mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2025-11-25 22:22:33 +02:00
9017ca265a
* Optimizations and build speedup With this commit I have changed several components to be more efficient. This can be less llvm-lines generated or less `clone()` calls. ### Config - Re-ordered the `make_config` macro to be more efficient - Created a custom Deserializer for `ConfigBuilder` less code and more efficient - Use struct's for the `prepare_json` function instead of generating a custom JSON object. This generates less code and is more efficient. - Updated the `get_support_string` function to handle the masking differently. This generates less code and also was able to remove some sub-macro-calls ### Error - Added an extra new call to prevent duplicate Strings in generated macro code. This generated less llvm-lines and seems to be more efficient. - Created a custom Serializer for `ApiError` and `CompactApiError` This makes that struct smaller in size, so better for memory, but also less llvm-lines. ### General - Removed `once_lock` and replace it all with Rust's std LazyLock - Added and fixed some Clippy lints which reduced `clone()` calls for example. - Updated build profiles for more efficiency Also added a new profile specifically for CI, which should decrease the build check - Updated several GitHub Workflows for better security and use the new `ci` build profile - Updated to Rust v1.90.0 which uses a new linker `rust-lld` which should help in faster building - Updated the Cargo.toml for all crates to better use the `workspace` variables - Added a `typos` Workflow and Pre-Commit, which should help in detecting spell error's. Also fixed a few found by it. Signed-off-by: BlackDex <black.dex@gmail.com> * Fix release profile Signed-off-by: BlackDex <black.dex@gmail.com> * Update typos and remove mimalloc check from pre-commit checks Signed-off-by: BlackDex <black.dex@gmail.com> * Misc fixes and updated typos Signed-off-by: BlackDex <black.dex@gmail.com> * Update crates and workflows Signed-off-by: BlackDex <black.dex@gmail.com> * Fix formating and pre-commit Signed-off-by: BlackDex <black.dex@gmail.com> * Update to Rust v1.91 and update crates Signed-off-by: BlackDex <black.dex@gmail.com> * Update web-vault to v2025.10.1 and xx to v1.8.0 Signed-off-by: BlackDex <black.dex@gmail.com> --------- Signed-off-by: BlackDex <black.dex@gmail.com>
116 lines
3.4 KiB
Rust
116 lines
3.4 KiB
Rust
//
|
|
// PBKDF2 derivation
|
|
//
|
|
use std::num::NonZeroU32;
|
|
|
|
use data_encoding::{Encoding, HEXLOWER};
|
|
use ring::{digest, hmac, pbkdf2};
|
|
|
|
const DIGEST_ALG: pbkdf2::Algorithm = pbkdf2::PBKDF2_HMAC_SHA256;
|
|
const OUTPUT_LEN: usize = digest::SHA256_OUTPUT_LEN;
|
|
|
|
pub fn hash_password(secret: &[u8], salt: &[u8], iterations: u32) -> Vec<u8> {
|
|
let mut out = vec![0u8; OUTPUT_LEN]; // Initialize array with zeros
|
|
|
|
let iterations = NonZeroU32::new(iterations).expect("Iterations can't be zero");
|
|
pbkdf2::derive(DIGEST_ALG, iterations, salt, secret, &mut out);
|
|
|
|
out
|
|
}
|
|
|
|
pub fn verify_password_hash(secret: &[u8], salt: &[u8], previous: &[u8], iterations: u32) -> bool {
|
|
let iterations = NonZeroU32::new(iterations).expect("Iterations can't be zero");
|
|
pbkdf2::verify(DIGEST_ALG, iterations, salt, secret, previous).is_ok()
|
|
}
|
|
|
|
//
|
|
// HMAC
|
|
//
|
|
pub fn hmac_sign(key: &str, data: &str) -> String {
|
|
let key = hmac::Key::new(hmac::HMAC_SHA1_FOR_LEGACY_USE_ONLY, key.as_bytes());
|
|
let signature = hmac::sign(&key, data.as_bytes());
|
|
|
|
HEXLOWER.encode(signature.as_ref())
|
|
}
|
|
|
|
//
|
|
// Random values
|
|
//
|
|
|
|
/// Return an array holding `N` random bytes.
|
|
pub fn get_random_bytes<const N: usize>() -> [u8; N] {
|
|
use ring::rand::{SecureRandom, SystemRandom};
|
|
|
|
let mut array = [0; N];
|
|
SystemRandom::new().fill(&mut array).expect("Error generating random values");
|
|
|
|
array
|
|
}
|
|
|
|
/// Encode random bytes using the provided function.
|
|
pub fn encode_random_bytes<const N: usize>(e: &Encoding) -> String {
|
|
e.encode(&get_random_bytes::<N>())
|
|
}
|
|
|
|
/// Generates a random string over a specified alphabet.
|
|
pub fn get_random_string(alphabet: &[u8], num_chars: usize) -> String {
|
|
// Ref: https://rust-lang-nursery.github.io/rust-cookbook/algorithms/randomness.html
|
|
use rand::Rng;
|
|
let mut rng = rand::rng();
|
|
|
|
(0..num_chars)
|
|
.map(|_| {
|
|
let i = rng.random_range(0..alphabet.len());
|
|
alphabet[i] as char
|
|
})
|
|
.collect()
|
|
}
|
|
|
|
/// Generates a random numeric string.
|
|
pub fn get_random_string_numeric(num_chars: usize) -> String {
|
|
const ALPHABET: &[u8] = b"0123456789";
|
|
get_random_string(ALPHABET, num_chars)
|
|
}
|
|
|
|
/// Generates a random alphanumeric string.
|
|
pub fn get_random_string_alphanum(num_chars: usize) -> String {
|
|
const ALPHABET: &[u8] = b"ABCDEFGHIJKLMNOPQRSTUVWXYZ\
|
|
abcdefghijklmnopqrstuvwxyz\
|
|
0123456789";
|
|
get_random_string(ALPHABET, num_chars)
|
|
}
|
|
|
|
pub fn generate_id<const N: usize>() -> String {
|
|
encode_random_bytes::<N>(&HEXLOWER)
|
|
}
|
|
|
|
pub fn generate_send_file_id() -> String {
|
|
// Send File IDs are globally scoped, so make them longer to avoid collisions.
|
|
generate_id::<32>() // 256 bits
|
|
}
|
|
|
|
use crate::db::models::AttachmentId;
|
|
pub fn generate_attachment_id() -> AttachmentId {
|
|
// Attachment IDs are scoped to a cipher, so they can be smaller.
|
|
AttachmentId(generate_id::<10>()) // 80 bits
|
|
}
|
|
|
|
/// Generates a numeric token for email-based verifications.
|
|
pub fn generate_email_token(token_size: u8) -> String {
|
|
get_random_string_numeric(token_size as usize)
|
|
}
|
|
|
|
/// Generates a personal API key.
|
|
/// Upstream uses 30 chars, which is ~178 bits of entropy.
|
|
pub fn generate_api_key() -> String {
|
|
get_random_string_alphanum(30)
|
|
}
|
|
|
|
//
|
|
// Constant time compare
|
|
//
|
|
pub fn ct_eq<T: AsRef<[u8]>, U: AsRef<[u8]>>(a: T, b: U) -> bool {
|
|
use subtle::ConstantTimeEq;
|
|
a.as_ref().ct_eq(b.as_ref()).into()
|
|
}
|