aboutsummaryrefslogblamecommitdiffstats
path: root/src/main.rs
blob: 5dfb7b4c580ad370a455fe9a22d3130e7507a3cb (plain) (tree)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16















                                                                         
                     
                  
                                      
                      
                 




                                                       
               





















                                                                     


                                                             


                 







                                                                                     
                                 
     









                                                                                                  








                                                                



                                                         
 

                                        
 






                                                          
 











                                                                                                                        

 



                                       
           
                                                                    

                                               
 




                                                
                               
                          
 
                         






                                                     

                                                      


                                                                                     
                                   




                                                                       
         
     

                             
 
// checkpw - Check passwords against pwnedpasswords.com
// Copyright (C) 2018  Harald Eilertsen <haraldei@anduin.net>
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program.  If not, see <https://www.gnu.org/licenses/>.

extern crate reqwest;
extern crate ring;
use std::{env, thread, time, process};
use std::error::Error;
use ring::digest;

//
// Convert a slice of bytes into a string of hex values
//
fn to_hex(data: &[u8]) -> String {
    data.iter()
        .map(|b| format!("{:02X}", b))
        .collect()
}

#[test]
fn test_to_hex() {
    let input = [0x01, 0x00, 0xff, 0xaa, 0x10, 0x07];
    assert_eq!(to_hex(&input), "0100FFAA1007");
}

///
/// Split the digest into the range and rest parts for k-anonymity
///
fn to_k_anon(d: digest::Digest) -> (String, String) {
    let mut hash = to_hex(d.as_ref());
    let rest = hash.split_off(5);
    (hash, rest)
}

#[test]
fn test_k_anon() {
    let input = digest::digest(&digest::SHA1, "Passw0rd".as_bytes());
    let (range, rest) = to_k_anon(input);
    assert_eq!(&range, "EBFC7");
    assert_eq!(&rest, "910077770C8340F63CD2DCA2AC1F120444F");
}

struct Password {
    pub range: String,
    pub rest: String,
}

impl Password {
    pub fn new(pw: &str) -> Password {
        let (range, rest) = to_k_anon(digest::digest(&digest::SHA1, &pw.as_bytes()));

        Password { range, rest, }
    }

    pub fn is_pwned(&self, hashes: &str) -> usize {
        if let Some(pos) = hashes.find(&self.rest) {
            if let Some(res) = hashes[pos..].lines().take(1).collect::<Vec<_>>().pop() {
                return res.split(':').skip(1).collect::<Vec<_>>().pop().unwrap().parse().unwrap();
            }
        }

        0
    }
}

#[test]
fn test_creating_new_password() {
    let pw = Password::new("Passw0rd");
    assert_eq!(&pw.range, "EBFC7");
    assert_eq!(&pw.rest, "910077770C8340F63CD2DCA2AC1F120444F");
}

#[test]
fn test_matching_response_with_no_matches() {
    let pw = Password::new("Passw0rd");
    let hashes = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA:42";

    assert_eq!(0, pw.is_pwned(&hashes));
}

#[test]
fn test_matching_response_with_one_match() {
    let pw = Password::new("Passw0rd");
    let hashes = "910077770C8340F63CD2DCA2AC1F120444F:42";

    assert_eq!(42, pw.is_pwned(&hashes));
}

#[test]
fn test_matching_response_with_multiple_matches() {
    let pw = Password::new("Passw0rd");
    let hashes = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA:3\n910077770C8340F63CD2DCA2AC1F120444F:42\n00000000000000000000:1";

    assert_eq!(42, pw.is_pwned(&hashes));
}

fn check(pw: Password) -> Result<usize, reqwest::Error>{
    let uri = &format!("https://api.pwnedpasswords.com/range/{}", pw.range);
    let hashes = reqwest::get(uri)?.text()?;
    Ok(pw.is_pwned(&hashes))
}

fn print_usage() {
    println!("Usage: checkpw <pw>...");
}

fn main() {
    let (args, passwords) : (Vec<String>, Vec<String>) = env::args()
        .skip(1)
        .partition(|arg| arg.starts_with('-'));

    if args.is_empty() && passwords.is_empty() {
        print_usage();
        return;
    }

    let mut first_round = true;
    let mut pwn_count = 0;

    for pw in passwords {
        if first_round {
            first_round = false;
        }
        else {
            thread::sleep(time::Duration::new(1, 0));
        }

        match check(Password::new(&pw)) {
            Err(e) => println!("{}", e.description()),
            Ok(num) => {
                if num > 0 {
                    println!("Password is PWNED! It was found in {} breaches.", num);
                    pwn_count += 1;
                }
                else {
                    println!("Password was not found in any breaches");
                }
            }
        }
    }

    process::exit(pwn_count);
}