From dc642430468a1942246642775040f9784ca3e8f2 Mon Sep 17 00:00:00 2001
From: Kjetil Orbekk <kjetil.orbekk@gmail.com>
Date: Fri, 16 Jun 2017 21:27:31 -0400
Subject: Basic encryption and password validation.

This is a placeholder encryption scheme for authentication.
---
 Cargo.lock        |  1 +
 Cargo.toml        |  1 +
 src/auth/mod.rs   | 32 ++++++++++++++++++++++++++++++++
 src/bin/crypto.rs |  5 ++++-
 src/lib.rs        |  3 +--
 5 files changed, 39 insertions(+), 3 deletions(-)
 create mode 100644 src/auth/mod.rs

diff --git a/Cargo.lock b/Cargo.lock
index b0e15c0..a2aac1e 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -2,6 +2,7 @@
 name = "systemhttp"
 version = "0.1.0"
 dependencies = [
+ "base64 0.5.2 (registry+https://github.com/rust-lang/crates.io-index)",
  "env_logger 0.4.2 (registry+https://github.com/rust-lang/crates.io-index)",
  "horrorshow 0.6.2 (registry+https://github.com/rust-lang/crates.io-index)",
  "iron 0.5.1 (registry+https://github.com/rust-lang/crates.io-index)",
diff --git a/Cargo.toml b/Cargo.toml
index 9e9a7a7..e19c8c2 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -14,3 +14,4 @@ staticfile = "*"
 regex = "*"
 sqlite = "*"
 rust-crypto = "*"
+base64 = "*"
diff --git a/src/auth/mod.rs b/src/auth/mod.rs
new file mode 100644
index 0000000..9ef9960
--- /dev/null
+++ b/src/auth/mod.rs
@@ -0,0 +1,32 @@
+extern crate crypto;
+extern crate base64;
+
+use crypto::bcrypt_pbkdf::bcrypt_pbkdf;
+
+// TODO: Replace salt with a random string.
+// TODO: Configurable number of iterations.
+pub fn encode(pw: &str) -> String {
+    let salt = "hello";
+    let mut enc = vec!(0; 32);
+    let encrypted = bcrypt_pbkdf(pw.as_bytes(), salt.as_bytes(),
+                                 10, &mut enc);
+    format!("${}${}${}", "sdv1",
+            base64::encode(salt.as_bytes()), base64::encode(&enc))
+}
+
+pub fn validate(pw: &str, enc: &str) -> bool {
+    // let cs = enc.split('$');
+    // println("{:?}", cs.len());
+    // let enc_pw = cs[3];
+    encode(pw) == enc
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    #[test]
+    fn it_validates() {
+        assert_eq!(false, validate("123", "123"));
+        assert_eq!(true, validate("123", &encode("123")));
+    }
+}
diff --git a/src/bin/crypto.rs b/src/bin/crypto.rs
index e059663..5cc8549 100644
--- a/src/bin/crypto.rs
+++ b/src/bin/crypto.rs
@@ -1,4 +1,5 @@
 extern crate crypto;
+extern crate systemhttp;
 
 use crypto::bcrypt_pbkdf::bcrypt_pbkdf;
 
@@ -7,12 +8,14 @@ pub fn encode(pw: &str) -> Vec<u8> {
     let mut out = vec!(0; 32);
     let encrypted = bcrypt_pbkdf(
         pw.as_bytes(), salt.as_bytes(),
-        100, &mut out);
+        10, &mut out);
     out
 }
 
 pub fn main() {
     let pw = "123";
     let out = encode(pw);
+    let out2 = systemhttp::auth::encode(pw);
     println!("{}: {:?}", pw, out);
+    println!("{}: {:?}", pw, out2);
 }
diff --git a/src/lib.rs b/src/lib.rs
index 1fef49c..cbc8777 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -1,11 +1,10 @@
 #[macro_use]
 extern crate horrorshow;
-extern crate rust_crypto;
 extern crate sqlite;
 
 pub mod systemd;
 pub mod render;
-mod auth;
+pub mod auth;
 
 #[cfg(test)]
 mod tests {
-- 
cgit v1.2.3