From 2076604cb44ba9c103eb0208efa7449cfb34bb73 Mon Sep 17 00:00:00 2001
From: drey7925 <drey@dreyclimbs.rocks>
Date: Thu, 24 Oct 2024 21:09:46 -0400
Subject: [PATCH] Bring opaque_ke back to 2.x, with argon2's parameters fixed
 to the 0.4.1 defaults

Some background:
* opaque_ke 2.x depends on voprf 0.4, which broke with a recent version of Rust due to a lifetime annotation issue.
* opaque_ke 3.x is not compatible with existing auth data from 2.x since it uses voprf 0.5
* The lifetime fix was backported from voprf 0.5 to voprf 0.4, but it also picked up a bunch of unrelated version bumps including argon2
* argon2's default parameters changed from 0.4.1 to 0.5.3

I plan to stick to opaque_ke 2.x throughout the 0.0.x series of Perovskite, and then upgrade at the next major release (probably 0.1)
---
 Cargo.lock                   | 45 ++++++++++--------------------------
 perovskite_client/Cargo.toml |  2 +-
 perovskite_core/Cargo.toml   |  3 ++-
 perovskite_core/src/auth.rs  | 31 ++++++++++++++++++++++++-
 perovskite_server/Cargo.toml |  4 ++--
 5 files changed, 47 insertions(+), 38 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index c593804..6aada4c 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -241,17 +241,6 @@ dependencies = [
  "syn 2.0.77",
 ]
 
-[[package]]
-name = "argon2"
-version = "0.4.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "db4ce4441f99dbd377ca8a8f57b698c44d0d6e712d8329b5040da5a64aa1ce73"
-dependencies = [
- "base64ct",
- "blake2",
- "password-hash 0.4.2",
-]
-
 [[package]]
 name = "argon2"
 version = "0.5.3"
@@ -261,7 +250,7 @@ dependencies = [
  "base64ct",
  "blake2",
  "cpufeatures",
- "password-hash 0.5.0",
+ "password-hash",
 ]
 
 [[package]]
@@ -3201,11 +3190,11 @@ checksum = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575"
 
 [[package]]
 name = "opaque-ke"
-version = "3.0.0-pre.5"
+version = "2.1.0-pre.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c31c28868a403f966e08c9e6f84c5068cf116df38f3b8690b15ae64a9108a582"
+checksum = "3752668208a325d8c887827fc3e7ee8f5b4030cc036fb63ddeb02c21921b700c"
 dependencies = [
- "argon2 0.5.3",
+ "argon2",
  "curve25519-dalek",
  "derive-where",
  "digest",
@@ -3289,17 +3278,6 @@ dependencies = [
  "windows-targets 0.48.5",
 ]
 
-[[package]]
-name = "password-hash"
-version = "0.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7676374caaee8a325c9e7a2ae557f216c5563a171d6997b0ef8a65af35147700"
-dependencies = [
- "base64ct",
- "rand_core",
- "subtle",
-]
-
 [[package]]
 name = "password-hash"
 version = "0.5.0"
@@ -3329,7 +3307,7 @@ version = "0.0.4"
 dependencies = [
  "anyhow",
  "arc-swap",
- "argon2 0.5.3",
+ "argon2",
  "bitvec",
  "cbloom",
  "cgmath",
@@ -3388,10 +3366,11 @@ name = "perovskite_core"
 version = "0.0.4"
 dependencies = [
  "anyhow",
- "argon2 0.5.3",
+ "argon2",
  "bitvec",
  "bytemuck",
  "cgmath",
+ "generic-array",
  "opaque-ke",
  "parking_lot",
  "prost 0.13.1",
@@ -3451,7 +3430,7 @@ name = "perovskite_server"
 version = "0.0.4"
 dependencies = [
  "anyhow",
- "argon2 0.4.1",
+ "argon2",
  "arrayvec",
  "bitvec",
  "bytemuck",
@@ -4739,9 +4718,9 @@ checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623"
 
 [[package]]
 name = "subtle"
-version = "2.5.0"
+version = "2.6.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc"
+checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"
 
 [[package]]
 name = "syn"
@@ -5637,9 +5616,9 @@ dependencies = [
 
 [[package]]
 name = "voprf"
-version = "0.5.0"
+version = "0.4.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "28f59c30c76e2fea54cdece6a054e2662feffa7ab19658a7887524265ee39470"
+checksum = "3e389827f1bd1fe2b69c03ee133aed75c49f03f2d021c40b88c2ff6ce5517846"
 dependencies = [
  "curve25519-dalek",
  "derive-where",
diff --git a/perovskite_client/Cargo.toml b/perovskite_client/Cargo.toml
index 3ed9511..d425fb2 100644
--- a/perovskite_client/Cargo.toml
+++ b/perovskite_client/Cargo.toml
@@ -24,7 +24,7 @@ image = "0.25.1"
 line_drawing = "1.0.0"
 log = "0.4.17"
 microbench = "0.5.0"
-opaque-ke = { version = "3.0.0-pre.5", features = ["argon2"] }
+opaque-ke = { version = "2.1.0-pre.1", features = ["argon2"] }
 parking_lot = "0.12.1"
 rand = "0.8.5"
 rustc-hash = "2.0.0"
diff --git a/perovskite_core/Cargo.toml b/perovskite_core/Cargo.toml
index 12f9ce7..63e792c 100644
--- a/perovskite_core/Cargo.toml
+++ b/perovskite_core/Cargo.toml
@@ -14,7 +14,8 @@ argon2 = "0.5.3"
 bitvec = "1.0.1"
 bytemuck = { version = "1.16.1", features = ["derive"] }
 cgmath = "0.18.0"
-opaque-ke = { version = "3.0.0-pre.5", features = ["argon2"] }
+generic-array = "0.14.7"
+opaque-ke = { version = "2.1.0-pre.1", features = ["argon2"] }
 parking_lot = "0.12.1"
 prost = "0.13.1"
 prost-types = "0.13.1"
diff --git a/perovskite_core/src/auth.rs b/perovskite_core/src/auth.rs
index 573a356..3b04f69 100644
--- a/perovskite_core/src/auth.rs
+++ b/perovskite_core/src/auth.rs
@@ -1,8 +1,37 @@
+use generic_array::{ArrayLength, GenericArray};
+use opaque_ke::errors::InternalError;
+use opaque_ke::ksf::Ksf;
 use opaque_ke::CipherSuite;
+
 pub struct PerovskiteOpaqueAuth;
 impl CipherSuite for PerovskiteOpaqueAuth {
     type OprfCs = opaque_ke::Ristretto255;
     type KeGroup = opaque_ke::Ristretto255;
     type KeyExchange = opaque_ke::key_exchange::tripledh::TripleDh;
-    type Ksf = argon2::Argon2<'static>;
+    type Ksf = Argon2_4096_3_1;
+}
+
+#[doc(hidden)]
+pub struct Argon2_4096_3_1 {
+    inner: argon2::Argon2<'static>,
+}
+impl Default for Argon2_4096_3_1 {
+    fn default() -> Self {
+        Self {
+            inner: argon2::Argon2::new(
+                argon2::Algorithm::default(),
+                argon2::Version::default(),
+                argon2::Params::new(4096, 3, 1, None).unwrap(),
+            ),
+        }
+    }
+}
+
+impl opaque_ke::ksf::Ksf for Argon2_4096_3_1 {
+    fn hash<L: ArrayLength<u8>>(
+        &self,
+        input: GenericArray<u8, L>,
+    ) -> Result<GenericArray<u8, L>, InternalError> {
+        dbg!(self.inner.hash(input))
+    }
 }
diff --git a/perovskite_server/Cargo.toml b/perovskite_server/Cargo.toml
index 0760c3d..dd45168 100644
--- a/perovskite_server/Cargo.toml
+++ b/perovskite_server/Cargo.toml
@@ -11,7 +11,7 @@ maintenance = { status = "experimental" }
 
 [dependencies]
 anyhow = "1.0.70"
-argon2 = "0.4.1"
+argon2 = "0.5.3"
 bitvec = "1.0.1"
 cbloom = "0.1.3"
 cgmath = "0.18.0"
@@ -25,7 +25,7 @@ itertools = "0.13.0"
 lazy_static = "1.4.0"
 log = "0.4.17"
 microbench = "0.5.0"
-opaque-ke = { version = "3.0.0-pre.5", features = ["argon2"] }
+opaque-ke = { version = "2.1.0-pre.1", features = ["argon2"] }
 parking_lot = { version = "0.12.1" }
 prost = "0.13.1"
 rand = "0.8.5"