Skip to content

Commit

Permalink
Refactor
Browse files Browse the repository at this point in the history
  • Loading branch information
@lbeder
lbeder committed Feb 27, 2025
1 parent 73bb268 commit 8387bf8
Show file tree
Hide file tree
Showing 3 changed files with 90 additions and 88 deletions.
29 changes: 18 additions & 11 deletions build.sh
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,10 @@
#!/usr/bin/env sh
set -e

# Extract version from Cargo.toml
VERSION=$(cargo pkgid | cut -d# -f2 | cut -d: -f2)

# Run code quality checks
echo "Running audit..."
cargo audit

Expand All @@ -12,15 +14,20 @@ cargo clippy --all-targets --all-features -- -D warnings
echo "Running tests..."
cargo test --release

echo "Building v${VERSION} for Mac OS ARM64..."
cargo build --release --target=aarch64-apple-darwin
# Build for different architectures
build_target() {
echo "Building v${VERSION} for $1..."
if [ "$2" = "linux-musl" ]; then
# Set up Linux MUSL environment variables
export CC_x86_64_unknown_linux_musl=x86_64-unknown-linux-musl-gcc
export CXX_x86_64_unknown_linux_musl=x86_64-unknown-linux-musl-g++
export AR_x86_64_unknown_linux_musl=x86_64-unknown-linux-musl-ar
export CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER=x86_64-unknown-linux-musl-gcc
fi
cargo build --release --target=$2
}

echo "Building v${VERSION} for Mac OS x64..."
cargo build --release --target=x86_64-apple-darwin

echo "Building v${VERSION} for Linux x64..."
export CC_x86_64_unknown_linux_musl=x86_64-unknown-linux-musl-gcc
export CXX_x86_64_unknown_linux_musl=x86_64-unknown-linux-musl-g++
export AR_x86_64_unknown_linux_musl=x86_64-unknown-linux-musl-ar
export CARGO_TARGET_X86_64_UNKNOWN_LINUX_MUSL_LINKER=x86_64-unknown-linux-musl-gcc
cargo build --release --target=x86_64-unknown-linux-musl
# Build for each target platform
build_target "Mac OS ARM64" "aarch64-apple-darwin"
build_target "Mac OS x64" "x86_64-apple-darwin"
build_target "Linux x64" "x86_64-unknown-linux-musl" "linux-musl"
90 changes: 32 additions & 58 deletions release.sh
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#!/usr/bin/env sh
#!/bin/bash
set -e

VERSION=$(cargo pkgid | sed -E 's/.*#([0-9]+\.[0-9]+\.[0-9]+).*/\1/')
Expand All @@ -7,79 +7,53 @@ VERSION=$(cargo pkgid | sed -E 's/.*#([0-9]+\.[0-9]+\.[0-9]+).*/\1/')

rm -rf target/*.tgz target/*.tgz.sig target/release.md

echo "Creating v${VERSION} bundle for Mac OS ARM64..."
APPLE_ARM64_TARGET="slowkey-${VERSION}-osx-arm64.tgz"
APPLE_ARM64_TARGET_SIG=${APPLE_ARM64_TARGET}.sig
APPLE_ARM64_RELEASE="target/${APPLE_ARM64_TARGET}"
APPLE_ARM64_RELEASE_SIG=${APPLE_ARM64_RELEASE}.sig
tar zcvf ${APPLE_ARM64_RELEASE} target/aarch64-apple-darwin/release/slowkey
APPLE_ARM64_RELEASE_SHA512=$(shasum -a512 ${APPLE_ARM64_RELEASE})
gpg --output ${APPLE_ARM64_RELEASE_SIG} --detach-sig ${APPLE_ARM64_RELEASE}

echo "Creating v${VERSION} bundle for Mac OS x64..."
APPLE_X64_TARGET="slowkey-${VERSION}-osx-x64.tgz"
APPLE_X64_TARGET_SIG=${APPLE_X64_TARGET}.sig
APPLE_X64_RELEASE="target/${APPLE_X64_TARGET}"
APPLE_X64_RELEASE_SIG=${APPLE_X64_RELEASE}.sig
tar zcvf ${APPLE_X64_RELEASE} target/x86_64-apple-darwin/release/slowkey
APPLE_X64_RELEASE_SHA512=$(shasum -a512 ${APPLE_X64_RELEASE})
gpg --output ${APPLE_X64_RELEASE_SIG} --detach-sig ${APPLE_X64_RELEASE}

echo "Creating v${VERSION} bundle for Linux X64..."
LINUX_X64_TARGET="slowkey-${VERSION}-linux-x64.tgz"
LINUX_X64_TARGET_SIG=${LINUX_X64_TARGET}.sig
LINUX_X64_RELEASE="target/${LINUX_X64_TARGET}"
LINUX_X64_RELEASE_SIG=${LINUX_X64_RELEASE}.sig
tar zcvf ${LINUX_X64_RELEASE} target/x86_64-unknown-linux-musl/release/slowkey
LINUX_X64_RELEASE_SHA512=$(shasum -a512 ${LINUX_X64_RELEASE})
gpg --output ${LINUX_X64_RELEASE_SIG} --detach-sig ${LINUX_X64_RELEASE}
create_bundle() {
platform=$1
arch=$2
target_arch=$3

RELEASE_NOTES="target/release.md"
echo "Preparing release notes..."

cat <<EOF >$RELEASE_NOTES
# Release Notes v${VERSION}
## Mac OS ARM64
Calculate the SHA512:
echo "Creating v${VERSION} bundle for ${platform} ${arch}..."
target="slowkey-${VERSION}-${target_arch}.tgz"
target_sig="${target}.sig"
release="target/${target}"
release_sig="${release}.sig"

\`\`\`sh
shasum -a512 ${APPLE_ARM64_RELEASE} ${APPLE_ARM64_RELEASE_SHA512}
\`\`\`
Verify the digital signature:
tar zcvf "${release}" "target/${target_arch}/release/slowkey"
release_sha512=$(shasum -a512 "${release}")
gpg --output "${release_sig}" --detach-sig "${release}"

\`\`\`sh
gpg --verify ${APPLE_ARM64_TARGET_SIG} ${APPLE_ARM64_TARGET}
\`\`\`
echo "${platform}|${arch}|${target}|${target_sig}|${release}|${release_sha512}" >>/tmp/bundle_info
}

## Mac OS x64
# Create bundles
create_bundle "Mac OS" "ARM64" "aarch64-apple-darwin"
create_bundle "Mac OS" "x64" "x86_64-apple-darwin"
create_bundle "Linux" "X64" "x86_64-unknown-linux-musl"

Calculate the SHA512:
RELEASE_NOTES="target/release.md"
echo "Preparing release notes..."

\`\`\`sh
shasum -a512 ${APPLE_X64_RELEASE} ${APPLE_X64_RELEASE_SHA512}
\`\`\`
# Start release notes
echo "# Release Notes v${VERSION}" >$RELEASE_NOTES

Verify the digital signature:
# Add sections for each platform
while IFS="|" read -r platform arch target target_sig release release_sha512; do
cat <<EOF >>$RELEASE_NOTES
\`\`\`sh
gpg --verify ${APPLE_X64_TARGET_SIG} ${APPLE_X64_TARGET}
\`\`\`
## Linux X64
## ${platform} ${arch}
Calculate the SHA512:
\`\`\`sh
shasum -a512 ${LINUX_X64_RELEASE} ${LINUX_X64_RELEASE_SHA512}
shasum -a512 ${release} ${release_sha512}
\`\`\`
Verify the digital signature:
\`\`\`sh
gpg --verify ${LINUX_X64_TARGET_SIG} ${LINUX_X64_TARGET}
gpg --verify ${target_sig} ${target}
\`\`\`
EOF
done </tmp/bundle_info

rm /tmp/bundle_info
59 changes: 40 additions & 19 deletions src/slowkey.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ impl SlowKeyOptions {
pub const MAX_KEY_SIZE: usize = 64;
pub const DEFAULT_OUTPUT_SIZE: usize = 32;

#[inline]
pub fn new(
iterations: usize, length: usize, scrypt: &ScryptOptions, argon2id: &Argon2idOptions,
balloon_hash: &BalloonHashOptions,
Expand Down Expand Up @@ -101,6 +102,7 @@ impl SlowKey<'_> {
pub const SALT_SIZE: usize = 16;
pub const DEFAULT_SALT: [u8; SlowKey::SALT_SIZE] = [0; SlowKey::SALT_SIZE];

#[inline]
pub fn new(opts: &SlowKeyOptions) -> Self {
if opts.iterations == 0 {
panic!("Invalid iterations number");
Expand All @@ -115,6 +117,7 @@ impl SlowKey<'_> {
}
}

#[inline]
pub fn derive_key_with_callback<F: FnMut(usize, &Vec<u8>)>(
&self, salt: &[u8], password: &[u8], offset_data: &[u8], offset: usize, sanity: bool, mut callback: F,
) -> Vec<u8> {
Expand Down Expand Up @@ -175,14 +178,22 @@ impl SlowKey<'_> {
});
}

// Pre-allocate total capacity needed
let total_len = scrypt_output.len()
+ argon2_output.len()
+ balloon_hash_output.len()
+ salt.len()
+ password.len()
+ std::mem::size_of::<u64>();
res = Vec::with_capacity(total_len);

// Concatenate all the results and the inputs
res = [
scrypt_output,
argon2_output,
balloon_hash_output,
[salt, password, &iteration.to_le_bytes()].concat(),
]
.concat();
res.extend_from_slice(&scrypt_output);
res.extend_from_slice(&argon2_output);
res.extend_from_slice(&balloon_hash_output);
res.extend_from_slice(salt);
res.extend_from_slice(password);
res.extend_from_slice(&iteration.to_le_bytes());

// Calculate the SHA2 and SHA3 hashes of the result and the inputs
let hash_output = self.double_hash(salt, password, Some(iteration), &res);
Expand All @@ -200,14 +211,16 @@ impl SlowKey<'_> {
res
}

#[inline]
pub fn derive_key(&self, salt: &[u8], password: &[u8], offset_data: &[u8], offset: usize) -> Vec<u8> {
self.derive_key_with_callback(salt, password, offset_data, offset, false, |_, _| {})
}

#[inline]
fn double_hash(&self, salt: &[u8], password: &[u8], iteration: Option<u64>, input: &[u8]) -> Vec<u8> {
let mut res: Vec<u8> = input.to_vec();

// Calculate the SHA2 hash of the result and the inputs
let total_len = input.len() + salt.len() + password.len() + iteration.map_or(0, |_| std::mem::size_of::<u64>());
let mut res = Vec::with_capacity(total_len);
res.extend_from_slice(input);
res.extend_from_slice(salt);
res.extend_from_slice(password);

Expand All @@ -217,9 +230,12 @@ impl SlowKey<'_> {

let mut sha512 = Sha512::new();
sha512.update(&res);
res = sha512.finalize().to_vec();
let sha_result = sha512.finalize();

// Calculate the SHA3 hash of the result and the inputs
let total_len =
sha_result.len() + salt.len() + password.len() + iteration.map_or(0, |_| std::mem::size_of::<u64>());
res = Vec::with_capacity(total_len);
res.extend_from_slice(&sha_result);
res.extend_from_slice(salt);
res.extend_from_slice(password);

Expand All @@ -229,35 +245,40 @@ impl SlowKey<'_> {

let mut keccack512 = Keccak512::new();
keccack512.update(&res);

keccack512.finalize().to_vec()
}

#[inline]
fn scrypt(&self, salt: &[u8], password: &[u8], iteration: u64, input: &[u8]) -> Vec<u8> {
let mut res: Vec<u8> = input.to_vec();

let total_len = input.len() + salt.len() + password.len() + std::mem::size_of::<u64>();
let mut res = Vec::with_capacity(total_len);
res.extend_from_slice(input);
res.extend_from_slice(salt);
res.extend_from_slice(password);
res.extend_from_slice(&iteration.to_le_bytes());

self.scrypt.hash(salt, &res)
}

#[inline]
fn argon2id(&self, salt: &[u8], password: &[u8], iteration: u64, input: &[u8]) -> Vec<u8> {
let mut res: Vec<u8> = input.to_vec();

let total_len = input.len() + salt.len() + password.len() + std::mem::size_of::<u64>();
let mut res = Vec::with_capacity(total_len);
res.extend_from_slice(input);
res.extend_from_slice(salt);
res.extend_from_slice(password);
res.extend_from_slice(&iteration.to_le_bytes());

self.argon2id.hash(salt, &res)
}

#[inline]
fn balloon_hash(
&self, salt: &[u8], salt_string: &SaltString, password: &[u8], iteration: u64, input: &[u8],
) -> Vec<u8> {
let mut res: Vec<u8> = input.to_vec();

let total_len = input.len() + salt.len() + password.len() + std::mem::size_of::<u64>();
let mut res = Vec::with_capacity(total_len);
res.extend_from_slice(input);
res.extend_from_slice(salt);
res.extend_from_slice(password);
res.extend_from_slice(&iteration.to_le_bytes());
Expand Down

0 comments on commit 8387bf8

Please sign in to comment.