mirror of
https://github.com/nitnelave/lldap.git
synced 2023-04-12 14:25:13 +00:00
Opaque: use argon2 as slow hash
This commit is contained in:
parent
973fa40dd1
commit
86bfd37b70
3
Cargo.lock
generated
3
Cargo.lock
generated
@ -1287,9 +1287,12 @@ version = "0.1.0"
|
|||||||
dependencies = [
|
dependencies = [
|
||||||
"chrono",
|
"chrono",
|
||||||
"curve25519-dalek",
|
"curve25519-dalek",
|
||||||
|
"digest",
|
||||||
|
"generic-array",
|
||||||
"getrandom 0.2.3",
|
"getrandom 0.2.3",
|
||||||
"opaque-ke",
|
"opaque-ke",
|
||||||
"rand 0.8.3",
|
"rand 0.8.3",
|
||||||
|
"rust-argon2",
|
||||||
"serde",
|
"serde",
|
||||||
"sha2",
|
"sha2",
|
||||||
"sqlx",
|
"sqlx",
|
||||||
|
38
app/Cargo.lock
generated
38
app/Cargo.lock
generated
@ -50,6 +50,12 @@ version = "0.12.1"
|
|||||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
checksum = "33954243bd79057c2de7338850b85983a44588021f8a5fee574a8888c6de4344"
|
checksum = "33954243bd79057c2de7338850b85983a44588021f8a5fee574a8888c6de4344"
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "arrayref"
|
||||||
|
version = "0.3.6"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "a4c527152e37cf757a3f78aae5a06fbeefdb07ccc535c980a3208ee3060dd544"
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "arrayvec"
|
name = "arrayvec"
|
||||||
version = "0.5.2"
|
version = "0.5.2"
|
||||||
@ -110,6 +116,17 @@ dependencies = [
|
|||||||
"wyz",
|
"wyz",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "blake2b_simd"
|
||||||
|
version = "0.5.11"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "afa748e348ad3be8263be728124b24a24f268266f6f5d58af9d75f6a40b5c587"
|
||||||
|
dependencies = [
|
||||||
|
"arrayref",
|
||||||
|
"arrayvec",
|
||||||
|
"constant_time_eq",
|
||||||
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "block-buffer"
|
name = "block-buffer"
|
||||||
version = "0.9.0"
|
version = "0.9.0"
|
||||||
@ -197,6 +214,12 @@ dependencies = [
|
|||||||
"wasm-bindgen",
|
"wasm-bindgen",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "constant_time_eq"
|
||||||
|
version = "0.1.5"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "245097e9a4535ee1e3e3931fcfcd55a796a44c643e8596ff6566d68f09b87bbc"
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "core-foundation"
|
name = "core-foundation"
|
||||||
version = "0.9.1"
|
version = "0.9.1"
|
||||||
@ -745,9 +768,12 @@ version = "0.1.0"
|
|||||||
dependencies = [
|
dependencies = [
|
||||||
"chrono",
|
"chrono",
|
||||||
"curve25519-dalek",
|
"curve25519-dalek",
|
||||||
|
"digest",
|
||||||
|
"generic-array",
|
||||||
"getrandom 0.2.3",
|
"getrandom 0.2.3",
|
||||||
"opaque-ke",
|
"opaque-ke",
|
||||||
"rand 0.8.4",
|
"rand 0.8.4",
|
||||||
|
"rust-argon2",
|
||||||
"serde",
|
"serde",
|
||||||
"sha2",
|
"sha2",
|
||||||
"sqlx",
|
"sqlx",
|
||||||
@ -1259,6 +1285,18 @@ dependencies = [
|
|||||||
"zeroize",
|
"zeroize",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "rust-argon2"
|
||||||
|
version = "0.8.3"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "4b18820d944b33caa75a71378964ac46f58517c92b6ae5f762636247c09e78fb"
|
||||||
|
dependencies = [
|
||||||
|
"base64",
|
||||||
|
"blake2b_simd",
|
||||||
|
"constant_time_eq",
|
||||||
|
"crossbeam-utils",
|
||||||
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "ryu"
|
name = "ryu"
|
||||||
version = "1.0.5"
|
version = "1.0.5"
|
||||||
|
38
model/Cargo.lock
generated
38
model/Cargo.lock
generated
@ -38,6 +38,12 @@ dependencies = [
|
|||||||
"memchr",
|
"memchr",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "arrayref"
|
||||||
|
version = "0.3.6"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "a4c527152e37cf757a3f78aae5a06fbeefdb07ccc535c980a3208ee3060dd544"
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "arrayvec"
|
name = "arrayvec"
|
||||||
version = "0.5.2"
|
version = "0.5.2"
|
||||||
@ -89,6 +95,17 @@ dependencies = [
|
|||||||
"wyz",
|
"wyz",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "blake2b_simd"
|
||||||
|
version = "0.5.11"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "afa748e348ad3be8263be728124b24a24f268266f6f5d58af9d75f6a40b5c587"
|
||||||
|
dependencies = [
|
||||||
|
"arrayref",
|
||||||
|
"arrayvec",
|
||||||
|
"constant_time_eq",
|
||||||
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "block-buffer"
|
name = "block-buffer"
|
||||||
version = "0.9.0"
|
version = "0.9.0"
|
||||||
@ -148,6 +165,12 @@ dependencies = [
|
|||||||
"winapi",
|
"winapi",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "constant_time_eq"
|
||||||
|
version = "0.1.5"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "245097e9a4535ee1e3e3931fcfcd55a796a44c643e8596ff6566d68f09b87bbc"
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "core-foundation"
|
name = "core-foundation"
|
||||||
version = "0.9.1"
|
version = "0.9.1"
|
||||||
@ -604,9 +627,12 @@ version = "0.1.0"
|
|||||||
dependencies = [
|
dependencies = [
|
||||||
"chrono",
|
"chrono",
|
||||||
"curve25519-dalek",
|
"curve25519-dalek",
|
||||||
|
"digest",
|
||||||
|
"generic-array",
|
||||||
"getrandom 0.2.2",
|
"getrandom 0.2.2",
|
||||||
"opaque-ke",
|
"opaque-ke",
|
||||||
"rand",
|
"rand",
|
||||||
|
"rust-argon2",
|
||||||
"serde",
|
"serde",
|
||||||
"sha2",
|
"sha2",
|
||||||
"sqlx",
|
"sqlx",
|
||||||
@ -1083,6 +1109,18 @@ dependencies = [
|
|||||||
"zeroize",
|
"zeroize",
|
||||||
]
|
]
|
||||||
|
|
||||||
|
[[package]]
|
||||||
|
name = "rust-argon2"
|
||||||
|
version = "0.8.3"
|
||||||
|
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||||
|
checksum = "4b18820d944b33caa75a71378964ac46f58517c92b6ae5f762636247c09e78fb"
|
||||||
|
dependencies = [
|
||||||
|
"base64",
|
||||||
|
"blake2b_simd",
|
||||||
|
"constant_time_eq",
|
||||||
|
"crossbeam-utils",
|
||||||
|
]
|
||||||
|
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "ryu"
|
name = "ryu"
|
||||||
version = "1.0.5"
|
version = "1.0.5"
|
||||||
|
@ -11,7 +11,10 @@ opaque_client = []
|
|||||||
js = []
|
js = []
|
||||||
|
|
||||||
[dependencies]
|
[dependencies]
|
||||||
|
rust-argon2 = "0.8"
|
||||||
curve25519-dalek = "3"
|
curve25519-dalek = "3"
|
||||||
|
digest = "*"
|
||||||
|
generic-array = "*"
|
||||||
opaque-ke = "0.5"
|
opaque-ke = "0.5"
|
||||||
rand = "0.8"
|
rand = "0.8"
|
||||||
serde = "*"
|
serde = "*"
|
||||||
|
@ -9,6 +9,36 @@ pub enum AuthenticationError {
|
|||||||
|
|
||||||
pub type AuthenticationResult<T> = std::result::Result<T, AuthenticationError>;
|
pub type AuthenticationResult<T> = std::result::Result<T, AuthenticationError>;
|
||||||
|
|
||||||
|
/// A wrapper around argon2 to provide the [`opaque_ke::slow_hash::SlowHash`] trait.
|
||||||
|
pub struct ArgonHasher;
|
||||||
|
|
||||||
|
impl ArgonHasher {
|
||||||
|
/// Fixed salt, doesn't affect the security. It is only used to make attacks more
|
||||||
|
/// computationally intensive, it doesn't serve any security purpose.
|
||||||
|
const SALT: &'static [u8] = b"lldap_opaque_salt";
|
||||||
|
/// Config for the argon hasher. Security enthusiasts may want to tweak this for their system.
|
||||||
|
const CONFIG: &'static argon2::Config<'static> = &argon2::Config {
|
||||||
|
ad: &[],
|
||||||
|
hash_length: 128,
|
||||||
|
lanes: 1,
|
||||||
|
mem_cost: 50 * 1024, // 50 MB, in KB
|
||||||
|
secret: &[],
|
||||||
|
thread_mode: argon2::ThreadMode::Sequential,
|
||||||
|
time_cost: 5,
|
||||||
|
variant: argon2::Variant::Argon2id,
|
||||||
|
version: argon2::Version::Version13,
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
impl<D: opaque_ke::hash::Hash> opaque_ke::slow_hash::SlowHash<D> for ArgonHasher {
|
||||||
|
fn hash(
|
||||||
|
input: generic_array::GenericArray<u8, <D as digest::Digest>::OutputSize>,
|
||||||
|
) -> Result<Vec<u8>, opaque_ke::errors::InternalPakeError> {
|
||||||
|
argon2::hash_raw(&input, Self::SALT, Self::CONFIG)
|
||||||
|
.map_err(|_| opaque_ke::errors::InternalPakeError::HashingFailure)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/// The ciphersuite trait allows to specify the underlying primitives
|
/// The ciphersuite trait allows to specify the underlying primitives
|
||||||
/// that will be used in the OPAQUE protocol
|
/// that will be used in the OPAQUE protocol
|
||||||
#[allow(dead_code)]
|
#[allow(dead_code)]
|
||||||
@ -17,7 +47,8 @@ impl CipherSuite for DefaultSuite {
|
|||||||
type Group = curve25519_dalek::ristretto::RistrettoPoint;
|
type Group = curve25519_dalek::ristretto::RistrettoPoint;
|
||||||
type KeyExchange = opaque_ke::key_exchange::tripledh::TripleDH;
|
type KeyExchange = opaque_ke::key_exchange::tripledh::TripleDH;
|
||||||
type Hash = sha2::Sha512;
|
type Hash = sha2::Sha512;
|
||||||
type SlowHash = opaque_ke::slow_hash::NoOpHash;
|
/// Use argon2 as the slow hashing algorithm for our CipherSuite.
|
||||||
|
type SlowHash = ArgonHasher;
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Client-side code for OPAQUE protocol handling, to register a new user and login. All methods'
|
/// Client-side code for OPAQUE protocol handling, to register a new user and login. All methods'
|
||||||
|
Loading…
Reference in New Issue
Block a user