Merge pull request #13 from Cryptographic-API-Services/#12-pbkdf2

#12 pbkdf2 derivation

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "cas-lib"
-version = "0.2.43"
+version = "0.2.5"
 edition = "2021"
 description = "Core lib for CAS"
 license = "Apache-2.0"
@@ -30,6 +30,7 @@ sha2 = "0.10.8"
 zstd = "0.13"
 hpke = "0.12.0"
 uuid = { version = "1.10.0", features = ["v4"] }
+pbkdf2 = "0.12.2"
 
 [profile.dev.package.num-bigint-dig]
 opt-level = 3

src/lib.rs

@@ -3,6 +3,7 @@ pub mod password_hashers {
     pub mod bcrypt;
     pub mod cas_password_hasher;
     pub mod scrypt;
+    pub mod pbkdf2;
 }
 
 pub mod hashers {

src/password_hashers/cas_password_hasher.rs

@@ -4,3 +4,8 @@ pub trait CASPasswordHasher {
     fn verify_password(hashed_password: String, password_to_verify: String) -> bool;
     fn verify_password_threadpool(hashed_password: String, password_to_verify: String) -> bool;
 }
+
+pub struct Pbkdf2Result {
+    pub password: Vec<u8>,
+    pub salt: Vec<u8>
+}

src/password_hashers/pbkdf2.rs

@@ -0,0 +1,23 @@
+use argon2::password_hash::SaltString;
+use pbkdf2::pbkdf2_hmac_array;
+use rand::rngs::OsRng;
+use sha3::Sha3_256;
+
+use super::cas_password_hasher::Pbkdf2Result;
+
+pub fn derivation(password_vec: Vec<u8>, number_of_iterations: u32) -> Pbkdf2Result {
+    // Use Argon 2 salt and return the salt to the user so they can reuse it.
+    let salt = SaltString::generate(&mut OsRng);
+    let salt_binding = salt.to_string();
+    let salt = salt_binding.as_bytes().to_vec();
+    let key = pbkdf2_hmac_array::<Sha3_256, 32>(&password_vec, &salt, number_of_iterations).to_vec();
+    return Pbkdf2Result {
+        password: key,
+        salt: salt
+    }
+}
+
+pub fn derivation_with_salt(password_vec: Vec<u8>, number_of_iterations: u32, salt: Vec<u8>) -> Vec<u8> {
+    let key = pbkdf2_hmac_array::<Sha3_256, 32>(&password_vec, &salt, number_of_iterations).to_vec();
+    key
+}