Replace rust-crypto with sodiumoxide

untitaker · Feb 21, 2016 · 0abb67d · 0abb67d
1 parent 3ee1fc4
commit 0abb67d
Show file tree

Hide file tree

Showing 5 changed files with 59 additions and 40 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -26,7 +26,6 @@ unicase = "*"
 atomicwrites = "*"
 url = "*"
 clap = "*"
-rust-crypto = "*"
 rand = "*"
 persistent = "*"
 urlencoded = "*"
@@ -44,6 +43,7 @@ itertools = "*"
 jsonwebtoken = "*"
 uuid = "*"
 clippy = {git = "https://github.com/Manishearth/rust-clippy", version = "*", optional = true}
+sodiumoxide = "*"
 webicon = "*"
 
 [dev-dependencies]

diff --git a/src/mysteryshack/cli.rs b/src/mysteryshack/cli.rs
@@ -63,6 +63,12 @@ pub fn main() {
                                      .index(1)))
                     .subcommand(SubCommand::with_name("delete")
                                 .about("Delete a user")
+                                .arg(Arg::with_name("USERNAME")
+                                     .help("The username")
+                                     .required(true)
+                                     .index(1)))
+                    .subcommand(SubCommand::with_name("setpass")
+                                .about("Change the password for a user")
                                 .arg(Arg::with_name("USERNAME")
                                      .help("The username")
                                      .required(true)
@@ -83,14 +89,7 @@ pub fn main() {
         serve(_,) => web::run_server(config),
         user(user_matches,) => clap_dispatch!(user_matches; {
             create(_, USERNAME as username) => {
-                let password_hash = match models::PasswordHash::from_password(
-                    utils::double_prompt("Password for new user: ")) {
-                    Ok(x) => x,
-                    Err(e) => {
-                        println!("Failed to hash password: {}", e);
-                        process::exit(1);
-                    }
-                };
+                let password_hash = models::PasswordHash::from_password(utils::double_prompt("Password for new user: "));
 
                 match models::User::create(&config.data_path, username).map(|user| {
                     user.set_password_hash(password_hash)
@@ -104,6 +103,26 @@ pub fn main() {
 
                 println!("Successfully created user {}", username);
             },
+            setpass(_, USERNAME as username) => {
+                let user = match models::User::get(&config.data_path, username) {
+                    Some(x) => x,
+                    None => {
+                        println!("User does not exist: {}", username);
+                        process::exit(1);
+                    }
+                };
+
+                let password_hash = models::PasswordHash::from_password(utils::double_prompt("New password: "));
+                match user.set_password_hash(password_hash) {
+                    Ok(_) => (),
+                    Err(e) => {
+                        println!("Failed to set password for user {}: {}", username, e);
+                        process::exit(1);
+                    }
+                };
+
+                println!("Changed password for user {}", username);
+            },
             delete(_, USERNAME as username) => {
                 let user = match models::User::get(&config.data_path, username) {
                     Some(x) => x,

diff --git a/src/mysteryshack/lib.rs b/src/mysteryshack/lib.rs
@@ -13,7 +13,7 @@ extern crate atomicwrites;
 extern crate url;
 extern crate urlencoded;
 extern crate clap;
-extern crate crypto;
+extern crate sodiumoxide;
 extern crate rand;
 extern crate persistent;
 extern crate iron_login;

diff --git a/src/mysteryshack/models.rs b/src/mysteryshack/models.rs
@@ -17,7 +17,7 @@ use uuid;
 use itertools::Itertools;
 use regex;
 
-use crypto::bcrypt;
+use sodiumoxide::crypto::pwhash;
 use rand::{Rng, StdRng};
 
 use atomicwrites;
@@ -324,39 +324,20 @@ impl Token {
 
 #[derive(RustcDecodable, RustcEncodable, Debug)]
 pub struct PasswordHash {
-    cost: u32,
-    salt: Vec<u8>,
-    hash: Vec<u8>
+    content: pwhash::HashedPassword
 }
 
 impl PasswordHash {
-    pub fn from_password(pwd: String) -> io::Result<PasswordHash> {
-        const DEFAULT_COST: u32 = 10;
-        const MAX_SALT_SIZE: usize = 16;
-        const OUTPUT_SIZE: usize = 24;
-
-        let salt = {
-            let mut rv = [0u8; MAX_SALT_SIZE];
-            let mut rng = try!(StdRng::new());
-            rng.fill_bytes(&mut rv);
-            rv
-        };
-
-        let mut hash = [0u8; OUTPUT_SIZE];
-        bcrypt::bcrypt(DEFAULT_COST, &salt, pwd.as_bytes(), &mut hash);
-        Ok(PasswordHash {
-            cost: DEFAULT_COST,
-            salt: salt.to_vec(),
-            hash: hash.to_vec()
-        })
+    pub fn from_password(pwd: String) -> PasswordHash {
+        PasswordHash {
+            content: pwhash::pwhash(pwd.as_bytes(), 
+                pwhash::OPSLIMIT_INTERACTIVE,
+                pwhash::MEMLIMIT_INTERACTIVE).unwrap()
+        }
     }
 
-    pub fn equals_password<T: AsRef<str>>(&self, pwd: T) -> bool {
-        let mut hash = Vec::with_capacity(self.hash.len());
-        for _ in 0..self.hash.len() { hash.push(0u8); }
-
-        bcrypt::bcrypt(self.cost, &self.salt, pwd.as_ref().as_bytes(), &mut hash);
-        hash == self.hash
+    pub fn equals_password<T: AsRef<[u8]>>(&self, pwd: T) -> bool {
+        pwhash::pwhash_verify(&self.content, pwd.as_ref())
     }
 }