Support encoding and decoding with PHC string format specification

  - New Class : `PHCSF`
  - New Constant: `phcsf`
  - New Methods : `toPHCSF`, `fromPHCSF`

Author: dipu-bd

CHANGELOG.md

@@ -1,3 +1,10 @@
+# 2.2.0
+
+- Support encoding and decoding with [PHC string format specification](https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md)
+  - New Class : `PHCSF`
+  - New Constant: `phcsf`
+  - New Methods : `toPHCSF`, `fromPHCSF`
+
 # 2.1.1
 
 - Adds new alphabet to `Base64Codec`: [bcrypt](https://en.wikipedia.org/wiki/Bcrypt#base64_encoding_alphabet)

README.md

@@ -96,6 +96,17 @@ Available codecs:
 - **msbFirst**: treats the input bytes in big-endian order
 - **lsbFirst**: treats the input bytes in little-endian order
 
+### PHC String Format
+
+> Encoding and Decoding of Hash algorithm output according to the
+> [PHC string format specification](https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md).
+
+| Type     | Available              |
+| -------- | ---------------------- |
+| Class    | `PHCSF`                |
+| Constant | `phcsf`                |
+| Methods  | `toPHCSF`, `fromPHCSF` |
+
 ## Getting Started
 
 The following import will give you access to all of the algorithms in this package.

lib/src/codecs/phc_sf.dart

@@ -0,0 +1,225 @@
+// Copyright (c) 2023, Sudipto Chandra
+// All rights reserved. Check LICENSE file for details.
+
+import 'dart:convert';
+
+import 'package:hashlib_codecs/hashlib_codecs.dart';
+
+final _id = RegExp(r'^[a-z0-9-]+$');
+final _version = RegExp(r'^[0-9]+$');
+final _paramName = RegExp(r'^[a-z0-9-]+$');
+final _paramValue = RegExp(r'^[a-zA-Z0-9/+.-]+$');
+
+/// The PHC string format data
+class PHCSFData {
+  /// The symbolic name for the hash function.
+  ///
+  /// The identifier name must not exceed 32 characters in length and must be a
+  /// sequence of characters in: `[a-z0-9-]`.
+  ///
+  /// Good identifiers should be should be explicit (human readable, not a
+  /// single digit), with a length of about 5 to 10 characters.
+  final String id;
+
+  /// (Optional) The algorithm version.
+  ///
+  /// The value for the version must be a sequence of characters in: `[0-9]`.
+  ///
+  /// It recommended to use a default version.
+  final String? version;
+
+  /// (Optional) The salt bytes.
+  final List<int>? salt;
+
+  /// (Optional) The output hash bytes.
+  final List<int>? hash;
+
+  /// (Optional) The algorithm parameters.
+  ///
+  /// The parameter names must not exceed 32 characters in length and must be a
+  /// sequence of characters in: `[a-z0-9-]`.
+  ///
+  /// The parameter values must be a sequence of characters in
+  /// `[a-zA-Z0-9/+.-]`.
+  final Map<String, String>? params;
+
+  /// Creates an instance of [PHCSFData].
+  ///
+  /// Paramaters:
+  /// - [id] The identifier name, must not exceed 32 characters in length and
+  ///   must be a sequence of characters in: `[a-z0-9-]`.
+  /// - [version] (Optional) The value for the version must be a sequence of
+  ///   characters in: `[0-9]`.
+  /// - [params] (Optional) A map containing name, value pairs of algorithm
+  ///   parameters. The names must not exceed 32 characters in length and must
+  ///   be a sequence of characters in: `[a-z0-9-]`, the values must be a
+  ///   sequence of characters in: `[a-zA-Z0-9/+.-]`.
+  /// - [salt] (Optional) The salt bytes.
+  /// - [hash] (Optional) The output hash bytes.
+  const PHCSFData(
+    this.id, {
+    this.salt,
+    this.hash,
+    this.version,
+    this.params,
+  });
+
+  /// Validate the parameters
+  ///
+  /// Throws [ArgumentError] if something is wrong.
+  void validate() {
+    if (id.length > 32) {
+      throw ArgumentError('Exceeds 32 character limit', 'id');
+    }
+    if (!_id.hasMatch(id)) {
+      throw ArgumentError('Invalid character', 'id');
+    }
+    if (version != null && version!.isNotEmpty) {
+      if (!_version.hasMatch(version!)) {
+        throw ArgumentError('Invalid character', 'version');
+      }
+    }
+    if (params != null) {
+      for (final e in params!.entries) {
+        if (e.key.length > 32) {
+          throw ArgumentError('Exceeds 32 character limit', 'params:${e.key}');
+        }
+        if (!_paramName.hasMatch(e.key)) {
+          throw ArgumentError('Invalid character', 'params:${e.key}');
+        }
+        if (!_paramValue.hasMatch(e.value)) {
+          throw ArgumentError('Invalid character', 'params:${e.key}:value');
+        }
+      }
+    }
+  }
+}
+
+/// The encoder used by the [PHCSF] codec
+class PHCSFEncoder extends Converter<PHCSFData, String> {
+  const PHCSFEncoder();
+
+  @override
+  String convert(PHCSFData input) {
+    input.validate();
+    String result = '\$${input.id}';
+    if (input.version != null && input.version!.isNotEmpty) {
+      result += '\$v=${input.version!}';
+    }
+    if (input.params != null && input.params!.isNotEmpty) {
+      result += '\$';
+      result += input.params!.entries
+          .map((entry) => '${entry.key}=${entry.value}')
+          .join(',');
+    }
+    if (input.salt != null && input.salt!.isNotEmpty) {
+      result += '\$';
+      result += toBase64(input.salt!, padding: false);
+    }
+    if (input.hash != null && input.hash!.isNotEmpty) {
+      result += '\$';
+      result += toBase64(input.hash!, padding: false);
+    }
+    return result;
+  }
+}
+
+/// The decoder used by the [PHCSF] codec
+class PHCSFDecoder extends Converter<String, PHCSFData> {
+  const PHCSFDecoder();
+
+  @override
+  PHCSFData convert(String input) {
+    String id;
+    String? version;
+    List<int>? salt, hash;
+    Map<String, String>? params;
+    String name, value;
+
+    Iterable<String> parts = input.split('\$');
+
+    if (parts.isEmpty) {
+      throw FormatException('Empty string');
+    }
+    parts = parts.skip(1);
+
+    if (parts.isEmpty) {
+      throw FormatException('Invalid PHC string format');
+    }
+    id = parts.first;
+
+    if (!_id.hasMatch(id) || id.length > 32) {
+      throw FormatException('Invalid identifier name');
+    }
+    parts = parts.skip(1);
+
+    if (parts.isNotEmpty && parts.first.startsWith('v=')) {
+      version = parts.first.substring(2);
+      if (!_version.hasMatch(version)) {
+        throw FormatException('Invalid version');
+      }
+      parts = parts.skip(1);
+    }
+
+    if (parts.isNotEmpty && parts.first.contains('=')) {
+      params = {};
+      for (final kv in parts.first.split(',')) {
+        var pair = kv.split('=');
+        if (pair.length != 2) {
+          throw FormatException('Invalid param format: $kv');
+        }
+        name = pair[0];
+        value = pair[1];
+        if (name.length > 32 || !_paramName.hasMatch(name)) {
+          throw FormatException('Invalid param name: $name');
+        }
+        if (!_paramValue.hasMatch(value)) {
+          throw FormatException('Invalid value for param $name: $value');
+        }
+        params[name] = value;
+      }
+      parts = parts.skip(1);
+    }
+
+    if (parts.isNotEmpty) {
+      salt = fromBase64(parts.first, padding: false);
+      parts = parts.skip(1);
+    }
+
+    if (parts.isNotEmpty) {
+      hash = fromBase64(parts.first, padding: false);
+      parts = parts.skip(1);
+    }
+
+    if (parts.isNotEmpty) {
+      throw FormatException('Invalid PHC string format');
+    }
+
+    return PHCSFData(
+      id,
+      version: version,
+      salt: salt,
+      hash: hash,
+      params: params,
+    );
+  }
+}
+
+/// _PHC string format_ is a standardized way to represent password hashes
+/// generated by the competing password hashing algorithms. This format is
+/// designed to ensure consistency and interoperability between different
+/// password hashing implementations.
+///
+/// The string format specifiction:
+/// ```
+/// $<id>[$v=<version>][$<param>=<value>(,<param>=<value>)*][$<salt>[$<hash>]]
+/// ```
+class PHCSF extends Codec<PHCSFData, String> {
+  const PHCSF();
+
+  @override
+  final encoder = const PHCSFEncoder();
+
+  @override
+  final decoder = const PHCSFDecoder();
+}

lib/src/codecs_base.dart

@@ -7,6 +7,7 @@ export 'base32.dart';
 export 'base64.dart';
 export 'base8.dart';
 export 'bigint.dart';
+export 'phc_sf.dart';
 export 'codecs/base16.dart';
 export 'codecs/base2.dart';
 export 'codecs/base32.dart';

lib/src/phc_sf.dart

@@ -0,0 +1,20 @@
+// Copyright (c) 2023, Sudipto Chandra
+// All rights reserved. Check LICENSE file for details.
+
+import 'codecs/phc_sf.dart';
+
+export 'codecs/phc_sf.dart';
+
+/// An instance of [PHCSF] for encoding and decoding hash algorithm output with
+/// [PHC string format](https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md)
+const phcsf = PHCSF();
+
+/// Encodes a hash algorithm output to string following PHC string format.
+String toPHCSF(PHCSFData input) {
+  return phcsf.encoder.convert(input);
+}
+
+/// Decodes a string to an hash algorithm config following PHC string format.
+PHCSFData fromPHCSF(String input) {
+  return phcsf.decoder.convert(input);
+}

pubspec.yaml

@@ -1,7 +1,7 @@
 name: hashlib_codecs
 description: Fast and error resilient codecs. Currently supporting Binary(Base2), Hexadecimal(Base16), Base32, Base64, BigInt.
 homepage: https://github.com/bitanon/hashlib_codecs
-version: 2.1.1
+version: 2.2.0
 
 environment:
   sdk: '>=2.14.0 <4.0.0'

test/base64_test.dart

@@ -139,6 +139,19 @@ void main() {
         }
       });
     });
+    test("decoding with PHC string format B64 (16 bytes)", () {
+      var inp = "gZiV/M1gPc22ElAH/Jh1Hw";
+      var out = fromBase64(inp, padding: false);
+      var res = toBase64(out, padding: false);
+      expect(res, inp);
+      // String "CWOrkoo7oJBQ/iyh7uJ0LO2aLEfrHwTWllSAxT0zRno"
+    });
+    test("decoding with PHC string format B64 (32 bytes)", () {
+      var inp = "CWOrkoo7oJBQ/iyh7uJ0LO2aLEfrHwTWllSAxT0zRno";
+      var out = fromBase64(inp, padding: false);
+      var res = toBase64(out, padding: false);
+      expect(res, inp);
+    });
     group('decoding with invalid length', () {
       test('H', () {
         expect(() => fromBase64("H"), throwsFormatException);

test/phc_sf_test.dart

@@ -0,0 +1,78 @@
+// Copyright (c) 2023, Sudipto Chandra
+// All rights reserved. Check LICENSE file for details.
+
+import 'package:hashlib_codecs/hashlib_codecs.dart';
+import 'package:test/test.dart';
+
+void main() {
+  group('Test PHC String Format', () {
+    test('full format', () {
+      var v =
+          r"$argon2id$v=19$m=65536,t=2,p=1$gZiV/M1gPc22ElAH/Jh1Hw$CWOrkoo7oJBQ/iyh7uJ0LO2aLEfrHwTWllSAxT0zRno";
+      expect(toPHCSF(fromPHCSF(v)), equals(v));
+    });
+    test('without version', () {
+      var v =
+          r"$argon2id$m=65536,t=2,p=1$gZiV/M1gPc22ElAH/Jh1Hw$CWOrkoo7oJBQ/iyh7uJ0LO2aLEfrHwTWllSAxT0zRno";
+      expect(toPHCSF(fromPHCSF(v)), equals(v));
+    });
+    test('without params', () {
+      var v =
+          r"$argon2id$v=19$gZiV/M1gPc22ElAH/Jh1Hw$CWOrkoo7oJBQ/iyh7uJ0LO2aLEfrHwTWllSAxT0zRno";
+      expect(toPHCSF(fromPHCSF(v)), equals(v));
+    });
+    test('without hash', () {
+      String v = r"$argon2id$v=19$m=65536,t=2,p=1$gZiV/M1gPc22ElAH/Jh1Hw";
+      expect(toPHCSF(fromPHCSF(v)), equals(v));
+    });
+    test('without salt and hash', () {
+      String v = r"$argon2id$v=19$m=65536,t=2,p=1";
+      expect(toPHCSF(fromPHCSF(v)), equals(v));
+    });
+    test('without version and params', () {
+      var v =
+          r"$argon2id$gZiV/M1gPc22ElAH/Jh1Hw$CWOrkoo7oJBQ/iyh7uJ0LO2aLEfrHwTWllSAxT0zRno";
+      expect(toPHCSF(fromPHCSF(v)), equals(v));
+    });
+    test('without version, params and hash', () {
+      var v = r"$argon2id$gZiV/M1gPc22ElAH/Jh1Hw";
+      expect(toPHCSF(fromPHCSF(v)), equals(v));
+    });
+    test('without version, params, salt and hash', () {
+      var v = r"$argon2id";
+      expect(toPHCSF(fromPHCSF(v)), equals(v));
+    });
+    test('without params, salt and hash', () {
+      var v = r"$argon2id$v=19";
+      expect(toPHCSF(fromPHCSF(v)), equals(v));
+    });
+    test('empty string', () {
+      var v = r"";
+      expect(() => toPHCSF(fromPHCSF(v)), throwsFormatException);
+    });
+    test('empty string with a single dollar sign', () {
+      var v = r"$";
+      expect(() => toPHCSF(fromPHCSF(v)), throwsFormatException);
+    });
+    test('without id', () {
+      var v = r"$v=19";
+      expect(() => toPHCSF(fromPHCSF(v)), throwsFormatException);
+    });
+    test('invalid version', () {
+      var v = r"$argon2id$v=invalid";
+      expect(() => toPHCSF(fromPHCSF(v)), throwsFormatException);
+    });
+    test('invalid parameter name', () {
+      var v = r"$argon2id$_m=65536,t=2,p=1";
+      expect(() => toPHCSF(fromPHCSF(v)), throwsFormatException);
+    });
+    test('invalid parameter value', () {
+      var v = r"$argon2id$m=*65536,t=2,p=1";
+      expect(() => toPHCSF(fromPHCSF(v)), throwsFormatException);
+    });
+    test('invalid id', () {
+      var v = r"$argo*n2id$v=19";
+      expect(() => toPHCSF(fromPHCSF(v)), throwsFormatException);
+    });
+  });
+}