Update dependencies

This commit is contained in:
Matéo Duparc 2021-08-31 13:06:45 +02:00
parent f6fe3912c6
commit 1f2e860a6f
Signed by: hardcoresushi
GPG Key ID: 007F84120107191E
5 changed files with 69 additions and 39 deletions

64
Cargo.lock generated
View File

@ -10,7 +10,7 @@ checksum = "495ee669413bfbe9e8cace80f4d3d78e6d8c8d99579f97fb93bde351b185f2d4"
dependencies = [
"cfg-if",
"cipher",
"cpufeatures",
"cpufeatures 0.1.5",
"ctr",
"opaque-debug",
]
@ -26,19 +26,20 @@ dependencies = [
[[package]]
name = "argon2"
version = "0.2.1"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d60f5f3113c903294dc81dd8cf0012963ed4dda8bc931c864e12e175356ff98b"
checksum = "d805bb12b532be9ce066df7913311f43716b41d8d780e9322113e8a6ae7c41ab"
dependencies = [
"base64ct",
"blake2",
"password-hash",
]
[[package]]
name = "assert_cmd"
version = "1.0.6"
version = "2.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "aa2dfc8228c6260bf620fc5a341afa8e27edcde388b19ffc5732320bfe657eb2"
checksum = "54f002ce7d0c5e809ebb02be78fd503aeed4a511fd0fcaff6e6914cbdabbfa33"
dependencies = [
"bstr",
"doc-comment",
@ -101,13 +102,13 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"
[[package]]
name = "chacha20"
version = "0.7.1"
version = "0.8.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fee7ad89dc1128635074c268ee661f90c3f7e83d9fd12910608c36b47d6c3412"
checksum = "01b72a433d0cf2aef113ba70f62634c56fddb0f244e6377185c56a7cadbd8f91"
dependencies = [
"cfg-if",
"cipher",
"cpufeatures",
"cpufeatures 0.2.1",
]
[[package]]
@ -143,6 +144,15 @@ dependencies = [
"libc",
]
[[package]]
name = "cpufeatures"
version = "0.2.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "95059428f66df56b63431fdb4e1947ed2190586af5c5a8a8b71122bdf5a7f469"
dependencies = [
"libc",
]
[[package]]
name = "crypto-mac"
version = "0.8.0"
@ -184,10 +194,10 @@ dependencies = [
]
[[package]]
name = "difference"
version = "2.0.0"
name = "difflib"
version = "0.4.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "524cbf6897b527295dff137cec09ecf3a05f4fddffd7dfcd1585403449e74198"
checksum = "6184e33543162437515c2e2b48714794e37845ec9851711914eec9d308f6ebe8"
[[package]]
name = "digest"
@ -208,7 +218,7 @@ dependencies = [
"blake2",
"chacha20",
"clap",
"cpufeatures",
"cpufeatures 0.2.1",
"hkdf",
"hmac",
"num_enum",
@ -224,6 +234,12 @@ version = "0.3.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fea41bba32d969b513997752735605054bc0dfa92b4c56bf1189f2e174be7a10"
[[package]]
name = "either"
version = "1.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "e78d4f1cc4ae33bbfc157ed5d5a5ef3bc29227303d595861deb238fcec4e9457"
[[package]]
name = "generic-array"
version = "0.14.4"
@ -274,6 +290,15 @@ dependencies = [
"digest",
]
[[package]]
name = "itertools"
version = "0.10.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "69ddb889f9d0d08a67338271fa9b62996bc788c7796a5c18cf057420aaed5eaf"
dependencies = [
"either",
]
[[package]]
name = "lazy_static"
version = "1.4.0"
@ -282,9 +307,9 @@ checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646"
[[package]]
name = "libc"
version = "0.2.97"
version = "0.2.101"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "12b8adadd720df158f4d70dfe7ccc6adb0472d7c55ca83445f6a5ab3e36f8fb6"
checksum = "3cb00336871be5ed2c8ed44b60ae9959dc5b9f08539422ed43f09e34ecaeba21"
[[package]]
name = "memchr"
@ -322,9 +347,9 @@ checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5"
[[package]]
name = "password-hash"
version = "0.2.1"
version = "0.3.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c1a5d4e9c205d2c1ae73b84aab6240e98218c0e72e63b50422cfb2d1ca952282"
checksum = "7ad7268ef9bc463fddde8361d358fbfae1aeeb1fb62eca111cd8c763bf1c5891"
dependencies = [
"base64ct",
"rand_core",
@ -339,11 +364,12 @@ checksum = "ac74c624d6b2d21f425f752262f42188365d7b8ff1aff74c82e45136510a4857"
[[package]]
name = "predicates"
version = "1.0.8"
version = "2.0.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f49cfaf7fdaa3bfacc6fa3e7054e65148878354a5cfddcf661df4c851f8021df"
checksum = "c143348f141cc87aab5b950021bac6145d0e5ae754b0591de23244cee42c9308"
dependencies = [
"difference",
"difflib",
"itertools",
"predicates-core",
]

View File

@ -18,16 +18,16 @@ opt-level = 3
clap = "2.33"
rand = "0.8"
num_enum = "0.5"
cpufeatures = "0.1"
cpufeatures = "0.2"
aes = { version = "0.7", features = ["ctr"] }
chacha20 = "0.7"
chacha20 = "0.8"
hmac = "0.11"
blake2 = "0.9"
hkdf = "0.11"
argon2 = "0.2"
argon2 = "0.3"
rpassword = "5.0"
zeroize = "1.3"
[dev-dependencies]
assert_cmd = "1.0"
assert_cmd = "2.0"
tempfile = "3.0"

View File

@ -1,8 +1,4 @@
use std::{
convert::TryFrom,
fmt::{self, Display, Formatter},
io::{self, Read, Write}
};
use std::{convert::{TryFrom, TryInto}, fmt::{self, Display, Formatter}, io::{self, Read, Write}};
use num_enum::TryFromPrimitive;
use chacha20::XChaCha20;
use aes::{Aes256Ctr, cipher::{NewCipher, StreamCipher}};
@ -19,13 +15,20 @@ const XCHACHA20_NONCE_LEN: usize = 24;
pub const HASH_LEN: usize = 64;
const KEY_LEN: usize = 32;
#[derive(Debug, PartialEq, Eq)]
#[derive(Debug, PartialEq, Eq, Clone, Copy)]
pub struct ArgonParams {
pub t_cost: u32,
pub m_cost: u32,
pub parallelism: u8,
}
impl TryFrom<ArgonParams> for argon2::Params {
type Error = argon2::Error;
fn try_from(params: ArgonParams) -> Result<Self, Self::Error> {
argon2::Params::new(params.m_cost, params.t_cost, params.parallelism.into(), None)
}
}
#[derive(Clone, Copy, Debug, PartialEq, Eq, TryFromPrimitive)]
#[repr(u8)]
pub enum CipherAlgorithm {
@ -59,9 +62,7 @@ pub struct EncryptionParams {
}
impl EncryptionParams {
pub fn get_params_len(&self) -> usize {
SALT_LEN + 4*2 + 2
}
pub const LEN: usize = SALT_LEN + 4*2 + 2;
pub fn new(argon2_params: ArgonParams, cipher: CipherAlgorithm) -> EncryptionParams {
let mut salt = [0; SALT_LEN];
@ -72,6 +73,7 @@ impl EncryptionParams {
cipher,
}
}
pub fn write<W: Write>(&self, writer: &mut W) -> io::Result<()> {
writer.write_all(&self.salt)?;
writer.write_all(&self.argon2.t_cost.to_be_bytes())?;
@ -80,6 +82,7 @@ impl EncryptionParams {
writer.write_all(&(self.cipher as u8).to_be_bytes())?;
Ok(())
}
pub fn read<R: Read>(reader: &mut R) -> io::Result<Option<Self>> {
let mut salt = [0; SALT_LEN];
reader.read_exact(&mut salt)?;
@ -129,11 +132,12 @@ pub struct DobyCipher {
impl DobyCipher {
pub fn new(mut password: Password, params: &EncryptionParams) -> Result<Self, argon2::Error> {
match Argon2::new(None, params.argon2.t_cost, params.argon2.m_cost, params.argon2.parallelism.into(), Version::V0x13) {
Ok(argon2) => {
match params.argon2.try_into() {
Ok(argon2_params) => {
let argon2 = Argon2::new(Algorithm::Argon2id, Version::V0x13, argon2_params);
let mut master_key = [0; KEY_LEN];
let password = password.unwrap_or_ask();
argon2.hash_password_into(Algorithm::Argon2id, password.as_bytes(), &params.salt, &[], &mut master_key).zeroize(password)?;
argon2.hash_password_into(password.as_bytes(), &params.salt, &mut master_key).zeroize(password)?;
let hkdf = Hkdf::<blake2::Blake2b>::new(Some(&params.salt), &master_key);
let mut nonce = vec![0; params.cipher.get_nonce_size()];
hkdf.expand(b"doby_nonce", &mut nonce).unwrap();
@ -143,7 +147,7 @@ impl DobyCipher {
hkdf.expand(b"doby_authentication_key", &mut authentication_key).unwrap();
master_key.zeroize();
let mut encoded_params = Vec::with_capacity(params.get_params_len());
let mut encoded_params = Vec::with_capacity(EncryptionParams::LEN);
params.write(&mut encoded_params).unwrap();
let mut hmac = Hmac::new_from_slice(&authentication_key).unwrap();
authentication_key.zeroize();
@ -214,7 +218,7 @@ mod tests {
parallelism: 1,
}, CipherAlgorithm::XChaCha20);
assert_eq!(params.get_params_len(), 74);
assert_eq!(EncryptionParams::LEN, 74);
let mut buff = Vec::with_capacity(74);
params.write(&mut buff).unwrap();

View File

@ -46,7 +46,7 @@ fn authentication() {
let decrypter = DobyCipher::new(PASSWORD.into(), &params).unwrap();
let mut decrypted = Vec::with_capacity(PLAINTEXT.len());
let verified = decrypt(&mut &ciphertext[4+params.get_params_len()..], &mut decrypted, decrypter, BLOCK_SIZE).unwrap();
let verified = decrypt(&mut &ciphertext[4+EncryptionParams::LEN..], &mut decrypted, decrypter, BLOCK_SIZE).unwrap();
assert_eq!(decrypted, PLAINTEXT);
assert_eq!(verified, true);
}

View File

@ -132,7 +132,7 @@ fn aes_cipher() -> io::Result<()> {
fn argon2_params() -> io::Result<()> {
Command::cargo_bin("doby").unwrap().arg("-i").arg("0").assert().failure().stderr("Invalid argon2 params: time cost is too small\n");
Command::cargo_bin("doby").unwrap().arg("-m").arg("0").assert().failure().stderr("Invalid argon2 params: memory cost is too small\n");
Command::cargo_bin("doby").unwrap().arg("-t").arg("0").assert().failure().stderr("Invalid argon2 params: too few lanes\n");
Command::cargo_bin("doby").unwrap().arg("-t").arg("0").assert().failure().stderr("Invalid argon2 params: not enough threads\n");
let ciphertext = doby_cmd().unwrap().arg("-i").arg("8").arg("-m").arg("2048").arg("-t").arg("8").assert().success().stderr("").get_output().stdout.clone();
assert_eq!(u32::from_be_bytes(ciphertext[4+SALT_LEN..4+SALT_LEN+4].try_into().unwrap()), 8); //time cost