implement signed session data
This commit is contained in:
84
src/shared/opaque.rs
Normal file
84
src/shared/opaque.rs
Normal file
@@ -0,0 +1,84 @@
|
||||
use opaque_ke::{Ristretto255, TripleDh, ServerSetup, CredentialResponse, RegistrationUploadLen, RegistrationResponse};
|
||||
use opaque_ke::keypair::{OprfSeed, PrivateKey};
|
||||
use sha2::Sha512;
|
||||
use opaque_ke::CipherSuite;
|
||||
use opaque_ke::argon2::Argon2;
|
||||
use opaque_ke::generic_array::GenericArray;
|
||||
use uuid::Uuid;
|
||||
use nkode_rs::nkode_core::chacha20prng::SecretKey;
|
||||
use zeroize::Zeroizing;
|
||||
use nkode_rs::from_bytes::FromBytes;
|
||||
use rand::RngCore;
|
||||
use rand::rngs::OsRng;
|
||||
|
||||
const USER_KEY_SIZE: usize = 16;
|
||||
|
||||
#[derive(Clone, Eq, PartialEq)]
|
||||
pub struct UserSecretKey(Zeroizing<[u8; USER_KEY_SIZE]>);
|
||||
|
||||
impl UserSecretKey {
|
||||
|
||||
pub fn new() -> Self {
|
||||
let mut rng = OsRng;
|
||||
let mut secret_key = [0u8; USER_KEY_SIZE];
|
||||
rng.fill_bytes(&mut secret_key);
|
||||
Self(Zeroizing::new(secret_key))
|
||||
}
|
||||
|
||||
pub fn chacha20_secret_key(&self) -> SecretKey {
|
||||
let out = blake3::derive_key("your-app chacha20 secret key v1", &self.0.as_slice());
|
||||
SecretKey::from_bytes(&out).unwrap()
|
||||
}
|
||||
|
||||
pub fn as_slice(&self) -> &[u8] {
|
||||
self.0.as_slice()
|
||||
}
|
||||
}
|
||||
|
||||
impl FromBytes<USER_KEY_SIZE> for UserSecretKey {
|
||||
fn from_array(arr: [u8; USER_KEY_SIZE]) -> Self {
|
||||
Self(Zeroizing::new(arr))
|
||||
}
|
||||
}
|
||||
|
||||
const OPAQUE_SESSION_KEY_SIZE: usize = 64;
|
||||
|
||||
#[derive(Debug, Clone)]
|
||||
pub struct OpaqueSessionKey(Zeroizing<[u8; OPAQUE_SESSION_KEY_SIZE]>);
|
||||
|
||||
impl FromBytes<OPAQUE_SESSION_KEY_SIZE> for OpaqueSessionKey {
|
||||
fn from_array(arr: [u8; OPAQUE_SESSION_KEY_SIZE]) -> Self {
|
||||
Self(Zeroizing::new(arr))
|
||||
}
|
||||
}
|
||||
|
||||
impl OpaqueSessionKey {
|
||||
pub fn as_bytes(&self) -> &[u8] {
|
||||
self.0.as_slice()
|
||||
}
|
||||
}
|
||||
|
||||
pub struct NKodeCipherSuite;
|
||||
|
||||
impl CipherSuite for NKodeCipherSuite {
|
||||
type OprfCs = Ristretto255;
|
||||
type KeyExchange = TripleDh<Ristretto255, Sha512>;
|
||||
type Ksf = Argon2<'static>;
|
||||
}
|
||||
|
||||
pub type NKodeServerSetup = ServerSetup<NKodeCipherSuite, PrivateKey<Ristretto255>, OprfSeed<Sha512>>;
|
||||
|
||||
|
||||
pub type PasswordFile = GenericArray<u8, RegistrationUploadLen<NKodeCipherSuite>>;
|
||||
|
||||
#[derive(Debug, Clone, PartialEq, Eq)]
|
||||
pub struct OpaqueLoginSession {
|
||||
pub response: CredentialResponse<NKodeCipherSuite>,
|
||||
pub session_id: Uuid
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, PartialEq, Eq)]
|
||||
pub struct OpaqueRegisterSession {
|
||||
pub response: RegistrationResponse<NKodeCipherSuite>,
|
||||
pub session_id: Uuid
|
||||
}
|
||||
Reference in New Issue
Block a user