Opaque: use argon2 as slow hash

Cargo.lock

@@ -1287,9 +1287,12 @@ version = "0.1.0"
 dependencies = [
  "chrono",
  "curve25519-dalek",
+ "digest",
+ "generic-array",
  "getrandom 0.2.3",
  "opaque-ke",
  "rand 0.8.3",
+ "rust-argon2",
  "serde",
  "sha2",
  "sqlx",

app/Cargo.lock

@@ -50,6 +50,12 @@ version = "0.12.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "33954243bd79057c2de7338850b85983a44588021f8a5fee574a8888c6de4344"
 
+[[package]]
+name = "arrayref"
+version = "0.3.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a4c527152e37cf757a3f78aae5a06fbeefdb07ccc535c980a3208ee3060dd544"
+
 [[package]]
 name = "arrayvec"
 version = "0.5.2"
@@ -110,6 +116,17 @@ dependencies = [
  "wyz",
 ]
 
+[[package]]
+name = "blake2b_simd"
+version = "0.5.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "afa748e348ad3be8263be728124b24a24f268266f6f5d58af9d75f6a40b5c587"
+dependencies = [
+ "arrayref",
+ "arrayvec",
+ "constant_time_eq",
+]
+
 [[package]]
 name = "block-buffer"
 version = "0.9.0"
@@ -197,6 +214,12 @@ dependencies = [
  "wasm-bindgen",
 ]
 
+[[package]]
+name = "constant_time_eq"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "245097e9a4535ee1e3e3931fcfcd55a796a44c643e8596ff6566d68f09b87bbc"
+
 [[package]]
 name = "core-foundation"
 version = "0.9.1"
@@ -745,9 +768,12 @@ version = "0.1.0"
 dependencies = [
  "chrono",
  "curve25519-dalek",
+ "digest",
+ "generic-array",
  "getrandom 0.2.3",
  "opaque-ke",
  "rand 0.8.4",
+ "rust-argon2",
  "serde",
  "sha2",
  "sqlx",
@@ -1259,6 +1285,18 @@ dependencies = [
  "zeroize",
 ]
 
+[[package]]
+name = "rust-argon2"
+version = "0.8.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4b18820d944b33caa75a71378964ac46f58517c92b6ae5f762636247c09e78fb"
+dependencies = [
+ "base64",
+ "blake2b_simd",
+ "constant_time_eq",
+ "crossbeam-utils",
+]
+
 [[package]]
 name = "ryu"
 version = "1.0.5"

model/Cargo.lock

@@ -38,6 +38,12 @@ dependencies = [
  "memchr",
 ]
 
+[[package]]
+name = "arrayref"
+version = "0.3.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a4c527152e37cf757a3f78aae5a06fbeefdb07ccc535c980a3208ee3060dd544"
+
 [[package]]
 name = "arrayvec"
 version = "0.5.2"
@@ -89,6 +95,17 @@ dependencies = [
  "wyz",
 ]
 
+[[package]]
+name = "blake2b_simd"
+version = "0.5.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "afa748e348ad3be8263be728124b24a24f268266f6f5d58af9d75f6a40b5c587"
+dependencies = [
+ "arrayref",
+ "arrayvec",
+ "constant_time_eq",
+]
+
 [[package]]
 name = "block-buffer"
 version = "0.9.0"
@@ -148,6 +165,12 @@ dependencies = [
  "winapi",
 ]
 
+[[package]]
+name = "constant_time_eq"
+version = "0.1.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "245097e9a4535ee1e3e3931fcfcd55a796a44c643e8596ff6566d68f09b87bbc"
+
 [[package]]
 name = "core-foundation"
 version = "0.9.1"
@@ -604,9 +627,12 @@ version = "0.1.0"
 dependencies = [
  "chrono",
  "curve25519-dalek",
+ "digest",
+ "generic-array",
  "getrandom 0.2.2",
  "opaque-ke",
  "rand",
+ "rust-argon2",
  "serde",
  "sha2",
  "sqlx",
@@ -1083,6 +1109,18 @@ dependencies = [
  "zeroize",
 ]
 
+[[package]]
+name = "rust-argon2"
+version = "0.8.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "4b18820d944b33caa75a71378964ac46f58517c92b6ae5f762636247c09e78fb"
+dependencies = [
+ "base64",
+ "blake2b_simd",
+ "constant_time_eq",
+ "crossbeam-utils",
+]
+
 [[package]]
 name = "ryu"
 version = "1.0.5"

model/Cargo.toml

@@ -11,7 +11,10 @@ opaque_client = []
 js = []
 
 [dependencies]
+rust-argon2 = "0.8"
 curve25519-dalek = "3"
+digest = "*"
+generic-array = "*"
 opaque-ke = "0.5"
 rand = "0.8"
 serde = "*"

model/src/opaque.rs

@@ -9,6 +9,36 @@ pub enum AuthenticationError {
 
 pub type AuthenticationResult<T> = std::result::Result<T, AuthenticationError>;
 
+/// A wrapper around argon2 to provide the [`opaque_ke::slow_hash::SlowHash`] trait.
+pub struct ArgonHasher;
+
+impl ArgonHasher {
+    /// Fixed salt, doesn't affect the security. It is only used to make attacks more
+    /// computationally intensive, it doesn't serve any security purpose.
+    const SALT: &'static [u8] = b"lldap_opaque_salt";
+    /// Config for the argon hasher. Security enthusiasts may want to tweak this for their system.
+    const CONFIG: &'static argon2::Config<'static> = &argon2::Config {
+        ad: &[],
+        hash_length: 128,
+        lanes: 1,
+        mem_cost: 50 * 1024, // 50 MB, in KB
+        secret: &[],
+        thread_mode: argon2::ThreadMode::Sequential,
+        time_cost: 5,
+        variant: argon2::Variant::Argon2id,
+        version: argon2::Version::Version13,
+    };
+}
+
+impl<D: opaque_ke::hash::Hash> opaque_ke::slow_hash::SlowHash<D> for ArgonHasher {
+    fn hash(
+        input: generic_array::GenericArray<u8, <D as digest::Digest>::OutputSize>,
+    ) -> Result<Vec<u8>, opaque_ke::errors::InternalPakeError> {
+        argon2::hash_raw(&input, Self::SALT, Self::CONFIG)
+            .map_err(|_| opaque_ke::errors::InternalPakeError::HashingFailure)
+    }
+}
+
 /// The ciphersuite trait allows to specify the underlying primitives
 /// that will be used in the OPAQUE protocol
 #[allow(dead_code)]
@@ -17,7 +47,8 @@ impl CipherSuite for DefaultSuite {
     type Group = curve25519_dalek::ristretto::RistrettoPoint;
     type KeyExchange = opaque_ke::key_exchange::tripledh::TripleDH;
     type Hash = sha2::Sha512;
-    type SlowHash = opaque_ke::slow_hash::NoOpHash;
+    /// Use argon2 as the slow hashing algorithm for our CipherSuite.
+    type SlowHash = ArgonHasher;
 }
 
 /// Client-side code for OPAQUE protocol handling, to register a new user and login.  All methods'