From f918debc2ee56d324f84f7854659a4662298b25c Mon Sep 17 00:00:00 2001 From: Valentin Tolmer Date: Tue, 15 Jun 2021 10:12:41 +0200 Subject: [PATCH] Simplify opaque types --- Cargo.lock | 8 +- Cargo.toml | 6 +- app/Cargo.lock | 8 +- model/Cargo.lock | 154 +++++++++++++++--------------- model/Cargo.toml | 9 +- model/src/opaque.rs | 77 ++++++++------- src/domain/sql_backend_handler.rs | 8 +- 7 files changed, 149 insertions(+), 121 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 80c35b3..32338bf 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1369,6 +1369,7 @@ dependencies = [ "serde", "sha2", "sqlx", + "sqlx-core", "thiserror", ] @@ -1677,10 +1678,10 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" [[package]] name = "opaque-ke" -version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c5e93081243e35cb270a2812883dcba34121c8d4054f6869149f2c3f7db10e3" +version = "0.5.1-pre.1" +source = "git+https://github.com/novifinancial/opaque-ke?rev=cd85efc603f5d98ed794cdd56a6e59236cce3d32#cd85efc603f5d98ed794cdd56a6e59236cce3d32" dependencies = [ + "base64", "curve25519-dalek", "digest", "displaydoc", @@ -1689,6 +1690,7 @@ dependencies = [ "hkdf", "hmac", "rand 0.8.3", + "serde", "subtle", "thiserror", "zeroize", diff --git a/Cargo.toml b/Cargo.toml index d9735fc..b0505b6 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -25,7 +25,6 @@ jwt = "0.13" ldap3_server = "*" lldap_model = { path = "model" } log = "*" -opaque-ke = "0.5" serde = "*" serde_json = "1" sha2 = "0.9" @@ -40,6 +39,11 @@ tracing-log = "*" tracing-subscriber = "*" rand = { version = "0.8", features = ["small_rng", "getrandom"] } +# TODO: update to 0.6 when out. +[dependencies.opaque-ke] +git = "https://github.com/novifinancial/opaque-ke" +rev = "cd85efc603f5d98ed794cdd56a6e59236cce3d32" + [dependencies.sqlx] version = "0.5.1" features = [ diff --git a/app/Cargo.lock b/app/Cargo.lock index 81c3e4d..19b3a0c 100644 --- a/app/Cargo.lock +++ b/app/Cargo.lock @@ -777,6 +777,7 @@ dependencies = [ "serde", "sha2", "sqlx", + "sqlx-core", "thiserror", ] @@ -995,10 +996,10 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" [[package]] name = "opaque-ke" -version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c5e93081243e35cb270a2812883dcba34121c8d4054f6869149f2c3f7db10e3" +version = "0.5.1-pre.1" +source = "git+https://github.com/novifinancial/opaque-ke?rev=cd85efc603f5d98ed794cdd56a6e59236cce3d32#cd85efc603f5d98ed794cdd56a6e59236cce3d32" dependencies = [ + "base64", "curve25519-dalek", "digest", "displaydoc", @@ -1007,6 +1008,7 @@ dependencies = [ "hkdf", "hmac", "rand 0.8.4", + "serde", "subtle", "thiserror", "zeroize", diff --git a/model/Cargo.lock b/model/Cargo.lock index 3bdd039..4f47bf7 100644 --- a/model/Cargo.lock +++ b/model/Cargo.lock @@ -20,9 +20,9 @@ checksum = "739f4a8db6605981345c5654f3a85b056ce52f37a39d34da03f25bf2151ea16e" [[package]] name = "ahash" -version = "0.7.2" +version = "0.6.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7f200cbb1e856866d9eade941cf3aa0c5d7dd36f74311c4273b494f4ef036957" +checksum = "796540673305a66d127804eef19ad696f1f204b8c1025aaca4958c17eab32877" dependencies = [ "getrandom 0.2.2", "once_cell", @@ -268,26 +268,6 @@ dependencies = [ "generic-array", ] -[[package]] -name = "dirs" -version = "3.0.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "30baa043103c9d0c2a57cf537cc2f35623889dc0d405e6c3cccfadbc81c71309" -dependencies = [ - "dirs-sys", -] - -[[package]] -name = "dirs-sys" -version = "0.3.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "03d86534ed367a67548dc68113a0f5db55432fdfbb6e6f9d77704397d95d5780" -dependencies = [ - "libc", - "redox_users", - "winapi", -] - [[package]] name = "displaydoc" version = "0.1.7" @@ -612,9 +592,9 @@ checksum = "c7d73b3f436185384286bd8098d17ec07c9a7d2388a6599f824d8502b529702a" [[package]] name = "libsqlite3-sys" -version = "0.22.2" +version = "0.20.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "290b64917f8b0cb885d9de0f9959fe1f775d7fa12f1da2db9001c1c8ab60f89d" +checksum = "64d31059f22935e6c31830db5249ba2b7ecd54fd73a9909286f0a67aa55c2fbd" dependencies = [ "cc", "pkg-config", @@ -631,11 +611,12 @@ dependencies = [ "generic-array", "getrandom 0.2.2", "opaque-ke", - "rand", + "rand 0.8.3", "rust-argon2", "serde", "sha2", "sqlx", + "sqlx-core", "thiserror", ] @@ -748,6 +729,17 @@ dependencies = [ "winapi", ] +[[package]] +name = "num-bigint" +version = "0.2.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "090c7f9998ee0ff65aa5b723e4009f7b217707f1fb5ea551329cc4d6231fb304" +dependencies = [ + "autocfg 1.0.1", + "num-integer", + "num-traits", +] + [[package]] name = "num-bigint" version = "0.3.2" @@ -759,22 +751,11 @@ dependencies = [ "num-traits", ] -[[package]] -name = "num-bigint" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4e0d047c1062aa51e256408c560894e5251f08925980e53cf1aa5bd00eec6512" -dependencies = [ - "autocfg 1.0.1", - "num-integer", - "num-traits", -] - [[package]] name = "num-bigint-dig" -version = "0.7.0" +version = "0.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4547ee5541c18742396ae2c895d0717d0f886d8823b8399cdaf7b07d63ad0480" +checksum = "5d51546d704f52ef14b3c962b5776e53d5b862e5790e40a350d366c209bd7f7a" dependencies = [ "autocfg 0.1.7", "byteorder", @@ -783,7 +764,8 @@ dependencies = [ "num-integer", "num-iter", "num-traits", - "rand", + "rand 0.7.3", + "serde", "smallvec", "zeroize", ] @@ -816,7 +798,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "9a64b1ec5cda2586e284722486d802acf1f7dbdc623e2bfc57e65ca1cd099290" dependencies = [ "autocfg 1.0.1", - "libm", ] [[package]] @@ -843,10 +824,10 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" [[package]] name = "opaque-ke" -version = "0.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4c5e93081243e35cb270a2812883dcba34121c8d4054f6869149f2c3f7db10e3" +version = "0.5.1-pre.1" +source = "git+https://github.com/novifinancial/opaque-ke?rev=cd85efc603f5d98ed794cdd56a6e59236cce3d32#cd85efc603f5d98ed794cdd56a6e59236cce3d32" dependencies = [ + "base64", "curve25519-dalek", "digest", "displaydoc", @@ -854,7 +835,8 @@ dependencies = [ "generic-bytes", "hkdf", "hmac", - "rand", + "rand 0.8.3", + "serde", "subtle", "thiserror", "zeroize", @@ -995,6 +977,19 @@ version = "0.5.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "941ba9d78d8e2f7ce474c015eea4d9c6d25b6a3327f9832ee29a4de27f91bbb8" +[[package]] +name = "rand" +version = "0.7.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6a6b1679d49b24bbfe0c803429aa1874472f50d9b363131f0e89fc356b544d03" +dependencies = [ + "getrandom 0.1.16", + "libc", + "rand_chacha 0.2.2", + "rand_core 0.5.1", + "rand_hc 0.2.0", +] + [[package]] name = "rand" version = "0.8.3" @@ -1002,9 +997,19 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0ef9e7e66b4468674bfcb0c81af8b7fa0bb154fa9f28eb840da5c447baeb8d7e" dependencies = [ "libc", - "rand_chacha", + "rand_chacha 0.3.0", "rand_core 0.6.2", - "rand_hc", + "rand_hc 0.3.0", +] + +[[package]] +name = "rand_chacha" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f4c8ed856279c9737206bf725bf36935d8666ead7aa69b52be55af369d193402" +dependencies = [ + "ppv-lite86", + "rand_core 0.5.1", ] [[package]] @@ -1035,6 +1040,15 @@ dependencies = [ "getrandom 0.2.2", ] +[[package]] +name = "rand_hc" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ca3129af7b92a17112d59ad498c6f81eaf463253766b90396d39ea7a39d6613c" +dependencies = [ + "rand_core 0.5.1", +] + [[package]] name = "rand_hc" version = "0.3.0" @@ -1053,16 +1067,6 @@ dependencies = [ "bitflags", ] -[[package]] -name = "redox_users" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "528532f3d801c87aec9def2add9ca802fe569e44a544afe633765267840abe64" -dependencies = [ - "getrandom 0.2.2", - "redox_syscall", -] - [[package]] name = "regex" version = "1.5.4" @@ -1091,9 +1095,9 @@ dependencies = [ [[package]] name = "rsa" -version = "0.4.0" +version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "68ef841a26fc5d040ced0417c6c6a64ee851f42489df11cdf0218e545b6f8d28" +checksum = "3648b669b10afeab18972c105e284a7b953a669b0be3514c27f9b17acab2f9cd" dependencies = [ "byteorder", "digest", @@ -1103,9 +1107,11 @@ dependencies = [ "num-iter", "num-traits", "pem", - "rand", + "rand 0.7.3", + "sha2", "simple_asn1", "subtle", + "thiserror", "zeroize", ] @@ -1234,14 +1240,13 @@ dependencies = [ [[package]] name = "simple_asn1" -version = "0.5.2" +version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e0e9076e5242ff5a58e854cb478ea9caebce01088f86d3d9c6ad336b7655263" +checksum = "692ca13de57ce0613a363c8c2f1de925adebc81b04c923ac60c5488bb44abe4b" dependencies = [ "chrono", - "num-bigint 0.4.0", + "num-bigint 0.2.6", "num-traits", - "thiserror", ] [[package]] @@ -1277,9 +1282,9 @@ dependencies = [ [[package]] name = "sqlx" -version = "0.5.2" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d582b9bc04ec6c03084196efc42c2226b018e9941f03ee62bd88921d500917c0" +checksum = "c2739d54a2ae9fdd0f545cb4e4b5574efb95e2ec71b7f921678e246fb20dcaaf" dependencies = [ "sqlx-core", "sqlx-macros", @@ -1287,11 +1292,11 @@ dependencies = [ [[package]] name = "sqlx-core" -version = "0.5.2" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "de52d1d473cebb2abb79c886ef6a8023e965e34c0676a99cfeac2cc7f0fde4c1" +checksum = "b1cad9cae4ca8947eba1a90e8ec7d3c59e7a768e2f120dc9013b669c34a90711" dependencies = [ - "ahash 0.7.2", + "ahash 0.6.3", "atoi", "base64", "bitflags", @@ -1303,7 +1308,6 @@ dependencies = [ "crossbeam-queue", "crossbeam-utils", "digest", - "dirs", "either", "futures-channel", "futures-core", @@ -1322,7 +1326,7 @@ dependencies = [ "once_cell", "parking_lot", "percent-encoding", - "rand", + "rand 0.7.3", "rsa", "serde", "serde_json", @@ -1340,9 +1344,9 @@ dependencies = [ [[package]] name = "sqlx-macros" -version = "0.5.2" +version = "0.5.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1a40f0be97e704d3fbf059e7e3333c3735639146a72d586c5534c70e79da88a4" +checksum = "01caee2b3935b4efe152f3262afbe51546ce3b1fc27ad61014e1b3cf5f55366e" dependencies = [ "dotenv", "either", @@ -1359,9 +1363,9 @@ dependencies = [ [[package]] name = "sqlx-rt" -version = "0.5.2" +version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b6ae97ab05063ed515cdc23d90253213aa24dda0a288c5ec079af3d10f9771bc" +checksum = "4ce2e16b6774c671cc183e1d202386fdf9cde1e8468c1894a7f2a63eb671c4f4" dependencies = [ "actix-rt", "native-tls", @@ -1429,7 +1433,7 @@ checksum = "dac1c663cfc93810f88aed9b8941d48cabf856a1b111c29a40439018d870eb22" dependencies = [ "cfg-if", "libc", - "rand", + "rand 0.8.3", "redox_syscall", "remove_dir_all", "winapi", diff --git a/model/Cargo.toml b/model/Cargo.toml index 8698081..13cc4bb 100644 --- a/model/Cargo.toml +++ b/model/Cargo.toml @@ -15,12 +15,16 @@ rust-argon2 = "0.8" curve25519-dalek = "3" digest = "*" generic-array = "*" -opaque-ke = "0.5" rand = "0.8" serde = "*" sha2 = "0.9" thiserror = "*" +# TODO: update to 0.6 when out. +[dependencies.opaque-ke] +git = "https://github.com/novifinancial/opaque-ke" +rev = "cd85efc603f5d98ed794cdd56a6e59236cce3d32" + [dependencies.chrono] version = "*" features = [ "serde" ] @@ -37,6 +41,9 @@ features = [ "sqlite", ] +[target.'cfg(not(target_arch = "wasm32"))'.dependencies.sqlx-core] +version = "=0.5.1" + # For WASM targets, use the JS getrandom. [target.'cfg(not(target_arch = "wasm32"))'.dependencies.getrandom] version = "0.2" diff --git a/model/src/opaque.rs b/model/src/opaque.rs index cc11ee2..eb28a8b 100644 --- a/model/src/opaque.rs +++ b/model/src/opaque.rs @@ -95,16 +95,17 @@ pub mod client { /// Methods to register a new user, from the client side. pub mod registration { pub use super::*; - pub use opaque_ke::{ - ClientRegistration, ClientRegistrationFinishParameters, ClientRegistrationFinishResult, - ClientRegistrationStartResult, RegistrationResponse, - }; + pub type ClientRegistration = opaque_ke::ClientRegistration; + pub type ClientRegistrationStartResult = opaque_ke::ClientRegistrationStartResult; + pub type ClientRegistrationFinishResult = opaque_ke::ClientRegistrationFinishResult; + pub type RegistrationResponse = opaque_ke::RegistrationResponse; + pub use opaque_ke::ClientRegistrationFinishParameters; /// Initiate the registration negotiation. pub fn start_registration( password: &str, rng: &mut R, - ) -> AuthenticationResult> { - Ok(ClientRegistration::::start( + ) -> AuthenticationResult { + Ok(ClientRegistration::start( rng, password.as_bytes(), )?) @@ -112,10 +113,10 @@ pub mod client { /// Finalize the registration negotiation. pub fn finish_registration( - registration_start: ClientRegistration, - registration_response: RegistrationResponse, + registration_start: ClientRegistration, + registration_response: RegistrationResponse, rng: &mut R, - ) -> AuthenticationResult> { + ) -> AuthenticationResult { Ok(registration_start.finish( rng, registration_response, @@ -127,17 +128,21 @@ pub mod client { /// Methods to login, from the client side. pub mod login { pub use super::*; + pub type ClientLogin = opaque_ke::ClientLogin; + pub type ClientLoginFinishResult = opaque_ke::ClientLoginFinishResult; + pub type ClientLoginStartResult = opaque_ke::ClientLoginStartResult; + pub type CredentialResponse = opaque_ke::CredentialResponse; pub use opaque_ke::{ - ClientLogin, ClientLoginFinishParameters, ClientLoginFinishResult, - ClientLoginStartParameters, ClientLoginStartResult, CredentialResponse, + ClientLoginFinishParameters, + ClientLoginStartParameters, }; /// Initiate the login negotiation. pub fn start_login( password: &str, rng: &mut R, - ) -> AuthenticationResult> { - Ok(ClientLogin::::start( + ) -> AuthenticationResult { + Ok(ClientLogin::start( rng, password.as_bytes(), ClientLoginStartParameters::default(), @@ -146,9 +151,9 @@ pub mod client { /// Finalize the client login negotiation. pub fn finish_login( - login_start: ClientLogin, - login_response: CredentialResponse, - ) -> AuthenticationResult> { + login_start: ClientLogin, + login_response: CredentialResponse, + ) -> AuthenticationResult { Ok(login_start.finish(login_response, ClientLoginFinishParameters::default())?) } } @@ -159,20 +164,22 @@ pub mod client { #[cfg(feature = "opaque_server")] pub mod server { pub use super::*; - pub use opaque_ke::ServerRegistration; + pub type ServerRegistration = opaque_ke::ServerRegistration; /// Methods to register a new user, from the server side. pub mod registration { pub use super::*; - pub use opaque_ke::{RegistrationRequest, RegistrationUpload, ServerRegistrationStartResult}; + pub type RegistrationRequest = opaque_ke::RegistrationRequest; + pub type RegistrationUpload = opaque_ke::RegistrationUpload; + pub type ServerRegistrationStartResult = opaque_ke::ServerRegistrationStartResult; /// Start a registration process, from a request sent by the client. /// /// The result must be kept for the next step. pub fn start_registration( rng: &mut R, - registration_request: RegistrationRequest, + registration_request: RegistrationRequest, server_public_key: PublicKey<'_>, - ) -> AuthenticationResult> { - Ok(ServerRegistration::::start( + ) -> AuthenticationResult { + Ok(ServerRegistration::start( rng, registration_request, *server_public_key, @@ -181,9 +188,9 @@ pub mod server { /// Finish to register a new user, and get the data to store in the database. pub fn get_password_file( - registration_start: ServerRegistration, - registration_upload: RegistrationUpload, - ) -> AuthenticationResult> { + registration_start: ServerRegistration, + registration_upload: RegistrationUpload, + ) -> AuthenticationResult { Ok(registration_start.finish(registration_upload)?) } } @@ -191,20 +198,22 @@ pub mod server { /// Methods to handle user login, from the server-side. pub mod login { pub use super::*; - pub use opaque_ke::{ - CredentialFinalization, CredentialRequest, ServerLogin, ServerLoginFinishResult, - ServerLoginStartParameters, ServerLoginStartResult, - }; + pub type CredentialFinalization = opaque_ke::CredentialFinalization; + pub type CredentialRequest = opaque_ke::CredentialRequest; + pub type ServerLogin = opaque_ke::ServerLogin; + pub type ServerLoginStartResult = opaque_ke::ServerLoginStartResult; + pub type ServerLoginFinishResult = opaque_ke::ServerLoginFinishResult; + pub use opaque_ke::ServerLoginStartParameters; /// Start a login process, from a request sent by the client. /// /// The result must be kept for the next step. pub fn start_login( rng: &mut R, - password_file: ServerRegistration, + password_file: ServerRegistration, server_private_key: PrivateKey<'_>, - credential_request: CredentialRequest, - ) -> AuthenticationResult> { + credential_request: CredentialRequest, + ) -> AuthenticationResult { Ok(ServerLogin::start( rng, password_file, @@ -215,9 +224,9 @@ pub mod server { } /// Finish to authorize a new user, and get the session key to decrypt associated data. - pub fn finalize_login( - login_start: ServerLogin, - credential_finalization: CredentialFinalization, + pub fn finish_login( + login_start: ServerLogin, + credential_finalization: CredentialFinalization, ) -> AuthenticationResult { Ok(login_start.finish(credential_finalization)?) } diff --git a/src/domain/sql_backend_handler.rs b/src/domain/sql_backend_handler.rs index f767ecd..73735cc 100644 --- a/src/domain/sql_backend_handler.rs +++ b/src/domain/sql_backend_handler.rs @@ -24,7 +24,7 @@ impl SqlBackendHandler { fn get_password_file( clear_password: &str, server_public_key: opaque::PublicKey<'_>, -) -> Result> { +) -> Result { use opaque::{client, server}; let mut rng = rand::rngs::OsRng; let client_register_start_result = @@ -53,11 +53,11 @@ fn passwords_match( clear_password: &str, server_private_key: opaque::PrivateKey<'_>, ) -> Result<()> { - use opaque::{client, client::login::*, server, server::login::*, DefaultSuite}; + use opaque::{client, server}; let mut rng = rand::rngs::OsRng; let client_login_start_result = client::login::start_login(clear_password, &mut rng)?; - let password_file = ServerRegistration::::deserialize(password_file_bytes) + let password_file = server::ServerRegistration::deserialize(password_file_bytes) .map_err(opaque::AuthenticationError::ProtocolError)?; let server_login_start_result = server::login::start_login( &mut rng, @@ -65,7 +65,7 @@ fn passwords_match( server_private_key, client_login_start_result.message, )?; - finish_login( + client::login::finish_login( client_login_start_result.state, server_login_start_result.message, )?;