diff options
author | Jesse Luehrs <doy@tozt.net> | 2020-05-03 00:21:07 -0400 |
---|---|---|
committer | Jesse Luehrs <doy@tozt.net> | 2020-05-03 00:56:21 -0400 |
commit | 047550f2368d134c9d5dca60aeb0b56fe151a323 (patch) | |
tree | 2ad014146d2214db42f550646379bb2dbd571ff1 /src/identity.rs | |
parent | ea6398d5951ef6a5811cf605bfa223b5b1ce08c4 (diff) | |
download | rbw-047550f2368d134c9d5dca60aeb0b56fe151a323.tar.gz rbw-047550f2368d134c9d5dca60aeb0b56fe151a323.zip |
move to ring for things that it supports
it doesn't support AES_256_CBC_HMAC_SHA256, so we can't move that over
yet (see https://github.com/briansmith/ring/issues/588)
Diffstat (limited to 'src/identity.rs')
-rw-r--r-- | src/identity.rs | 29 |
1 files changed, 19 insertions, 10 deletions
diff --git a/src/identity.rs b/src/identity.rs index 1baac0f..8415765 100644 --- a/src/identity.rs +++ b/src/identity.rs @@ -12,33 +12,42 @@ impl Identity { password: &crate::locked::Password, iterations: u32, ) -> Result<Self> { + let iterations = std::num::NonZeroU32::new(iterations) + .context(crate::error::Pbkdf2ZeroIterations)?; + let mut keys = crate::locked::Vec::new(); keys.extend(std::iter::repeat(0).take(64)); let enc_key = &mut keys.data_mut()[0..32]; - pbkdf2::pbkdf2::<hmac::Hmac<sha2::Sha256>>( - password.password(), + ring::pbkdf2::derive( + ring::pbkdf2::PBKDF2_HMAC_SHA256, + iterations, email.as_bytes(), - iterations as usize, + password.password(), enc_key, ); let mut hash = crate::locked::Vec::new(); hash.extend(std::iter::repeat(0).take(32)); - pbkdf2::pbkdf2::<hmac::Hmac<sha2::Sha256>>( - enc_key, + ring::pbkdf2::derive( + ring::pbkdf2::PBKDF2_HMAC_SHA256, + std::num::NonZeroU32::new(1).unwrap(), password.password(), - 1, + enc_key, hash.data_mut(), ); - let hkdf = hkdf::Hkdf::<sha2::Sha256>::from_prk(enc_key) - .map_err(|_| Error::HkdfFromPrk)?; - hkdf.expand(b"enc", enc_key) + let hkdf = + ring::hkdf::Prk::new_less_safe(ring::hkdf::HKDF_SHA256, enc_key); + hkdf.expand(&[b"enc"], ring::hkdf::HKDF_SHA256) + .map_err(|_| Error::HkdfExpand)? + .fill(enc_key) .map_err(|_| Error::HkdfExpand)?; let mac_key = &mut keys.data_mut()[32..64]; - hkdf.expand(b"mac", mac_key) + hkdf.expand(&[b"mac"], ring::hkdf::HKDF_SHA256) + .map_err(|_| Error::HkdfExpand)? + .fill(mac_key) .map_err(|_| Error::HkdfExpand)?; let keys = crate::locked::Keys::new(keys); |