From d6f31b6487b17e3b377a5f6928eb33616824f5a6 Mon Sep 17 00:00:00 2001 From: Mike Mulchrone Date: Sat, 10 Jan 2026 12:51:20 -0500 Subject: [PATCH 1/3] adding scrypt parameters --- Cargo.toml | 2 +- src/password_hashers/bcrypt.rs | 8 +++----- src/password_hashers/cas_password_hasher.rs | 5 ----- src/password_hashers/scrypt.rs | 17 +++++++++++------ tests/password_hashers.rs | 10 +++++++++- 5 files changed, 24 insertions(+), 18 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index ae1dff6..aa98df8 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "cas-lib" -version = "0.2.68" +version = "0.2.69" edition = "2021" description = "A function wrapper layer for RustCrypto and Dalek-Cryptography. Intended to be used in FFI situations with a global heap deallactor at the top level project." license = "Apache-2.0" diff --git a/src/password_hashers/bcrypt.rs b/src/password_hashers/bcrypt.rs index 2a1b576..921b6d8 100644 --- a/src/password_hashers/bcrypt.rs +++ b/src/password_hashers/bcrypt.rs @@ -2,20 +2,18 @@ use bcrypt::{hash, verify, DEFAULT_COST}; -use super::cas_password_hasher::CASPasswordHasher; - pub struct CASBCrypt; -impl CASPasswordHasher for CASBCrypt { +impl CASBCrypt { /// Hashes a password using bcrypt. /// Returns the hashed password as a string. - fn hash_password(password_to_hash: String) -> String { + pub fn hash_password(password_to_hash: String) -> String { return hash(password_to_hash, DEFAULT_COST).unwrap(); } /// Verifies a password against a hashed password using bcrypt. /// Returns true if the password matches the hashed password, false otherwise. - fn verify_password(hashed_password: String, password_to_verify: String) -> bool { + pub fn verify_password(hashed_password: String, password_to_verify: String) -> bool { return verify(password_to_verify, &hashed_password).unwrap(); } } diff --git a/src/password_hashers/cas_password_hasher.rs b/src/password_hashers/cas_password_hasher.rs index 48a4fff..62cae98 100644 --- a/src/password_hashers/cas_password_hasher.rs +++ b/src/password_hashers/cas_password_hasher.rs @@ -1,8 +1,3 @@ -pub trait CASPasswordHasher { - fn hash_password(password_to_hash: String) -> String; - fn verify_password(hashed_password: String, password_to_verify: String) -> bool; -} - pub struct Pbkdf2Result { pub password: Vec, pub salt: Vec diff --git a/src/password_hashers/scrypt.rs b/src/password_hashers/scrypt.rs index 6d84b72..f5a7ac8 100644 --- a/src/password_hashers/scrypt.rs +++ b/src/password_hashers/scrypt.rs @@ -4,17 +4,22 @@ use scrypt::{ password_hash::{rand_core::OsRng, PasswordHash, PasswordHasher, PasswordVerifier, SaltString}, - Scrypt, + Scrypt, Params }; -use super::cas_password_hasher::CASPasswordHasher; - pub struct CASScrypt; -impl CASPasswordHasher for CASScrypt { +impl CASScrypt { + /// Hashes a passwith using Scrypt with custom params. + pub fn hash_password_customized(password_to_hash: String, cpu_memory_cost: u8, block_size: u32, parallelism: u32) -> String { + let salt = SaltString::generate(&mut OsRng); + let params = Params::new(cpu_memory_cost, block_size, parallelism, 32).unwrap(); + return Scrypt.hash_password_customized(password_to_hash.as_bytes(), None, None, params, &salt).unwrap().to_string(); + } + /// Hashes a password using Scrypt. /// Returns the hashed password as a string. - fn hash_password(password_to_hash: String) -> String { + pub fn hash_password(password_to_hash: String) -> String { let salt = SaltString::generate(&mut OsRng); return Scrypt .hash_password(password_to_hash.as_bytes(), &salt) @@ -24,7 +29,7 @@ impl CASPasswordHasher for CASScrypt { /// Verifies a password against a hashed password using Scrypt. /// Returns true if the password matches the hashed password, false otherwise. - fn verify_password(hashed_password: String, password_to_verify: String) -> bool { + pub fn verify_password(hashed_password: String, password_to_verify: String) -> bool { let parsed_hash = PasswordHash::new(&hashed_password).unwrap(); return Scrypt .verify_password(password_to_verify.as_bytes(), &parsed_hash) diff --git a/tests/password_hashers.rs b/tests/password_hashers.rs index ffc1ae7..aea8032 100644 --- a/tests/password_hashers.rs +++ b/tests/password_hashers.rs @@ -1,7 +1,7 @@ #[cfg(test)] mod password_hashers { use std::path::Path; - use cas_lib::{password_hashers::{argon2::CASArgon, bcrypt::CASBCrypt, cas_password_hasher::CASPasswordHasher, scrypt::CASScrypt}, symmetric::{aes::{CASAES128, CASAES256}, cas_symmetric_encryption::{CASAES128Encryption, CASAES256Encryption}}}; + use cas_lib::{password_hashers::{argon2::CASArgon, bcrypt::CASBCrypt, scrypt::CASScrypt}, symmetric::{aes::{CASAES128, CASAES256}, cas_symmetric_encryption::{CASAES128Encryption, CASAES256Encryption}}}; #[test] pub fn argon2_hash_with_parameters() { @@ -53,6 +53,14 @@ mod password_hashers { assert_eq!(true, verification); } + #[test] + pub fn scrypt_hash_password_customized() { + let password = "DoNotUseThisPassword".to_string(); + let hash = CASScrypt::hash_password_customized(password.clone(), 17, 8, 1); + let verification = CASScrypt::verify_password(hash, password); + assert_eq!(true, verification); + } + #[test] pub fn bcrypt_hash_password() { let password = "DoNotUseThisPassword".to_string(); From 2eb8726424fc2f28ed05f62b8a67c395b9d768b6 Mon Sep 17 00:00:00 2001 From: Mike Mulchrone Date: Sat, 10 Jan 2026 12:52:47 -0500 Subject: [PATCH 2/3] updating comment --- src/password_hashers/scrypt.rs | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/password_hashers/scrypt.rs b/src/password_hashers/scrypt.rs index f5a7ac8..86b18ba 100644 --- a/src/password_hashers/scrypt.rs +++ b/src/password_hashers/scrypt.rs @@ -11,6 +11,11 @@ pub struct CASScrypt; impl CASScrypt { /// Hashes a passwith using Scrypt with custom params. + /// Parameters: + /// - password_to_hash: The password to be hashed. + /// - cpu_memory_cost: logâ‚‚ of the Scrypt parameter `N`, the work factor. + /// - block_size: `r` parameter: resource usage. + /// - parallelism: `p` parameter: parallelization. pub fn hash_password_customized(password_to_hash: String, cpu_memory_cost: u8, block_size: u32, parallelism: u32) -> String { let salt = SaltString::generate(&mut OsRng); let params = Params::new(cpu_memory_cost, block_size, parallelism, 32).unwrap(); From 8b9a4cdd8ee8bd24fa1e62cd14a36bde07001e05 Mon Sep 17 00:00:00 2001 From: Mike Mulchrone Date: Sat, 10 Jan 2026 13:02:20 -0500 Subject: [PATCH 3/3] fixing serialization for CI --- Cargo.toml | 2 +- src/http/types/mod.rs | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index aa98df8..1a9e2b4 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -35,7 +35,7 @@ chacha20poly1305 = "0.10.1" slh-dsa = "0.0.3" ml-kem = "0.2.1" reqwest = { version = "0.12.24", features = ["json", "cookies", "rustls-tls"] } -serde = "1.0.228" +serde = { version = "1.0.228", features = ["derive"] } tokio = { version = "1.48.0", features = ["macros", "rt-multi-thread"] } url = "2.5.7" once_cell = "1.21.3" diff --git a/src/http/types/mod.rs b/src/http/types/mod.rs index 419ffa9..bd351da 100644 --- a/src/http/types/mod.rs +++ b/src/http/types/mod.rs @@ -1,4 +1,4 @@ -use serde::Serialize; +use serde::{Deserialize, Serialize}; pub mod runtime; @@ -10,7 +10,7 @@ pub struct BenchmarkRequest { pub time_in_milliseconds: i64 } -#[derive(serde::Deserialize)] +#[derive(Deserialize)] #[serde(rename_all = "camelCase")] pub struct AuthResponse { pub token: String,