use pbkdf2 for room hash roo0.2.3

author: metamuffin <metamuffin@disroot.org> 2023-10-29 16:52:30 +0100
committer: metamuffin <metamuffin@disroot.org> 2023-10-29 16:52:30 +0100
commit: e28eedd42b9d289238d87b0858a6cfa879fc772e (patch)
tree: d46cc40f63331fae926b3821b5b5ba1934708a3d /client-native-lib
parent: 695e497e86d47b14622299d5f2d47d14e0118d4f (diff)
download: keks-meet-e28eedd42b9d289238d87b0858a6cfa879fc772e.tar
keks-meet-e28eedd42b9d289238d87b0858a6cfa879fc772e.tar.bz2
keks-meet-e28eedd42b9d289238d87b0858a6cfa879fc772e.tar.zst
2 files changed, 15 insertions, 6 deletions
diff --git a/client-native-lib/Cargo.toml b/client-native-lib/Cargo.toml
index ecfa0aa..d0a0d44 100644
--- a/client-native-lib/Cargo.toml
+++ b/client-native-lib/Cargo.toml
@@ -18,7 +18,8 @@ log = "0.4"
 
 fastpbkdf2 = "0.1.0"
 aes-gcm = "0.10.3"
-sha256 = "1.4.0"
+hex = "0.4.3"
+sha2 = "0.10.8"
 rand = "0.8.5"
 rand_chacha = "0.3.1"
 base64 = "0.21.5"
diff --git a/client-native-lib/src/crypto.rs b/client-native-lib/src/crypto.rs
index b477859..ad36e02 100644
--- a/client-native-lib/src/crypto.rs
+++ b/client-native-lib/src/crypto.rs
@@ -12,16 +12,19 @@ use log::info;
 
 pub struct Key(Aes256Gcm);
 
+const CRYPTO_SALT: &'static str = "keksmeet/cryptosaltAAA==";
+const HASH_SALT: &'static str = "keksmeet/roomhashsaltA==";
+
 impl Key {
     pub fn derive(secret: &str) -> Self {
         info!("running key generation...");
         let salt = base64::engine::general_purpose::STANDARD
-            .decode("thisisagoodsaltAAAAAAA==")
+            .decode(CRYPTO_SALT)
             .unwrap();
-        let mut key = [0u8; 32];
-        fastpbkdf2::pbkdf2_hmac_sha256(secret.as_bytes(), salt.as_slice(), 250000, &mut key);
+        let mut key = [0u8; 64];
+        fastpbkdf2::pbkdf2_hmac_sha512(secret.as_bytes(), salt.as_slice(), 250000, &mut key);
 
-        let key = Aes256Gcm::new_from_slice(key.as_slice()).unwrap();
+        let key = Aes256Gcm::new_from_slice(&key[0..32]).unwrap();
 
         info!("done");
         Self(key)
@@ -43,5 +46,10 @@ impl Key {
 }
 
 pub fn hash(secret: &str) -> String {
-    sha256::digest(format!("also-a-very-good-salt{}", secret))
+    let salt = base64::engine::general_purpose::STANDARD
+        .decode(HASH_SALT)
+        .unwrap();
+    let mut key = [0u8; 64];
+    fastpbkdf2::pbkdf2_hmac_sha512(secret.as_bytes(), salt.as_slice(), 250000, &mut key);
+    hex::encode(&key[0..32])
 }
author	metamuffin <metamuffin@disroot.org>	2023-10-29 16:52:30 +0100
committer	metamuffin <metamuffin@disroot.org>	2023-10-29 16:52:30 +0100
commit	e28eedd42b9d289238d87b0858a6cfa879fc772e (patch)
tree	d46cc40f63331fae926b3821b5b5ba1934708a3d /client-native-lib
parent	695e497e86d47b14622299d5f2d47d14e0118d4f (diff)
download	keks-meet-e28eedd42b9d289238d87b0858a6cfa879fc772e.tar keks-meet-e28eedd42b9d289238d87b0858a6cfa879fc772e.tar.bz2 keks-meet-e28eedd42b9d289238d87b0858a6cfa879fc772e.tar.zst