Password -> Password.Pbkdf2

This commit is contained in:
Lain Soykaf 2021-01-14 14:49:39 +01:00
parent aff83eb7c1
commit 87a31c5c9b
2 changed files with 90 additions and 0 deletions

View file

@ -0,0 +1,55 @@
# Pleroma: A lightweight social networking server
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Password.Pbkdf2 do
@moduledoc """
This module implements Pleroma.Password.Pbkdf2 passwords in terms of Plug.Crypto.
"""
alias Plug.Crypto.KeyGenerator
def decode64(str) do
str
|> String.replace(".", "+")
|> Base.decode64!(padding: false)
end
def encode64(bin) do
bin
|> Base.encode64(padding: false)
|> String.replace("+", ".")
end
def verify_pass(password, hash) do
["pbkdf2-" <> digest, iterations, salt, hash] = String.split(hash, "$", trim: true)
salt = decode64(salt)
iterations = String.to_integer(iterations)
digest = String.to_atom(digest)
binary_hash =
KeyGenerator.generate(password, salt, digest: digest, iterations: iterations, length: 64)
encode64(binary_hash) == hash
end
def hash_pwd_salt(password, opts \\ []) do
salt =
Keyword.get_lazy(opts, :salt, fn ->
:crypto.strong_rand_bytes(16)
end)
digest = Keyword.get(opts, :digest, :sha512)
iterations =
Keyword.get(opts, :iterations, Pleroma.Config.get([:password, :iterations], 160_000))
binary_hash =
KeyGenerator.generate(password, salt, digest: digest, iterations: iterations, length: 64)
"$pbkdf2-#{digest}$#{iterations}$#{encode64(salt)}$#{encode64(binary_hash)}"
end
end

View file

@ -0,0 +1,35 @@
# Pleroma: A lightweight social networking server
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Password.Pbkdf2Test do
use Pleroma.DataCase, async: true
alias Pleroma.Password.Pbkdf2
test "it generates the same hash as pbkd2_elixir" do
# hash = Pleroma.Password.Pbkdf2.hash_pwd_salt("password")
hash =
"$pbkdf2-sha512$1$QJpEYw8iBKcnY.4Rm0eCVw$UBPeWQ91RxSv3snxsb/ZzMeG/2aa03c541bbo8vQudREGNta5t8jBQrd00fyJp8RjaqfvgdZxy2rhSwljyu21g"
# Use the same randomly generated salt
salt = Password.decode64("QJpEYw8iBKcnY.4Rm0eCVw")
assert hash == Password.hash_pwd_salt("password", salt: salt)
end
@tag skip: "Works when Pbkd2 is present. Source: trust me bro"
test "Pleroma.Password.Pbkdf2 can verify passwords generated with it" do
hash = Password.hash_pwd_salt("password")
assert Pleroma.Password.Pbkdf2.verify_pass("password", hash)
end
test "it verifies pbkdf2_elixir hashes" do
# hash = Pleroma.Password.Pbkdf2.hash_pwd_salt("password")
hash =
"$pbkdf2-sha512$1$QJpEYw8iBKcnY.4Rm0eCVw$UBPeWQ91RxSv3snxsb/ZzMeG/2aa03c541bbo8vQudREGNta5t8jBQrd00fyJp8RjaqfvgdZxy2rhSwljyu21g"
assert Password.verify_pass("password", hash)
end
end