234
|
1
|
(defpackage :cry |
|
2
|
(:nicknames :cryptography) |
495
|
3
|
(:shadowing-import-from :ironclad :integer-to-octets :octets-to-integer :xor) |
374
|
4
|
(:use :cl :std :sb-thread :sb-concurrency #+crypto :ironclad :obj/db :obj/id) |
234
|
5
|
(:export :crypto-error :crypto-token-expired :crypto-token-invalid |
|
6
|
:crypto-key :token :crypto-token :password |
|
7
|
:*default-password-db* :*default-password-hasher* :*default-password-store* :*default-password-pepper* |
|
8
|
:password-db)) |
|
9
|
|
|
10
|
(defpackage :cry/hotp |
|
11
|
(:nicknames :hotp) |
239
|
12
|
(:use :cl :std :cry) |
|
13
|
(:export *digits* |
|
14
|
*hmac-sha-mode* |
|
15
|
hotp)) |
234
|
16
|
|
|
17
|
(defpackage :cry/totp |
|
18
|
(:nicknames :totp) |
239
|
19
|
(:use :cl :std :cry/hotp) |
|
20
|
(:export *time-zero* |
|
21
|
*time-step-in-seconds* |
|
22
|
totp)) |
234
|
23
|
|
|
24
|
(defpackage :cry/crc64 |
|
25
|
(:use :cl) |
|
26
|
(:export :+polynomial+ :+improved-polynomial+ |
|
27
|
:init-crc64 :crc64-stream |
|
28
|
:crc64-file :crc64-sequence)) |
495
|
29
|
|
|
30
|
(defpackage :cry/jwt |
|
31
|
(:use :cl :std :dat/json :dat/proto :cry) |
|
32
|
(:export)) |
|
33
|
|
|
34
|
(defpackage :cry/authinfo |
|
35
|
(:use :cl :std :cry) |
|
36
|
(:export)) |
|
37
|
|
234
|
38
|
(in-package :cry) |
|
39
|
|
|
40
|
(defvar *password-db* nil |
|
41
|
"The default password database.") |
|
42
|
(defvar *password-hasher* nil |
|
43
|
"The default password hasher.") |
|
44
|
(defvar *password-store* nil |
|
45
|
"The default password store.") |
|
46
|
(defvar *password-pepper* nil |
|
47
|
"The default pepper value for password hashing. Make sure you change this.") |
|
48
|
|
|
49
|
(defclass token (id) ()) |
|
50
|
|
|
51
|
(defun random-token () |
|
52
|
(let ((id (make-array 64 :element-type '(unsigned-byte 8) :fill-pointer 0))) |
|
53
|
(dotimes (i 64) |
|
54
|
(vector-push (random 128) id)) |
|
55
|
(make-instance 'token :id id))) |
|
56
|
|
|
57
|
(defgeneric token-bytes (self) |
|
58
|
(:method ((self token)) |
|
59
|
(id self))) |
|
60
|
|
|
61
|
(defgeneric token-string (self) |
|
62
|
(:method ((self token)) |
|
63
|
(sb-ext:octets-to-string (obj/id:id self)))) |
|
64
|
|
|
65
|
(defclass crypto-token (token) ()) |
|
66
|
(defclass crypto-key (id) ()) |
|
67
|
(defclass password () ()) |
|
68
|
(defclass password-db (database) ()) |
|
69
|
(defclass password-store () ()) |
239
|
70
|
|
|
71
|
;;; Proto |
234
|
72
|
(defgeneric register-user (user &key store password deadline) |
|
73
|
(:documentation "Register user identified by TOKEN in store specified by STORE. Returns |
|
74
|
the user object and an optionally a confirmation token.")) |
|
75
|
(defgeneric get-confirmation-token (user &key store duration) |
|
76
|
(:documentation "Create a new user confirmation token which must be |
|
77
|
validated within DURATION if non-nil. Register it for USER in STORE.")) |
|
78
|
(defgeneric confirm-registration (user confirmation &key store) |
|
79
|
(:documentation "Confirm USER using CONFIRMATION in STORE.")) |
|
80
|
(defgeneric user-pending-p (user &key store) |
|
81
|
(:documentation "Return non-nil if USER isn't pending confirmation, else nil.")) |
|
82
|
(defgeneric user-known-p (user &key store) |
|
83
|
(:documentation "Return non-nil if USER is known in STORE.")) |
|
84
|
(defgeneric authenticate-user (user password &key store) |
|
85
|
(:documentation "Check whether USER successfully authenticates with PASSWORD in STORE. If user had a reset-token pending, clear it upon success.")) |
|
86
|
(defgeneric get-reset-token (user &key store duration) |
|
87
|
(:documentation "Create a new reset token, register it for USER in STORE for DURATION.")) |
|
88
|
(defgeneric clear-reset-token (user &key store) |
|
89
|
(:documentation "Clear reset token of USER.")) |
|
90
|
(defgeneric reset-password (user reset new &key store) |
|
91
|
(:documentation "Reset password of USER in STORE to NEW, authenticating with RESET.")) |
|
92
|
(defgeneric delete-user (user &key store error-p) |
|
93
|
(:documentation "Delete user identified by USER in STORE. Signal an error if user can't be found and ERROR-P is non-nil.")) |