commit 78aa0c7719c3978e4cb28a6724d9bde7e92d3508
parent 7b82807deb4488125a563a01afcb74548bb7a9de
Author: srfsh <dev@srf.sh>
Date: Wed, 6 Jul 2022 22:39:30 +0200
restroom: remove passphrase layer
Diffstat:
5 files changed, 4 insertions(+), 53 deletions(-)
diff --git a/src/zenflows/restroom.ex b/src/zenflows/restroom.ex
@@ -4,23 +4,9 @@ A module to interact with Restroom instances over (for now) HTTP.
"""
@doc """
-Generate a hash out of a passhprase character string using a constant salt.
-"""
-@spec passgen(String.t()) :: String.t()
-def passgen(pass) do
- data = %{salt: salt(), password: pass}
- {:ok, %{"key_derivation" => keyder}} = exec("passgen_pbkdf2", data)
- keyder
-end
-
-@doc """
-Securely compare a passphrase and a hash, and return `true` if they match,
-`false` otherwise.
-"""
-@spec passverify?(String.t(), String.t()) :: boolean()
-def passverify?(pass, hash) do
- data = %{salt: salt(), hash: hash, password: pass}
- case exec("passverify_pbkdf2", data) do
+@spec byte_equal?(binary(), binary()) :: boolean()
+def byte_equal?(left, right) do
+ case exec("byte_equal", %{left: left, right: right}) do
{:ok, %{"output" => ["1"]}} -> true
_ -> false
end
@@ -32,6 +18,7 @@ defp exec(name, data) do
url = to_charlist("http://#{host()}/api/#{name}")
hdrs = [{'user-agent', useragent()}]
http_opts = [
+
{:timeout, 30000}, # 30 seconds
{:connect_timeout, 5000}, # 5 seconds
{:autoredirect, false},
@@ -49,14 +36,12 @@ defp exec(name, data) do
end
end
-
# Return the useragent to be used by the HTTP client, this module.
@spec useragent() :: charlist()
defp useragent() do
'zenflows/' ++ Application.spec(:zenflows, :vsn)
end
-
# Return the host string (hostname:port) of the Restroom instance.
@spec host() :: String.t()
defp host() do
@@ -64,12 +49,6 @@ defp host() do
"#{conf[:room_host]}:#{conf[:room_port]}"
end
-
-# Return the salt binary that is for passphrase hashing.
-defp salt() do
- conf() |> Keyword.fetch!(:room_salt)
-end
-
# Return the application configurations of this module.
@spec conf() :: Keyword.t()
defp conf() do
diff --git a/test/restroom.test.exs b/test/restroom.test.exs
@@ -1,13 +0,0 @@
-defmodule ZenflowsTest.Restroom do
-use ExUnit.Case, async: true
-
-import Zenflows.Restroom
-
-test "`passgen/1` and `passverify?/2` works together correctly" do
- pass = "hunter2"
- notpass = "hunter"
- hash = passgen(pass)
- assert passverify?(pass, hash)
- refute passverify?(notpass, hash)
-end
-end
diff --git a/zencode/passgen_pbkdf2.zen b/zencode/passgen_pbkdf2.zen
@@ -1,4 +0,0 @@
-Given I have a 'hex' named 'salt'
-and I have a 'string' named 'password'
-When I create the key derivation of 'password' with password 'salt'
-Then print the 'key derivation' as 'base64'
diff --git a/zencode/passverify_pbkdf2.zen b/zencode/passverify_pbkdf2.zen
@@ -1,7 +0,0 @@
-Given I have a 'hex' named 'salt'
-and I have a 'base64' named 'hash'
-and I have a 'string' named 'password'
-When I create the key derivation of 'password' with password 'salt'
-and I verify 'key_derivation' is equal to 'hash'
-Then print the string '1'
-# when false zenroom returns error
diff --git a/zencode/test.sh b/zencode/test.sh
@@ -55,10 +55,6 @@ keyring='{"bitcoin_address":"bc1qlsqa5rgnrma4agtjar4q5jv9pe4pxze7vsyvp7","ethere
testzen keygen "${keyring}"
-testzen passgen_pbkdf2 '{"key_derivation":"hUWpLrhAYoeWA/0uNjn32a/YNwQc8S1mAI0IpWgPMLU="}' '{"salt":"c24463f5e352da20cb79a43f97436cce57344911e1d0ec0008cbedb5fabcca33","password":"my secret pass"}' > /dev/null
-
-testzen passverify_pbkdf2 '{"output":["1"]}' '{"hash":"hUWpLrhAYoeWA/0uNjn32a/YNwQc8S1mAI0IpWgPMLU=","salt":"c24463f5e352da20cb79a43f97436cce57344911e1d0ec0008cbedb5fabcca33","password": "my secret pass"}' > /dev/null
-
gql64=`mktemp`
# example graphql with most allowed characters used
