From 86bfd37b7063327a412de2dd3f8071a9da229c68 Mon Sep 17 00:00:00 2001 From: Valentin Tolmer Date: Tue, 8 Jun 2021 23:24:33 +0200 Subject: [PATCH] Opaque: use argon2 as slow hash --- Cargo.lock | 3 +++ app/Cargo.lock | 38 ++++++++++++++++++++++++++++++++++++++ model/Cargo.lock | 38 ++++++++++++++++++++++++++++++++++++++ model/Cargo.toml | 3 +++ model/src/opaque.rs | 33 ++++++++++++++++++++++++++++++++- 5 files changed, 114 insertions(+), 1 deletion(-) diff --git a/Cargo.lock b/Cargo.lock index cde7a43..0a284e5 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1287,9 +1287,12 @@ version = "0.1.0" dependencies = [ "chrono", "curve25519-dalek", + "digest", + "generic-array", "getrandom 0.2.3", "opaque-ke", "rand 0.8.3", + "rust-argon2", "serde", "sha2", "sqlx", diff --git a/app/Cargo.lock b/app/Cargo.lock index 97c1745..81c3e4d 100644 --- a/app/Cargo.lock +++ b/app/Cargo.lock @@ -50,6 +50,12 @@ version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "33954243bd79057c2de7338850b85983a44588021f8a5fee574a8888c6de4344" +[[package]] +name = "arrayref" +version = "0.3.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a4c527152e37cf757a3f78aae5a06fbeefdb07ccc535c980a3208ee3060dd544" + [[package]] name = "arrayvec" version = "0.5.2" @@ -110,6 +116,17 @@ dependencies = [ "wyz", ] +[[package]] +name = "blake2b_simd" +version = "0.5.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "afa748e348ad3be8263be728124b24a24f268266f6f5d58af9d75f6a40b5c587" +dependencies = [ + "arrayref", + "arrayvec", + "constant_time_eq", +] + [[package]] name = "block-buffer" version = "0.9.0" @@ -197,6 +214,12 @@ dependencies = [ "wasm-bindgen", ] +[[package]] +name = "constant_time_eq" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "245097e9a4535ee1e3e3931fcfcd55a796a44c643e8596ff6566d68f09b87bbc" + [[package]] name = "core-foundation" version = "0.9.1" @@ -745,9 +768,12 @@ version = "0.1.0" dependencies = [ "chrono", "curve25519-dalek", + "digest", + "generic-array", "getrandom 0.2.3", "opaque-ke", "rand 0.8.4", + "rust-argon2", "serde", "sha2", "sqlx", @@ -1259,6 +1285,18 @@ dependencies = [ "zeroize", ] +[[package]] +name = "rust-argon2" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4b18820d944b33caa75a71378964ac46f58517c92b6ae5f762636247c09e78fb" +dependencies = [ + "base64", + "blake2b_simd", + "constant_time_eq", + "crossbeam-utils", +] + [[package]] name = "ryu" version = "1.0.5" diff --git a/model/Cargo.lock b/model/Cargo.lock index 756c7a6..3bdd039 100644 --- a/model/Cargo.lock +++ b/model/Cargo.lock @@ -38,6 +38,12 @@ dependencies = [ "memchr", ] +[[package]] +name = "arrayref" +version = "0.3.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a4c527152e37cf757a3f78aae5a06fbeefdb07ccc535c980a3208ee3060dd544" + [[package]] name = "arrayvec" version = "0.5.2" @@ -89,6 +95,17 @@ dependencies = [ "wyz", ] +[[package]] +name = "blake2b_simd" +version = "0.5.11" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "afa748e348ad3be8263be728124b24a24f268266f6f5d58af9d75f6a40b5c587" +dependencies = [ + "arrayref", + "arrayvec", + "constant_time_eq", +] + [[package]] name = "block-buffer" version = "0.9.0" @@ -148,6 +165,12 @@ dependencies = [ "winapi", ] +[[package]] +name = "constant_time_eq" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "245097e9a4535ee1e3e3931fcfcd55a796a44c643e8596ff6566d68f09b87bbc" + [[package]] name = "core-foundation" version = "0.9.1" @@ -604,9 +627,12 @@ version = "0.1.0" dependencies = [ "chrono", "curve25519-dalek", + "digest", + "generic-array", "getrandom 0.2.2", "opaque-ke", "rand", + "rust-argon2", "serde", "sha2", "sqlx", @@ -1083,6 +1109,18 @@ dependencies = [ "zeroize", ] +[[package]] +name = "rust-argon2" +version = "0.8.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4b18820d944b33caa75a71378964ac46f58517c92b6ae5f762636247c09e78fb" +dependencies = [ + "base64", + "blake2b_simd", + "constant_time_eq", + "crossbeam-utils", +] + [[package]] name = "ryu" version = "1.0.5" diff --git a/model/Cargo.toml b/model/Cargo.toml index dfb936a..8698081 100644 --- a/model/Cargo.toml +++ b/model/Cargo.toml @@ -11,7 +11,10 @@ opaque_client = [] js = [] [dependencies] +rust-argon2 = "0.8" curve25519-dalek = "3" +digest = "*" +generic-array = "*" opaque-ke = "0.5" rand = "0.8" serde = "*" diff --git a/model/src/opaque.rs b/model/src/opaque.rs index b4285e4..c4c8858 100644 --- a/model/src/opaque.rs +++ b/model/src/opaque.rs @@ -9,6 +9,36 @@ pub enum AuthenticationError { pub type AuthenticationResult = std::result::Result; +/// A wrapper around argon2 to provide the [`opaque_ke::slow_hash::SlowHash`] trait. +pub struct ArgonHasher; + +impl ArgonHasher { + /// Fixed salt, doesn't affect the security. It is only used to make attacks more + /// computationally intensive, it doesn't serve any security purpose. + const SALT: &'static [u8] = b"lldap_opaque_salt"; + /// Config for the argon hasher. Security enthusiasts may want to tweak this for their system. + const CONFIG: &'static argon2::Config<'static> = &argon2::Config { + ad: &[], + hash_length: 128, + lanes: 1, + mem_cost: 50 * 1024, // 50 MB, in KB + secret: &[], + thread_mode: argon2::ThreadMode::Sequential, + time_cost: 5, + variant: argon2::Variant::Argon2id, + version: argon2::Version::Version13, + }; +} + +impl opaque_ke::slow_hash::SlowHash for ArgonHasher { + fn hash( + input: generic_array::GenericArray::OutputSize>, + ) -> Result, opaque_ke::errors::InternalPakeError> { + argon2::hash_raw(&input, Self::SALT, Self::CONFIG) + .map_err(|_| opaque_ke::errors::InternalPakeError::HashingFailure) + } +} + /// The ciphersuite trait allows to specify the underlying primitives /// that will be used in the OPAQUE protocol #[allow(dead_code)] @@ -17,7 +47,8 @@ impl CipherSuite for DefaultSuite { type Group = curve25519_dalek::ristretto::RistrettoPoint; type KeyExchange = opaque_ke::key_exchange::tripledh::TripleDH; type Hash = sha2::Sha512; - type SlowHash = opaque_ke::slow_hash::NoOpHash; + /// Use argon2 as the slow hashing algorithm for our CipherSuite. + type SlowHash = ArgonHasher; } /// Client-side code for OPAQUE protocol handling, to register a new user and login. All methods'