Deuxfleurs
/
aerogramme
15
0
Fork 1
Code Issues 33 Pull Requests 1 Projects 11 Releases 4 Wiki Activity

upgrade argon2, add aws-sdk-s3

This commit is contained in:
Quentin 2023-12-21 20:23:43 +01:00
parent e3b11ad1d8
commit 4b8b48b485
Signed by: quentin
GPG Key ID: E9602264D639FF68
3 changed files with 724 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

768
Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

8
Cargo.toml
View File

@ -7,8 +7,10 @@ license = "AGPL-3.0"
description = "Encrypted mail storage over Garage"
[dependencies]
aws-config = { version = "1.1.1", features = ["behavior-version-latest"] }
aws-sdk-s3 = "1.9.0"
anyhow = "1.0.28"
argon2 = "0.3"
argon2 = "0.5"
async-trait = "0.1"
backtrace = "0.3"
base64 = "0.21"
@ -22,11 +24,7 @@ itertools = "0.10"
lazy_static = "1.4"
ldap3 = { version = "0.10", default-features = false, features = ["tls-rustls"] }
log = "0.4"
rusoto_core = { version = "0.48.0", default_features = false, features = ["rustls"] }
rusoto_credential = "0.48.0"
rusoto_s3 = { version = "0.48.0", default_features = false, features = ["rustls"] }
hyper-rustls = { version = "0.24", features = ["http2"] }
rusoto_signature = "0.48.0"
nix = { version = "0.27", features = ["signal"] }
serde = "1.0.137"
rand = "0.8.5"

15
src/login/mod.rs
View File

@ -210,21 +210,18 @@ fn try_open_encrypted_keys(kdf_salt: &[u8], password: &str, encrypted_keys: &[u8
// ---- UTIL ----
pub fn argon2_kdf(salt: &[u8], password: &[u8], output_len: usize) -> Result<Vec<u8>> {
use argon2::{Algorithm, Argon2, ParamsBuilder, PasswordHasher, Version};
use argon2::{Algorithm, Argon2, ParamsBuilder, PasswordHasher, Version, password_hash};
let mut params = ParamsBuilder::new();
params
let params = ParamsBuilder::new()
.output_len(output_len)
.map_err(|e| anyhow!("Invalid output length: {}", e))?;
let params = params
.params()
.build()
.map_err(|e| anyhow!("Invalid argon2 params: {}", e))?;
let argon2 = Argon2::new(Algorithm::default(), Version::default(), params);
let salt = base64::engine::general_purpose::STANDARD_NO_PAD.encode(salt);
let b64_salt = base64::engine::general_purpose::STANDARD_NO_PAD.encode(salt);
let valid_salt = password_hash::Salt::from_b64(&b64_salt).map_err(|e| anyhow!("Invalid salt, error {}", e))?;
let hash = argon2
.hash_password(password, &salt)
.hash_password(password, valid_salt)
.map_err(|e| anyhow!("Unable to hash: {}", e))?;
let hash = hash.hash.ok_or(anyhow!("Missing output"))?;