fix(bcrypt): update to upstream rust-bcrypt implementation

Fix panic in verify #579

Author: Brooooooklyn

packages/bcrypt/Cargo.toml

@@ -8,6 +8,7 @@ version = "0.1.0"
 crate-type = ["cdylib"]
 
 [dependencies]
+bcrypt = "0.10"
 blowfish = {version = "0.8", features = ["bcrypt"]}
 byteorder = "1"
 global_alloc = {path = "../../crates/alloc"}

packages/bcrypt/src/b64.rs

@@ -1,77 +1,6 @@
-use crate::errors::{BcryptError, BcryptResult};
 use phf::phf_map;
 use radix64::STD;
 
-// Decoding table from bcrypt base64 to standard base64 and standard -> bcrypt
-// Bcrypt has its own base64 alphabet
-// ./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789
-static BCRYPT_TO_STANDARD: phf::Map<char, &'static str> = phf_map! {
-  '/' => "B",
-  '.' => "A",
-  '1' => "3",
-  '0' => "2",
-  '3' => "5",
-  '2' => "4",
-  '5' => "7",
-  '4' => "6",
-  '7' => "9",
-  '6' => "8",
-  '9' => "/",
-  '8' => "+",
-  'A' => "C",
-  'C' => "E",
-  'B' => "D",
-  'E' => "G",
-  'D' => "F",
-  'G' => "I",
-  'F' => "H",
-  'I' => "K",
-  'H' => "J",
-  'K' => "M",
-  'J' => "L",
-  'M' => "O",
-  'L' => "N",
-  'O' => "Q",
-  'N' => "P",
-  'Q' => "S",
-  'P' => "R",
-  'S' => "U",
-  'R' => "T",
-  'U' => "W",
-  'T' => "V",
-  'W' => "Y",
-  'V' => "X",
-  'Y' => "a",
-  'X' => "Z",
-  'Z' => "b",
-  'a' => "c",
-  'c' => "e",
-  'b' => "d",
-  'e' => "g",
-  'd' => "f",
-  'g' => "i",
-  'f' => "h",
-  'i' => "k",
-  'h' => "j",
-  'k' => "m",
-  'j' => "l",
-  'm' => "o",
-  'l' => "n",
-  'o' => "q",
-  'n' => "p",
-  'q' => "s",
-  'p' => "r",
-  's' => "u",
-  'r' => "t",
-  'u' => "w",
-  't' => "v",
-  'w' => "y",
-  'v' => "x",
-  'y' => "0",
-  'x' => "z",
-  'z' => "1",
-};
-
 static STANDARD_TO_BCRYPT: phf::Map<char, &'static str> = phf_map! {
   'B' => "/",
   'A' => ".",
@@ -157,51 +86,13 @@ pub fn encode(words: &[u8]) -> String {
   res
 }
 
-// Can potentially panic if the hash given contains invalid characters
-pub fn decode(hash: &str) -> BcryptResult<Vec<u8>> {
-  let mut res = String::with_capacity(hash.len());
-  for ch in hash.chars() {
-    if let Some(c) = BCRYPT_TO_STANDARD.get(&ch) {
-      res.push_str(c);
-    } else {
-      return Err(BcryptError::DecodeError(ch, hash.to_string()));
-    }
-  }
-
-  // Bcrypt base64 has no padding but standard has
-  // so we need to actually add padding ourselves
-  if hash.len() % 4 > 0 {
-    let padding = 4 - hash.len() % 4;
-    for _ in 0..padding {
-      res.push('=');
-    }
-  }
-
-  // safe unwrap: if we had non standard chars, it would have errored before
-  Ok(STD.decode(&res).unwrap())
-}
-
 #[cfg(test)]
 mod tests {
-  use super::{decode, encode};
-
-  #[test]
-  fn can_decode_bcrypt_base64() {
-    let hash = "YETqZE6eb07wZEO";
-    assert_eq!(
-      "hello world",
-      String::from_utf8_lossy(&decode(hash).unwrap())
-    );
-  }
+  use super::encode;
 
   #[test]
   fn can_encode_to_bcrypt_base64() {
     let expected = "YETqZE6eb07wZEO";
     assert_eq!(encode(b"hello world"), expected);
   }
-
-  #[test]
-  fn decode_errors_with_unknown_char() {
-    assert!(decode("YETqZE6e_b07wZEO").is_err());
-  }
 }

packages/bcrypt/src/errors.rs

@@ -2,8 +2,6 @@ use std::error;
 use std::fmt;
 use std::io;
 
-use crate::lib_bcrypt::{MAX_COST, MIN_COST};
-
 /// Library generic result type.
 pub type BcryptResult<T> = Result<T, BcryptError>;
 
@@ -12,13 +10,10 @@ pub type BcryptResult<T> = Result<T, BcryptError>;
 /// passwords
 pub enum BcryptError {
   Io(io::Error),
-  CostNotAllowed(u32),
-  InvalidPassword,
   InvalidVersion(String),
   InvalidCost(String),
   InvalidPrefix(String),
   InvalidHash(String),
-  DecodeError(char, String),
   Rand(rand::Error),
 }
 
@@ -40,18 +35,9 @@ impl fmt::Display for BcryptError {
     match *self {
       BcryptError::Io(ref err) => write!(f, "IO error: {}", err),
       BcryptError::InvalidCost(ref cost) => write!(f, "Invalid Cost: {}", cost),
-      BcryptError::CostNotAllowed(ref cost) => write!(
-        f,
-        "Cost needs to be between {} and {}, got {}",
-        MIN_COST, MAX_COST, cost
-      ),
-      BcryptError::InvalidPassword => write!(f, "Invalid password: contains NULL byte"),
       BcryptError::InvalidVersion(ref v) => write!(f, "Invalid version: {}", v),
       BcryptError::InvalidPrefix(ref prefix) => write!(f, "Invalid Prefix: {}", prefix),
       BcryptError::InvalidHash(ref hash) => write!(f, "Invalid hash: {}", hash),
-      BcryptError::DecodeError(ref c, ref s) => {
-        write!(f, "Invalid base64 error in {}, char {}", c, s)
-      }
       BcryptError::Rand(ref err) => write!(f, "Rand error: {}", err),
     }
   }
@@ -62,11 +48,8 @@ impl error::Error for BcryptError {
     match *self {
       BcryptError::Io(ref err) => Some(err),
       BcryptError::InvalidCost(_)
-      | BcryptError::CostNotAllowed(_)
-      | BcryptError::InvalidPassword
       | BcryptError::InvalidVersion(_)
       | BcryptError::InvalidPrefix(_)
-      | BcryptError::DecodeError(_, _)
       | BcryptError::InvalidHash(_) => None,
       BcryptError::Rand(ref err) => Some(err),
     }

packages/bcrypt/src/hash_task.rs

@@ -3,8 +3,6 @@ use napi::{
 };
 use napi_derive::napi;
 
-use crate::lib_bcrypt::hash;
-
 pub enum AsyncHashInput {
   String(String),
   Buffer(Ref<JsBufferValue>),
@@ -42,7 +40,7 @@ impl HashTask {
 
   #[inline]
   pub fn hash(buf: &[u8], cost: u32) -> Result<String> {
-    hash(buf, cost).map_err(|_| Error::from_status(Status::GenericFailure))
+    bcrypt::hash(buf, cost).map_err(|_| Error::from_status(Status::GenericFailure))
   }
 }
 

packages/bcrypt/src/lib.rs

@@ -15,7 +15,6 @@ use crate::lib_bcrypt::{format_salt, gen_salt, Version};
 use crate::verify_task::VerifyTask;
 
 mod b64;
-mod bcrypt;
 mod errors;
 mod hash_task;
 mod lib_bcrypt;