init

Author: yazatamorph

.github/workflows/test.yml

@@ -0,0 +1,23 @@
+name: test
+
+on:
+  push:
+    branches:
+      - master
+      - main
+  pull_request:
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: erlef/setup-beam@v1
+        with:
+          otp-version: "27.1.2"
+          gleam-version: "1.7.0"
+          rebar3-version: "3"
+          # elixir-version: "1"
+      - run: gleam deps download
+      - run: gleam test
+      - run: gleam format --check src test

.gitignore

@@ -0,0 +1,4 @@
+*.beam
+*.ez
+/build
+erl_crash.dump

README.md

@@ -0,0 +1,28 @@
+# pbkdf2
+
+[![Package Version](https://img.shields.io/hexpm/v/pbkdf2)](https://hex.pm/packages/pbkdf2)
+[![Hex Docs](https://img.shields.io/badge/hex-docs-ffaff3)](https://hexdocs.pm/pbkdf2/)
+
+A Gleam implementation of PBKDF2 (Password-Based Key Derivation Function 2) for Erlang.
+
+Currently a work in progress!
+
+```sh
+gleam add pbkdf2@1
+```
+```gleam
+import pbkdf2
+
+pub fn main() {
+  // TODO: An example of the project in use
+}
+```
+
+Further documentation can be found at <https://hexdocs.pm/pbkdf2>.
+
+## Development
+
+```sh
+gleam run   # Run the project
+gleam test  # Run the tests
+```

gleam.toml

@@ -0,0 +1,20 @@
+name = "pbkdf2"
+version = "1.0.0"
+
+# Fill out these fields if you intend to generate HTML documentation or publish
+# your project to the Hex package manager.
+#
+# description = ""
+# licences = ["Apache-2.0"]
+# repository = { type = "github", user = "", repo = "" }
+# links = [{ title = "Website", href = "" }]
+#
+# For a full reference of all the available options, you can have a look at
+# https://gleam.run/writing-gleam/gleam-toml/.
+
+[dependencies]
+gleam_stdlib = ">= 0.44.0 and < 2.0.0"
+gleam_crypto = ">= 1.4.0 and < 2.0.0"
+
+[dev-dependencies]
+gleeunit = ">= 1.0.0 and < 2.0.0"

manifest.toml

@@ -0,0 +1,13 @@
+# This file was generated by Gleam
+# You typically do not need to edit this file
+
+packages = [
+  { name = "gleam_crypto", version = "1.4.0", build_tools = ["gleam"], requirements = ["gleam_stdlib"], otp_app = "gleam_crypto", source = "hex", outer_checksum = "8AE56026B3E05EBB1F076778478A762E9EB62B31AEEB4285755452F397029D22" },
+  { name = "gleam_stdlib", version = "0.54.0", build_tools = ["gleam"], requirements = [], otp_app = "gleam_stdlib", source = "hex", outer_checksum = "723BA61A2BAE8D67406E59DD88CEA1B3C3F266FC8D70F64BE9FEC81B4505B927" },
+  { name = "gleeunit", version = "1.3.0", build_tools = ["gleam"], requirements = ["gleam_stdlib"], otp_app = "gleeunit", source = "hex", outer_checksum = "0E6C83834BA65EDCAAF4FE4FB94AC697D9262D83E6F58A750D63C9F6C8A9D9FF" },
+]
+
+[requirements]
+gleam_crypto = { version = ">= 1.4.0 and < 2.0.0" }
+gleam_stdlib = { version = ">= 0.44.0 and < 2.0.0" }
+gleeunit = { version = ">= 1.0.0 and < 2.0.0" }

src/extern.erl

@@ -0,0 +1,8 @@
+-module(extern).
+
+-export([get_salt/0]).
+
+get_salt() ->
+  <<Num:32/integer>> = crypto:strong_rand_bytes(4),
+  BytesNum = Num rem (1024 - 64) + 64,
+  crypto:strong_rand_bytes(BytesNum).

src/pbkdf2.gleam

@@ -0,0 +1,167 @@
+import gleam/bit_array
+import gleam/bytes_tree.{type BytesTree}
+import gleam/crypto.{type HashAlgorithm}
+import gleam/int
+import gleam/io
+
+pub type Pbkdf2Keys {
+  Pbkdf2Keys(raw: BitArray, base64: String)
+}
+
+pub fn main() {
+  io.println("Hello from pbkdf2!")
+  let hash = sha256("password")
+  io.debug(hash)
+}
+
+pub fn sha256(password: String, salt: BitArray) -> Pbkdf2Keys {
+  let raw = with_defaults(crypto.Sha256, password, salt, 600_000)
+  Pbkdf2Keys(raw, bit_array.base64_encode(raw, True))
+}
+
+pub fn hash(
+  alg: HashAlgorithm,
+  password: String,
+  salt: BitArray,
+  iterations: Int,
+  d_len: Int,
+) {
+  todo as "Should check alg is allowed and d_len not too long, then run compute_key as normal"
+}
+
+@external(erlang, "extern", "get_salt")
+pub fn get_salt() -> BitArray
+
+fn with_defaults(
+  alg: HashAlgorithm,
+  password: String,
+  salt: BitArray,
+  iterations: Int,
+) {
+  let prf = new_prf(alg)
+  let d_len = prf(<<"derived":utf8>>, <<"length":utf8>>) |> bit_array.byte_size
+
+  compute_key(
+    prf,
+    bit_array.from_string(password),
+    salt,
+    iterations,
+    d_len,
+    1,
+    bytes_tree.new(),
+  )
+}
+
+fn compute_key(
+  prf,
+  password: BitArray,
+  salt: BitArray,
+  iterations: Int,
+  d_len: Int,
+  block_idx: Int,
+  acc: BytesTree,
+) {
+  case bytes_tree.byte_size(acc) > d_len {
+    True -> {
+      let bit_len = d_len * 8
+      let assert <<key:bits-size(bit_len), _rest:bits>> =
+        bytes_tree.to_bit_array(acc)
+      key
+    }
+    False -> {
+      let block =
+        compute_block(
+          prf,
+          password,
+          salt,
+          iterations,
+          block_idx,
+          1,
+          bytes_tree.new(),
+          bytes_tree.new(),
+        )
+      compute_key(
+        prf,
+        password,
+        salt,
+        iterations,
+        d_len,
+        block_idx + 1,
+        bytes_tree.prepend_tree(to: acc, prefix: block),
+      )
+    }
+  }
+}
+
+fn compute_block(
+  prf,
+  password: BitArray,
+  salt: BitArray,
+  iterations: Int,
+  block_idx: Int,
+  count: Int,
+  prev: BytesTree,
+  acc: BytesTree,
+) {
+  case count {
+    count if count > iterations -> acc
+    1 -> {
+      let init =
+        prf(password, <<salt:bits, block_idx:int-big-size(32)>>)
+        |> bytes_tree.from_bit_array
+      compute_block(prf, password, salt, iterations, block_idx, 2, init, init)
+    }
+    _ -> {
+      let next =
+        prf(password, bytes_tree.to_bit_array(prev))
+        |> bytes_tree.from_bit_array
+      compute_block(
+        prf,
+        password,
+        salt,
+        iterations,
+        block_idx,
+        count + 1,
+        next,
+        xor(next, acc),
+      )
+    }
+  }
+}
+
+fn new_prf(alg: HashAlgorithm) {
+  fn(key: BitArray, data: BitArray) {
+    crypto.new_hasher(alg)
+    |> crypto.hash_chunk(key)
+    |> crypto.hash_chunk(data)
+    |> crypto.digest
+  }
+}
+
+fn max_key_length() -> Int {
+  int.bitwise_shift_left(1, 32) |> int.subtract(1)
+}
+
+fn d_len_too_long(hash_len: Int, d_len: Int) -> Bool {
+  let max_len =
+    max_key_length()
+    |> int.multiply(hash_len)
+  d_len > max_len
+}
+
+fn allowed_algorithm(alg: HashAlgorithm) -> Result(HashAlgorithm, String) {
+  case alg {
+    crypto.Md5 ->
+      Error(
+        "Insecure algorithm. Please select Sha224, Sha256, Sha384, or Sha512.",
+      )
+    crypto.Sha1 ->
+      Error(
+        "Insecure algorithm. Please select Sha224, Sha256, Sha384, or Sha512.",
+      )
+    _ -> Ok(alg)
+  }
+}
+
+@external(erlang, "crypto", "exor")
+fn xor(a: BytesTree, b: BytesTree) -> BytesTree

test/pbkdf2_test.gleam

@@ -0,0 +1,12 @@
+import gleeunit
+import gleeunit/should
+
+pub fn main() {
+  gleeunit.main()
+}
+
+// gleeunit test functions end in `_test`
+pub fn hello_world_test() {
+  1
+  |> should.equal(1)
+}