diff options
Diffstat (limited to 'src/identity.rs')
-rw-r--r-- | src/identity.rs | 45 |
1 files changed, 36 insertions, 9 deletions
diff --git a/src/identity.rs b/src/identity.rs index 8a5dc61..9bc435f 100644 --- a/src/identity.rs +++ b/src/identity.rs @@ -1,5 +1,6 @@ -use crate::prelude::*; - +use crate::{prelude::*, api::KdfType}; +use sha2::Digest; +use argon2::Argon2; pub struct Identity { pub email: String, pub keys: crate::locked::Keys, @@ -10,7 +11,10 @@ impl Identity { pub fn new( email: &str, password: &crate::locked::Password, + kdf: KdfType, iterations: u32, + memory: Option<u32>, + parallelism: Option<u32>, ) -> Result<Self> { let iterations = std::num::NonZeroU32::new(iterations) .ok_or(Error::Pbkdf2ZeroIterations)?; @@ -19,14 +23,37 @@ impl Identity { keys.extend(std::iter::repeat(0).take(64)); let enc_key = &mut keys.data_mut()[0..32]; - pbkdf2::pbkdf2::<hmac::Hmac<sha2::Sha256>>( - password.password(), - email.as_bytes(), - iterations.get(), - enc_key, - ) - .map_err(|_| Error::Pbkdf2)?; + match kdf { + KdfType::Pbkdf2 => { + pbkdf2::pbkdf2::<hmac::Hmac<sha2::Sha256>>( + password.password(), + email.as_bytes(), + iterations.get(), + enc_key, + ) + .map_err(|_| Error::Pbkdf2)?; + } + + KdfType::Argon2id => { + let mut hasher = sha2::Sha256::new(); + hasher.update(email.as_bytes()); + let mut salt = hasher.finalize(); + + let mut output_key_material = [0u8]; + let argon2_config = Argon2::new( + argon2::Algorithm::Argon2id, + argon2::Version::V0x13, + argon2::Params::new(memory.unwrap() * 1024, + iterations.get(), + parallelism.unwrap(), + Some(32)).unwrap()); + argon2::Argon2::hash_password_into(&argon2_config, password.password(), &mut salt, &mut output_key_material) + .map_err(|_| Error::Argon2)?; + enc_key.copy_from_slice(&output_key_material); + } + }; + let mut hash = crate::locked::Vec::new(); hash.extend(std::iter::repeat(0).take(32)); pbkdf2::pbkdf2::<hmac::Hmac<sha2::Sha256>>( |