mirrors/vaultwarden
1
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-05-14 16:26:52 -04:00
Code Issues Releases Packages Wiki Activity
vaultwarden/src/crypto.rs

115 lines
3.4 KiB
Rust
Raw Permalink Normal View History

Start using rustfmt and some style changes to make some lines shorter
2018-12-30 23:34:31 +01:00
//
// PBKDF2 derivation
//
Removed try_trait and some formatting, particularly around imports
2020-07-14 18:00:09 +02:00
use std::num::NonZeroU32;
First working version
2018-02-10 01:00:55 +01:00
Use constant size generic parameter for random bytes generation All uses of `get_random()` were in the form of: `&get_random(vec![0u8; SIZE])` with `SIZE` being a constant. Building a `Vec` is unnecessary for two reasons. First, it uses a very short-lived dynamic memory allocation. Second, a `Vec` is a resizable object, which is useless in those context when random data have a fixed size and will only be read. `get_random_bytes()` takes a constant as a generic parameter and returns an array with the requested number of random bytes. Stack safety analysis: the random bytes will be allocated on the caller stack for a very short time (until the encoding function has been called on the data). In some cases, the random bytes take less room than the `Vec` did (a `Vec` is 24 bytes on a 64 bit computer). The maximum used size is 180 bytes, which makes it for 0.008% of the default stack size for a Rust thread (2MiB), so this is a non-issue. Also, most of the uses of those random bytes are to encode them using an `Encoding`. The function `crypto::encode_random_bytes()` generates random bytes and encode them with the provided `Encoding`, leading to code deduplication. `generate_id()` has also been converted to use a constant generic parameter as well since the length of the requested String is always a constant.
2022-11-11 10:55:04 +01:00
use data_encoding::{Encoding, HEXLOWER};
Formatting
2019-04-26 22:08:26 +02:00
use ring::{digest, hmac, pbkdf2};
Removed try_trait and some formatting, particularly around imports
2020-07-14 18:00:09 +02:00
refactor: replace static with const for global constants (#5260) Co-authored-by: Daniel García <dani-garcia@users.noreply.github.com>
2025-01-11 04:06:38 +08:00
const DIGEST_ALG: pbkdf2::Algorithm = pbkdf2::PBKDF2_HMAC_SHA256;
First working version
2018-02-10 01:00:55 +01:00
const OUTPUT_LEN: usize = digest::SHA256_OUTPUT_LEN;
pub fn hash_password(secret: &[u8], salt: &[u8], iterations: u32) -> Vec<u8> {
let mut out = vec![0u8; OUTPUT_LEN]; // Initialize array with zeros
Update ring to 0.14, jwt to 6.0, and u2f
2019-03-09 14:42:16 +01:00
let iterations = NonZeroU32::new(iterations).expect("Iterations can't be zero");
First working version
2018-02-10 01:00:55 +01:00
pbkdf2::derive(DIGEST_ALG, iterations, salt, secret, &mut out);
out
}
pub fn verify_password_hash(secret: &[u8], salt: &[u8], previous: &[u8], iterations: u32) -> bool {
Update ring to 0.14, jwt to 6.0, and u2f
2019-03-09 14:42:16 +01:00
let iterations = NonZeroU32::new(iterations).expect("Iterations can't be zero");
First working version
2018-02-10 01:00:55 +01:00
pbkdf2::verify(DIGEST_ALG, iterations, salt, secret, previous).is_ok()
}
Implement user duo, initial version TODO: - At the moment each user needs to configure a DUO application and input the API keys, we need to check if multiple users can register with the same keys correctly and if so we could implement a global setting. - Sometimes the Duo frame doesn't load correctly, but canceling, reloading the page and logging in again seems to fix it for me.
2019-04-05 22:09:53 +02:00
//
// HMAC
//
Formatting
2019-04-26 22:08:26 +02:00
pub fn hmac_sign(key: &str, data: &str) -> String {
Updated ring Some small changes to match the updated ring package.
2020-03-16 16:39:20 +01:00
let key = hmac::Key::new(hmac::HMAC_SHA1_FOR_LEGACY_USE_ONLY, key.as_bytes());
Implement user duo, initial version TODO: - At the moment each user needs to configure a DUO application and input the API keys, we need to check if multiple users can register with the same keys correctly and if so we could implement a global setting. - Sometimes the Duo frame doesn't load correctly, but canceling, reloading the page and logging in again seems to fix it for me.
2019-04-05 22:09:53 +02:00
let signature = hmac::sign(&key, data.as_bytes());
HEXLOWER.encode(signature.as_ref())
}
Start using rustfmt and some style changes to make some lines shorter
2018-12-30 23:34:31 +01:00
//
// Random values
//
First working version
2018-02-10 01:00:55 +01:00
Use constant size generic parameter for random bytes generation All uses of `get_random()` were in the form of: `&get_random(vec![0u8; SIZE])` with `SIZE` being a constant. Building a `Vec` is unnecessary for two reasons. First, it uses a very short-lived dynamic memory allocation. Second, a `Vec` is a resizable object, which is useless in those context when random data have a fixed size and will only be read. `get_random_bytes()` takes a constant as a generic parameter and returns an array with the requested number of random bytes. Stack safety analysis: the random bytes will be allocated on the caller stack for a very short time (until the encoding function has been called on the data). In some cases, the random bytes take less room than the `Vec` did (a `Vec` is 24 bytes on a 64 bit computer). The maximum used size is 180 bytes, which makes it for 0.008% of the default stack size for a Rust thread (2MiB), so this is a non-issue. Also, most of the uses of those random bytes are to encode them using an `Encoding`. The function `crypto::encode_random_bytes()` generates random bytes and encode them with the provided `Encoding`, leading to code deduplication. `generate_id()` has also been converted to use a constant generic parameter as well since the length of the requested String is always a constant.
2022-11-11 10:55:04 +01:00
/// Return an array holding `N` random bytes.
pub fn get_random_bytes<const N: usize>() -> [u8; N] {
First working version
2018-02-10 01:00:55 +01:00
use ring::rand::{SecureRandom, SystemRandom};
Use constant size generic parameter for random bytes generation All uses of `get_random()` were in the form of: `&get_random(vec![0u8; SIZE])` with `SIZE` being a constant. Building a `Vec` is unnecessary for two reasons. First, it uses a very short-lived dynamic memory allocation. Second, a `Vec` is a resizable object, which is useless in those context when random data have a fixed size and will only be read. `get_random_bytes()` takes a constant as a generic parameter and returns an array with the requested number of random bytes. Stack safety analysis: the random bytes will be allocated on the caller stack for a very short time (until the encoding function has been called on the data). In some cases, the random bytes take less room than the `Vec` did (a `Vec` is 24 bytes on a 64 bit computer). The maximum used size is 180 bytes, which makes it for 0.008% of the default stack size for a Rust thread (2MiB), so this is a non-issue. Also, most of the uses of those random bytes are to encode them using an `Encoding`. The function `crypto::encode_random_bytes()` generates random bytes and encode them with the provided `Encoding`, leading to code deduplication. `generate_id()` has also been converted to use a constant generic parameter as well since the length of the requested String is always a constant.
2022-11-11 10:55:04 +01:00
let mut array = [0; N];
Modify rustfmt file
2021-04-06 21:54:42 +01:00
SystemRandom::new().fill(&mut array).expect("Error generating random values");
First working version
2018-02-10 01:00:55 +01:00
array
}
Implement constant time equal check for admin, 2fa recover and 2fa remember tokens
2019-02-11 23:45:55 +01:00
Use constant size generic parameter for random bytes generation All uses of `get_random()` were in the form of: `&get_random(vec![0u8; SIZE])` with `SIZE` being a constant. Building a `Vec` is unnecessary for two reasons. First, it uses a very short-lived dynamic memory allocation. Second, a `Vec` is a resizable object, which is useless in those context when random data have a fixed size and will only be read. `get_random_bytes()` takes a constant as a generic parameter and returns an array with the requested number of random bytes. Stack safety analysis: the random bytes will be allocated on the caller stack for a very short time (until the encoding function has been called on the data). In some cases, the random bytes take less room than the `Vec` did (a `Vec` is 24 bytes on a 64 bit computer). The maximum used size is 180 bytes, which makes it for 0.008% of the default stack size for a Rust thread (2MiB), so this is a non-issue. Also, most of the uses of those random bytes are to encode them using an `Encoding`. The function `crypto::encode_random_bytes()` generates random bytes and encode them with the provided `Encoding`, leading to code deduplication. `generate_id()` has also been converted to use a constant generic parameter as well since the length of the requested String is always a constant.
2022-11-11 10:55:04 +01:00
/// Encode random bytes using the provided function.
Optimizations and build speedup (#6339) * Optimizations and build speedup With this commit I have changed several components to be more efficient. This can be less llvm-lines generated or less `clone()` calls. ### Config - Re-ordered the `make_config` macro to be more efficient - Created a custom Deserializer for `ConfigBuilder` less code and more efficient - Use struct's for the `prepare_json` function instead of generating a custom JSON object. This generates less code and is more efficient. - Updated the `get_support_string` function to handle the masking differently. This generates less code and also was able to remove some sub-macro-calls ### Error - Added an extra new call to prevent duplicate Strings in generated macro code. This generated less llvm-lines and seems to be more efficient. - Created a custom Serializer for `ApiError` and `CompactApiError` This makes that struct smaller in size, so better for memory, but also less llvm-lines. ### General - Removed `once_lock` and replace it all with Rust's std LazyLock - Added and fixed some Clippy lints which reduced `clone()` calls for example. - Updated build profiles for more efficiency Also added a new profile specifically for CI, which should decrease the build check - Updated several GitHub Workflows for better security and use the new `ci` build profile - Updated to Rust v1.90.0 which uses a new linker `rust-lld` which should help in faster building - Updated the Cargo.toml for all crates to better use the `workspace` variables - Added a `typos` Workflow and Pre-Commit, which should help in detecting spell error's. Also fixed a few found by it. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix release profile Signed-off-by: BlackDex <black.dex@gmail.com> * Update typos and remove mimalloc check from pre-commit checks Signed-off-by: BlackDex <black.dex@gmail.com> * Misc fixes and updated typos Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates and workflows Signed-off-by: BlackDex <black.dex@gmail.com> * Fix formating and pre-commit Signed-off-by: BlackDex <black.dex@gmail.com> * Update to Rust v1.91 and update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Update web-vault to v2025.10.1 and xx to v1.8.0 Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-11-01 22:21:04 +01:00
pub fn encode_random_bytes<const N: usize>(e: &Encoding) -> String {
Use constant size generic parameter for random bytes generation All uses of `get_random()` were in the form of: `&get_random(vec![0u8; SIZE])` with `SIZE` being a constant. Building a `Vec` is unnecessary for two reasons. First, it uses a very short-lived dynamic memory allocation. Second, a `Vec` is a resizable object, which is useless in those context when random data have a fixed size and will only be read. `get_random_bytes()` takes a constant as a generic parameter and returns an array with the requested number of random bytes. Stack safety analysis: the random bytes will be allocated on the caller stack for a very short time (until the encoding function has been called on the data). In some cases, the random bytes take less room than the `Vec` did (a `Vec` is 24 bytes on a 64 bit computer). The maximum used size is 180 bytes, which makes it for 0.008% of the default stack size for a Rust thread (2MiB), so this is a non-issue. Also, most of the uses of those random bytes are to encode them using an `Encoding`. The function `crypto::encode_random_bytes()` generates random bytes and encode them with the provided `Encoding`, leading to code deduplication. `generate_id()` has also been converted to use a constant generic parameter as well since the length of the requested String is always a constant.
2022-11-11 10:55:04 +01:00
e.encode(&get_random_bytes::<N>())
}
Add support for API keys This is mainly useful for CLI-based login automation.
2022-01-19 02:51:26 -08:00
/// Generates a random string over a specified alphabet.
pub fn get_random_string(alphabet: &[u8], num_chars: usize) -> String {
// Ref: https://rust-lang-nursery.github.io/rust-cookbook/algorithms/randomness.html
Update Rust and Crates and GHA (#6843) - Update Rust to v1.93.1 - Updated all the crates Adjust changes needed for the newer `rand` crate - Updated GitHub Actions Signed-off-by: BlackDex <black.dex@gmail.com>
2026-02-18 00:17:20 +01:00
use rand::RngExt;
Update Rust to 1.84.1 (#5508) - also update the crates - add necessary modifications for `rand` upgrade - `small_rng` is enabled by default now
2025-02-01 14:16:32 +02:00
let mut rng = rand::rng();
Add support for API keys This is mainly useful for CLI-based login automation.
2022-01-19 02:51:26 -08:00
(0..num_chars)
.map(|_| {
Update Rust to 1.84.1 (#5508) - also update the crates - add necessary modifications for `rand` upgrade - `small_rng` is enabled by default now
2025-02-01 14:16:32 +02:00
let i = rng.random_range(0..alphabet.len());
Update Rust and Crates and GHA (#6843) - Update Rust to v1.93.1 - Updated all the crates Adjust changes needed for the newer `rand` crate - Updated GitHub Actions Signed-off-by: BlackDex <black.dex@gmail.com>
2026-02-18 00:17:20 +01:00
char::from(alphabet[i])
Add support for API keys This is mainly useful for CLI-based login automation.
2022-01-19 02:51:26 -08:00
})
.collect()
}
Increase length limit for email token generation The current limit of 19 is an artifact of the implementation, which can be easily rewritten in terms of a more general string generation function. The new limit is 255 (max value of a `u8`); using a larger type would probably be overkill.
2022-01-24 01:17:00 -08:00
/// Generates a random numeric string.
pub fn get_random_string_numeric(num_chars: usize) -> String {
const ALPHABET: &[u8] = b"0123456789";
get_random_string(ALPHABET, num_chars)
}
Add support for API keys This is mainly useful for CLI-based login automation.
2022-01-19 02:51:26 -08:00
/// Generates a random alphanumeric string.
pub fn get_random_string_alphanum(num_chars: usize) -> String {
const ALPHABET: &[u8] = b"ABCDEFGHIJKLMNOPQRSTUVWXYZ\
abcdefghijklmnopqrstuvwxyz\
0123456789";
get_random_string(ALPHABET, num_chars)
}
Use constant size generic parameter for random bytes generation All uses of `get_random()` were in the form of: `&get_random(vec![0u8; SIZE])` with `SIZE` being a constant. Building a `Vec` is unnecessary for two reasons. First, it uses a very short-lived dynamic memory allocation. Second, a `Vec` is a resizable object, which is useless in those context when random data have a fixed size and will only be read. `get_random_bytes()` takes a constant as a generic parameter and returns an array with the requested number of random bytes. Stack safety analysis: the random bytes will be allocated on the caller stack for a very short time (until the encoding function has been called on the data). In some cases, the random bytes take less room than the `Vec` did (a `Vec` is 24 bytes on a 64 bit computer). The maximum used size is 180 bytes, which makes it for 0.008% of the default stack size for a Rust thread (2MiB), so this is a non-issue. Also, most of the uses of those random bytes are to encode them using an `Encoding`. The function `crypto::encode_random_bytes()` generates random bytes and encode them with the provided `Encoding`, leading to code deduplication. `generate_id()` has also been converted to use a constant generic parameter as well since the length of the requested String is always a constant.
2022-11-11 10:55:04 +01:00
pub fn generate_id<const N: usize>() -> String {
Optimizations and build speedup (#6339) * Optimizations and build speedup With this commit I have changed several components to be more efficient. This can be less llvm-lines generated or less `clone()` calls. ### Config - Re-ordered the `make_config` macro to be more efficient - Created a custom Deserializer for `ConfigBuilder` less code and more efficient - Use struct's for the `prepare_json` function instead of generating a custom JSON object. This generates less code and is more efficient. - Updated the `get_support_string` function to handle the masking differently. This generates less code and also was able to remove some sub-macro-calls ### Error - Added an extra new call to prevent duplicate Strings in generated macro code. This generated less llvm-lines and seems to be more efficient. - Created a custom Serializer for `ApiError` and `CompactApiError` This makes that struct smaller in size, so better for memory, but also less llvm-lines. ### General - Removed `once_lock` and replace it all with Rust's std LazyLock - Added and fixed some Clippy lints which reduced `clone()` calls for example. - Updated build profiles for more efficiency Also added a new profile specifically for CI, which should decrease the build check - Updated several GitHub Workflows for better security and use the new `ci` build profile - Updated to Rust v1.90.0 which uses a new linker `rust-lld` which should help in faster building - Updated the Cargo.toml for all crates to better use the `workspace` variables - Added a `typos` Workflow and Pre-Commit, which should help in detecting spell error's. Also fixed a few found by it. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix release profile Signed-off-by: BlackDex <black.dex@gmail.com> * Update typos and remove mimalloc check from pre-commit checks Signed-off-by: BlackDex <black.dex@gmail.com> * Misc fixes and updated typos Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates and workflows Signed-off-by: BlackDex <black.dex@gmail.com> * Fix formating and pre-commit Signed-off-by: BlackDex <black.dex@gmail.com> * Update to Rust v1.91 and update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Update web-vault to v2025.10.1 and xx to v1.8.0 Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
2025-11-01 22:21:04 +01:00
encode_random_bytes::<N>(&HEXLOWER)
Rework file ID generation
2021-05-25 23:15:24 -07:00
}
rename membership and adopt newtype pattern (#5320) * rename membership rename UserOrganization to Membership to clarify the relation and prevent confusion whether something refers to a member(ship) or user * use newtype pattern * implement custom derive macro IdFromParam * add UuidFromParam macro for UUIDs * add macros to Docker build Co-authored-by: dfunkt <dfunkt@users.noreply.github.com> --------- Co-authored-by: dfunkt <dfunkt@users.noreply.github.com>
2025-01-09 18:37:23 +01:00
pub fn generate_send_file_id() -> String {
// Send File IDs are globally scoped, so make them longer to avoid collisions.
Use constant size generic parameter for random bytes generation All uses of `get_random()` were in the form of: `&get_random(vec![0u8; SIZE])` with `SIZE` being a constant. Building a `Vec` is unnecessary for two reasons. First, it uses a very short-lived dynamic memory allocation. Second, a `Vec` is a resizable object, which is useless in those context when random data have a fixed size and will only be read. `get_random_bytes()` takes a constant as a generic parameter and returns an array with the requested number of random bytes. Stack safety analysis: the random bytes will be allocated on the caller stack for a very short time (until the encoding function has been called on the data). In some cases, the random bytes take less room than the `Vec` did (a `Vec` is 24 bytes on a 64 bit computer). The maximum used size is 180 bytes, which makes it for 0.008% of the default stack size for a Rust thread (2MiB), so this is a non-issue. Also, most of the uses of those random bytes are to encode them using an `Encoding`. The function `crypto::encode_random_bytes()` generates random bytes and encode them with the provided `Encoding`, leading to code deduplication. `generate_id()` has also been converted to use a constant generic parameter as well since the length of the requested String is always a constant.
2022-11-11 10:55:04 +01:00
generate_id::<32>() // 256 bits
Rework file ID generation
2021-05-25 23:15:24 -07:00
}
rename membership and adopt newtype pattern (#5320) * rename membership rename UserOrganization to Membership to clarify the relation and prevent confusion whether something refers to a member(ship) or user * use newtype pattern * implement custom derive macro IdFromParam * add UuidFromParam macro for UUIDs * add macros to Docker build Co-authored-by: dfunkt <dfunkt@users.noreply.github.com> --------- Co-authored-by: dfunkt <dfunkt@users.noreply.github.com>
2025-01-09 18:37:23 +01:00
use crate::db::models::AttachmentId;
pub fn generate_attachment_id() -> AttachmentId {
Rework file ID generation
2021-05-25 23:15:24 -07:00
// Attachment IDs are scoped to a cipher, so they can be smaller.
rename membership and adopt newtype pattern (#5320) * rename membership rename UserOrganization to Membership to clarify the relation and prevent confusion whether something refers to a member(ship) or user * use newtype pattern * implement custom derive macro IdFromParam * add UuidFromParam macro for UUIDs * add macros to Docker build Co-authored-by: dfunkt <dfunkt@users.noreply.github.com> --------- Co-authored-by: dfunkt <dfunkt@users.noreply.github.com>
2025-01-09 18:37:23 +01:00
AttachmentId(generate_id::<10>()) // 80 bits
Add support for v2 attachment upload APIs Upstream PR: https://github.com/bitwarden/server/pull/1229
2021-05-25 03:48:57 -07:00
}
Increase length limit for email token generation The current limit of 19 is an artifact of the implementation, which can be easily rewritten in terms of a more general string generation function. The new limit is 255 (max value of a `u8`); using a larger type would probably be overkill.
2022-01-24 01:17:00 -08:00
/// Generates a numeric token for email-based verifications.
pub fn generate_email_token(token_size: u8) -> String {
get_random_string_numeric(token_size as usize)
Implement change-email, email-verification, account-recovery, and welcome notifications
2019-11-24 22:28:49 -07:00
}
Add support for API keys This is mainly useful for CLI-based login automation.
2022-01-19 02:51:26 -08:00
/// Generates a personal API key.
/// Upstream uses 30 chars, which is ~178 bits of entropy.
pub fn generate_api_key() -> String {
get_random_string_alphanum(30)
}
Implement constant time equal check for admin, 2fa recover and 2fa remember tokens
2019-02-11 23:45:55 +01:00
//
// Constant time compare
//
pub fn ct_eq<T: AsRef<[u8]>, U: AsRef<[u8]>>(a: T, b: U) -> bool {
Use subtle to replace deprecated ring::constant_time::verify_slices_are_equal (#5680)
2025-03-15 18:33:17 +00:00
use subtle::ConstantTimeEq;
a.as_ref().ct_eq(b.as_ref()).into()
Implement constant time equal check for admin, 2fa recover and 2fa remember tokens
2019-02-11 23:45:55 +01:00
}
Reference in a new issue Copy permalink