diff options
| author | Bernd Schoolmann <mail@quexten.com> | 2023-03-26 04:20:00 +0200 |
|---|---|---|
| committer | Bernd Schoolmann <mail@quexten.com> | 2023-03-26 04:28:19 +0200 |
| commit | 7b57f928e5fb345e02f6101d07d5cbbc7e540458 (patch) | |
| tree | 5207ee6eab126594e2b2af4a12af09ec97165e5c | |
| parent | fe9cabecd673eb5d409c764ebaf7a76cdcb47139 (diff) | |
| download | rbw-7b57f928e5fb345e02f6101d07d5cbbc7e540458.tar.gz rbw-7b57f928e5fb345e02f6101d07d5cbbc7e540458.zip | |
Switch argon2 implementation to rustcrypto
| -rw-r--r-- | Cargo.lock | 79 | ||||
| -rw-r--r-- | Cargo.toml | 2 | ||||
| -rw-r--r-- | src/identity.rs | 30 |
3 files changed, 41 insertions, 70 deletions
@@ -40,10 +40,15 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "224afbd727c3d6e4b90103ece64b8d1b67fbb1973b1046c2281eed3f3803f800" [[package]] -name = "arrayref" -version = "0.3.6" +name = "argon2" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4c527152e37cf757a3f78aae5a06fbeefdb07ccc535c980a3208ee3060dd544" +checksum = "95c2fcf79ad1932ac6269a738109997a83c227c09b75842ae564dc8ede6a861c" +dependencies = [ + "base64ct", + "blake2", + "password-hash", +] [[package]] name = "arrayvec" @@ -76,12 +81,6 @@ checksum = "23ce669cd6c8588f79e15cf450314f9638f967fc5770ff1c7c1deb0925ea7cfa" [[package]] name = "base64" -version = "0.13.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8" - -[[package]] -name = "base64" version = "0.21.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a4a4ddaa51a5bc52a6948f74c06d20aaaddb71924eab79b8c97a8c556e942d6a" @@ -99,14 +98,12 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] -name = "blake2b_simd" -version = "1.0.1" +name = "blake2" +version = "0.10.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3c2f0dc9a68c6317d884f97cc36cf5a3d20ba14ce404227df55e1af708ab04bc" +checksum = "46502ad458c9a52b69d4d4d32775c788b7a1b85e8bc9d482d92250fc0e3f8efe" dependencies = [ - "arrayref", - "arrayvec", - "constant_time_eq 0.2.5", + "digest", ] [[package]] @@ -230,18 +227,6 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "520fbf3c07483f94e3e3ca9d0cfd913d7718ef2483d2cfd91c0d9e91474ab913" [[package]] -name = "constant_time_eq" -version = "0.1.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "245097e9a4535ee1e3e3931fcfcd55a796a44c643e8596ff6566d68f09b87bbc" - -[[package]] -name = "constant_time_eq" -version = "0.2.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "13418e745008f7349ec7e449155f419a61b92b58a99cc3616942b926825ec76b" - -[[package]] name = "core-foundation" version = "0.9.3" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -267,15 +252,6 @@ dependencies = [ ] [[package]] -name = "crossbeam-utils" -version = "0.8.15" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3c063cd8cc95f5c377ed0d4b49a4b21f632396ff690e8470c29b3359b346984b" -dependencies = [ - "cfg-if", -] - -[[package]] name = "crypto-common" version = "0.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -901,6 +877,17 @@ dependencies = [ ] [[package]] +name = "password-hash" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "346f04948ba92c43e8469c1ee6736c7563d71012b17d40745260fe106aac2166" +dependencies = [ + "base64ct", + "rand_core", + "subtle", +] + +[[package]] name = "pbkdf2" version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -1043,10 +1030,11 @@ version = "1.6.0" dependencies = [ "aes", "anyhow", + "argon2", "arrayvec", "async-trait", "base32", - "base64 0.21.0", + "base64", "block-padding", "cbc", "clap", @@ -1067,7 +1055,6 @@ dependencies = [ "region", "reqwest", "rsa", - "rust-argon2", "serde", "serde_json", "serde_path_to_error", @@ -1140,7 +1127,7 @@ version = "0.11.14" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "21eed90ec8570952d53b772ecf8f206aa1ec9a3d76b2521c56c42973f2d91ee9" dependencies = [ - "base64 0.21.0", + "base64", "bytes", "encoding_rs", "futures-core", @@ -1209,18 +1196,6 @@ dependencies = [ ] [[package]] -name = "rust-argon2" -version = "1.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b50162d19404029c1ceca6f6980fe40d45c8b369f6f44446fa14bb39573b5bb9" -dependencies = [ - "base64 0.13.1", - "blake2b_simd", - "constant_time_eq 0.1.5", - "crossbeam-utils", -] - -[[package]] name = "rustix" version = "0.36.9" source = "registry+https://github.com/rust-lang/crates.io-index" @@ -1264,7 +1239,7 @@ version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d194b56d58803a43635bdc398cd17e383d6f71f9182b9a192c127ca42494a59b" dependencies = [ - "base64 0.21.0", + "base64", ] [[package]] @@ -15,6 +15,7 @@ include = ["src/**/*", "bin/**/*", "LICENSE", "README.md", "CHANGELOG.md"] [dependencies] aes = "0.8.2" anyhow = "1.0.69" +argon2 = "0.5.0" arrayvec = "0.7.2" async-trait = "0.1.66" base32 = "0.4.0" @@ -39,7 +40,6 @@ rand = "0.8.5" region = "3.0.0" reqwest = { version = "0.11.14", default-features = false, features = ["blocking", "json", "rustls-tls-native-roots"] } rsa = "0.8.2" -rust-argon2 = "1.0.0" serde = { version = "1.0.154", features = ["derive"] } serde_json = "1.0.94" serde_path_to_error = "0.1.10" diff --git a/src/identity.rs b/src/identity.rs index 3637d75..9bc435f 100644 --- a/src/identity.rs +++ b/src/identity.rs @@ -1,8 +1,6 @@ use crate::{prelude::*, api::KdfType}; use sha2::Digest; -extern crate argon2; -use argon2::{Config, ThreadMode, Variant, Version}; - +use argon2::Argon2; pub struct Identity { pub email: String, pub keys: crate::locked::Keys, @@ -40,21 +38,19 @@ impl Identity { KdfType::Argon2id => { let mut hasher = sha2::Sha256::new(); hasher.update(email.as_bytes()); - let salt = hasher.finalize(); + let mut salt = hasher.finalize(); - let config = Config { - variant: Variant::Argon2id, - version: Version::Version13, - mem_cost: memory.unwrap() * 1024, - time_cost: iterations.get(), - lanes: parallelism.unwrap(), - thread_mode: ThreadMode::Parallel, - secret: &[], - ad: &[], - hash_length: 32 - }; - let hash = argon2::hash_raw(password.password(), &salt[..], &config).map_err(|_| Error::Argon2)?; - enc_key.copy_from_slice(&hash); + let mut output_key_material = [0u8]; + let argon2_config = Argon2::new( + argon2::Algorithm::Argon2id, + argon2::Version::V0x13, + argon2::Params::new(memory.unwrap() * 1024, + iterations.get(), + parallelism.unwrap(), + Some(32)).unwrap()); + argon2::Argon2::hash_password_into(&argon2_config, password.password(), &mut salt, &mut output_key_material) + .map_err(|_| Error::Argon2)?; + enc_key.copy_from_slice(&output_key_material); } }; |