From abb3eab5598f44b3fae940e054f9f4c55a411dd4 Mon Sep 17 00:00:00 2001 From: Jussi Date: Sat, 9 Nov 2024 14:06:34 +0200 Subject: [PATCH] initial --- .editorconfig | 16 ++ .formatter.exs | 4 + .gitignore | 13 ++ LICENSE-APACHE | 13 ++ LICENSE-MIT | 7 + README.md | 131 +++++++++++++ lib/argon2_elixir.ex | 95 ++++++++++ lib/argon2_elixir/native.ex | 13 ++ lib/benchmark.ex | 50 +++++ mix.exs | 128 +++++++++++++ mix.lock | 25 +++ native/argon2/Cargo.lock | 364 ++++++++++++++++++++++++++++++++++++ native/argon2/Cargo.toml | 14 ++ native/argon2/src/lib.rs | 71 +++++++ test/argon2_test.exs | 90 +++++++++ test/test_helper.exs | 1 + 16 files changed, 1035 insertions(+) create mode 100644 .editorconfig create mode 100644 .formatter.exs create mode 100644 .gitignore create mode 100644 LICENSE-APACHE create mode 100644 LICENSE-MIT create mode 100644 README.md create mode 100644 lib/argon2_elixir.ex create mode 100644 lib/argon2_elixir/native.ex create mode 100644 lib/benchmark.ex create mode 100644 mix.exs create mode 100644 mix.lock create mode 100644 native/argon2/Cargo.lock create mode 100644 native/argon2/Cargo.toml create mode 100644 native/argon2/src/lib.rs create mode 100644 test/argon2_test.exs create mode 100644 test/test_helper.exs diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..dddfb11 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,16 @@ +root = true + +[*] +indent_style = space +indent_size = 2 +end_of_line = lf +charset = utf-8 +trim_trailing_whitespace = true +insert_final_newline = true + +[*.{md, markdown, eex}] +trim_trailing_whitespace = false + +[*.rs] +indent_size = 4 +max_line_length = 100 \ No newline at end of file diff --git a/.formatter.exs b/.formatter.exs new file mode 100644 index 0000000..d2cda26 --- /dev/null +++ b/.formatter.exs @@ -0,0 +1,4 @@ +# Used by "mix format" +[ + inputs: ["{mix,.formatter}.exs", "{config,lib,test}/**/*.{ex,exs}"] +] diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..966d73b --- /dev/null +++ b/.gitignore @@ -0,0 +1,13 @@ +/_build/ +/cover/ +/deps/ +/doc/ +/.fetch +erl_crash.dump +*.ez +argon2id_elixir-*.tar +/tmp/ +/priv/ +.DS_Store +/.elixir_ls/ +*.xml diff --git a/LICENSE-APACHE b/LICENSE-APACHE new file mode 100644 index 0000000..ae480ab --- /dev/null +++ b/LICENSE-APACHE @@ -0,0 +1,13 @@ +Copyright 2024 Jussi Räsänen + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. diff --git a/LICENSE-MIT b/LICENSE-MIT new file mode 100644 index 0000000..836038b --- /dev/null +++ b/LICENSE-MIT @@ -0,0 +1,7 @@ +Copyright 2024 Jussi Räsänen + +Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..c7b416d --- /dev/null +++ b/README.md @@ -0,0 +1,131 @@ +# Argon2id for Elixir + +Fast and secure Argon2 password hashing library for Elixir. + +## Features + +- Uses the pure Rust implementation of Argon2 +- Only Argon2i implementation (version 0x13) at the moment +- Built-in security presets (OWASP, Strong, Test/Unsafe) + +## Installation + +Add `argon2id_elixir` to your list of dependencies in `mix.exs`: + +```elixir +def deps do + [ + {:argon2id_elixir, "~> 0.1.0"} + ] +end +``` + +Ensure you have Rust installed, as it's required for compilation: + +```bash +# On Windows +winget install Rust.Rust + +# On Unix-like systems (https://rustup.rs/) +curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh +``` + +## Usage + +### Basic Password Hashing + +```elixir +# Hash a password with default OWASP settings +hash = Argon2.hash_password("secure_password123") + +# Verify a password +if Argon2.verify_password("secure_password123", hash) do + # Password matches +else + # Password is incorrect +end +``` + +### Configuration Presets + +Three security presets are available: + +```elixir +# OWASP (default) - Recommended for most use cases +hash = Argon2.hash_password("secure_password123") + +# Strong - Higher security for sensitive applications +hash = Argon2.hash_password("secure_password123", "strong") + +# Test - Fast but unsafe, only for testing purposes +hash = Argon2.hash_password("secure_password123", "test_unsafe") +``` + +Preset specifications: +- OWASP: m=19456 KiB, t=2, p=1 +- Strong: m=65540 KiB, t=3, p=4 +- Test: m=1024 KiB, t=1, p=1 (Useful for testing) + +### Benchmarking + +You can benchmark the different configurations on your hardware: + +```bash +mix run -e "Argon2.Benchmark.run(10)" +``` + +```elixir +Configuration Benchmarks (averaged over 10 runs): + +OWASP: + Hash time: 25ms + Verify time: 24ms + Memory: 19MB + +STRONG: + Hash time: 145ms + Verify time: 139ms + Memory: 65MB + +TEST_UNSAFE: + Hash time: 1ms + Verify time: 1ms + Memory: 1MB +``` + +## Development + +```bash +# Install dependencies +mix deps.get + +# Run tests +mix test + +# Run benchmarks +mix run -e "Argon2.Benchmark.run()" + +# Run code quality checks +mix quality + +# Generate documentation +mix docs + +# Format code +mix format +``` + + +## License + +Licensed under either of + +- Apache License, Version 2.0, ([LICENSE-APACHE](LICENSE-APACHE) or http://www.apache.org/licenses/LICENSE-2.0) +- MIT license ([LICENSE-MIT](LICENSE-MIT) or http://opensource.org/licenses/MIT) + +at your option. + +## Credits + +- [RustCrypto Argon2](https://github.com/RustCrypto/password-hashes/tree/master/argon2) - The Rust implementation +- [Rustler](https://github.com/rusterlium/rustler) - Elixir NIF interface diff --git a/lib/argon2_elixir.ex b/lib/argon2_elixir.ex new file mode 100644 index 0000000..7eb0892 --- /dev/null +++ b/lib/argon2_elixir.ex @@ -0,0 +1,95 @@ +defmodule Argon2 do + @moduledoc """ + Argon2 password hashing for Elixir using Rust NIFs. + + This module provides a secure way to hash passwords using the Argon2i algorithm + with configuration presets following security best practices. + + ## Security Presets + + * `:owasp` (default) - OWASP recommended settings (m=19456, t=2, p=1) + * `:strong` - Higher security settings (m=65540, t=3, p=4) + * `:test_unsafe` - Fast settings for testing only (m=1024, t=1, p=1) + + ## Examples + + # Hash with default OWASP settings + iex> hash = Argon2.hash_password("secure_password123") + iex> String.starts_with?(hash, "$argon2i$v=19$m=19456,t=2,p=1$") + true + + # Hash with strong settings + iex> hash = Argon2.hash_password("secure_password123", "strong") + iex> String.starts_with?(hash, "$argon2i$v=19$m=65540,t=3,p=4$") + true + + # Verify password + iex> hash = Argon2.hash_password("secure_password123") + iex> Argon2.verify_password("secure_password123", hash) + true + iex> Argon2.verify_password("wrong_password", hash) + false + + ## Security Notes + + * Passwords must be at least 8 characters long + * Each hash uses a unique random salt + * The `:test_unsafe` preset should never be used in production + """ + + @type password :: String.t() + @type hash :: String.t() + @type config :: String.t() + + @doc """ + Hashes a password using Argon2i. + + ## Options + + * `config` - One of `"owasp"` (default), `"strong"`, or `"test_unsafe"` + + ## Examples + + iex> hash = Argon2.hash_password("secure_password123") + iex> is_binary(hash) + true + + ## Security Notes + + * Passwords must be at least 8 characters + * A unique random salt is used for each hash + * The default OWASP preset is recommended for most use cases + + Raises `ArgumentError` if the password is less than 8 characters long. + """ + @spec hash_password(password :: password, config :: config | nil) :: hash + def hash_password(password, config \\ nil) do + case Argon2.Native.hash_password(password, config) do + {:error, message} -> raise ArgumentError, message + result -> result + end + end + + @doc """ + Verifies a password against a hash. + + Takes constant time regardless of whether the password matches or not. + + ## Examples + + iex> hash = Argon2.hash_password("secure_password123") + iex> Argon2.verify_password("secure_password123", hash) + true + + Raises `ArgumentError` if: + * The password is less than 8 characters long + * The hash format is invalid + """ + @spec verify_password(password :: password, hash :: hash) :: boolean + def verify_password(password, hash) do + case Argon2.Native.verify_password(password, hash) do + {:error, message} -> raise ArgumentError, message + result -> result + end + end +end diff --git a/lib/argon2_elixir/native.ex b/lib/argon2_elixir/native.ex new file mode 100644 index 0000000..4bd52ac --- /dev/null +++ b/lib/argon2_elixir/native.ex @@ -0,0 +1,13 @@ +defmodule Argon2.Native do + @moduledoc """ + Native implementation of the Argon2 password hashing algorithm. + """ + use Rustler, + otp_app: :argon2id_elixir, + crate: "argon2" + + def hash_password(_password, _config \\ nil), do: error() + def verify_password(_password, _hash), do: error() + + defp error, do: :erlang.nif_error(:nif_not_loaded) +end diff --git a/lib/benchmark.ex b/lib/benchmark.ex new file mode 100644 index 0000000..afdf3b2 --- /dev/null +++ b/lib/benchmark.ex @@ -0,0 +1,50 @@ +defmodule Argon2.Benchmark do + @moduledoc """ + Benchmarking utilities for Argon2 password hashing. + """ + + def run(rounds \\ 5) do + configs = [nil, "strong", "test_unsafe"] + password = "benchmark_password123" + + IO.puts("Configuration Benchmarks (averaged over #{rounds} runs):\n") + + for config <- configs do + {hash_times, verify_times} = measure_times(password, config, rounds) + print_results(config || "owasp", hash_times, verify_times) + end + end + + defp measure_times(password, config, rounds) do + hash_times = + for _ <- 1..rounds do + {time, hash} = :timer.tc(fn -> Argon2.hash_password(password, config) end) + {verify_time, _} = :timer.tc(fn -> Argon2.verify_password(password, hash) end) + # Convert to milliseconds + {time / 1000, verify_time / 1000} + end + + {hash_avg, verify_avg} = + Enum.reduce(hash_times, {0, 0}, fn {h, v}, {ha, va} -> + {ha + h / rounds, va + v / rounds} + end) + + {hash_avg, verify_avg} + end + + defp print_results(config, hash_avg, verify_avg) do + memory = + case config do + "owasp" -> 19 + "strong" -> 65 + "test_unsafe" -> 1 + end + + IO.puts(""" + #{String.upcase(config)}: + Hash time: #{round(hash_avg)}ms + Verify time: #{round(verify_avg)}ms + Memory: #{memory}MB + """) + end +end diff --git a/mix.exs b/mix.exs new file mode 100644 index 0000000..41a31e6 --- /dev/null +++ b/mix.exs @@ -0,0 +1,128 @@ +defmodule Argon2.MixProject do + use Mix.Project + + @source_url "https://code.sipstea.org/jussi/argon2id_elixir" + + def project do + [ + app: :argon2id_elixir, + version: "1.0.0", + elixir: "~> 1.17", + start_permanent: Mix.env() == :prod, + deps: deps(), + aliases: aliases(), + rustler_crates: rustler_crates(), + + # Hex + package: package(), + description: "Argon2 password hashing using Rust", + + # Docs + name: "Argon2", + docs: docs(), + + # Test coverage + test_coverage: [tool: ExCoveralls], + preferred_cli_env: [ + coveralls: :test, + "coveralls.detail": :test, + "coveralls.post": :test, + "coveralls.html": :test, + "coveralls.json": :test + ] + ] + end + + def application do + [ + extra_applications: [:logger] + ] + end + + defp deps do + [ + {:rustler, "~> 0.35.0", runtime: false}, + {:ex_doc, "~> 0.34.2", only: :dev, runtime: false}, + {:excoveralls, "~> 0.18.3", only: :test}, + {:credo, "~> 1.7.10", only: [:dev, :test], runtime: false}, + {:dialyxir, "~> 1.4.4", only: [:dev, :test], runtime: false} + ] + end + + defp aliases do + [ + fmt: [ + "format", + "cmd cargo fmt --manifest-path native/argon2/Cargo.toml" + ], + quality: [ + "format", + "cmd cargo fmt --manifest-path native/argon2/Cargo.toml", + "credo --strict", + "dialyzer" + ] + ] + end + + defp rustler_crates do + [ + argon2: [ + path: "native/argon2", + mode: rustc_mode(), + features: [], + cargomode: cargomode() + ] + ] + end + + defp rustc_mode do + case Mix.env() do + :prod -> :release + _ -> :debug + end + end + + defp cargomode do + case Mix.env() do + :prod -> "build" + _ -> "check" + end + end + + defp package do + [ + name: "argon2id_elixir", + files: [ + "lib", + "native", + "mix.exs", + "README.md", + "LICENSE-APACHE", + "LICENSE-MIT", + ".formatter.exs" + ], + licenses: ["MIT", "Apache-2.0"], + links: %{ + "Source repository" => @source_url + }, + maintainers: ["Jussi Räsänen"] + ] + end + + defp docs do + [ + main: "Argon2", + source_url: @source_url, + extras: ["README.md"], + groups_for_modules: [ + Core: [ + Argon2, + Argon2.Native + ], + Utilities: [ + Argon2.Benchmark + ] + ] + ] + end +end diff --git a/mix.lock b/mix.lock new file mode 100644 index 0000000..b2550d7 --- /dev/null +++ b/mix.lock @@ -0,0 +1,25 @@ +%{ + "bunt": {:hex, :bunt, "1.0.0", "081c2c665f086849e6d57900292b3a161727ab40431219529f13c4ddcf3e7a44", [:mix], [], "hexpm", "dc5f86aa08a5f6fa6b8096f0735c4e76d54ae5c9fa2c143e5a1fc7c1cd9bb6b5"}, + "credo": {:hex, :credo, "1.7.10", "6e64fe59be8da5e30a1b96273b247b5cf1cc9e336b5fd66302a64b25749ad44d", [:mix], [{:bunt, "~> 0.2.1 or ~> 1.0", [hex: :bunt, repo: "hexpm", optional: false]}, {:file_system, "~> 0.2 or ~> 1.0", [hex: :file_system, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "71fbc9a6b8be21d993deca85bf151df023a3097b01e09a2809d460348561d8cd"}, + "dialyxir": {:hex, :dialyxir, "1.4.4", "fb3ce8741edeaea59c9ae84d5cec75da00fa89fe401c72d6e047d11a61f65f70", [:mix], [{:erlex, ">= 0.2.7", [hex: :erlex, repo: "hexpm", optional: false]}], "hexpm", "cd6111e8017ccd563e65621a4d9a4a1c5cd333df30cebc7face8029cacb4eff6"}, + "earmark_parser": {:hex, :earmark_parser, "1.4.41", "ab34711c9dc6212dda44fcd20ecb87ac3f3fce6f0ca2f28d4a00e4154f8cd599", [:mix], [], "hexpm", "a81a04c7e34b6617c2792e291b5a2e57ab316365c2644ddc553bb9ed863ebefa"}, + "erlex": {:hex, :erlex, "0.2.7", "810e8725f96ab74d17aac676e748627a07bc87eb950d2b83acd29dc047a30595", [:mix], [], "hexpm", "3ed95f79d1a844c3f6bf0cea61e0d5612a42ce56da9c03f01df538685365efb0"}, + "ex_doc": {:hex, :ex_doc, "0.34.2", "13eedf3844ccdce25cfd837b99bea9ad92c4e511233199440488d217c92571e8", [:mix], [{:earmark_parser, "~> 1.4.39", [hex: :earmark_parser, repo: "hexpm", optional: false]}, {:makeup_c, ">= 0.1.0", [hex: :makeup_c, repo: "hexpm", optional: true]}, {:makeup_elixir, "~> 0.14 or ~> 1.0", [hex: :makeup_elixir, repo: "hexpm", optional: false]}, {:makeup_erlang, "~> 0.1 or ~> 1.0", [hex: :makeup_erlang, repo: "hexpm", optional: false]}, {:makeup_html, ">= 0.1.0", [hex: :makeup_html, repo: "hexpm", optional: true]}], "hexpm", "5ce5f16b41208a50106afed3de6a2ed34f4acfd65715b82a0b84b49d995f95c1"}, + "excoveralls": {:hex, :excoveralls, "0.18.3", "bca47a24d69a3179951f51f1db6d3ed63bca9017f476fe520eb78602d45f7756", [:mix], [{:castore, "~> 1.0", [hex: :castore, repo: "hexpm", optional: true]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}], "hexpm", "746f404fcd09d5029f1b211739afb8fb8575d775b21f6a3908e7ce3e640724c6"}, + "file_system": {:hex, :file_system, "1.0.1", "79e8ceaddb0416f8b8cd02a0127bdbababe7bf4a23d2a395b983c1f8b3f73edd", [:mix], [], "hexpm", "4414d1f38863ddf9120720cd976fce5bdde8e91d8283353f0e31850fa89feb9e"}, + "finch": {:hex, :finch, "0.19.0", "c644641491ea854fc5c1bbaef36bfc764e3f08e7185e1f084e35e0672241b76d", [:mix], [{:mime, "~> 1.0 or ~> 2.0", [hex: :mime, repo: "hexpm", optional: false]}, {:mint, "~> 1.6.2 or ~> 1.7", [hex: :mint, repo: "hexpm", optional: false]}, {:nimble_options, "~> 0.4 or ~> 1.0", [hex: :nimble_options, repo: "hexpm", optional: false]}, {:nimble_pool, "~> 1.1", [hex: :nimble_pool, repo: "hexpm", optional: false]}, {:telemetry, "~> 0.4 or ~> 1.0", [hex: :telemetry, repo: "hexpm", optional: false]}], "hexpm", "fc5324ce209125d1e2fa0fcd2634601c52a787aff1cd33ee833664a5af4ea2b6"}, + "hpax": {:hex, :hpax, "1.0.0", "28dcf54509fe2152a3d040e4e3df5b265dcb6cb532029ecbacf4ce52caea3fd2", [:mix], [], "hexpm", "7f1314731d711e2ca5fdc7fd361296593fc2542570b3105595bb0bc6d0fad601"}, + "jason": {:hex, :jason, "1.4.4", "b9226785a9aa77b6857ca22832cffa5d5011a667207eb2a0ad56adb5db443b8a", [:mix], [{:decimal, "~> 1.0 or ~> 2.0", [hex: :decimal, repo: "hexpm", optional: true]}], "hexpm", "c5eb0cab91f094599f94d55bc63409236a8ec69a21a67814529e8d5f6cc90b3b"}, + "makeup": {:hex, :makeup, "1.2.1", "e90ac1c65589ef354378def3ba19d401e739ee7ee06fb47f94c687016e3713d1", [:mix], [{:nimble_parsec, "~> 1.4", [hex: :nimble_parsec, repo: "hexpm", optional: false]}], "hexpm", "d36484867b0bae0fea568d10131197a4c2e47056a6fbe84922bf6ba71c8d17ce"}, + "makeup_elixir": {:hex, :makeup_elixir, "1.0.0", "74bb8348c9b3a51d5c589bf5aebb0466a84b33274150e3b6ece1da45584afc82", [:mix], [{:makeup, "~> 1.0", [hex: :makeup, repo: "hexpm", optional: false]}, {:nimble_parsec, "~> 1.2.3 or ~> 1.3", [hex: :nimble_parsec, repo: "hexpm", optional: false]}], "hexpm", "49159b7d7d999e836bedaf09dcf35ca18b312230cf901b725a64f3f42e407983"}, + "makeup_erlang": {:hex, :makeup_erlang, "1.0.1", "c7f58c120b2b5aa5fd80d540a89fdf866ed42f1f3994e4fe189abebeab610839", [:mix], [{:makeup, "~> 1.0", [hex: :makeup, repo: "hexpm", optional: false]}], "hexpm", "8a89a1eeccc2d798d6ea15496a6e4870b75e014d1af514b1b71fa33134f57814"}, + "mime": {:hex, :mime, "2.0.6", "8f18486773d9b15f95f4f4f1e39b710045fa1de891fada4516559967276e4dc2", [:mix], [], "hexpm", "c9945363a6b26d747389aac3643f8e0e09d30499a138ad64fe8fd1d13d9b153e"}, + "mint": {:hex, :mint, "1.6.2", "af6d97a4051eee4f05b5500671d47c3a67dac7386045d87a904126fd4bbcea2e", [:mix], [{:castore, "~> 0.1.0 or ~> 1.0", [hex: :castore, repo: "hexpm", optional: true]}, {:hpax, "~> 0.1.1 or ~> 0.2.0 or ~> 1.0", [hex: :hpax, repo: "hexpm", optional: false]}], "hexpm", "5ee441dffc1892f1ae59127f74afe8fd82fda6587794278d924e4d90ea3d63f9"}, + "nimble_options": {:hex, :nimble_options, "1.1.1", "e3a492d54d85fc3fd7c5baf411d9d2852922f66e69476317787a7b2bb000a61b", [:mix], [], "hexpm", "821b2470ca9442c4b6984882fe9bb0389371b8ddec4d45a9504f00a66f650b44"}, + "nimble_parsec": {:hex, :nimble_parsec, "1.4.0", "51f9b613ea62cfa97b25ccc2c1b4216e81df970acd8e16e8d1bdc58fef21370d", [:mix], [], "hexpm", "9c565862810fb383e9838c1dd2d7d2c437b3d13b267414ba6af33e50d2d1cf28"}, + "nimble_pool": {:hex, :nimble_pool, "1.1.0", "bf9c29fbdcba3564a8b800d1eeb5a3c58f36e1e11d7b7fb2e084a643f645f06b", [:mix], [], "hexpm", "af2e4e6b34197db81f7aad230c1118eac993acc0dae6bc83bac0126d4ae0813a"}, + "req": {:hex, :req, "0.5.7", "b722680e03d531a2947282adff474362a48a02aa54b131196fbf7acaff5e4cee", [:mix], [{:brotli, "~> 0.3.1", [hex: :brotli, repo: "hexpm", optional: true]}, {:ezstd, "~> 1.0", [hex: :ezstd, repo: "hexpm", optional: true]}, {:finch, "~> 0.17", [hex: :finch, repo: "hexpm", optional: false]}, {:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:mime, "~> 2.0.6 or ~> 2.1", [hex: :mime, repo: "hexpm", optional: false]}, {:nimble_csv, "~> 1.0", [hex: :nimble_csv, repo: "hexpm", optional: true]}, {:plug, "~> 1.0", [hex: :plug, repo: "hexpm", optional: true]}], "hexpm", "c6035374615120a8923e8089d0c21a3496cf9eda2d287b806081b8f323ceee29"}, + "rustler": {:hex, :rustler, "0.35.0", "1e2e379e1150fab9982454973c74ac9899bd0377b3882166ee04127ea613b2d9", [:mix], [{:jason, "~> 1.0", [hex: :jason, repo: "hexpm", optional: false]}, {:req, "~> 0.5", [hex: :req, repo: "hexpm", optional: false]}, {:toml, "~> 0.6", [hex: :toml, repo: "hexpm", optional: false]}], "hexpm", "a176bea1bb6711474f9dfad282066f2b7392e246459bf4e29dfff6d828779fdf"}, + "telemetry": {:hex, :telemetry, "1.3.0", "fedebbae410d715cf8e7062c96a1ef32ec22e764197f70cda73d82778d61e7a2", [:rebar3], [], "hexpm", "7015fc8919dbe63764f4b4b87a95b7c0996bd539e0d499be6ec9d7f3875b79e6"}, + "toml": {:hex, :toml, "0.7.0", "fbcd773caa937d0c7a02c301a1feea25612720ac3fa1ccb8bfd9d30d822911de", [:mix], [], "hexpm", "0690246a2478c1defd100b0c9b89b4ea280a22be9a7b313a8a058a2408a2fa70"}, +} diff --git a/native/argon2/Cargo.lock b/native/argon2/Cargo.lock new file mode 100644 index 0000000..24e0e2f --- /dev/null +++ b/native/argon2/Cargo.lock @@ -0,0 +1,364 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 3 + +[[package]] +name = "argon2" +version = "0.1.0" +dependencies = [ + "argon2 0.5.3", + "rand", + "rustler", +] + +[[package]] +name = "argon2" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3c3610892ee6e0cbce8ae2700349fcf8f98adb0dbfbee85aec3c9179d29cc072" +dependencies = [ + "base64ct", + "blake2", + "cpufeatures", + "password-hash", +] + +[[package]] +name = "base64ct" +version = "1.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b" + +[[package]] +name = "blake2" +version = "0.10.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "46502ad458c9a52b69d4d4d32775c788b7a1b85e8bc9d482d92250fc0e3f8efe" +dependencies = [ + "digest", +] + +[[package]] +name = "block-buffer" +version = "0.10.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" +dependencies = [ + "generic-array", +] + +[[package]] +name = "byteorder" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b" + +[[package]] +name = "cfg-if" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" + +[[package]] +name = "cpufeatures" +version = "0.2.14" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "608697df725056feaccfa42cffdaeeec3fccc4ffc38358ecd19b243e716a78e0" +dependencies = [ + "libc", +] + +[[package]] +name = "crypto-common" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" +dependencies = [ + "generic-array", + "typenum", +] + +[[package]] +name = "digest" +version = "0.10.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" +dependencies = [ + "block-buffer", + "crypto-common", + "subtle", +] + +[[package]] +name = "generic-array" +version = "0.14.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" +dependencies = [ + "typenum", + "version_check", +] + +[[package]] +name = "getrandom" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" +dependencies = [ + "cfg-if", + "libc", + "wasi", +] + +[[package]] +name = "heck" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" + +[[package]] +name = "inventory" +version = "0.3.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f958d3d68f4167080a18141e10381e7634563984a537f2a49a30fd8e53ac5767" + +[[package]] +name = "libc" +version = "0.2.162" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "18d287de67fe55fd7e1581fe933d965a5a9477b38e949cfa9f8574ef01506398" + +[[package]] +name = "libloading" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4979f22fdb869068da03c9f7528f8297c6fd2606bc3a4affe42e6a823fdb8da4" +dependencies = [ + "cfg-if", + "windows-targets", +] + +[[package]] +name = "password-hash" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "346f04948ba92c43e8469c1ee6736c7563d71012b17d40745260fe106aac2166" +dependencies = [ + "base64ct", + "rand_core", + "subtle", +] + +[[package]] +name = "ppv-lite86" +version = "0.2.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "77957b295656769bb8ad2b6a6b09d897d94f05c41b069aede1fcdaa675eaea04" +dependencies = [ + "zerocopy", +] + +[[package]] +name = "proc-macro2" +version = "1.0.89" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f139b0662de085916d1fb67d2b4169d1addddda1919e696f3252b740b629986e" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quote" +version = "1.0.37" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "rand" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" +dependencies = [ + "libc", + "rand_chacha", + "rand_core", +] + +[[package]] +name = "rand_chacha" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +dependencies = [ + "ppv-lite86", + "rand_core", +] + +[[package]] +name = "rand_core" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +dependencies = [ + "getrandom", +] + +[[package]] +name = "regex-lite" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "53a49587ad06b26609c52e423de037e7f57f20d53535d66e08c695f347df952a" + +[[package]] +name = "rustler" +version = "0.35.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b705f2c3643cc170d8888cb6bad589155d9c0248f3104ef7a04c2b7ffbaf13fc" +dependencies = [ + "inventory", + "libloading", + "regex-lite", + "rustler_codegen", +] + +[[package]] +name = "rustler_codegen" +version = "0.35.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3ad56caff00562948bd6ac33c18dbc579e5a1bbee2d7f2f54073307e57f6b57a" +dependencies = [ + "heck", + "inventory", + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "subtle" +version = "2.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" + +[[package]] +name = "syn" +version = "2.0.87" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "25aa4ce346d03a6dcd68dd8b4010bcb74e54e62c90c573f394c46eae99aba32d" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "typenum" +version = "1.17.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825" + +[[package]] +name = "unicode-ident" +version = "1.0.13" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e91b56cd4cadaeb79bbf1a5645f6b4f8dc5bde8834ad5894a8db35fda9efa1fe" + +[[package]] +name = "version_check" +version = "0.9.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" + +[[package]] +name = "wasi" +version = "0.11.0+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c8d87e72b64a3b4db28d11ce29237c246188f4f51057d65a7eab63b7987e423" + +[[package]] +name = "windows-targets" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" +dependencies = [ + "windows_aarch64_gnullvm", + "windows_aarch64_msvc", + "windows_i686_gnu", + "windows_i686_gnullvm", + "windows_i686_msvc", + "windows_x86_64_gnu", + "windows_x86_64_gnullvm", + "windows_x86_64_msvc", +] + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" + +[[package]] +name = "windows_i686_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" + +[[package]] +name = "windows_i686_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" + +[[package]] +name = "zerocopy" +version = "0.7.35" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0" +dependencies = [ + "byteorder", + "zerocopy-derive", +] + +[[package]] +name = "zerocopy-derive" +version = "0.7.35" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] diff --git a/native/argon2/Cargo.toml b/native/argon2/Cargo.toml new file mode 100644 index 0000000..cbfca1c --- /dev/null +++ b/native/argon2/Cargo.toml @@ -0,0 +1,14 @@ +[package] +name = "argon2" +version = "0.1.0" +edition = "2021" + +[lib] +name = "argon2" +path = "src/lib.rs" +crate-type = ["cdylib"] + +[dependencies] +rustler = "0.35.0" +argon2 = "0.5.3" +rand = "0.8.5" \ No newline at end of file diff --git a/native/argon2/src/lib.rs b/native/argon2/src/lib.rs new file mode 100644 index 0000000..8d4bf5b --- /dev/null +++ b/native/argon2/src/lib.rs @@ -0,0 +1,71 @@ +use argon2::Algorithm; +use argon2::Version; +use argon2::{ + password_hash::{PasswordHash, PasswordHasher, PasswordVerifier, SaltString}, + Argon2, Params, +}; +use rand::rngs::OsRng; +use rustler::Error; + +const MIN_PASSWORD_LENGTH: usize = 8; + +#[derive(Debug)] +enum ConfigType { + Owasp, + Strong, + TestUnsafe, +} + +impl ConfigType { + fn params(&self) -> Params { + match self { + ConfigType::Owasp => Params::new(19456, 2, 1, None).expect("Invalid OWASP config"), + ConfigType::Strong => Params::new(65540, 3, 4, None).expect("Invalid strong config"), + ConfigType::TestUnsafe => Params::new(1024, 1, 1, None).expect("Invalid test config"), + } + } +} + +#[rustler::nif] +fn hash_password(password: String, config_type: Option) -> Result { + if password.len() < MIN_PASSWORD_LENGTH { + return Err(Error::Term(Box::new(format!( + "Password must be at least {} characters long", + MIN_PASSWORD_LENGTH + )))); + } + + let salt = SaltString::generate(&mut OsRng); + + let config_type = match config_type.as_deref() { + Some("strong") => ConfigType::Strong, + Some("test_unsafe") => ConfigType::TestUnsafe, + _ => ConfigType::Owasp, + }; + + let argon2 = Argon2::new(Algorithm::Argon2i, Version::V0x13, config_type.params()); + + argon2 + .hash_password(password.as_bytes(), &salt) + .map(|hash| hash.to_string()) + .map_err(|e| Error::Term(Box::new(format!("Hashing error: {}", e)))) +} + +#[rustler::nif] +fn verify_password(password: String, hash: String) -> Result { + if password.len() < MIN_PASSWORD_LENGTH { + return Err(Error::Term(Box::new(format!( + "Password must be at least {} characters long", + MIN_PASSWORD_LENGTH + )))); + } + + let parsed_hash = PasswordHash::new(&hash) + .map_err(|e| Error::Term(Box::new(format!("Invalid hash format: {}", e))))?; + + Ok(Argon2::default() + .verify_password(password.as_bytes(), &parsed_hash) + .is_ok()) +} + +rustler::init!("Elixir.Argon2.Native"); diff --git a/test/argon2_test.exs b/test/argon2_test.exs new file mode 100644 index 0000000..d1101f5 --- /dev/null +++ b/test/argon2_test.exs @@ -0,0 +1,90 @@ +defmodule Argon2Test do + use ExUnit.Case + doctest Argon2 + + describe "hash_password/1" do + test "hashes a password with default OWASP config" do + hash = Argon2.hash_password("password123") + assert is_binary(hash) + assert String.starts_with?(hash, "$argon2i$v=19$m=19456,t=2,p=1$") + end + + test "hashes a password with strong config" do + config = "strong" + hash = Argon2.hash_password("password123", config) + assert is_binary(hash) + assert String.starts_with?(hash, "$argon2i$v=19$m=65540,t=3,p=4$") + end + + test "hashes a password with test/development config" do + config = "test_unsafe" + hash = Argon2.hash_password("password123", config) + assert is_binary(hash) + assert String.starts_with?(hash, "$argon2i$v=19$m=1024,t=1,p=1") + end + + test "generates different hashes for the same password" do + hash1 = Argon2.hash_password("same_password123") + hash2 = Argon2.hash_password("same_password123") + refute hash1 == hash2 + end + + test "rejects passwords shorter than 8 characters" do + assert_raise ArgumentError, "Password must be at least 8 characters long", fn -> + Argon2.hash_password("short") + end + end + + test "accepts passwords exactly 8 characters" do + hash = Argon2.hash_password("abcdefgh") + assert is_binary(hash) + end + end + + describe "verify_password/2" do + test "verifies a correct password" do + password = "correct_password123" + hash = Argon2.hash_password(password) + assert Argon2.verify_password(password, hash) + end + + test "rejects an incorrect password" do + password = "correct_password123" + wrong_password = "wrong_password123" + hash = Argon2.hash_password(password) + refute Argon2.verify_password(wrong_password, hash) + end + + test "handles invalid hash format" do + assert_raise ArgumentError, fn -> + Argon2.verify_password("password123", "invalid_hash_format") + end + end + + test "rejects verification of short passwords" do + assert_raise ArgumentError, "Password must be at least 8 characters long", fn -> + Argon2.verify_password("short", "$argon2i$v=19$m=65536,t=2,p=4$c29tZXNhbHQ$hash") + end + end + end + + describe "edge cases" do + test "handles unicode passwords of sufficient length" do + password = "パスワード123456" + hash = Argon2.hash_password(password) + assert Argon2.verify_password(password, hash) + end + + test "handles emoji passwords" do + password = "🏳️‍⚧️🏳️‍⚧️🏳️‍⚧️🏳️‍⚧️🏳️‍⚧️🏳️‍⚧️" + hash = Argon2.hash_password(password) + assert Argon2.verify_password(password, hash) + end + + test "handles very long passwords" do + long_password = String.duplicate("a", 1000) + hash = Argon2.hash_password(long_password) + assert Argon2.verify_password(long_password, hash) + end + end +end diff --git a/test/test_helper.exs b/test/test_helper.exs new file mode 100644 index 0000000..869559e --- /dev/null +++ b/test/test_helper.exs @@ -0,0 +1 @@ +ExUnit.start()