Skip to content

Commit

Permalink
Revert argon2
Browse files Browse the repository at this point in the history
  • Loading branch information
lbeder committed Nov 16, 2024
1 parent edee1d3 commit a25c3c6
Show file tree
Hide file tree
Showing 12 changed files with 175 additions and 183 deletions.
59 changes: 59 additions & 0 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ chacha20poly1305 = "0.10.1"
glob = "0.3.1"
indicatif = "0.17.9"
chrono = "0.4.38"
scrypt = "0.11.0"

[dev-dependencies]
rstest = "0.18.2"
Expand Down
26 changes: 0 additions & 26 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -175,32 +175,6 @@ CROSS_COMPILE=x86_64-linux-musl- cargo build --target=x86_64-unknown-linux-musl
cargo build --target=x86_64-unknown-linux-musl
```
### For Windows
In order to get stuff working later, use the `nightly` branch of Rust:
```sh
rustup override set nightly
```
Install the standard Windows target on a Mac (note, that the opposite is currently impossible):
```sh
rustup target add x86_64-pc-windows-gnu
```
Use `homebrew` to install mingw-w64:
```sh
brew install mingw-w64
```
Now you can build it:
```sh
cargo build --release --target=x86_64-pc-windows-gnu
```
## Examples
In this tool, the input provided by the user is first evaluated to determine its format. If the input string begins with `0x`, it is interpreted as a hexadecimal representation of a byte array. The tool will then parse this hexadecimal string into its corresponding byte sequence, allowing for hexadecimal data to be input directly in a recognizable format. Conversely, if the input does not start with `0x`, it is treated as raw data and used as is, without any conversion. This dual functionality enables flexibility, allowing users to input either hexadecimal or raw data based on their needs.
Expand Down
3 changes: 0 additions & 3 deletions build.sh
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,3 @@ export CXX_x86_64_unknown_linux_musl=x86_64-unknown-linux-musl-g++
export AR_x86_64_unknown_linux_musl=x86_64-unknown-linux-musl-ar
export CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER=x86_64-unknown-linux-musl-gcc
cargo build --release --target=x86_64-unknown-linux-musl

echo "Building v${VERSION} for Windows x64..."
cargo build --release --target=x86_64-pc-windows-gnu
23 changes: 0 additions & 23 deletions release.sh
Original file line number Diff line number Diff line change
Expand Up @@ -34,15 +34,6 @@ tar zcvf ${LINUX_X64_RELEASE} target/x86_64-unknown-linux-musl/release/slowkey
LINUX_X64_RELEASE_SHA512=$(shasum -a512 ${LINUX_X64_RELEASE})
gpg --output ${LINUX_X64_RELEASE_SIG} --detach-sig ${LINUX_X64_RELEASE}

echo "Creating v${VERSION} bundle for Windows x64..."
WINDOWS_X64_TARGET="slowkey-${VERSION}-windows-amd64.tgz"
WINDOWS_X64_TARGET_SIG=${WINDOWS_X64_TARGET}.sig
WINDOWS_X64_RELEASE="target/${WINDOWS_X64_TARGET}"
WINDOWS_X64_RELEASE_SIG=${WINDOWS_X64_RELEASE}.sig
tar zcvf ${WINDOWS_X64_RELEASE} target/x86_64-pc-windows-gnu/release/slowkey.exe
WINDOWS_X64_RELEASE_SHA512=$(shasum -a512 ${WINDOWS_X64_RELEASE})
gpg --output ${WINDOWS_X64_RELEASE_SIG} --detach-sig ${WINDOWS_X64_RELEASE}

RELEASE_NOTES="target/release.md"
echo "Preparing release notes..."

Expand Down Expand Up @@ -91,18 +82,4 @@ Verify the digital signature:
gpg --verify ${LINUX_X64_TARGET_SIG} ${LINUX_X64_TARGET}
\`\`\`
## Windows x64
Calculate the SHA512:
\`\`\`sh
shasum -a512 ${WINDOWS_X64_RELEASE} ${WINDOWS_X64_RELEASE_SHA512}
\`\`\`
Verify the digital signature:
\`\`\`sh
gpg --verify ${WINDOWS_X64_TARGET_SIG} ${WINDOWS_X64_TARGET}
\`\`\`
EOF
10 changes: 5 additions & 5 deletions src/main.rs
Original file line number Diff line number Diff line change
Expand Up @@ -92,10 +92,10 @@ enum Commands {

#[arg(
long,
default_value = SlowKeyOptions::default().scrypt.n.to_string(),
help = format!("Scrypt CPU/memory cost parameter (must be lesser than {})", ScryptOptions::MAX_N)
default_value = SlowKeyOptions::default().scrypt.log_n.to_string(),
help = format!("Scrypt CPU/memory cost parameter (must be lesser than {})", ScryptOptions::MAX_LOG_N)
)]
scrypt_n: u64,
scrypt_log_n: u8,

#[arg(
long,
Expand Down Expand Up @@ -408,7 +408,7 @@ fn main() {
base64,
base58,
output,
scrypt_n,
scrypt_log_n,
scrypt_r,
scrypt_p,
argon2_m_cost,
Expand Down Expand Up @@ -466,7 +466,7 @@ fn main() {
slowkey_opts = SlowKeyOptions::new(
iterations,
length,
&ScryptOptions::new(scrypt_n, scrypt_r, scrypt_p),
&ScryptOptions::new(scrypt_log_n, scrypt_r, scrypt_p),
&Argon2idOptions::new(argon2_m_cost, argon2_t_cost),
);
}
Expand Down
47 changes: 18 additions & 29 deletions src/slowkey.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ use crate::utils::{
scrypt::{Scrypt, ScryptOptions},
};
use crossterm::style::Stylize;
use scrypt::password_hash::SaltString;
use serde::{Deserialize, Serialize};
use sha2::Sha512;
use sha3::{Digest, Keccak512};
Expand All @@ -20,8 +21,8 @@ impl SlowKeyOptions {
pub const MAX_ITERATIONS: usize = u32::MAX as usize;
pub const DEFAULT_ITERATIONS: usize = 100;

pub const MIN_KEY_SIZE: usize = 10;
pub const MAX_KEY_SIZE: usize = 128;
pub const MIN_KEY_SIZE: usize = 9;
pub const MAX_KEY_SIZE: usize = 64;
pub const DEFAULT_KEY_SIZE: usize = 32;

pub fn new(iterations: usize, length: usize, scrypt: &ScryptOptions, argon2id: &Argon2idOptions) -> Self {
Expand Down Expand Up @@ -59,14 +60,14 @@ impl SlowKeyOptions {

pub fn print(&self) {
println!(
"{}:\n {}: {}\n {}: {}\n {}: (n: {}, r: {}, p: {})\n {}: (version: {}, m_cost: {}, t_cost: {})\n",
"{}:\n {}: {}\n {}: {}\n {}: (log_n: {}, r: {}, p: {})\n {}: (version: {}, m_cost: {}, t_cost: {})\n",
"SlowKey Parameters".yellow(),
"Iterations".green(),
&self.iterations.to_string().cyan(),
"Length".green(),
&self.length.to_string().cyan(),
"Scrypt".green(),
&self.scrypt.n.to_string().cyan(),
&self.scrypt.log_n.to_string().cyan(),
&self.scrypt.r.to_string().cyan(),
&self.scrypt.p.to_string().cyan(),
"Argon2id".green(),
Expand Down Expand Up @@ -158,14 +159,16 @@ impl SlowKey {
_ => offset_data.to_vec(),
};

let salt_string = SaltString::encode_b64(salt).unwrap();

for i in offset..self.iterations {
let iteration = i as u64;

// Calculate the SHA2 and SHA3 hashes of the result and the inputs
self.double_hash(salt, password, iteration, &mut res);

// Calculate the Scrypt hash of the result and the inputs
self.scrypt(salt, password, iteration, &mut res);
self.scrypt(salt, &salt_string, password, iteration, &mut res);

// Calculate the SHA2 and SHA3 hashes of the result and the inputs again
self.double_hash(salt, password, iteration, &mut res);
Expand Down Expand Up @@ -205,12 +208,12 @@ impl SlowKey {
*res = keccack512.finalize().to_vec();
}

fn scrypt(&self, salt: &[u8], password: &[u8], iteration: u64, res: &mut Vec<u8>) {
fn scrypt(&self, salt: &[u8], salt_string: &SaltString, password: &[u8], iteration: u64, res: &mut Vec<u8>) {
res.extend_from_slice(salt);
res.extend_from_slice(password);
res.extend_from_slice(&iteration.to_le_bytes());

*res = self.scrypt.hash(salt, res);
*res = self.scrypt.hash(salt_string, res);
}

fn argon2id(&self, salt: &[u8], password: &[u8], iteration: u64, res: &mut Vec<u8>) {
Expand Down Expand Up @@ -241,7 +244,7 @@ mod tests {
#[case(&SlowKeyOptions {
iterations: 10,
length: 32,
scrypt: ScryptOptions { n: 1 << 12, r: 8, p: 1 },
scrypt: ScryptOptions { log_n: 12, r: 8, p: 1 },
argon2id: Argon2idOptions::default()
}, b"saltsaltsaltsalt", b"test", &Vec::new(), 0,
"6fe4ad1ea824710e75b4a3914c6f3c617c70b3aeb0451639188c253b6f52880e")]
Expand All @@ -255,66 +258,52 @@ mod tests {
#[case(&SlowKeyOptions {
iterations: 4,
length: 64,
scrypt: ScryptOptions { n: 1 << 20, r: 8, p: 1 },
scrypt: ScryptOptions { log_n: 20, r: 8, p: 1 },
argon2id: Argon2idOptions::default()
}, b"saltsaltsaltsalt", b"test", &Vec::new(), 0,
"3ed36a2cb71a043a901cbe237df6976b7a724acadfbc12112c90402548876dd5e76be1da2a1cb57e924a858c36b51c68db13b986e70ddc23254d7fa7a15c2ee0")]
#[case(&SlowKeyOptions {
iterations: 4,
length: 128,
scrypt: ScryptOptions { n: 1 << 20, r: 8, p: 1 },
argon2id: Argon2idOptions::default()
}, b"saltsaltsaltsalt", b"test", &Vec::new(), 0,
"8e69eb21b3aa9cf0d5b42d18b5a80c8db50908c3baadd9c425d8dfc21ca0f37a503e37a18c5312cf040654f643cc1a5b1801e1f8e86fde355d05a5d2699725b088bf6bf02b0a5888e9198c1876ce82b2664185ff914c853b86b6ead34a351fcfd7124e75bfd643fbdb391025eee3483f30b1f765eae304547a1a1168d0ef448b")]
#[case(&SlowKeyOptions {
iterations: 4,
length: 64,
scrypt: ScryptOptions { n: 1 << 15, r: 8, p: 1 },
scrypt: ScryptOptions { log_n: 15, r: 8, p: 1 },
argon2id: Argon2idOptions::default()
}, b"saltsaltsaltsalt", b"", &Vec::new(), 0,
"3af13ebf654ddf60014f4a7f37826f5f60e4defddefffdfc6bf5431e37420c1e308e823bef30a6adb3f862c4b4270aa55e9b0440af7e8ec8d52a3458c1cb3ff4")]
#[case(&SlowKeyOptions {
iterations: 10,
length: 64,
scrypt: ScryptOptions { n: 1 << 15, r: 8, p: 1 },
scrypt: ScryptOptions { log_n: 15, r: 8, p: 1 },
argon2id: Argon2idOptions::default()
}, b"saltsaltsaltsalt", b"test", &Vec::new(), 0,
"c2a74fca9621ca13f2ab1a1bdf7cb8e6abe231d7494c280ff40024b1e92f964579d7c77e4b5c32ec438f2932b612f8eae9eeedbba93b0708e1f1b497bcdaed5d")]
#[case(&SlowKeyOptions {
iterations: 10,
length: 64,
scrypt: ScryptOptions { n: 1 << 15, r: 8, p: 1 },
scrypt: ScryptOptions { log_n: 15, r: 8, p: 1 },
argon2id: Argon2idOptions::default()
}, b"saltsaltsaltsal2", b"test", &Vec::new(), 0,
"016bbfa52b69c0fc366f9b93b5209d0c9783c018102101eb755f217627541778b13c5db624a105ed6470d7a916e8e5843f952f20bb9f0e9b6053e72176b6158b")]
#[case(&SlowKeyOptions {
iterations: 10,
length: 64,
scrypt: ScryptOptions { n: 1 << 15, r: 8, p: 1 },
scrypt: ScryptOptions { log_n: 15, r: 8, p: 1 },
argon2id: Argon2idOptions::default()
}, b"saltsaltsaltsalt", b"test2", &Vec::new(), 0,
"f20e5bf61c9c0ab9208eb1b5a2f3a51a8276dbc5490862f17afbba5ffe539ee95765095aff000d86371ed6ca927efe736008fd048fbde77af56b20331ebde083")]
#[case(&SlowKeyOptions {
iterations: 10,
length: 32,
scrypt: ScryptOptions { n: 1 << 12, r: 8, p: 1 },
scrypt: ScryptOptions { log_n: 12, r: 8, p: 1 },
argon2id: Argon2idOptions::default()
}, b"saltsaltsaltsalt", b"test", &Vec::new(), 1,
"dc4ca67e268ac2df2bbaa377afabafda82012b6188d562d67ef57f66f2f592e1")]
#[case(&SlowKeyOptions {
iterations: 10,
length: 64,
scrypt: ScryptOptions { n: 1 << 15, r: 8, p: 1 },
scrypt: ScryptOptions { log_n: 15, r: 8, p: 1 },
argon2id: Argon2idOptions::default()
}, b"saltsaltsaltsalt", b"test", &Vec::new(), 5,
"488d73ed1e5c22edfe060d542dc1bc517cdc567aede68fbf87f344fc153b1febbfff6bb52f236a21fa6aaa16e39769248f7eb01c80a48988049a9faee7434f99")]
#[case(&SlowKeyOptions {
iterations: 10,
length: 128,
scrypt: ScryptOptions { n: 1 << 15, r: 8, p: 1 },
argon2id: Argon2idOptions::default()
}, b"saltsaltsaltsalt", b"test", &Vec::new(), 5,
"0ff28531af487240b664d549ebc2a367df89a2b5d94baed94a53025601b2b2f5ced135415c7cf880b4cc1fe97ea5ba052838caebb8301719d268b7a2d795d75908712910839c8145a70b7ebdf49e2f61a4c1466e89e2e5bd8fb45eb076a72baa60bc803162ee20481b1b85a5985d768908b283e95e52df4466f116ab9014945a")]

fn derive_test(
#[case] options: &SlowKeyOptions, #[case] salt: &[u8], #[case] password: &[u8], #[case] offset_data: &[u8],
Expand Down
Loading

0 comments on commit a25c3c6

Please sign in to comment.