1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
// #![no_std]
// #![doc = include_str!("../README.md")]
// #![doc(
//     html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg",
//     html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/8f1a9894/logo.svg"
// )]
// #![warn(
//     clippy::checked_conversions,
//     clippy::integer_arithmetic,
//     clippy::panic,
//     clippy::panic_in_result_fn,
//     clippy::unwrap_used,
//     missing_docs,
//     rust_2018_idioms,
//     unused_lifetimes,
//     unused_qualifications
// )]

extern crate alloc;
#[cfg(feature = "std")]
extern crate std;

use alloc::string::{String, ToString};
use core::fmt;
use password_hash::{PasswordHash, PasswordHasher, PasswordVerifier, SaltString};
use rand_core::OsRng;

// #[cfg(not(any(feature = "argon2", feature = "pbkdf2", feature = "scrypt")))]
// compile_error!(
//     "please enable at least one password hash crate feature, e.g. argon2, pbkdf2, scrypt"
// );

use argon2::Argon2;

/// Opaque error type.
#[derive(Clone, Copy, Debug)]
pub struct VerifyError;

impl fmt::Display for VerifyError {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        f.write_str("password verification error")
    }
}

// #[cfg(feature = "std")]
// #[cfg_attr(docsrs, doc(cfg(feature = "std")))]
// impl std::error::Error for VerifyError {}

/// Generate a password hash for the given password.
pub fn generate_hash(password: impl AsRef<[u8]>) -> String {
    let salt = SaltString::generate(OsRng);
    generate_phc_hash(password.as_ref(), &salt)
        .map(|hash| hash.to_string())
        .expect("password hashing error")
}

/// Generate a PHC hash using the preferred algorithm.
#[allow(unreachable_code)]
fn generate_phc_hash<'a>(
    password: &[u8],
    salt: &'a SaltString,
) -> password_hash::Result<PasswordHash<'a>> {
    return Argon2::default().hash_password(password, salt);
}

/// Verify the provided password against the provided password hash.
pub fn verify_password(password: impl AsRef<[u8]>, hash: &str) -> Result<(), VerifyError> {
    let hash = PasswordHash::new(hash).map_err(|_| VerifyError)?;
    let algs: &[&dyn PasswordVerifier] = &[
        &Argon2::default(),
    ];
    hash.verify_password(algs, password)
        .map_err(|_| VerifyError)
}