new file mode 100644 index 0000000..4a24a17 --- /dev/null +++ b/lockchain-core/src/crypto/hashing.rs @@ -0,0 +1,25 @@ +//! Hashing utility functions for various applications + +use blake2::digest::{Input, VariableOutput}; +use blake2::Blake2s; + +const BLAKE_16_LENGTH: usize = 16; + +/// Hash a value with blake2 +pub fn blake2(data: &str, salt: &str) -> [u8; BLAKE_16_LENGTH] { + let mut hasher = match Blake2s::new(BLAKE_16_LENGTH) { + Ok(res) => res, + Err(some) => panic!(some), + }; + + let to_hash = format!("{}{}", data, salt); + hasher.process(to_hash.as_bytes()); + + let mut buffer = [0u8; BLAKE_16_LENGTH]; + match hasher.variable_result(&mut buffer) { + Ok(res) => res, + Err(e) => panic!(e), + }; + + return buffer; +} diff --git a/lockchain-core/src/crypto/mod.rs b/lockchain-core/src/crypto/mod.rs index cbc9fb7..6fa17bb 100644 --- a/lockchain-core/src/crypto/mod.rs +++ b/lockchain-core/src/crypto/mod.rs @@ -1,20 +1,22 @@ -//! Shared cryptographic primitives for the lockchain ecosystem -//! -//! This is a secure storage vault after all, we need some -//! shared crypto helpers for all the other crates :) +//! Shared cryptographic primitives and utilities +//! +//! mod data; -mod utils; /// We re-export keybob's API here mod keys { - use traits::AutoEncoder; pub use keybob::{Key, KeyType}; + use traits::AutoEncoder; impl AutoEncoder for Key {} impl AutoEncoder for KeyType {} } +pub mod passwords; +pub mod encoding; +pub mod hashing; +pub mod random; + pub use self::data::PackedData; pub use self::keys::{Key, KeyType}; -pub use self::utils::*; diff --git a/lockchain-core/src/crypto/passwords/mod.rs b/lockchain-core/src/crypto/passwords/mod.rs new file mode 100644 index 0000000..331ec9d --- /dev/null +++ b/lockchain-core/src/crypto/passwords/mod.rs @@ -0,0 +1,7 @@ +//! A series of password generators for user-facing applications + + + +pub enum PwType { + +} diff --git a/lockchain-core/src/crypto/random.rs b/lockchain-core/src/crypto/random.rs new file mode 100644 index 0000000..7d31992 --- /dev/null +++ b/lockchain-core/src/crypto/random.rs @@ -0,0 +1,46 @@ +//! A small convenience wrapper around `rand` + +use rand::{thread_rng, Rng}; + +/// Generate a random number with an upper bound +pub fn number(bound: u64) -> u64 { + return thread_rng().next_u64() % bound; +} + +/// Generate a sequence of random bytes that are returned +/// as a vector. +/// +/// Can at most allocate 2048 bytes at a time +/// FIXME: That shouldn't have a limit! +pub fn bytes(length: usize) -> Vec<u8> { + let mut vec: Vec<u8> = Vec::new(); + + if length > 2048 { + return vec; + } + + let mut random_data = [0u8; 2048]; + thread_rng().fill_bytes(&mut random_data); + + for i in 0..length { + vec.push(random_data[i]); + } + + return vec; +} + +/// A small utility wraper around bcrypt to allow +/// easy password checking. +pub mod passwd { + use bcrypt::{self, DEFAULT_COST}; + + /// Create a new password, returning a hash + pub fn create(pw: &str) -> Option<String> { + Some(bcrypt::hash(pw, DEFAULT_COST).ok()?) + } + + /// Verify a password against it's stored hash + pub fn verify(pw: &str, hash: &str) -> Option<bool> { + bcrypt::verify(pw, hash).ok() + } +} diff --git a/lockchain-core/src/crypto/utils.rs b/lockchain-core/src/crypto/utils.rs deleted file mode 100644 index 192703f..0000000 --- a/lockchain-core/src/crypto/utils.rs +++ /dev/null @@ -1,105 +0,0 @@ -//! A collection of utility submodules - -/// Encoding module -pub mod encoding { - use base64; - use std::fmt::Write; - - /// Encode a piece of arbitary data into a bse64 string - pub fn base64_encode(data: &Vec<u8>) -> String { - return base64::encode(data); - } - - /// Decode a base64 string into arbitrary data - pub fn base64_decode(data: &String) -> Vec<u8> { - return base64::decode(data).unwrap(); - } - - /// Simply encode a byte-string as hexadecimal symbols - pub fn encode_hex(data: &str) -> String { - let mut s = String::new(); - for &byte in data.as_bytes() { - write!(&mut s, "{:X}", byte).expect("Unable to HEX encode!"); - } - - return s; - } -} - -/// A hashing utility module -pub mod hashing { - use blake2::digest::{Input, VariableOutput}; - use blake2::Blake2s; - - const BLAKE_16_LENGTH: usize = 16; - - /// Hash a value with blake2 - pub fn blake2(data: &str, salt: &str) -> [u8; BLAKE_16_LENGTH] { - let mut hasher = match Blake2s::new(BLAKE_16_LENGTH) { - Ok(res) => res, - Err(some) => panic!(some), - }; - - let to_hash = format!("{}{}", data, salt); - hasher.process(to_hash.as_bytes()); - - let mut buffer = [0u8; BLAKE_16_LENGTH]; - match hasher.variable_result(&mut buffer) { - Ok(res) => res, - Err(e) => panic!(e), - }; - - return buffer; - } -} - -/// Random number utility module for lockchain -/// -/// Provides stateless secure random number and byte generation -pub mod random { - use rand::{thread_rng, Rng}; - - /// Generate a random number with an upper bound - pub fn number(bound: u64) -> u64 { - return thread_rng().next_u64() % bound; - } - - /// Generate a sequence of random bytes that are returned - /// as a vector. - /// - /// Can at most allocate 2048 bytes at a time - /// FIXME: That shouldn't have a limit! - pub fn bytes(length: usize) -> Vec<u8> { - let mut vec: Vec<u8> = Vec::new(); - - if length > 2048 { - return vec; - } - - let mut random_data = [0u8; 2048]; - thread_rng().fill_bytes(&mut random_data); - - for i in 0..length { - vec.push(random_data[i]); - } - - return vec; - - } - - /// A small utility wraper around bcrypt to allow - /// easy password checking. - pub mod passwd { - use bcrypt::{self, DEFAULT_COST}; - - /// Create a new password, returning a hash - pub fn create(pw: &str) -> Option<String> { - Some(bcrypt::hash(pw, DEFAULT_COST).ok()?) - } - - /// Verify a password against it's stored hash - pub fn verify(pw: &str, hash: &str) -> Option<bool> { - bcrypt::verify(pw, hash).ok() - } - } -} diff --git a/lockchain-core/src/lib.rs b/lockchain-core/src/lib.rs index 2c5b0d7..cb02caf 100644 --- a/lockchain-core/src/lib.rs +++ b/lockchain-core/src/lib.rs @@ -21,9 +21,7 @@ pub mod crypto; pub mod users; mod meta; mod record; -mod auth; pub use self::crypto::PackedData; pub use self::record::{Header, Payload, Record, EncryptedBody}; pub use self::meta::{MetaDomain, VaultMetadata}; -pub use self::auth::pam_authenticate;
\ No newline at end of file diff --git a/lockchain-core/src/auth.rs b/lockchain-core/src/users/auth.rs index eceece0..538bd04 100644 --- a/lockchain-core/src/auth.rs +++ b/lockchain-core/src/users/auth.rs @@ -3,10 +3,10 @@ //! The way a user is authenticated is via the `lockchain` group //! and a simple writing/ deleting of a lock file. -use nix::sys::wait::*; -use nix::unistd::{fork, ForkResult}; +// use nix::sys::wait::*; +// use nix::unistd::{fork, ForkResult}; -use pam_auth::{self, Authenticator, PamError, Result as PamResult}; +// use pam_auth::{self, Authenticator, PamError, Result as PamResult}; #[derive(Debug)] pub enum AuthError { diff --git a/lockchain-core/src/users/mod.rs b/lockchain-core/src/users/mod.rs index 29be002..927bfb0 100644 --- a/lockchain-core/src/users/mod.rs +++ b/lockchain-core/src/users/mod.rs @@ -13,8 +13,10 @@ //! `User` is also a serialisable struct which contains important //! data to load and store them into a metadata store. +mod auth; mod tokens; pub use self::tokens::Token; +pub use self::auth::{AuthError, pam_authenticate}; use crypto::{encoding, hashing, random}; use std::collections::HashMap; |