Argon2 (by @Jujumba)

Cargo.toml

@@ -57,13 +57,15 @@ hmac-sha512 = { version = "1.1", features = ["sha384"] }
 rsa = "0.9"
 bcrypt = "0.15"
 flate2 = { version = "1.0", features = ["zlib"] }
-rand = { version = "0.9.0-alpha.0", default-features = false, features = ["small_rng"] }
+rand = { version = "0.9.0-alpha.0", features = ["small_rng"] }
 rand_chacha = "0.9.0-alpha.0"
+argon2 = "0.5"
+password-hash = "0.5"
 
 # asn1
 asn1-parser = { path = "./crates/asn1-parser", features = ["std"] }
 oid = { version = "0.2", default-features = false }
 paste = "1.0"
 
 # diff
-similar = { version = "2.4", features = ["serde"] }
+similar = { version = "2.4", features = ["serde"] }

README.md

@@ -8,23 +8,26 @@ Visit this tool at [crypto.qkation.com](https://crypto.qkation.com).
 
 Table of content:
 
-* [Features](#features)
-* [Development](#development)
-* [Meta](#meta)
-* [Contributing](#contributing)
+- [crypto-helper](#crypto-helper)
+ - [Features](#features)
+ - [Development](#development)
+ - [Meta](#meta)
+ - [Contributing](#contributing)
 
 ![](/public/img/example.png)
 ![](/public/img/sha.png)
 ![](/public/img/jwt.png)
 
-The crypto-helper is an online app that helps to work with the different crypto algorithms. This app can hash/hmac, encrypt/decrypt, and sign/verify the data.
+The crypto-helper is a web app that helps to work with the different crypto algorithms. This app can hash/hmac, encrypt/decrypt, and sign/verify the data.
 
 All computations are performed on the client side. This tool never sends the data to any server.
 
 ### Features
 
 * Written in [Rust](https://github.com/rust-lang/rust) :crab: using [yew](https://github.com/yewstack/yew) :sparkles:
 * `MD5`
+* `Argon2`
+* `BCRYPT`
 * `SHA1`/`SHA256`/`SHA384`/`SHA512`
 * Kerberos ciphers: `AES128-CTS-HMAC-SHA1-96`/`AES256-CTS-HMAC-SHA1-96`
 * Kerberos HMAC: `HMAC-SHA1-96-AES128`/`HMAC-SHA1-96-AES256`
@@ -55,7 +58,7 @@ export APP_HOST=<url>
 # example:
 # export APP_HOST=https://crypto-helper.qkation.com
 ```
-This env variable is uses for the url generation when you click the *share by url* button.
+This env variable is used for the url generation when you click the *share by url* button.
 
 3. Run `trunk serve` in your terminal.
 4. Go to http://127.0.0.1:8080 in your browser.

rust-toolchain.toml

@@ -1,3 +1,3 @@
 [toolchain]
-channel = "1.76.0"
+channel = "1.77.0"
 components = [ "rustfmt", "clippy" ]

src/about.rs

@@ -7,6 +7,8 @@ pub fn about() -> Html {
  <span>{"Crypto-helper"}</span>
  <span>{"The crypto-helper is an online app that helps to work with the diferent crypto algorithms:"}</span>
  <ul>
+ <li>{"Argon2"}</li>
+ <li>{"BCrypt"}</li>
  <li>{"MD5"}</li>
  <li>{"SHA1/SHA256/SHA384/SHA512"}</li>
  <li>{"Kerberos ciphers: AES128-CTS-HMAC-SHA1-96/AES256-CTS-HMAC-SHA1-96"}</li>

src/crypto_helper.rs

@@ -16,7 +16,7 @@ use yew::{function_component, html, use_effect_with, use_state, Callback, Html};
 use yew_hooks::{use_clipboard, use_local_storage, use_location};
 use yew_notifications::{use_notification, Notification, NotificationType};
 
-use self::computations::{process_krb_cipher, process_krb_hmac, process_rsa, process_zlib};
+use self::computations::{process_argon2, process_krb_cipher, process_krb_hmac, process_rsa, process_zlib};
 use crate::crypto_helper::computations::process_bcrypt;
 use crate::url_query_params::generate_crypto_helper_link;
 
@@ -40,6 +40,7 @@ fn convert(algrithm: &Algorithm) -> Result<Vec<u8>, String> {
  Algorithm::Rsa(input) => process_rsa(input),
  Algorithm::Bcrypt(input) => process_bcrypt(input),
  Algorithm::Zlib(input) => process_zlib(input),
+ Algorithm::Argon2(input) => process_argon2(input),
  }
 }
 

src/crypto_helper/algorithm.rs

@@ -18,8 +18,9 @@ pub const RSA: &str = "RSA";
 pub const SHA384: &str = "SHA384";
 pub const BCRYPT: &str = "BCRYPT";
 pub const ZLIB: &str = "ZLIB";
+pub const ARGON2: &str = "ARGON2";
 
-pub const SUPPORTED_ALGORITHMS: [&str; 12] = [
+pub const SUPPORTED_ALGORITHMS: [&str; 13] = [
  MD5,
  SHA1,
  SHA256,
@@ -32,9 +33,10 @@ pub const SUPPORTED_ALGORITHMS: [&str; 12] = [
  SHA384,
  BCRYPT,
  ZLIB,
+ ARGON2,
 ];
 
-pub const HASHING_ALGOS: [&str; 6] = [MD5, SHA1, SHA256, SHA384, SHA512, BCRYPT];
+pub const HASHING_ALGOS: [&str; 7] = [MD5, SHA1, SHA256, SHA384, SHA512, BCRYPT, ARGON2];
 
 pub const ENCRYPTION_ALGOS: [&str; 3] = [AES128_CTS_HMAC_SHA1_96, AES256_CTS_HMAC_SHA1_96, RSA];
 
@@ -336,7 +338,6 @@ pub enum ZlibMode {
  Compress,
  Decompress,
 }
-
 impl From<ZlibMode> for bool {
  fn from(mode: ZlibMode) -> Self {
  match mode {
@@ -362,6 +363,174 @@ pub struct ZlibInput {
  pub data: Vec<u8>,
 }
 
+#[derive(Eq, Clone, Copy, PartialEq, Debug, Serialize, Deserialize, Default)]
+pub enum Argon2Variant {
+ Argon2i,
+ Argon2d,
+ #[default]
+ Argon2id,
+}
+
+#[derive(Eq, Clone, Copy, PartialEq, Debug, Serialize, Deserialize, Default)]
+pub enum Argon2Version {
+ Version10,
+ #[default]
+ Version13,
+}
+
+#[derive(Eq, Clone, PartialEq, Debug, Serialize, Deserialize)]
+pub struct Argon2HashAction {
+ pub memory: u32,
+ pub iters: u32,
+ pub paralelism: u32,
+ pub output_len: usize,
+ #[serde(serialize_with = "serialize_bytes", deserialize_with = "deserialize_bytes")]
+ pub salt: Vec<u8>,
+ #[serde(serialize_with = "serialize_bytes", deserialize_with = "deserialize_bytes")]
+ pub secret: Vec<u8>,
+ pub variant: Argon2Variant,
+ pub version: Argon2Version,
+}
+
+#[derive(Eq, Clone, PartialEq, Debug, Serialize, Deserialize)]
+pub enum Argon2Action {
+ Hash(Argon2HashAction),
+ Verify(#[serde(serialize_with = "serialize_bytes", deserialize_with = "deserialize_bytes")] Vec<u8>),
+}
+
+#[derive(Eq, Clone, PartialEq, Debug, Serialize, Deserialize, Default)]
+pub struct Argon2Input {
+ pub action: Argon2Action,
+ #[serde(serialize_with = "serialize_bytes", deserialize_with = "deserialize_bytes")]
+ pub data: Vec<u8>,
+}
+
+#[non_exhaustive]
+#[derive(Eq, Clone, PartialEq, Debug, Serialize, Deserialize)]
+pub enum Argon2Error<'a> {
+ InvalidVersion(&'a str),
+ InvalidVariant(&'a str),
+}
+
+impl<'a> std::fmt::Display for Argon2Error<'a> {
+ fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+ match self {
+ Self::InvalidVersion(version) => write!(f, "InvalidVersion({version})"),
+ Self::InvalidVariant(variant) => write!(f, "InvalidVariant({variant})"),
+ }
+ }
+}
+impl<'a> std::error::Error for Argon2Error<'a> {}
+
+impl Argon2Input {
+ pub fn with_variant(&self, variant: Argon2Variant) -> Self {
+ let mut input = self.clone();
+ if let Argon2Action::Hash(ref mut action) = input.action {
+ action.variant = variant;
+ }
+ input
+ }
+
+ pub fn with_version(&self, version: Argon2Version) -> Self {
+ let mut input = self.clone();
+ if let Argon2Action::Hash(ref mut action) = input.action {
+ action.version = version;
+ }
+ input
+ }
+}
+impl<'a> TryFrom<&'a str> for Argon2Version {
+ type Error = Argon2Error<'a>;
+
+ fn try_from(value: &'a str) -> Result<Self, Self::Error> {
+ match value {
+ "Argon13" => Ok(Self::Version13),
+ "Argon10" => Ok(Self::Version10),
+ invalid => Err(Argon2Error::InvalidVersion(invalid)),
+ }
+ }
+}
+impl From<Argon2Variant> for argon2::Algorithm {
+ fn from(value: Argon2Variant) -> Self {
+ match value {
+ Argon2Variant::Argon2d => argon2::Algorithm::Argon2d,
+ Argon2Variant::Argon2i => argon2::Algorithm::Argon2i,
+ Argon2Variant::Argon2id => argon2::Algorithm::Argon2id,
+ }
+ }
+}
+impl<'a> TryFrom<&'a str> for Argon2Variant {
+ type Error = Argon2Error<'a>;
+ fn try_from(value: &'a str) -> Result<Self, Self::Error> {
+ match value {
+ "Argon2i" => Ok(Self::Argon2i),
+ "Argon2d" => Ok(Self::Argon2d),
+ "Argon2id" => Ok(Self::Argon2id),
+ invalid => Err(Argon2Error::InvalidVariant(invalid)),
+ }
+ }
+}
+
+impl From<Argon2Version> for argon2::Version {
+ fn from(value: Argon2Version) -> Self {
+ match value {
+ Argon2Version::Version10 => argon2::Version::V0x10,
+ Argon2Version::Version13 => argon2::Version::V0x13,
+ }
+ }
+}
+
+impl From<&Argon2HashAction> for argon2::Params {
+ fn from(value: &Argon2HashAction) -> Self {
+ argon2::ParamsBuilder::new()
+ .m_cost(value.memory)
+ .p_cost(value.paralelism)
+ .t_cost(value.iters)
+ .build()
+ .expect("argon2::ParamsBuilder should never fail")
+ }
+}
+
+impl Default for Argon2HashAction {
+ fn default() -> Self {
+ use argon2::Params;
+ Self {
+ memory: Params::DEFAULT_M_COST,
+ iters: Params::DEFAULT_T_COST,
+ paralelism: Params::DEFAULT_P_COST,
+ output_len: Params::DEFAULT_OUTPUT_LEN,
+ salt: Default::default(),
+ secret: Default::default(),
+ variant: Default::default(),
+ version: Default::default(),
+ }
+ }
+}
+
+impl Default for Argon2Action {
+ fn default() -> Self {
+ Self::Hash(Argon2HashAction::default())
+ }
+}
+
+impl From<bool> for Argon2Action {
+ fn from(value: bool) -> Self {
+ match value {
+ true => Argon2Action::Verify(Default::default()),
+ false => Argon2Action::Hash(Default::default()),
+ }
+ }
+}
+
+impl From<&Argon2Action> for bool {
+ fn from(value: &Argon2Action) -> Self {
+ match value {
+ Argon2Action::Verify(_) => true,
+ Argon2Action::Hash(_) => false,
+ }
+ }
+}
+
 #[allow(clippy::large_enum_variant)]
 #[derive(Debug, PartialEq, Eq, Clone, Serialize, Deserialize)]
 pub enum Algorithm {
@@ -382,6 +551,7 @@ pub enum Algorithm {
  Rsa(RsaInput),
  Bcrypt(BcryptInput),
  Zlib(ZlibInput),
+ Argon2(Argon2Input),
 }
 
 impl TryFrom<&str> for Algorithm {
@@ -412,6 +582,8 @@ impl TryFrom<&str> for Algorithm {
  return Ok(Algorithm::Bcrypt(Default::default()));
  } else if value == ZLIB {
  return Ok(Algorithm::Zlib(Default::default()));
+ } else if value == ARGON2 {
+ return Ok(Algorithm::Argon2(Default::default()));
  }
 
  Err(format!(
@@ -436,6 +608,7 @@ impl From<&Algorithm> for &str {
  Algorithm::Rsa(_) => RSA,
  Algorithm::Bcrypt(_) => BCRYPT,
  Algorithm::Zlib(_) => ZLIB,
+ Algorithm::Argon2(_) => ARGON2,
  }
  }
 }

src/crypto_helper/computations.rs

@@ -1,6 +1,8 @@
 use std::convert::TryInto;
 use std::io::Write;
 
+use argon2::{PasswordHasher, PasswordVerifier};
+use base64::Engine;
 use bcrypt::Version;
 use flate2::write::{ZlibDecoder, ZlibEncoder};
 use flate2::Compression;
@@ -10,7 +12,8 @@ use rsa::rand_core::OsRng;
 use rsa::Pkcs1v15Encrypt;
 
 use super::algorithm::{
- BcryptAction, BcryptInput, KrbInput, KrbInputData, KrbMode, RsaAction, RsaInput, ZlibInput, ZlibMode,
+ Argon2Action, Argon2Input, BcryptAction, BcryptInput, KrbInput, KrbInputData, KrbMode, RsaAction, RsaInput,
+ ZlibInput, ZlibMode,
 };
 
 pub fn process_rsa(input: &RsaInput) -> Result<Vec<u8>, String> {
@@ -91,3 +94,41 @@ pub fn process_zlib(input: &ZlibInput) -> Result<Vec<u8>, String> {
  }
  }
 }
+
+pub fn process_argon2(input: &Argon2Input) -> Result<Vec<u8>, String> {
+ match &input.action {
+ Argon2Action::Hash(hash_action) => {
+ let argon2ctx = argon2::Argon2::new(
+ hash_action.variant.into(),
+ hash_action.version.into(),
+ hash_action.into(),
+ );
+
+ let salt = if hash_action.salt.is_empty() {
+ password_hash::SaltString::generate(OsRng)
+ } else {
+ password_hash::SaltString::from_b64(
+ &base64::engine::general_purpose::STANDARD_NO_PAD.encode(&hash_action.salt),
+ )
+ .map_err(|e| e.to_string())?
+ };
+
+ let hash = argon2ctx
+ .hash_password(&input.data, salt.as_salt())
+ .map_err(|err| err.to_string())?
+ .to_string();
+
+ Ok(hash.into_bytes())
+ }
+ Argon2Action::Verify(data) => {
+ let str = String::from_utf8(data.clone()).map_err(|e| e.to_string())?;
+ let hash = argon2::PasswordHash::new(&str).map_err(|e| e.to_string())?;
+
+ if argon2::Argon2::default().verify_password(&input.data, &hash).is_ok() {
+ Ok(vec![1])
+ } else {
+ Ok(vec![0])
+ }
+ }
+ }
+}

src/crypto_helper/info.rs

@@ -73,6 +73,11 @@ fn get_algorithm_info(algorithm: &Algorithm) -> Html {
  <a href="https://www.rfc-editor.org/rfc/rfc1950">{"RFC"}</a>
  </span>
  },
+ Algorithm::Argon2(_) => html! {
+ <span>{"Use Argon2 to encrypt/verify your data."}
+ <a href="https://www.rfc-editor.org/rfc/inline-errata/rfc9106.html">{"RFC"}</a>
+ </span>
+ },
  }
 }