feat: add native scrypt password hashing

This commit is contained in:
udo 2026-07-13 19:35:38 +00:00
parent a288b539c6
commit 4414972079
11 changed files with 196 additions and 3 deletions

View File

@ -32,7 +32,7 @@ On Debian/Ubuntu-like systems, install the distro packages first:
```bash
apt update
apt install -y clang build-essential libpcre2-dev mariadb-client libmariadb-dev curl rsync ca-certificates
apt install -y clang build-essential libpcre2-dev libssl-dev mariadb-client libmariadb-dev curl rsync ca-certificates
```
UCE also requires two non-vendored dependencies. WASI SDK is load-bearing at runtime because UCE compiles units on demand during requests and during proactive startup scans. The `curl` binary is also a pinned runtime package dependency: `http_request()` and `http_request_async()` execute it directly with an explicit argument vector for TLS-capable outbound HTTP.
@ -621,6 +621,22 @@ sock.close()
PY
```
## Password hashing
Use the native password API for application credentials:
```cpp
String encoded = password_hash(password);
if(encoded == "")
// fail the write; native hashing did not complete
bool valid = password_verify(candidate, encoded);
if(valid && password_needs_rehash(encoded))
encoded = password_hash(candidate);
```
`password_hash()` returns a self-contained `$uce$scrypt$...` encoding with a random 16-byte salt and the bounded scrypt parameters `N=65536`, `r=8`, `p=1`. `password_verify()` accepts only structurally valid encodings with bounded cost parameters and compares the derived key in constant time. `password_needs_rehash()` reports malformed, legacy, or non-current parameters so applications can upgrade a credential after a successful legacy verification. Treat an empty hash as an operational failure and never store it. Application-level password length policy, rate limiting, and legacy-format verification remain the application's responsibility.
## Operational footguns
- Keep the FastCGI socket path consistent: `FCGI_SOCKET_PATH` and the web-server `fastcgi_pass` must match exactly. The reference config uses `/run/uce/fastcgi.sock`; if you choose `/run/uce.sock`, use it in both places.

View File

@ -21,7 +21,7 @@ WASMTIME_HOME=${WASMTIME_HOME:-/opt/wasmtime}
WASM_FLAGS="-I$WASMTIME_HOME/include"
WASM_LIBS="-L$WASMTIME_HOME/lib -Wl,-rpath,$WASMTIME_HOME/lib -lwasmtime"
LIBS="-ldl -lm -lpthread -lpcre2-8 `mysql_config --cflags --libs` $WASM_LIBS"
LIBS="-ldl -lm -lpthread -lpcre2-8 -lcrypto `mysql_config --cflags --libs` $WASM_LIBS"
SRCFLAGS="-D EXEC_NAME=\"$GF\" -D PLATFORM_NAME=\"linux\""
# The runtime is split into separately-compiled objects so an edit to one

View File

@ -52,4 +52,5 @@ curl -sS --fail-with-body --unix-socket "$socket_path" "$url"
if [[ "$action" == "run" ]]; then
scripts/test_dependency_invalidation.sh
scripts/test_cold_component_deadline.sh
scripts/test_password_hashing.sh
fi

View File

@ -0,0 +1,37 @@
#!/usr/bin/env bash
set -euo pipefail
cd "$(dirname "$0")/.."
test_name="password-hash-test-$$"
site_directory="${UCE_TEST_SITE_DIRECTORY:-site}"
source_dir="$site_directory/$test_name"
bin_directory="${BIN_DIRECTORY:-}"
if [[ -z "$bin_directory" && -r /etc/uce/settings.cfg ]]; then
bin_directory=$(awk -F= '/^[[:space:]]*BIN_DIRECTORY[[:space:]]*=/ {gsub(/^[[:space:]]+|[[:space:]]+$/, "", $2); print $2; exit}' /etc/uce/settings.cfg)
fi
bin_directory="${bin_directory:-/tmp/uce/work}"
cache_dir=""
cleanup() {
rm -rf "$source_dir"
if [[ -n "$cache_dir" ]]; then
rm -rf "$cache_dir"
fi
}
trap cleanup EXIT
mkdir -p "$source_dir"
cache_dir="$bin_directory$(realpath "$source_dir")"
printf '%s\n' \
'CLI(Request& context) {' \
' String encoded = password_hash("correct horse battery staple");' \
' print(encoded, "\n", password_verify("correct horse battery staple", encoded) ? "valid" : "invalid", "\n", password_verify("wrong password", encoded) ? "wrong-valid" : "wrong-rejected", "\n", password_needs_rehash(encoded) ? "rehash" : "current", "\n", password_verify("password", "$uce$scrypt$999999999$8$1$00$00") ? "malformed-valid" : "malformed-rejected");' \
'}' >"$source_dir/test.uce"
output=$(scripts/uce-cli "/$test_name/test.uce")
if [[ "$output" != *'$uce$scrypt$65536$8$1$'* || "$output" != *$'\nvalid\nwrong-rejected\ncurrent\nmalformed-rejected'* ]]; then
echo "native password hashing failed: $output" >&2
exit 1
fi
echo "password hashing passed"

View File

@ -163,6 +163,8 @@ RENDER(Request& context)
String crypto_b64 = base64_encode("hello");
String crypto_b64_dec = base64_decode(crypto_b64);
check("sha256() / hmac_sha256() / base64 / random_bytes() / crypto_equal()", sha256_hex("abc") == "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad" && hmac_sha256_hex("key", "The quick brown fox jumps over the lazy dog") == "f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8" && crypto_b64 == "aGVsbG8=" && crypto_b64_dec == "hello" && crypto_random.length() == 16 && crypto_equal("same", "same") && !crypto_equal("same", "diff"), crypto_b64 + " / " + sha256_hex("abc"));
String password_encoded = password_hash("correct horse battery staple");
check("password_hash() / password_verify() / password_needs_rehash()", contains(password_encoded, "$uce$scrypt$65536$8$1$") && password_verify("correct horse battery staple", password_encoded) && !password_verify("wrong password", password_encoded) && !password_needs_rehash(password_encoded) && password_needs_rehash("malformed") && !password_verify("correct horse battery staple", "$uce$scrypt$999999999$8$1$00$00"), password_encoded);
StringList escaped_keys = memcache_escape_keys({"a b", "line\nkey"});
check("memcache_escape_key() / memcache_escape_keys()", memcache_escape_key("a b") == "a_b" && escaped_keys.size() == 2 && !contains(escaped_keys[1], "\n"), join(escaped_keys, ","));
@ -170,4 +172,4 @@ RENDER(Request& context)
site_tests_summary(passed, failed, skipped, "This page limits writes to /tmp/uce-site-tests-io.txt so it stays disposable.");
site_tests_page_end();
}
}

View File

@ -421,3 +421,108 @@ bool crypto_equal_native(String a, String b)
for(size_t i=0; i<n; i++) { u8 ca = i<a.size() ? (u8)a[i] : 0; u8 cb = i<b.size() ? (u8)b[i] : 0; diff |= ca ^ cb; }
return(diff == 0);
}
#ifndef __UCE_WASM_CORE__
#include <openssl/evp.h>
#include <openssl/rand.h>
namespace {
const u64 UCE_PASSWORD_SCRYPT_N = 65536;
const u64 UCE_PASSWORD_SCRYPT_R = 8;
const u64 UCE_PASSWORD_SCRYPT_P = 1;
String uce_hex_encode(const unsigned char* bytes, size_t size)
{
String encoded;
encoded.reserve(size * 2);
for(size_t i = 0; i < size; i++)
encoded += to_hex(bytes[i], 2);
return(to_lower(encoded));
}
bool uce_hex_decode(String encoded, String& decoded)
{
if(encoded.size() % 2 != 0)
return(false);
decoded.clear();
decoded.reserve(encoded.size() / 2);
for(size_t i = 0; i < encoded.size(); i += 2)
{
u8 value = 0;
for(size_t j = 0; j < 2; j++)
{
char c = encoded[i + j];
u8 digit = c >= '0' && c <= '9' ? (u8)(c - '0') : c >= 'a' && c <= 'f' ? (u8)(c - 'a' + 10) : c >= 'A' && c <= 'F' ? (u8)(c - 'A' + 10) : 255;
if(digit == 255)
return(false);
value = (u8)((value << 4) | digit);
}
decoded.push_back((char)value);
}
return(true);
}
bool uce_decimal_u64(String value, u64& parsed)
{
if(value == "")
return(false);
parsed = 0;
for(char c : value)
{
if(c < '0' || c > '9' || parsed > (UINT64_MAX - (u64)(c - '0')) / 10)
return(false);
parsed = parsed * 10 + (u64)(c - '0');
}
return(true);
}
bool uce_password_parts(String encoded, u64& n, u64& r, u64& p, String& salt, String& digest)
{
const String prefix = "$uce$scrypt$";
if(encoded.size() <= prefix.size() || encoded.substr(0, prefix.size()) != prefix)
return(false);
auto parts = split(encoded.substr(prefix.size()), "$");
if(parts.size() != 5 || !uce_decimal_u64(parts[0], n) || !uce_decimal_u64(parts[1], r) || !uce_decimal_u64(parts[2], p))
return(false);
if(n < 16384 || n > UCE_PASSWORD_SCRYPT_N || (n & (n - 1)) != 0 || r < 1 || r > UCE_PASSWORD_SCRYPT_R || p != UCE_PASSWORD_SCRYPT_P || n * r > UCE_PASSWORD_SCRYPT_N * UCE_PASSWORD_SCRYPT_R)
return(false);
return(uce_hex_decode(parts[3], salt) && salt.size() == 16 && uce_hex_decode(parts[4], digest) && digest.size() == 32);
}
bool uce_password_derive(String password, String salt, u64 n, u64 r, u64 p, unsigned char* output)
{
if(password.size() > 1024 * 1024)
return(false);
u64 max_memory = 128 * n * r + 2 * 1024 * 1024;
return(EVP_PBE_scrypt(password.data(), password.size(), (const unsigned char*)salt.data(), salt.size(), n, r, p, max_memory, output, 32) == 1);
}
}
String password_hash_native(String password)
{
unsigned char salt[16];
unsigned char digest[32];
if(RAND_bytes(salt, sizeof(salt)) != 1 || !uce_password_derive(password, String((const char*)salt, sizeof(salt)), UCE_PASSWORD_SCRYPT_N, UCE_PASSWORD_SCRYPT_R, UCE_PASSWORD_SCRYPT_P, digest))
return("");
return("$uce$scrypt$" + std::to_string(UCE_PASSWORD_SCRYPT_N) + "$" + std::to_string(UCE_PASSWORD_SCRYPT_R) + "$" + std::to_string(UCE_PASSWORD_SCRYPT_P) + "$" + uce_hex_encode(salt, sizeof(salt)) + "$" + uce_hex_encode(digest, sizeof(digest)));
}
bool password_verify_native(String password, String encoded)
{
u64 n = 0, r = 0, p = 0;
String salt, expected;
if(!uce_password_parts(encoded, n, r, p, salt, expected))
return(false);
unsigned char digest[32];
if(!uce_password_derive(password, salt, n, r, p, digest))
return(false);
return(crypto_equal_native(String((const char*)digest, sizeof(digest)), expected));
}
bool password_needs_rehash_native(String encoded)
{
u64 n = 0, r = 0, p = 0;
String salt, digest;
return(!uce_password_parts(encoded, n, r, p, salt, digest) || n != UCE_PASSWORD_SCRYPT_N || r != UCE_PASSWORD_SCRYPT_R || p != UCE_PASSWORD_SCRYPT_P);
}
#endif

View File

@ -24,6 +24,9 @@ String sha256_hex_native(String data);
String hmac_sha256_native(String key, String data);
String hmac_sha256_hex_native(String key, String data);
bool crypto_equal_native(String a, String b);
String password_hash_native(String password);
bool password_verify_native(String password, String encoded);
bool password_needs_rehash_native(String encoded);
String sha256(String data);
String sha256_hex(String data);
String hmac_sha256(String key, String data);

View File

@ -61,6 +61,9 @@ size_t uce_host_hmac_sha256_hex(const char* key, size_t key_len, const char* dat
size_t uce_host_base64_encode(const char* data, size_t data_len, char* out, size_t cap);
size_t uce_host_base64_decode(const char* data, size_t data_len, char* out, size_t cap);
int uce_host_crypto_equal(const char* a, size_t a_len, const char* b, size_t b_len);
size_t uce_host_password_hash(const char* password, size_t password_len, char* out, size_t cap);
int uce_host_password_verify(const char* password, size_t password_len, const char* encoded, size_t encoded_len);
int uce_host_password_needs_rehash(const char* encoded, size_t encoded_len);
size_t uce_host_http_request(const char* in, size_t in_len, char* out, size_t cap);
uint64_t uce_host_http_request_async(const char* in, size_t in_len);
size_t uce_host_shell_exec_dv(const char* in, size_t in_len, char* out, size_t cap);
@ -270,6 +273,17 @@ String hmac_sha256_hex(String key, String data)
size_t required = uce_host_hmac_sha256_hex(key.data(), key.size(), data.data(), data.size(), 0, 0);
String out(required, 0); size_t got = required ? uce_host_hmac_sha256_hex(key.data(), key.size(), data.data(), data.size(), &out[0], required) : 0; out.resize(got <= required ? got : 0); return(out);
}
String password_hash(String password)
{
String encoded(256, 0);
size_t got = uce_host_password_hash(password.data(), password.size(), &encoded[0], encoded.size());
if(got > encoded.size())
return("");
encoded.resize(got);
return(encoded);
}
bool password_verify(String password, String encoded) { return(uce_host_password_verify(password.data(), password.size(), encoded.data(), encoded.size()) != 0); }
bool password_needs_rehash(String encoded) { return(uce_host_password_needs_rehash(encoded.data(), encoded.size()) != 0); }
String base64_decode(String raw) { return(wasm_string_hostcall_1(uce_host_base64_decode, raw)); }
String random_bytes(u64 n)
{
@ -714,6 +728,9 @@ String hmac_sha256_hex(String key, String data) { return(hmac_sha256_hex_native(
String base64_decode(String raw) { bool ok=false; return(::base64_decode(raw, ok)); }
String random_bytes(u64 n) { if(n > 1024*1024) n = 1024*1024; String out(n, 0); int fd=open("/dev/urandom", O_RDONLY); if(fd<0) return(""); size_t off=0; while(off<n) { ssize_t got=read(fd, &out[off], n-off); if(got<0 && errno==EINTR) continue; if(got<=0) break; off += (size_t)got; } close(fd); out.resize(off); return(out); }
bool crypto_equal(String a, String b) { return(crypto_equal_native(a, b)); }
String password_hash(String password) { return(password_hash_native(password)); }
bool password_verify(String password, String encoded) { return(password_verify_native(password, encoded)); }
bool password_needs_rehash(String encoded) { return(password_needs_rehash_native(encoded)); }
// Single definitions for the native split build (declared extern in sys.h).
pid_t parent_pid = 0;

View File

@ -43,6 +43,9 @@ String hmac_sha256_hex(String key, String data);
String base64_decode(String raw);
String random_bytes(u64 n);
bool crypto_equal(String a, String b);
String password_hash(String password);
bool password_verify(String password, String encoded);
bool password_needs_rehash(String encoded);
String shell_escape(String raw);
String basename(String fn);
String dirname(String fn);

View File

@ -10,6 +10,9 @@ uce_host_hmac_sha256_hex
uce_host_base64_encode
uce_host_base64_decode
uce_host_crypto_equal
uce_host_password_hash
uce_host_password_verify
uce_host_password_needs_rehash
uce_host_task_spawn
uce_host_task_pid
uce_host_task_kill

View File

@ -1767,6 +1767,12 @@ private:
return(add([self](Caller, Span<const Val> args, Span<Val> results) -> Result<std::monostate, Trap> { String in; self->hostcall_read(args[0].i32(), args[1].i32(), in); bool ok=false; String out=base64_decode(in, ok); if(!ok) out=""; u32 cap=(u32)args[3].i32(); int32_t buf=args[2].i32(); if(buf&&cap>=out.size()) self->hostcall_write(buf,out); results[0]=Val((int32_t)out.size()); return(std::monostate()); }));
if(mod == "env" && name == "uce_host_crypto_equal")
return(add([self](Caller, Span<const Val> args, Span<Val> results) -> Result<std::monostate, Trap> { String a,b; self->hostcall_read(args[0].i32(), args[1].i32(), a); self->hostcall_read(args[2].i32(), args[3].i32(), b); results[0]=Val((int32_t)(crypto_equal_native(a,b)?1:0)); return(std::monostate()); }));
if(mod == "env" && name == "uce_host_password_hash")
return(add([self](Caller caller, Span<const Val> args, Span<Val> results) -> Result<std::monostate, Trap> { String password; self->hostcall_read(args[0].i32(), args[1].i32(), password); String out=password_hash_native(password); u32 cap=(u32)args[3].i32(); int32_t buf=args[2].i32(); if(buf&&cap>=out.size()) self->hostcall_write(buf,out); caller.context().set_epoch_deadline(self->worker.cfg.epoch_deadline_ticks); results[0]=Val((int32_t)out.size()); return(std::monostate()); }));
if(mod == "env" && name == "uce_host_password_verify")
return(add([self](Caller caller, Span<const Val> args, Span<Val> results) -> Result<std::monostate, Trap> { String password,encoded; self->hostcall_read(args[0].i32(), args[1].i32(), password); self->hostcall_read(args[2].i32(), args[3].i32(), encoded); bool valid=password_verify_native(password,encoded); caller.context().set_epoch_deadline(self->worker.cfg.epoch_deadline_ticks); results[0]=Val((int32_t)(valid?1:0)); return(std::monostate()); }));
if(mod == "env" && name == "uce_host_password_needs_rehash")
return(add([self](Caller, Span<const Val> args, Span<Val> results) -> Result<std::monostate, Trap> { String encoded; self->hostcall_read(args[0].i32(), args[1].i32(), encoded); results[0]=Val((int32_t)(password_needs_rehash_native(encoded)?1:0)); return(std::monostate()); }));
if(mod == "env" && name == "uce_host_log")
return(add([self](Caller, Span<const Val> args, Span<Val>) -> Result<std::monostate, Trap> {
String text;