190 lines
5.6 KiB
Rust
190 lines
5.6 KiB
Rust
use opaque_ke::{CredentialFinalization, CredentialRequest, RegistrationRequest, RegistrationResponse, Ristretto255, TripleDh, ServerLogin, ServerLoginParameters, ServerLoginStartResult, ServerRegistration, ServerSetup, ClientRegistrationStartResult, ClientLogin, ClientLoginFinishParameters, ClientLoginFinishResult, ClientLoginStartResult, ClientRegistration, ClientRegistrationFinishParameters, CredentialResponse, RegistrationUploadLen, ServerLoginFinishResult};
|
|
use opaque_ke::errors::ProtocolError;
|
|
use opaque_ke::keypair::{OprfSeed, PrivateKey};
|
|
use sha2::Sha512;
|
|
use opaque_ke::CipherSuite;
|
|
use opaque_ke::argon2::Argon2;
|
|
use opaque_ke::generic_array::GenericArray;
|
|
use uuid::Uuid;
|
|
use opaque_ke::rand::rngs::OsRng;
|
|
use std::marker::PhantomData;
|
|
|
|
pub const NONCE_SIZE: usize = 12;
|
|
pub const SECRET_KEY_SIZE: usize = 16;
|
|
pub const SESSION_KEY_SIZE: usize = 32;
|
|
|
|
pub struct NKodeCipherSuite;
|
|
|
|
impl CipherSuite for NKodeCipherSuite {
|
|
type OprfCs = Ristretto255;
|
|
type KeyExchange = TripleDh<Ristretto255, Sha512>;
|
|
type Ksf = Argon2<'static>;
|
|
}
|
|
|
|
pub type NKodeServerSetup = ServerSetup<NKodeCipherSuite, PrivateKey<Ristretto255>, OprfSeed<Sha512>>;
|
|
|
|
pub struct RegisterSession {
|
|
response: RegistrationResponse<NKodeCipherSuite>,
|
|
session_id: Uuid
|
|
}
|
|
|
|
type PasswordFile = GenericArray<u8, RegistrationUploadLen<NKodeCipherSuite>>;
|
|
|
|
|
|
pub async fn register_secret_key<R,S>(
|
|
email: &String,
|
|
key: &[u8; SECRET_KEY_SIZE],
|
|
server: &mut NKodeServer<KeyRegister, R, S>
|
|
) -> Result<(),String>
|
|
where
|
|
R: Repo,
|
|
S: Sessions
|
|
{
|
|
let mut client_rng = OsRng;
|
|
let client_reg_start = ClientRegistration::<NKodeCipherSuite>::start(&mut client_rng, key).expect("error starting registration");
|
|
let server_response = server.start(email, &client_reg_start.message).await.expect("error getting server response");
|
|
let client_finish = client_reg_start.state.finish(&mut client_rng, key, server_response.response, ClientRegistrationFinishParameters::default()).expect("");
|
|
server.finish(&server_response.session_id, &client_finish.message.serialize()).await.expect("server to finish secret reg without error");
|
|
Ok(())
|
|
}
|
|
|
|
pub struct LoginSession {
|
|
response: CredentialResponse<NKodeCipherSuite>,
|
|
session_id: Uuid
|
|
}
|
|
|
|
|
|
pub async fn login_secret_key<R, S>(email: &String, key: &[u8; SECRET_KEY_SIZE], server: &mut NKodeServer<KeyLoginI, R, S>) -> Result<Vec<u8>, String>
|
|
where
|
|
R: Repo,
|
|
S: Sessions
|
|
{
|
|
let mut client_rng = OsRng;
|
|
let client_start = ClientLogin::<NKodeCipherSuite>::start(&mut client_rng, key).expect("client secret key login to start result");
|
|
let server_response = server.start(email, client_start.message).await.expect("server secret key login start response");
|
|
let client_finish = client_start.state.finish(&mut client_rng, key,server_response.response,ClientLoginFinishParameters::default()).expect("");
|
|
server.finish(&server_response.session_id, client_finish.message).await.expect("server secret key login to finish");
|
|
Ok(client_finish.session_key.to_vec())
|
|
}
|
|
pub trait Repo {}
|
|
pub trait Sessions {}
|
|
|
|
pub struct NKodeServer<State, R: Repo, S: Sessions> {
|
|
server_setup: NKodeServerSetup,
|
|
repo: R,
|
|
session: S,
|
|
_state: PhantomData<State>
|
|
}
|
|
|
|
pub type KeyRegisterSession = RegisterSession;
|
|
pub struct KeyRegister;
|
|
pub struct KeyLoginI;
|
|
pub struct CodeRegister;
|
|
|
|
impl<R, S> NKodeServer<KeyRegister, R, S>
|
|
where
|
|
R: Repo,
|
|
S: Sessions
|
|
{
|
|
pub fn new(server_setup: NKodeServerSetup, repo: R, sessions: S) -> Self {
|
|
todo!()
|
|
}
|
|
|
|
pub async fn start(
|
|
&mut self,
|
|
email: &String,
|
|
message: &RegistrationRequest<NKodeCipherSuite>
|
|
) -> Result<KeyRegisterSession, ProtocolError> {
|
|
todo!()
|
|
}
|
|
|
|
pub async fn finish(
|
|
&mut self,
|
|
session_id: &Uuid,
|
|
password_file: &PasswordFile
|
|
) -> Result<NKodeServer<KeyLoginI, R, S>, ProtocolError> {
|
|
todo!()
|
|
}
|
|
}
|
|
|
|
pub type KeyLoginPhaseISession = LoginSession;
|
|
|
|
impl<R,S> NKodeServer<KeyLoginI, R, S>
|
|
where
|
|
R: Repo,
|
|
S: Sessions
|
|
{
|
|
pub async fn start(
|
|
&mut self,
|
|
email: &String,
|
|
request_bytes:CredentialRequest<NKodeCipherSuite>
|
|
) -> Result<KeyLoginPhaseISession, ProtocolError> {
|
|
todo!()
|
|
}
|
|
|
|
pub async fn finish(
|
|
&mut self,
|
|
session_id: &Uuid,
|
|
message: CredentialFinalization<NKodeCipherSuite>
|
|
) -> Result<NKodeServer<CodeRegister, R, S>, ProtocolError> {
|
|
todo!()
|
|
}
|
|
}
|
|
|
|
pub type CodeRegisterSession = RegisterSession;
|
|
pub struct CodeLogin;
|
|
|
|
impl<R, S> NKodeServer<CodeRegister, R, S>
|
|
where
|
|
R: Repo,
|
|
S: Sessions
|
|
{
|
|
pub fn new(server_setup: NKodeServerSetup) -> Self {
|
|
todo!()
|
|
}
|
|
|
|
pub async fn start(
|
|
&mut self,
|
|
email: &String,
|
|
message: &RegistrationRequest<NKodeCipherSuite>
|
|
) -> Result<CodeRegisterSession, ProtocolError> {
|
|
todo!()
|
|
}
|
|
|
|
pub async fn finish(
|
|
&mut self,
|
|
session_id: &Uuid,
|
|
password_file: &PasswordFile) -> Result<NKodeServer<CodeLogin, R, S>, ProtocolError> {
|
|
todo!()
|
|
}
|
|
}
|
|
|
|
pub type CodeLoginSession = LoginSession;
|
|
|
|
impl <R, S> NKodeServer<CodeLogin, R, S>
|
|
where
|
|
R: Repo,
|
|
S: Sessions
|
|
{
|
|
pub async fn start(
|
|
&mut self,
|
|
email: &String,
|
|
request_bytes:CredentialRequest<NKodeCipherSuite>
|
|
) -> Result<CodeLoginSession, ProtocolError> {
|
|
todo!()
|
|
}
|
|
|
|
pub async fn finish(
|
|
&mut self,
|
|
session_id: &Uuid,
|
|
message:CredentialFinalization<NKodeCipherSuite>
|
|
) -> Result<LoggedIn, ProtocolError> {
|
|
todo!()
|
|
}
|
|
}
|
|
|
|
pub struct LoggedIn {
|
|
session_key: Vec<u8>,
|
|
session_id: Uuid,
|
|
}
|