diff options
author | Jesse Luehrs <doy@tozt.net> | 2023-03-25 22:01:37 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-03-25 22:01:37 -0500 |
commit | c12c7643779bc495ff5f26cfe0e924586ced3f2c (patch) | |
tree | 5207ee6eab126594e2b2af4a12af09ec97165e5c /src/identity.rs | |
parent | 2f9bd4eb45c57ce8e8d3011d7660223c05b50f98 (diff) | |
parent | 7b57f928e5fb345e02f6101d07d5cbbc7e540458 (diff) | |
download | rbw-c12c7643779bc495ff5f26cfe0e924586ced3f2c.tar.gz rbw-c12c7643779bc495ff5f26cfe0e924586ced3f2c.zip |
Merge pull request #109 from quexten/feature/argon2
Implement argon2 kdf
Diffstat (limited to 'src/identity.rs')
-rw-r--r-- | src/identity.rs | 45 |
1 files changed, 36 insertions, 9 deletions
diff --git a/src/identity.rs b/src/identity.rs index 8a5dc61..9bc435f 100644 --- a/src/identity.rs +++ b/src/identity.rs @@ -1,5 +1,6 @@ -use crate::prelude::*; - +use crate::{prelude::*, api::KdfType}; +use sha2::Digest; +use argon2::Argon2; pub struct Identity { pub email: String, pub keys: crate::locked::Keys, @@ -10,7 +11,10 @@ impl Identity { pub fn new( email: &str, password: &crate::locked::Password, + kdf: KdfType, iterations: u32, + memory: Option<u32>, + parallelism: Option<u32>, ) -> Result<Self> { let iterations = std::num::NonZeroU32::new(iterations) .ok_or(Error::Pbkdf2ZeroIterations)?; @@ -19,14 +23,37 @@ impl Identity { keys.extend(std::iter::repeat(0).take(64)); let enc_key = &mut keys.data_mut()[0..32]; - pbkdf2::pbkdf2::<hmac::Hmac<sha2::Sha256>>( - password.password(), - email.as_bytes(), - iterations.get(), - enc_key, - ) - .map_err(|_| Error::Pbkdf2)?; + match kdf { + KdfType::Pbkdf2 => { + pbkdf2::pbkdf2::<hmac::Hmac<sha2::Sha256>>( + password.password(), + email.as_bytes(), + iterations.get(), + enc_key, + ) + .map_err(|_| Error::Pbkdf2)?; + } + + KdfType::Argon2id => { + let mut hasher = sha2::Sha256::new(); + hasher.update(email.as_bytes()); + let mut salt = hasher.finalize(); + + let mut output_key_material = [0u8]; + let argon2_config = Argon2::new( + argon2::Algorithm::Argon2id, + argon2::Version::V0x13, + argon2::Params::new(memory.unwrap() * 1024, + iterations.get(), + parallelism.unwrap(), + Some(32)).unwrap()); + argon2::Argon2::hash_password_into(&argon2_config, password.password(), &mut salt, &mut output_key_material) + .map_err(|_| Error::Argon2)?; + enc_key.copy_from_slice(&output_key_material); + } + }; + let mut hash = crate::locked::Vec::new(); hash.extend(std::iter::repeat(0).take(32)); pbkdf2::pbkdf2::<hmac::Hmac<sha2::Sha256>>( |