2828//! NOTE: the `simple` crate feature must be enabled (on-by-default)
2929#![ cfg_attr( feature = "simple" , doc = "```" ) ]
3030#![ cfg_attr( not( feature = "simple" ) , doc = "```ignore" ) ]
31- //! # fn main() -> yescrypt::Result<()> {
31+ //! # fn main() -> yescrypt::password_hash::Result<()> {
32+ //! use yescrypt::{Yescrypt, PasswordHasher, PasswordVerifier};
33+ //!
3234//! let password = b"pleaseletmein"; // don't actually use this as a password!
3335//! let salt = b"WZaPV7LSUEKMo34."; // unique per password, ideally 16-bytes and random
34- //! let params = yescrypt::Params::default(); // use recommended settings
35- //! let password_hash = yescrypt::yescrypt(password, salt, ¶ms)?;
36- //! assert!(password_hash.starts_with("$y$"));
36+ //! let password_hash = Yescrypt.hash_password(password, salt)?;
37+ //! assert!(password_hash.as_str().starts_with("$y$"));
3738//!
3839//! // verify password is correct for the given hash
39- //! yescrypt::yescrypt_verify (password, &password_hash)?;
40+ //! Yescrypt.verify_password (password, &password_hash)?;
4041//! # Ok(())
4142//! # }
4243//! ```
@@ -67,6 +68,8 @@ mod mode;
6768mod params;
6869mod pwxform;
6970mod salsa20;
71+ #[ cfg( feature = "simple" ) ]
72+ mod simple;
7073mod smix;
7174mod util;
7275
@@ -76,96 +79,15 @@ pub use crate::{
7679 params:: Params ,
7780} ;
7881
79- use alloc:: vec;
80- use sha2:: { Digest , Sha256 } ;
81-
82- #[ cfg( feature = "simple" ) ]
83- use { alloc:: string:: String , mcf:: Base64 } ;
84-
85- /// Identifier for yescrypt when encoding to the Modular Crypt Format, i.e. `$y$`
86- #[ cfg( feature = "simple" ) ]
87- const YESCRYPT_MCF_ID : & str = "y" ;
88-
89- /// Base64 variant used by yescrypt.
90- #[ cfg( feature = "simple" ) ]
91- const YESCRYPT_BASE64 : Base64 = Base64 :: ShaCrypt ;
92-
93- /// yescrypt password hashing function.
94- ///
95- /// This function produces an (s)crypt-style password hash string starting with the prefix `$y$`.
96- ///
97- /// If using yescrypt as a key derivation, consider [`yescrypt_kdf`] instead.
98- #[ cfg( feature = "simple" ) ]
99- pub fn yescrypt ( passwd : & [ u8 ] , salt : & [ u8 ] , params : & Params ) -> Result < String > {
100- // TODO(tarcieri): tunable hash output size?
101- const HASH_SIZE : usize = 32 ;
102-
103- let mut out = [ 0u8 ; HASH_SIZE ] ;
104- yescrypt_kdf ( passwd, salt, params, & mut out) ?;
105-
106- // Begin building the Modular Crypt Format hash.
107- let mut mcf_hash = mcf:: PasswordHash :: from_id ( YESCRYPT_MCF_ID ) . expect ( "should be valid" ) ;
108-
109- // Add params string to the hash
110- let mut params_buf = [ 0u8 ; Params :: MAX_ENCODED_LEN ] ;
111- let params_str = params. encode ( & mut params_buf) ?;
112- mcf_hash. push_str ( params_str) . map_err ( |_| Error :: Encoding ) ?;
113-
114- // Add salt
115- mcf_hash. push_base64 ( salt, YESCRYPT_BASE64 ) ;
116-
117- // Add yescrypt output
118- mcf_hash. push_base64 ( & out, YESCRYPT_BASE64 ) ;
119-
120- // Convert to a normal `String` to keep `mcf` out of the public API (for now)
121- Ok ( mcf_hash. into ( ) )
122- }
123-
124- /// Verify a password matches the given yescrypt password hash.
125- ///
126- /// Password hash should begin with `$y$` in Modular Crypt Format (MCF).
12782#[ cfg( feature = "simple" ) ]
128- pub fn yescrypt_verify ( passwd : & [ u8 ] , hash : & str ) -> Result < ( ) > {
129- let hash = mcf:: PasswordHashRef :: new ( hash) . map_err ( |_| Error :: Encoding ) ?;
130-
131- // verify id matches `$y`
132- if hash. id ( ) != YESCRYPT_MCF_ID {
133- return Err ( Error :: Algorithm ) ;
134- }
135-
136- let mut fields = hash. fields ( ) ;
137-
138- // decode params
139- let params: Params = fields. next ( ) . ok_or ( Error :: Encoding ) ?. as_str ( ) . parse ( ) ?;
140-
141- // decode salt
142- let salt = fields
143- . next ( )
144- . ok_or ( Error :: Encoding ) ?
145- . decode_base64 ( YESCRYPT_BASE64 )
146- . map_err ( |_| Error :: Encoding ) ?;
147-
148- // decode expected password hash
149- let expected = fields
150- . next ( )
151- . ok_or ( Error :: Encoding ) ?
152- . decode_base64 ( YESCRYPT_BASE64 )
153- . map_err ( |_| Error :: Encoding ) ?;
154-
155- // should be the last field
156- if fields. next ( ) . is_some ( ) {
157- return Err ( Error :: Encoding ) ;
158- }
159-
160- let mut actual = vec ! [ 0u8 ; expected. len( ) ] ;
161- yescrypt_kdf ( passwd, & salt, & params, & mut actual) ?;
162-
163- if subtle:: ConstantTimeEq :: ct_ne ( actual. as_slice ( ) , & expected) . into ( ) {
164- return Err ( Error :: Password ) ;
165- }
83+ pub use {
84+ mcf:: { PasswordHash , PasswordHashRef } ,
85+ password_hash:: { self , CustomizedPasswordHasher , PasswordHasher , PasswordVerifier } ,
86+ simple:: Yescrypt ,
87+ } ;
16688
167- Ok ( ( ) )
168- }
89+ use alloc :: vec ;
90+ use sha2 :: { Digest , Sha256 } ;
16991
17092/// yescrypt Key Derivation Function (KDF)
17193pub fn yescrypt_kdf ( passwd : & [ u8 ] , salt : & [ u8 ] , params : & Params , out : & mut [ u8 ] ) -> Result < ( ) > {
0 commit comments