mirror of
https://github.com/nitnelave/lldap.git
synced 2023-04-12 14:25:13 +00:00
Opaque: use argon2 as slow hash
This commit is contained in:
parent
973fa40dd1
commit
86bfd37b70
3
Cargo.lock
generated
3
Cargo.lock
generated
@ -1287,9 +1287,12 @@ version = "0.1.0"
|
||||
dependencies = [
|
||||
"chrono",
|
||||
"curve25519-dalek",
|
||||
"digest",
|
||||
"generic-array",
|
||||
"getrandom 0.2.3",
|
||||
"opaque-ke",
|
||||
"rand 0.8.3",
|
||||
"rust-argon2",
|
||||
"serde",
|
||||
"sha2",
|
||||
"sqlx",
|
||||
|
38
app/Cargo.lock
generated
38
app/Cargo.lock
generated
@ -50,6 +50,12 @@ version = "0.12.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "33954243bd79057c2de7338850b85983a44588021f8a5fee574a8888c6de4344"
|
||||
|
||||
[[package]]
|
||||
name = "arrayref"
|
||||
version = "0.3.6"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "a4c527152e37cf757a3f78aae5a06fbeefdb07ccc535c980a3208ee3060dd544"
|
||||
|
||||
[[package]]
|
||||
name = "arrayvec"
|
||||
version = "0.5.2"
|
||||
@ -110,6 +116,17 @@ dependencies = [
|
||||
"wyz",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "blake2b_simd"
|
||||
version = "0.5.11"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "afa748e348ad3be8263be728124b24a24f268266f6f5d58af9d75f6a40b5c587"
|
||||
dependencies = [
|
||||
"arrayref",
|
||||
"arrayvec",
|
||||
"constant_time_eq",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "block-buffer"
|
||||
version = "0.9.0"
|
||||
@ -197,6 +214,12 @@ dependencies = [
|
||||
"wasm-bindgen",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "constant_time_eq"
|
||||
version = "0.1.5"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "245097e9a4535ee1e3e3931fcfcd55a796a44c643e8596ff6566d68f09b87bbc"
|
||||
|
||||
[[package]]
|
||||
name = "core-foundation"
|
||||
version = "0.9.1"
|
||||
@ -745,9 +768,12 @@ version = "0.1.0"
|
||||
dependencies = [
|
||||
"chrono",
|
||||
"curve25519-dalek",
|
||||
"digest",
|
||||
"generic-array",
|
||||
"getrandom 0.2.3",
|
||||
"opaque-ke",
|
||||
"rand 0.8.4",
|
||||
"rust-argon2",
|
||||
"serde",
|
||||
"sha2",
|
||||
"sqlx",
|
||||
@ -1259,6 +1285,18 @@ dependencies = [
|
||||
"zeroize",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "rust-argon2"
|
||||
version = "0.8.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "4b18820d944b33caa75a71378964ac46f58517c92b6ae5f762636247c09e78fb"
|
||||
dependencies = [
|
||||
"base64",
|
||||
"blake2b_simd",
|
||||
"constant_time_eq",
|
||||
"crossbeam-utils",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "ryu"
|
||||
version = "1.0.5"
|
||||
|
38
model/Cargo.lock
generated
38
model/Cargo.lock
generated
@ -38,6 +38,12 @@ dependencies = [
|
||||
"memchr",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "arrayref"
|
||||
version = "0.3.6"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "a4c527152e37cf757a3f78aae5a06fbeefdb07ccc535c980a3208ee3060dd544"
|
||||
|
||||
[[package]]
|
||||
name = "arrayvec"
|
||||
version = "0.5.2"
|
||||
@ -89,6 +95,17 @@ dependencies = [
|
||||
"wyz",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "blake2b_simd"
|
||||
version = "0.5.11"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "afa748e348ad3be8263be728124b24a24f268266f6f5d58af9d75f6a40b5c587"
|
||||
dependencies = [
|
||||
"arrayref",
|
||||
"arrayvec",
|
||||
"constant_time_eq",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "block-buffer"
|
||||
version = "0.9.0"
|
||||
@ -148,6 +165,12 @@ dependencies = [
|
||||
"winapi",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "constant_time_eq"
|
||||
version = "0.1.5"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "245097e9a4535ee1e3e3931fcfcd55a796a44c643e8596ff6566d68f09b87bbc"
|
||||
|
||||
[[package]]
|
||||
name = "core-foundation"
|
||||
version = "0.9.1"
|
||||
@ -604,9 +627,12 @@ version = "0.1.0"
|
||||
dependencies = [
|
||||
"chrono",
|
||||
"curve25519-dalek",
|
||||
"digest",
|
||||
"generic-array",
|
||||
"getrandom 0.2.2",
|
||||
"opaque-ke",
|
||||
"rand",
|
||||
"rust-argon2",
|
||||
"serde",
|
||||
"sha2",
|
||||
"sqlx",
|
||||
@ -1083,6 +1109,18 @@ dependencies = [
|
||||
"zeroize",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "rust-argon2"
|
||||
version = "0.8.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "4b18820d944b33caa75a71378964ac46f58517c92b6ae5f762636247c09e78fb"
|
||||
dependencies = [
|
||||
"base64",
|
||||
"blake2b_simd",
|
||||
"constant_time_eq",
|
||||
"crossbeam-utils",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "ryu"
|
||||
version = "1.0.5"
|
||||
|
@ -11,7 +11,10 @@ opaque_client = []
|
||||
js = []
|
||||
|
||||
[dependencies]
|
||||
rust-argon2 = "0.8"
|
||||
curve25519-dalek = "3"
|
||||
digest = "*"
|
||||
generic-array = "*"
|
||||
opaque-ke = "0.5"
|
||||
rand = "0.8"
|
||||
serde = "*"
|
||||
|
@ -9,6 +9,36 @@ pub enum AuthenticationError {
|
||||
|
||||
pub type AuthenticationResult<T> = std::result::Result<T, AuthenticationError>;
|
||||
|
||||
/// A wrapper around argon2 to provide the [`opaque_ke::slow_hash::SlowHash`] trait.
|
||||
pub struct ArgonHasher;
|
||||
|
||||
impl ArgonHasher {
|
||||
/// Fixed salt, doesn't affect the security. It is only used to make attacks more
|
||||
/// computationally intensive, it doesn't serve any security purpose.
|
||||
const SALT: &'static [u8] = b"lldap_opaque_salt";
|
||||
/// Config for the argon hasher. Security enthusiasts may want to tweak this for their system.
|
||||
const CONFIG: &'static argon2::Config<'static> = &argon2::Config {
|
||||
ad: &[],
|
||||
hash_length: 128,
|
||||
lanes: 1,
|
||||
mem_cost: 50 * 1024, // 50 MB, in KB
|
||||
secret: &[],
|
||||
thread_mode: argon2::ThreadMode::Sequential,
|
||||
time_cost: 5,
|
||||
variant: argon2::Variant::Argon2id,
|
||||
version: argon2::Version::Version13,
|
||||
};
|
||||
}
|
||||
|
||||
impl<D: opaque_ke::hash::Hash> opaque_ke::slow_hash::SlowHash<D> for ArgonHasher {
|
||||
fn hash(
|
||||
input: generic_array::GenericArray<u8, <D as digest::Digest>::OutputSize>,
|
||||
) -> Result<Vec<u8>, opaque_ke::errors::InternalPakeError> {
|
||||
argon2::hash_raw(&input, Self::SALT, Self::CONFIG)
|
||||
.map_err(|_| opaque_ke::errors::InternalPakeError::HashingFailure)
|
||||
}
|
||||
}
|
||||
|
||||
/// The ciphersuite trait allows to specify the underlying primitives
|
||||
/// that will be used in the OPAQUE protocol
|
||||
#[allow(dead_code)]
|
||||
@ -17,7 +47,8 @@ impl CipherSuite for DefaultSuite {
|
||||
type Group = curve25519_dalek::ristretto::RistrettoPoint;
|
||||
type KeyExchange = opaque_ke::key_exchange::tripledh::TripleDH;
|
||||
type Hash = sha2::Sha512;
|
||||
type SlowHash = opaque_ke::slow_hash::NoOpHash;
|
||||
/// Use argon2 as the slow hashing algorithm for our CipherSuite.
|
||||
type SlowHash = ArgonHasher;
|
||||
}
|
||||
|
||||
/// Client-side code for OPAQUE protocol handling, to register a new user and login. All methods'
|
||||
|
Loading…
Reference in New Issue
Block a user