Added js _pwhash_

2020-09-22 20:54:02 +02:00 · 2020-09-22 20:54:02 +02:00 · a44935a10e
commit a44935a10e
parent fe4134a65f
2 changed files with 100 additions and 0 deletions
--- a/multiplatform-crypto-libsodium-bindings/src/jsMain/kotlin/com/ionspin/kotlin/crypto/JsSodiumInterface.kt
+++ b/multiplatform-crypto-libsodium-bindings/src/jsMain/kotlin/com/ionspin/kotlin/crypto/JsSodiumInterface.kt
@ -184,6 +184,17 @@ interface JsSodiumInterface {

    // ---- KDF end -----

+    // ---- Password hashing ----
+
+    fun crypto_pwhash(keyLength : UInt, password : Uint8Array, salt: Uint8Array, opsLimit: UInt, memLimit: UInt, algorithm: UInt) : Uint8Array
+    fun crypto_pwhash_str(password: Uint8Array, opsLimit: UInt, memLimit: UInt) : String
+    fun crypto_pwhash_str_needs_rehash(hashedPassword: String, opsLimit: UInt, memLimit: UInt) : Boolean
+    fun crypto_pwhash_str_verify(hashedPassword: String, password: Uint8Array) : Boolean
+
+
+    // ---- Password hashing end ----
+
+
    //util
    fun memzero(array: Uint8Array)

--- a/multiplatform-crypto-libsodium-bindings/src/jsMain/kotlin/com/ionspin/kotlin/crypto/pwhash/PasswordHash.kt
+++ b/multiplatform-crypto-libsodium-bindings/src/jsMain/kotlin/com/ionspin/kotlin/crypto/pwhash/PasswordHash.kt
@ -0,0 +1,89 @@
+package com.ionspin.kotlin.crypto.pwhash
+
+import com.ionspin.kotlin.crypto.getSodium
+import com.ionspin.kotlin.crypto.util.encodeToUByteArray
+import ext.libsodium.com.ionspin.kotlin.crypto.toUByteArray
+import ext.libsodium.com.ionspin.kotlin.crypto.toUInt8Array
+
+actual object PasswordHash {
+    /**
+     * The crypto_pwhash() function derives an outlen bytes long key from a password passwd whose length is passwdlen
+     * and a salt salt whose fixed length is crypto_pwhash_SALTBYTES bytes. passwdlen should be at least crypto_pwhash_
+     * PASSWD_MIN and crypto_pwhash_PASSWD_MAX. outlen should be at least crypto_pwhash_BYTES_MIN = 16 (128 bits) and
+     * at most crypto_pwhash_BYTES_MAX.
+     *
+     * See https://libsodium.gitbook.io/doc/password_hashing/default_phf for more details
+     */
+    actual fun pwhash(
+        outputLength: Int,
+        password: String,
+        salt: UByteArray,
+        opsLimit: ULong,
+        memLimit: Int,
+        algorithm: Int
+    ): UByteArray {
+        return getSodium().crypto_pwhash(
+            outputLength.toUInt(),
+            password.encodeToUByteArray().toUInt8Array(),
+            salt.toUInt8Array(),
+            opsLimit.toUInt(),
+            memLimit.toUInt(),
+            algorithm.toUInt()
+        ).toUByteArray()
+    }
+
+    /**
+     * The crypto_pwhash_str() function puts an ASCII encoded string into out, which includes:
+     * the result of a memory-hard, CPU-intensive hash function applied to the   password passwd of length passwdlen
+     * the automatically generated salt used for the previous computation
+     * the other parameters required to verify the password, including the algorithm identifier, its version, opslimit and memlimit.
+     * out must be large enough to hold crypto_pwhash_STRBYTES bytes, but the actual output string may be shorter.
+     * The output string is zero-terminated, includes only ASCII characters and can be safely stored into SQL databases
+     * and other data stores. No extra information has to be stored in order to verify the password.
+     * The function returns 0 on success and -1 if it didn't complete successfully.
+     */
+    actual fun str(password: String, opslimit: ULong, memlimit: Int): UByteArray {
+        return getSodium().crypto_pwhash_str(
+            password.encodeToUByteArray().toUInt8Array(),
+            opslimit.toUInt(),
+            memlimit.toUInt()
+        ).encodeToUByteArray()
+    }
+
+    /**
+     * Check if a password verification string str matches the parameters opslimit and memlimit, and the current default algorithm.
+     * The function returns 1 if the string appears to be correct, but doesn't match the given parameters. In that situation, applications may want to compute a new hash using the current parameters the next time the user logs in.
+     * The function returns 0 if the parameters already match the given ones.
+     * It returns -1 on error. If it happens, applications may want to compute a correct hash the next time the user logs in.
+     */
+    actual fun strNeedsRehash(
+        passwordHash: UByteArray,
+        opslimit: ULong,
+        memlimit: Int
+    ): Int {
+        return if (
+            getSodium().crypto_pwhash_str_needs_rehash(
+                passwordHash.asByteArray().decodeToString(),
+                opslimit.toUInt(),
+                memlimit.toUInt()
+            )
+        ) {
+            1
+        } else {
+            0
+        }
+    }
+
+    /**
+     * his function verifies that str is a valid password verification string (as generated by crypto_pwhash_str()) for passwd whose length is passwdlen.
+     * str has to be zero-terminated.
+     * It returns 0 if the verification succeeds, and -1 on error.
+     */
+    actual fun strVerify(passwordHash: UByteArray, password: String): Boolean {
+        return getSodium().crypto_pwhash_str_verify(
+            passwordHash.asByteArray().decodeToString(),
+            password.encodeToUByteArray().toUInt8Array()
+        )
+    }
+
+}