Add Argon2id support. Rename generic agreement and signing key derivation functions.

Author: wolfmcnally

Cargo.toml

@@ -27,6 +27,7 @@ anyhow = "^1.0.0"
 hex = "^0.4.3"
 ed25519-dalek = { version = "2.1.1", features = ["rand_core"] }
 scrypt = { version = "0.11.0", default-features = false }
+argon2 = "0.5.3"
 
 [dev-dependencies]
 hex-literal = "^0.4.1"

src/argon.rs

@@ -0,0 +1,35 @@
+use argon2::Argon2;
+
+pub fn argon2id(pass: impl AsRef<[u8]>, salt: impl AsRef<[u8]>, output_len: usize) -> Vec<u8> {
+    let mut output = vec![0u8; output_len];
+    Argon2::default()
+        .hash_password_into(pass.as_ref(), salt.as_ref(), &mut output)
+        .expect("argon2 failed");
+    output
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_argon2id_basic() {
+        let pass = b"password";
+        let salt = b"example salt";
+        let output = argon2id(pass, salt, 32);
+        assert_eq!(output.len(), 32);
+        // Argon2 should be deterministic for same input
+        let output2 = argon2id(pass, salt, 32);
+        assert_eq!(output, output2);
+    }
+
+    #[test]
+    fn test_argon2id_different_salt() {
+        let pass = b"password";
+        let salt1 = b"example salt";
+        let salt2 = b"example salt2";
+        let out1 = argon2id(pass, salt1, 32);
+        let out2 = argon2id(pass, salt2, 32);
+        assert_ne!(out1, out2);
+    }
+}

src/lib.rs

@@ -60,8 +60,8 @@ mod public_key_encryption;
 pub use public_key_encryption::{
     x25519_new_private_key_using,
     x25519_public_key_from_private_key,
-    x25519_derive_private_key,
-    x25519_derive_signing_private_key,
+    derive_agreement_private_key,
+    derive_signing_private_key,
     x25519_shared_key,
     X25519_PRIVATE_KEY_SIZE,
     X25519_PUBLIC_KEY_SIZE,
@@ -109,6 +109,9 @@ pub use ed25519_signing::{
 mod scrypt;
 pub use scrypt::{ scrypt, scrypt_opt };
 
+mod argon;
+pub use argon::argon2id;
+
 #[cfg(test)]
 mod tests {
     #[test]

src/public_key_encryption.rs

@@ -1,34 +1,55 @@
-use crate::{hash::hkdf_hmac_sha256, SYMMETRIC_KEY_SIZE};
+use crate::{ hash::hkdf_hmac_sha256, SYMMETRIC_KEY_SIZE };
 use bc_rand::RandomNumberGenerator;
-use x25519_dalek::{PublicKey, StaticSecret};
+use x25519_dalek::{ PublicKey, StaticSecret };
 
+pub const GENERIC_PRIVATE_KEY_SIZE: usize = 32;
+pub const GENERIC_PUBLIC_KEY_SIZE: usize = 32;
 pub const X25519_PRIVATE_KEY_SIZE: usize = 32;
 pub const X25519_PUBLIC_KEY_SIZE: usize = 32;
 
+/// Derive a 32-byte agreement private key from the given key material.
+///
+/// May be used for key agreement or key encapsulation.
+///
+/// Enforces domain separation from signing keys by using the "agreement" salt.
+pub fn derive_agreement_private_key(
+    key_material: impl AsRef<[u8]>
+) -> [u8; GENERIC_PRIVATE_KEY_SIZE] {
+    hkdf_hmac_sha256(key_material, "agreement".as_bytes(), GENERIC_PRIVATE_KEY_SIZE)
+        .try_into()
+        .unwrap()
+}
+
+/// Derive a 32-byte signing private key from the given key material.
+///
+/// Enforces domain separation from agreement keys by using the "signing" salt.
+pub fn derive_signing_private_key(key_material: impl AsRef<[u8]>) -> [u8; GENERIC_PUBLIC_KEY_SIZE] {
+    hkdf_hmac_sha256(key_material, "signing".as_bytes(), GENERIC_PUBLIC_KEY_SIZE)
+        .try_into()
+        .unwrap()
+}
+
 /// Create a new X25519 private key using the given random number generator.
-pub fn x25519_new_private_key_using(rng: &mut impl RandomNumberGenerator) -> [u8; X25519_PRIVATE_KEY_SIZE] {
+pub fn x25519_new_private_key_using(
+    rng: &mut impl RandomNumberGenerator
+) -> [u8; X25519_PRIVATE_KEY_SIZE] {
     rng.random_data(X25519_PRIVATE_KEY_SIZE).try_into().unwrap()
 }
 
 /// Derive a X25519 public key from a private key.
-pub fn x25519_public_key_from_private_key(x25519_private_key: &[u8; X25519_PRIVATE_KEY_SIZE]) -> [u8; X25519_PUBLIC_KEY_SIZE] {
+pub fn x25519_public_key_from_private_key(
+    x25519_private_key: &[u8; X25519_PRIVATE_KEY_SIZE]
+) -> [u8; X25519_PUBLIC_KEY_SIZE] {
     let sk = StaticSecret::from(*x25519_private_key);
     let pk = PublicKey::from(&sk);
     pk.as_bytes().to_owned()
 }
 
-/// Derive an X25519 private key from the given key material.
-pub fn x25519_derive_private_key(key_material: impl AsRef<[u8]>) -> [u8; X25519_PRIVATE_KEY_SIZE] {
-    hkdf_hmac_sha256(key_material, "agreement".as_bytes(), X25519_PRIVATE_KEY_SIZE).try_into().unwrap()
-}
-
-/// Derive an X25519 signing private key from the given key material.
-pub fn x25519_derive_signing_private_key(key_material: impl AsRef<[u8]>) -> [u8; X25519_PRIVATE_KEY_SIZE] {
-    hkdf_hmac_sha256(key_material, "signing".as_bytes(), X25519_PRIVATE_KEY_SIZE).try_into().unwrap()
-}
-
 /// Compute the shared symmetric key from the given X25519 private and public keys.
-pub fn x25519_shared_key(x25519_private_key: &[u8; X25519_PRIVATE_KEY_SIZE], x25519_public_key: &[u8; X25519_PUBLIC_KEY_SIZE]) -> [u8; SYMMETRIC_KEY_SIZE] {
+pub fn x25519_shared_key(
+    x25519_private_key: &[u8; X25519_PRIVATE_KEY_SIZE],
+    x25519_public_key: &[u8; X25519_PUBLIC_KEY_SIZE]
+) -> [u8; SYMMETRIC_KEY_SIZE] {
     let sk = StaticSecret::from(*x25519_private_key);
     let pk = PublicKey::from(*x25519_public_key);
     let shared_secret = sk.diffie_hellman(&pk);
@@ -40,21 +61,39 @@ mod tests {
     use bc_rand::make_fake_random_number_generator;
     use hex_literal::hex;
 
-    use crate::{x25519_new_private_key_using, x25519_public_key_from_private_key, x25519_derive_private_key, x25519_derive_signing_private_key, x25519_shared_key};
+    use crate::{
+        derive_agreement_private_key,
+        derive_signing_private_key,
+        x25519_new_private_key_using,
+        x25519_public_key_from_private_key,
+        x25519_shared_key,
+    };
 
     #[test]
     fn test_x25519_keys() {
         let mut rng = make_fake_random_number_generator();
         let private_key = x25519_new_private_key_using(&mut rng);
-        assert_eq!(private_key, hex!("7eb559bbbf6cce2632cf9f194aeb50943de7e1cbad54dcfab27a42759f5e2fed"));
+        assert_eq!(
+            private_key,
+            hex!("7eb559bbbf6cce2632cf9f194aeb50943de7e1cbad54dcfab27a42759f5e2fed")
+        );
         let public_key = x25519_public_key_from_private_key(&private_key);
-        assert_eq!(public_key, hex!("f1bd7a7e118ea461eba95126a3efef543ebb78439d1574bedcbe7d89174cf025"));
+        assert_eq!(
+            public_key,
+            hex!("f1bd7a7e118ea461eba95126a3efef543ebb78439d1574bedcbe7d89174cf025")
+        );
 
-        let derived_x25519_private_key = x25519_derive_private_key(b"password");
-        assert_eq!(derived_x25519_private_key, hex!("7b19769132648ff43ae60cbaa696d5be3f6d53e6645db72e2d37516f0729619f"));
+        let derived_x25519_private_key = derive_agreement_private_key(b"password");
+        assert_eq!(
+            derived_x25519_private_key,
+            hex!("7b19769132648ff43ae60cbaa696d5be3f6d53e6645db72e2d37516f0729619f")
+        );
 
-        let derived_signing_private_key = x25519_derive_signing_private_key(b"password");
-        assert_eq!(derived_signing_private_key, hex!("05cc550daa75058e613e606d9898fedf029e395911c43273a208b7e0e88e271b"));
+        let derived_signing_private_key = derive_signing_private_key(b"password");
+        assert_eq!(
+            derived_signing_private_key,
+            hex!("05cc550daa75058e613e606d9898fedf029e395911c43273a208b7e0e88e271b")
+        );
     }
 
     #[test]
@@ -67,6 +106,9 @@ mod tests {
         let alice_shared_key = x25519_shared_key(&alice_private_key, &bob_public_key);
         let bob_shared_key = x25519_shared_key(&bob_private_key, &alice_public_key);
         assert_eq!(alice_shared_key, bob_shared_key);
-        assert_eq!(alice_shared_key, hex!("1e9040d1ff45df4bfca7ef2b4dd2b11101b40d91bf5bf83f8c83d53f0fbb6c23"));
+        assert_eq!(
+            alice_shared_key,
+            hex!("1e9040d1ff45df4bfca7ef2b4dd2b11101b40d91bf5bf83f8c83d53f0fbb6c23")
+        );
     }
 }