// checkpw - Check passwords against pwnedpasswords.com // Copyright (C) 2018 Harald Eilertsen // // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of the GNU General Public License // along with this program. If not, see . extern crate reqwest; extern crate ring; use std::env; use std::error::Error; use ring::digest; // // Convert a slice of bytes into a string of hex values // fn to_hex(data: &[u8]) -> String { data.into_iter() .map(|b| format!("{:02X}", b)) .collect() } #[test] fn test_to_hex() { let input = [0x01, 0x00, 0xff, 0xaa, 0x10, 0x07]; assert_eq!(to_hex(&input), "0100FFAA1007"); } /// /// Split the digest into the range and rest parts for k-anonymity /// fn to_k_anon(d: digest::Digest) -> (String, String) { let mut hash = to_hex(d.as_ref()); let rest = hash.split_off(5); (hash, rest) } #[test] fn test_k_anon() { let input = digest::digest(&digest::SHA1, "Passw0rd".as_bytes()); let res = to_k_anon(input); assert_eq!(res, (String::from("EBFC7"), String::from("910077770C8340F63CD2DCA2AC1F120444F"))); } struct Password { pw: String, pub range: String, pub rest: String, } impl Password { pub fn new(pw: &str) -> Password { let (range, rest) = to_k_anon(digest::digest(&digest::SHA1, &pw.as_bytes())); Password { pw: String::from(pw), range: range, rest: rest, } } pub fn is_pwned(&self, hashes: &str) -> usize { if let Some(pos) = hashes.find(&self.rest) { if let Some(res) = hashes[pos..].lines().take(1).collect::>().pop() { return res.split(':').skip(1).collect::>().pop().unwrap().parse().unwrap(); } } 0 } } #[test] fn test_creating_new_password() { let pw = Password::new("Passw0rd"); assert_eq!(&pw.range, "EBFC7"); assert_eq!(&pw.rest, "910077770C8340F63CD2DCA2AC1F120444F"); } #[test] fn test_matching_response_with_no_matches() { let pw = Password::new("Passw0rd"); let hashes = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA:42"; assert_eq!(0, pw.is_pwned(&hashes)); } #[test] fn test_matching_response_with_one_match() { let pw = Password::new("Passw0rd"); let hashes = "910077770C8340F63CD2DCA2AC1F120444F:42"; assert_eq!(42, pw.is_pwned(&hashes)); } #[test] fn test_matching_response_with_multiple_matches() { let pw = Password::new("Passw0rd"); let hashes = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA:3\n910077770C8340F63CD2DCA2AC1F120444F:42\n00000000000000000000:1"; assert_eq!(42, pw.is_pwned(&hashes)); } fn check(pw: Password) -> Result{ let uri = &format!("https://api.pwnedpasswords.com/range/{}", pw.range); let hashes = reqwest::get(uri)?.text()?; Ok(pw.is_pwned(&hashes)) } fn print_usage() { println!("Usage: checkpw ..."); } fn main() { let (args, passwords) : (Vec, Vec) = env::args() .skip(1) .partition(|arg| arg.starts_with('-')); if args.is_empty() && passwords.is_empty() { print_usage(); return; } for pw in passwords { match check(Password::new(&pw)) { Err(e) => println!("{}", e.description()), Ok(num) => { if num > 0 { println!("Password is PWNED! It was found in {} breaches.", num); } else { println!("Password was not found in any breaches"); } } } } }