Simplify opaque types

This commit is contained in:
Valentin Tolmer 2021-06-15 10:12:41 +02:00 committed by nitnelave
parent 973fac4bb8
commit f918debc2e
7 changed files with 149 additions and 121 deletions

8
Cargo.lock generated
View File

@ -1369,6 +1369,7 @@ dependencies = [
"serde",
"sha2",
"sqlx",
"sqlx-core",
"thiserror",
]
@ -1677,10 +1678,10 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5"
[[package]]
name = "opaque-ke"
version = "0.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4c5e93081243e35cb270a2812883dcba34121c8d4054f6869149f2c3f7db10e3"
version = "0.5.1-pre.1"
source = "git+https://github.com/novifinancial/opaque-ke?rev=cd85efc603f5d98ed794cdd56a6e59236cce3d32#cd85efc603f5d98ed794cdd56a6e59236cce3d32"
dependencies = [
"base64",
"curve25519-dalek",
"digest",
"displaydoc",
@ -1689,6 +1690,7 @@ dependencies = [
"hkdf",
"hmac",
"rand 0.8.3",
"serde",
"subtle",
"thiserror",
"zeroize",

View File

@ -25,7 +25,6 @@ jwt = "0.13"
ldap3_server = "*"
lldap_model = { path = "model" }
log = "*"
opaque-ke = "0.5"
serde = "*"
serde_json = "1"
sha2 = "0.9"
@ -40,6 +39,11 @@ tracing-log = "*"
tracing-subscriber = "*"
rand = { version = "0.8", features = ["small_rng", "getrandom"] }
# TODO: update to 0.6 when out.
[dependencies.opaque-ke]
git = "https://github.com/novifinancial/opaque-ke"
rev = "cd85efc603f5d98ed794cdd56a6e59236cce3d32"
[dependencies.sqlx]
version = "0.5.1"
features = [

8
app/Cargo.lock generated
View File

@ -777,6 +777,7 @@ dependencies = [
"serde",
"sha2",
"sqlx",
"sqlx-core",
"thiserror",
]
@ -995,10 +996,10 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5"
[[package]]
name = "opaque-ke"
version = "0.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4c5e93081243e35cb270a2812883dcba34121c8d4054f6869149f2c3f7db10e3"
version = "0.5.1-pre.1"
source = "git+https://github.com/novifinancial/opaque-ke?rev=cd85efc603f5d98ed794cdd56a6e59236cce3d32#cd85efc603f5d98ed794cdd56a6e59236cce3d32"
dependencies = [
"base64",
"curve25519-dalek",
"digest",
"displaydoc",
@ -1007,6 +1008,7 @@ dependencies = [
"hkdf",
"hmac",
"rand 0.8.4",
"serde",
"subtle",
"thiserror",
"zeroize",

154
model/Cargo.lock generated
View File

@ -20,9 +20,9 @@ checksum = "739f4a8db6605981345c5654f3a85b056ce52f37a39d34da03f25bf2151ea16e"
[[package]]
name = "ahash"
version = "0.7.2"
version = "0.6.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7f200cbb1e856866d9eade941cf3aa0c5d7dd36f74311c4273b494f4ef036957"
checksum = "796540673305a66d127804eef19ad696f1f204b8c1025aaca4958c17eab32877"
dependencies = [
"getrandom 0.2.2",
"once_cell",
@ -268,26 +268,6 @@ dependencies = [
"generic-array",
]
[[package]]
name = "dirs"
version = "3.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "30baa043103c9d0c2a57cf537cc2f35623889dc0d405e6c3cccfadbc81c71309"
dependencies = [
"dirs-sys",
]
[[package]]
name = "dirs-sys"
version = "0.3.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "03d86534ed367a67548dc68113a0f5db55432fdfbb6e6f9d77704397d95d5780"
dependencies = [
"libc",
"redox_users",
"winapi",
]
[[package]]
name = "displaydoc"
version = "0.1.7"
@ -612,9 +592,9 @@ checksum = "c7d73b3f436185384286bd8098d17ec07c9a7d2388a6599f824d8502b529702a"
[[package]]
name = "libsqlite3-sys"
version = "0.22.2"
version = "0.20.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "290b64917f8b0cb885d9de0f9959fe1f775d7fa12f1da2db9001c1c8ab60f89d"
checksum = "64d31059f22935e6c31830db5249ba2b7ecd54fd73a9909286f0a67aa55c2fbd"
dependencies = [
"cc",
"pkg-config",
@ -631,11 +611,12 @@ dependencies = [
"generic-array",
"getrandom 0.2.2",
"opaque-ke",
"rand",
"rand 0.8.3",
"rust-argon2",
"serde",
"sha2",
"sqlx",
"sqlx-core",
"thiserror",
]
@ -748,6 +729,17 @@ dependencies = [
"winapi",
]
[[package]]
name = "num-bigint"
version = "0.2.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "090c7f9998ee0ff65aa5b723e4009f7b217707f1fb5ea551329cc4d6231fb304"
dependencies = [
"autocfg 1.0.1",
"num-integer",
"num-traits",
]
[[package]]
name = "num-bigint"
version = "0.3.2"
@ -759,22 +751,11 @@ dependencies = [
"num-traits",
]
[[package]]
name = "num-bigint"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4e0d047c1062aa51e256408c560894e5251f08925980e53cf1aa5bd00eec6512"
dependencies = [
"autocfg 1.0.1",
"num-integer",
"num-traits",
]
[[package]]
name = "num-bigint-dig"
version = "0.7.0"
version = "0.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4547ee5541c18742396ae2c895d0717d0f886d8823b8399cdaf7b07d63ad0480"
checksum = "5d51546d704f52ef14b3c962b5776e53d5b862e5790e40a350d366c209bd7f7a"
dependencies = [
"autocfg 0.1.7",
"byteorder",
@ -783,7 +764,8 @@ dependencies = [
"num-integer",
"num-iter",
"num-traits",
"rand",
"rand 0.7.3",
"serde",
"smallvec",
"zeroize",
]
@ -816,7 +798,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9a64b1ec5cda2586e284722486d802acf1f7dbdc623e2bfc57e65ca1cd099290"
dependencies = [
"autocfg 1.0.1",
"libm",
]
[[package]]
@ -843,10 +824,10 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5"
[[package]]
name = "opaque-ke"
version = "0.5.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "4c5e93081243e35cb270a2812883dcba34121c8d4054f6869149f2c3f7db10e3"
version = "0.5.1-pre.1"
source = "git+https://github.com/novifinancial/opaque-ke?rev=cd85efc603f5d98ed794cdd56a6e59236cce3d32#cd85efc603f5d98ed794cdd56a6e59236cce3d32"
dependencies = [
"base64",
"curve25519-dalek",
"digest",
"displaydoc",
@ -854,7 +835,8 @@ dependencies = [
"generic-bytes",
"hkdf",
"hmac",
"rand",
"rand 0.8.3",
"serde",
"subtle",
"thiserror",
"zeroize",
@ -995,6 +977,19 @@ version = "0.5.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "941ba9d78d8e2f7ce474c015eea4d9c6d25b6a3327f9832ee29a4de27f91bbb8"
[[package]]
name = "rand"
version = "0.7.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6a6b1679d49b24bbfe0c803429aa1874472f50d9b363131f0e89fc356b544d03"
dependencies = [
"getrandom 0.1.16",
"libc",
"rand_chacha 0.2.2",
"rand_core 0.5.1",
"rand_hc 0.2.0",
]
[[package]]
name = "rand"
version = "0.8.3"
@ -1002,9 +997,19 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0ef9e7e66b4468674bfcb0c81af8b7fa0bb154fa9f28eb840da5c447baeb8d7e"
dependencies = [
"libc",
"rand_chacha",
"rand_chacha 0.3.0",
"rand_core 0.6.2",
"rand_hc",
"rand_hc 0.3.0",
]
[[package]]
name = "rand_chacha"
version = "0.2.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f4c8ed856279c9737206bf725bf36935d8666ead7aa69b52be55af369d193402"
dependencies = [
"ppv-lite86",
"rand_core 0.5.1",
]
[[package]]
@ -1035,6 +1040,15 @@ dependencies = [
"getrandom 0.2.2",
]
[[package]]
name = "rand_hc"
version = "0.2.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ca3129af7b92a17112d59ad498c6f81eaf463253766b90396d39ea7a39d6613c"
dependencies = [
"rand_core 0.5.1",
]
[[package]]
name = "rand_hc"
version = "0.3.0"
@ -1053,16 +1067,6 @@ dependencies = [
"bitflags",
]
[[package]]
name = "redox_users"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "528532f3d801c87aec9def2add9ca802fe569e44a544afe633765267840abe64"
dependencies = [
"getrandom 0.2.2",
"redox_syscall",
]
[[package]]
name = "regex"
version = "1.5.4"
@ -1091,9 +1095,9 @@ dependencies = [
[[package]]
name = "rsa"
version = "0.4.0"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "68ef841a26fc5d040ced0417c6c6a64ee851f42489df11cdf0218e545b6f8d28"
checksum = "3648b669b10afeab18972c105e284a7b953a669b0be3514c27f9b17acab2f9cd"
dependencies = [
"byteorder",
"digest",
@ -1103,9 +1107,11 @@ dependencies = [
"num-iter",
"num-traits",
"pem",
"rand",
"rand 0.7.3",
"sha2",
"simple_asn1",
"subtle",
"thiserror",
"zeroize",
]
@ -1234,14 +1240,13 @@ dependencies = [
[[package]]
name = "simple_asn1"
version = "0.5.2"
version = "0.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "6e0e9076e5242ff5a58e854cb478ea9caebce01088f86d3d9c6ad336b7655263"
checksum = "692ca13de57ce0613a363c8c2f1de925adebc81b04c923ac60c5488bb44abe4b"
dependencies = [
"chrono",
"num-bigint 0.4.0",
"num-bigint 0.2.6",
"num-traits",
"thiserror",
]
[[package]]
@ -1277,9 +1282,9 @@ dependencies = [
[[package]]
name = "sqlx"
version = "0.5.2"
version = "0.5.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d582b9bc04ec6c03084196efc42c2226b018e9941f03ee62bd88921d500917c0"
checksum = "c2739d54a2ae9fdd0f545cb4e4b5574efb95e2ec71b7f921678e246fb20dcaaf"
dependencies = [
"sqlx-core",
"sqlx-macros",
@ -1287,11 +1292,11 @@ dependencies = [
[[package]]
name = "sqlx-core"
version = "0.5.2"
version = "0.5.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "de52d1d473cebb2abb79c886ef6a8023e965e34c0676a99cfeac2cc7f0fde4c1"
checksum = "b1cad9cae4ca8947eba1a90e8ec7d3c59e7a768e2f120dc9013b669c34a90711"
dependencies = [
"ahash 0.7.2",
"ahash 0.6.3",
"atoi",
"base64",
"bitflags",
@ -1303,7 +1308,6 @@ dependencies = [
"crossbeam-queue",
"crossbeam-utils",
"digest",
"dirs",
"either",
"futures-channel",
"futures-core",
@ -1322,7 +1326,7 @@ dependencies = [
"once_cell",
"parking_lot",
"percent-encoding",
"rand",
"rand 0.7.3",
"rsa",
"serde",
"serde_json",
@ -1340,9 +1344,9 @@ dependencies = [
[[package]]
name = "sqlx-macros"
version = "0.5.2"
version = "0.5.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1a40f0be97e704d3fbf059e7e3333c3735639146a72d586c5534c70e79da88a4"
checksum = "01caee2b3935b4efe152f3262afbe51546ce3b1fc27ad61014e1b3cf5f55366e"
dependencies = [
"dotenv",
"either",
@ -1359,9 +1363,9 @@ dependencies = [
[[package]]
name = "sqlx-rt"
version = "0.5.2"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b6ae97ab05063ed515cdc23d90253213aa24dda0a288c5ec079af3d10f9771bc"
checksum = "4ce2e16b6774c671cc183e1d202386fdf9cde1e8468c1894a7f2a63eb671c4f4"
dependencies = [
"actix-rt",
"native-tls",
@ -1429,7 +1433,7 @@ checksum = "dac1c663cfc93810f88aed9b8941d48cabf856a1b111c29a40439018d870eb22"
dependencies = [
"cfg-if",
"libc",
"rand",
"rand 0.8.3",
"redox_syscall",
"remove_dir_all",
"winapi",

View File

@ -15,12 +15,16 @@ rust-argon2 = "0.8"
curve25519-dalek = "3"
digest = "*"
generic-array = "*"
opaque-ke = "0.5"
rand = "0.8"
serde = "*"
sha2 = "0.9"
thiserror = "*"
# TODO: update to 0.6 when out.
[dependencies.opaque-ke]
git = "https://github.com/novifinancial/opaque-ke"
rev = "cd85efc603f5d98ed794cdd56a6e59236cce3d32"
[dependencies.chrono]
version = "*"
features = [ "serde" ]
@ -37,6 +41,9 @@ features = [
"sqlite",
]
[target.'cfg(not(target_arch = "wasm32"))'.dependencies.sqlx-core]
version = "=0.5.1"
# For WASM targets, use the JS getrandom.
[target.'cfg(not(target_arch = "wasm32"))'.dependencies.getrandom]
version = "0.2"

View File

@ -95,16 +95,17 @@ pub mod client {
/// Methods to register a new user, from the client side.
pub mod registration {
pub use super::*;
pub use opaque_ke::{
ClientRegistration, ClientRegistrationFinishParameters, ClientRegistrationFinishResult,
ClientRegistrationStartResult, RegistrationResponse,
};
pub type ClientRegistration = opaque_ke::ClientRegistration<DefaultSuite>;
pub type ClientRegistrationStartResult = opaque_ke::ClientRegistrationStartResult<DefaultSuite>;
pub type ClientRegistrationFinishResult = opaque_ke::ClientRegistrationFinishResult<DefaultSuite>;
pub type RegistrationResponse = opaque_ke::RegistrationResponse<DefaultSuite>;
pub use opaque_ke::ClientRegistrationFinishParameters;
/// Initiate the registration negotiation.
pub fn start_registration<R: RngCore + CryptoRng>(
password: &str,
rng: &mut R,
) -> AuthenticationResult<ClientRegistrationStartResult<DefaultSuite>> {
Ok(ClientRegistration::<DefaultSuite>::start(
) -> AuthenticationResult<ClientRegistrationStartResult> {
Ok(ClientRegistration::start(
rng,
password.as_bytes(),
)?)
@ -112,10 +113,10 @@ pub mod client {
/// Finalize the registration negotiation.
pub fn finish_registration<R: RngCore + CryptoRng>(
registration_start: ClientRegistration<DefaultSuite>,
registration_response: RegistrationResponse<DefaultSuite>,
registration_start: ClientRegistration,
registration_response: RegistrationResponse,
rng: &mut R,
) -> AuthenticationResult<ClientRegistrationFinishResult<DefaultSuite>> {
) -> AuthenticationResult<ClientRegistrationFinishResult> {
Ok(registration_start.finish(
rng,
registration_response,
@ -127,17 +128,21 @@ pub mod client {
/// Methods to login, from the client side.
pub mod login {
pub use super::*;
pub type ClientLogin = opaque_ke::ClientLogin<DefaultSuite>;
pub type ClientLoginFinishResult = opaque_ke::ClientLoginFinishResult<DefaultSuite>;
pub type ClientLoginStartResult = opaque_ke::ClientLoginStartResult<DefaultSuite>;
pub type CredentialResponse = opaque_ke::CredentialResponse<DefaultSuite>;
pub use opaque_ke::{
ClientLogin, ClientLoginFinishParameters, ClientLoginFinishResult,
ClientLoginStartParameters, ClientLoginStartResult, CredentialResponse,
ClientLoginFinishParameters,
ClientLoginStartParameters,
};
/// Initiate the login negotiation.
pub fn start_login<R: RngCore + CryptoRng>(
password: &str,
rng: &mut R,
) -> AuthenticationResult<ClientLoginStartResult<DefaultSuite>> {
Ok(ClientLogin::<DefaultSuite>::start(
) -> AuthenticationResult<ClientLoginStartResult> {
Ok(ClientLogin::start(
rng,
password.as_bytes(),
ClientLoginStartParameters::default(),
@ -146,9 +151,9 @@ pub mod client {
/// Finalize the client login negotiation.
pub fn finish_login(
login_start: ClientLogin<DefaultSuite>,
login_response: CredentialResponse<DefaultSuite>,
) -> AuthenticationResult<ClientLoginFinishResult<DefaultSuite>> {
login_start: ClientLogin,
login_response: CredentialResponse,
) -> AuthenticationResult<ClientLoginFinishResult> {
Ok(login_start.finish(login_response, ClientLoginFinishParameters::default())?)
}
}
@ -159,20 +164,22 @@ pub mod client {
#[cfg(feature = "opaque_server")]
pub mod server {
pub use super::*;
pub use opaque_ke::ServerRegistration;
pub type ServerRegistration = opaque_ke::ServerRegistration<DefaultSuite>;
/// Methods to register a new user, from the server side.
pub mod registration {
pub use super::*;
pub use opaque_ke::{RegistrationRequest, RegistrationUpload, ServerRegistrationStartResult};
pub type RegistrationRequest = opaque_ke::RegistrationRequest<DefaultSuite>;
pub type RegistrationUpload = opaque_ke::RegistrationUpload<DefaultSuite>;
pub type ServerRegistrationStartResult = opaque_ke::ServerRegistrationStartResult<DefaultSuite>;
/// Start a registration process, from a request sent by the client.
///
/// The result must be kept for the next step.
pub fn start_registration<R: RngCore + CryptoRng>(
rng: &mut R,
registration_request: RegistrationRequest<DefaultSuite>,
registration_request: RegistrationRequest,
server_public_key: PublicKey<'_>,
) -> AuthenticationResult<ServerRegistrationStartResult<DefaultSuite>> {
Ok(ServerRegistration::<DefaultSuite>::start(
) -> AuthenticationResult<ServerRegistrationStartResult> {
Ok(ServerRegistration::start(
rng,
registration_request,
*server_public_key,
@ -181,9 +188,9 @@ pub mod server {
/// Finish to register a new user, and get the data to store in the database.
pub fn get_password_file(
registration_start: ServerRegistration<DefaultSuite>,
registration_upload: RegistrationUpload<DefaultSuite>,
) -> AuthenticationResult<ServerRegistration<DefaultSuite>> {
registration_start: ServerRegistration,
registration_upload: RegistrationUpload,
) -> AuthenticationResult<ServerRegistration> {
Ok(registration_start.finish(registration_upload)?)
}
}
@ -191,20 +198,22 @@ pub mod server {
/// Methods to handle user login, from the server-side.
pub mod login {
pub use super::*;
pub use opaque_ke::{
CredentialFinalization, CredentialRequest, ServerLogin, ServerLoginFinishResult,
ServerLoginStartParameters, ServerLoginStartResult,
};
pub type CredentialFinalization = opaque_ke::CredentialFinalization<DefaultSuite>;
pub type CredentialRequest = opaque_ke::CredentialRequest<DefaultSuite>;
pub type ServerLogin = opaque_ke::ServerLogin<DefaultSuite>;
pub type ServerLoginStartResult = opaque_ke::ServerLoginStartResult<DefaultSuite>;
pub type ServerLoginFinishResult = opaque_ke::ServerLoginFinishResult<DefaultSuite>;
pub use opaque_ke::ServerLoginStartParameters;
/// Start a login process, from a request sent by the client.
///
/// The result must be kept for the next step.
pub fn start_login<R: RngCore + CryptoRng>(
rng: &mut R,
password_file: ServerRegistration<DefaultSuite>,
password_file: ServerRegistration,
server_private_key: PrivateKey<'_>,
credential_request: CredentialRequest<DefaultSuite>,
) -> AuthenticationResult<ServerLoginStartResult<DefaultSuite>> {
credential_request: CredentialRequest,
) -> AuthenticationResult<ServerLoginStartResult> {
Ok(ServerLogin::start(
rng,
password_file,
@ -215,9 +224,9 @@ pub mod server {
}
/// Finish to authorize a new user, and get the session key to decrypt associated data.
pub fn finalize_login(
login_start: ServerLogin<DefaultSuite>,
credential_finalization: CredentialFinalization<DefaultSuite>,
pub fn finish_login(
login_start: ServerLogin,
credential_finalization: CredentialFinalization,
) -> AuthenticationResult<ServerLoginFinishResult> {
Ok(login_start.finish(credential_finalization)?)
}

View File

@ -24,7 +24,7 @@ impl SqlBackendHandler {
fn get_password_file(
clear_password: &str,
server_public_key: opaque::PublicKey<'_>,
) -> Result<opaque::server::ServerRegistration<opaque::DefaultSuite>> {
) -> Result<opaque::server::ServerRegistration> {
use opaque::{client, server};
let mut rng = rand::rngs::OsRng;
let client_register_start_result =
@ -53,11 +53,11 @@ fn passwords_match(
clear_password: &str,
server_private_key: opaque::PrivateKey<'_>,
) -> Result<()> {
use opaque::{client, client::login::*, server, server::login::*, DefaultSuite};
use opaque::{client, server};
let mut rng = rand::rngs::OsRng;
let client_login_start_result = client::login::start_login(clear_password, &mut rng)?;
let password_file = ServerRegistration::<DefaultSuite>::deserialize(password_file_bytes)
let password_file = server::ServerRegistration::deserialize(password_file_bytes)
.map_err(opaque::AuthenticationError::ProtocolError)?;
let server_login_start_result = server::login::start_login(
&mut rng,
@ -65,7 +65,7 @@ fn passwords_match(
server_private_key,
client_login_start_result.message,
)?;
finish_login(
client::login::finish_login(
client_login_start_result.state,
server_login_start_result.message,
)?;