Add accessible argon2 kdf

2 years ago · 1bb97f00b5
parent c4d2c8c693
commit 1bb97f00b5
4 changed files with 76 additions and 1 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -102,6 +102,17 @@ version = "1.0.68"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "2cb2f989d18dd141ab8ae82f64d1a8cdd37e0840f73a406896cf5e99502fab61"
 [[package]]
 name = "argon2"
 version = "0.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "95c2fcf79ad1932ac6269a738109997a83c227c09b75842ae564dc8ede6a861c"
 dependencies = [
 "base64ct",
 "blake2",
 "password-hash",
 ]
 [[package]]
 name = "arrayref"
 version = "0.3.6"
@ -2850,6 +2861,17 @@ dependencies = [
 "windows-sys 0.42.0",
 ]
 [[package]]
 name = "password-hash"
 version = "0.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "346f04948ba92c43e8469c1ee6736c7563d71012b17d40745260fe106aac2166"
 dependencies = [
 "base64ct",
 "rand_core 0.6.4",
 "subtle",
 ]
 [[package]]
 name = "paste"
 version = "1.0.11"
@ -4458,11 +4480,14 @@ dependencies = [
 name = "tauri-plugin-stronghold"
 version = "0.0.0"
 dependencies = [
 "argon2",
 "hex",
 "iota-crypto 0.21.0",
 "iota_stronghold",
 "log",
 "rand 0.8.5",
 "rand_chacha 0.3.1",
 "rand_core 0.6.4",
 "rusty-fork",
 "serde",
 "serde_json",
--- a/plugins/stronghold/Cargo.toml
+++ b/plugins/stronghold/Cargo.toml
@ -20,6 +20,15 @@ iota-crypto = "0.21"
 hex = "0.4"
 zeroize = { version = "1", features = ["zeroize_derive"] }
 # kdf dependincies
 argon2 = { version = "0.5.0", optional = true }
 rand_chacha = { version = "0.3.1", optional = true }
 rand_core = { version = "0.6.4", features = ["getrandom"], optional = true }
 [dev-dependencies]
 rand = "0.8"
-rusty-fork = "0.3"
+rusty-fork = "0.3"
 [features]
 default = ["kdf"]
 kdf = ["dep:argon2", "dep:rand_chacha", "dep:rand_core"]
--- a/plugins/stronghold/src/kdf.rs
+++ b/plugins/stronghold/src/kdf.rs
@ -0,0 +1,38 @@
 use argon2::Argon2;
 use rand_chacha::ChaCha20Rng;
 use rand_core::{RngCore, SeedableRng};
 use std::path::PathBuf;
 /// NOTE: Hash supplied to Stronghold must be 32bits long.
 /// This is a current limitation of Stronghold.
 const HASH_LENGTH: usize = 32;
 pub struct KeyDerivation {}
 impl KeyDerivation {
    pub fn argon2(password: &str, salt_path: &PathBuf) -> Vec<u8> {
        let mut salt = [0u8; HASH_LENGTH];
        create_or_get_salt(&mut salt, salt_path);
        let mut encoded = [0u8; HASH_LENGTH];
        Argon2::default()
            .hash_password_into(password.as_bytes(), &salt, &mut encoded)
            .expect("Failed to generate hash for password");
        encoded.to_vec()
    }
 }
 // NOTE: this is not ideal as we produce a single salt per application
 // rather than having different salt for each Stronghold snapshot
 fn create_or_get_salt(salt: &mut [u8], salt_path: &PathBuf) {
    if salt_path.is_file() {
        // Get existing salt
        let tmp = std::fs::read(&salt_path).unwrap();
        salt.clone_from_slice(&tmp);
    } else {
        // Generate new salt
        let mut gen = ChaCha20Rng::from_entropy();
        gen.fill_bytes(salt);
        std::fs::write(salt_path, salt).expect("Failed to write salt for Stronghold")
    }
 }
--- a/plugins/stronghold/src/lib.rs
+++ b/plugins/stronghold/src/lib.rs
@ -22,6 +22,9 @@ use tauri::{
 };
 use zeroize::Zeroize;
 #[cfg(feature = "kdf")]
 pub mod kdf;
 pub mod stronghold;
 type PasswordHashFn = dyn Fn(&str) -> Vec<u8> + Send + Sync;