From 3acc50415d966ef821033c20f81d17937bcd32ca Mon Sep 17 00:00:00 2001 From: drey7925 Date: Fri, 20 Sep 2024 23:49:22 -0400 Subject: [PATCH] Bump opaque_ke This is a breaking protocol change, and may also require servers to reset all user passwords. See https://github.com/facebook/opaque-ke/issues/359#issuecomment-2364980798 for context --- Cargo.lock | 138 ++++++++++++++++++--------- perovskite_client/Cargo.toml | 4 +- perovskite_core/Cargo.toml | 4 +- perovskite_core/proto/game_rpc.proto | 4 + perovskite_server/Cargo.toml | 2 +- 5 files changed, 100 insertions(+), 52 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index e5cb093..c39e9c3 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -248,7 +248,19 @@ checksum = "db4ce4441f99dbd377ca8a8f57b698c44d0d6e712d8329b5040da5a64aa1ce73" dependencies = [ "base64ct", "blake2", - "password-hash", + "password-hash 0.4.2", +] + +[[package]] +name = "argon2" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3c3610892ee6e0cbce8ae2700349fcf8f98adb0dbfbee85aec3c9179d29cc072" +dependencies = [ + "base64ct", + "blake2", + "cpufeatures", + "password-hash 0.5.0", ] [[package]] @@ -463,9 +475,9 @@ dependencies = [ [[package]] name = "base16ct" -version = "0.1.1" +version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "349a06037c7bf932dd7e7d1f653678b2038b9ad46a74102f1fc7bd7872678cce" +checksum = "4c7f02d4ea65f2c1853089ffd8d2787bdbc63de2f0d29dedbcf8ccdfa0ccd4cf" [[package]] name = "base64" @@ -556,7 +568,7 @@ version = "0.10.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "46502ad458c9a52b69d4d4d32775c788b7a1b85e8bc9d482d92250fc0e3f8efe" dependencies = [ - "digest 0.10.7", + "digest", ] [[package]] @@ -1188,9 +1200,9 @@ checksum = "7a81dae078cea95a014a339291cec439d2f232ebe854a9d672b796c6afafa9b7" [[package]] name = "crypto-bigint" -version = "0.4.9" +version = "0.5.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ef2b4b23cddf68b89b8f8069890e8c270d54e2d5fe1b143820234805e4cb17ef" +checksum = "0dc92fb57ca44df6db8059111ab3af99a63d5d0f8375d9972e319a379c6bab76" dependencies = [ "generic-array", "rand_core", @@ -1220,17 +1232,31 @@ dependencies = [ [[package]] name = "curve25519-dalek" -version = "4.0.0-pre.1" +version = "4.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4033478fbf70d6acf2655ac70da91ee65852d69daf7a67bf7a2f518fb47aafcf" +checksum = "97fb8b7c4503de7d6ae7b42ab72a5a59857b4c937ec27a3d4539dba95b5ab2be" dependencies = [ - "byteorder", - "digest 0.9.0", + "cfg-if", + "cpufeatures", + "curve25519-dalek-derive", + "fiat-crypto", "rand_core", + "rustc_version", "subtle", "zeroize", ] +[[package]] +name = "curve25519-dalek-derive" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3" +dependencies = [ + "proc-macro2", + "quote", + "syn 2.0.77", +] + [[package]] name = "dashmap" version = "5.5.3" @@ -1259,11 +1285,12 @@ checksum = "7e962a19be5cfc3f3bf6dd8f61eb50107f356ad6270fbb3ed41476571db78be5" [[package]] name = "der" -version = "0.6.1" +version = "0.7.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f1a467a65c5e759bce6e65eaf91cc29f466cdc57cb65777bd646872a8a1fd4de" +checksum = "f55bf8e7b65898637379c1b74eb1551107c8294ed26d855ceb9fd1a09cfc9bc0" dependencies = [ "const-oid", + "zeroize", ] [[package]] @@ -1278,13 +1305,13 @@ dependencies = [ [[package]] name = "derive-where" -version = "1.0.0-rc.3" +version = "1.2.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d322f2907b2abad3117790c1a54d8f2d64574ba0fbea54cb6c6e66a0e50d99a4" +checksum = "62d671cc41a825ebabc75757b62d3d168c577f9149b2d49ece1dad1f72119d25" dependencies = [ "proc-macro2", "quote", - "syn 1.0.109", + "syn 2.0.77", ] [[package]] @@ -1303,15 +1330,6 @@ dependencies = [ "thousands", ] -[[package]] -name = "digest" -version = "0.9.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d3dd60d1080a57a05ab032377049e0591415d2b31afd7028356dbf3cc6dcb066" -dependencies = [ - "generic-array", -] - [[package]] name = "digest" version = "0.10.7" @@ -1436,14 +1454,13 @@ checksum = "a26ae43d7bcc3b814de94796a5e736d4029efb0ee900c12e2d54c993ad1a1e07" [[package]] name = "elliptic-curve" -version = "0.12.3" +version = "0.13.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e7bb888ab5300a19b8e5bceef25ac745ad065f3c9f7efc6de1b91958110891d3" +checksum = "b5e6043086bf7973472e0c7dff2142ea0b680d30e18d9cc40f267efbf222bd47" dependencies = [ "base16ct", "crypto-bigint", - "der", - "digest 0.10.7", + "digest", "ff", "generic-array", "group", @@ -1578,14 +1595,20 @@ dependencies = [ [[package]] name = "ff" -version = "0.12.1" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d013fc25338cc558c5c2cfbad646908fb23591e2404481826742b651c9af7160" +checksum = "ded41244b729663b1e574f1b4fb731469f69f79c17667b5d776b16cda0479449" dependencies = [ "rand_core", "subtle", ] +[[package]] +name = "fiat-crypto" +version = "0.2.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "28dea519a9695b9977216879a3ebfddf92f1c08c05d984f8996aecd6ecdc811d" + [[package]] name = "fixedbitset" version = "0.4.2" @@ -1801,6 +1824,7 @@ dependencies = [ "serde", "typenum", "version_check", + "zeroize", ] [[package]] @@ -1860,9 +1884,9 @@ checksum = "d2fabcfbdc87f4758337ca535fb41a6d701b65693ce38287d856d1674551ec9b" [[package]] name = "group" -version = "0.12.1" +version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5dfbfb3a6cfbd390d5c9564ab283a0349b9b9fcd46a706c1eb10e0db70bfbac7" +checksum = "f0f9ef7462f7c099f518d754361858f86d8a07af53ba9af0fe635bbccb151a63" dependencies = [ "ff", "rand_core", @@ -1995,7 +2019,7 @@ version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" dependencies = [ - "digest 0.10.7", + "digest", ] [[package]] @@ -3156,14 +3180,14 @@ checksum = "0ab1bc2a289d34bd04a330323ac98a1b4bc82c9d9fcb1e66b63caa84da26b575" [[package]] name = "opaque-ke" -version = "2.0.0" +version = "3.0.0-pre.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "76d410412d23781909d90c3900c5783e830586765f2277bccc78167da8af81a5" +checksum = "c31c28868a403f966e08c9e6f84c5068cf116df38f3b8690b15ae64a9108a582" dependencies = [ - "argon2", + "argon2 0.5.3", "curve25519-dalek", "derive-where", - "digest 0.10.7", + "digest", "displaydoc", "elliptic-curve", "generic-array", @@ -3255,6 +3279,17 @@ dependencies = [ "subtle", ] +[[package]] +name = "password-hash" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "346f04948ba92c43e8469c1ee6736c7563d71012b17d40745260fe106aac2166" +dependencies = [ + "base64ct", + "rand_core", + "subtle", +] + [[package]] name = "paste" version = "1.0.15" @@ -3273,7 +3308,7 @@ version = "0.0.4" dependencies = [ "anyhow", "arc-swap", - "argon2", + "argon2 0.5.3", "bitvec", "cbloom", "cgmath", @@ -3332,7 +3367,7 @@ name = "perovskite_core" version = "0.0.4" dependencies = [ "anyhow", - "argon2", + "argon2 0.5.3", "bitvec", "bytemuck", "cgmath", @@ -3393,7 +3428,7 @@ name = "perovskite_server" version = "0.0.4" dependencies = [ "anyhow", - "argon2", + "argon2 0.4.1", "arrayvec", "bitvec", "bytemuck", @@ -4066,6 +4101,15 @@ version = "2.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "583034fd73374156e66797ed8e5b0d5690409c9226b22d87cb7f19821c05d152" +[[package]] +name = "rustc_version" +version = "0.4.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92" +dependencies = [ + "semver", +] + [[package]] name = "rustfft" version = "6.2.0" @@ -4257,9 +4301,9 @@ dependencies = [ [[package]] name = "sec1" -version = "0.3.0" +version = "0.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3be24c1842290c45df0a7bf069e0c268a747ad05a192f2fd7dcfdbc1cba40928" +checksum = "d3e97a565f76233a6003f9f5c54be1d9c5bdfa3eccfb189469f11ec4901c47dc" dependencies = [ "base16ct", "der", @@ -4415,7 +4459,7 @@ checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba" dependencies = [ "cfg-if", "cpufeatures", - "digest 0.10.7", + "digest", ] [[package]] @@ -4426,7 +4470,7 @@ checksum = "793db75ad2bcafc3ffa7c68b215fee268f537982cd901d132f89c6343f3a3dc8" dependencies = [ "cfg-if", "cpufeatures", - "digest 0.10.7", + "digest", ] [[package]] @@ -5516,13 +5560,13 @@ dependencies = [ [[package]] name = "voprf" -version = "0.4.0-pre.3" +version = "0.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "081acbe8fcf05d5e8e2aad8ef3d40e02eddeaec07c75a9770d862a0fc0874322" +checksum = "28f59c30c76e2fea54cdece6a054e2662feffa7ab19658a7887524265ee39470" dependencies = [ "curve25519-dalek", "derive-where", - "digest 0.10.7", + "digest", "displaydoc", "elliptic-curve", "generic-array", diff --git a/perovskite_client/Cargo.toml b/perovskite_client/Cargo.toml index fef2e6b..3ad41fb 100644 --- a/perovskite_client/Cargo.toml +++ b/perovskite_client/Cargo.toml @@ -10,7 +10,7 @@ categories = ["games"] maintenance = { status = "experimental" } [dependencies] -argon2 = "0.4.1" +argon2 = "0.5.3" anyhow = "1.0.71" cgmath = "0.18.0" clap = { version = "4.3.0", features = ["derive"] } @@ -24,7 +24,7 @@ image = "0.25.1" line_drawing = "1.0.0" log = "0.4.17" microbench = "0.5.0" -opaque-ke = { version = "2.0.0", features = ["argon2"] } +opaque-ke = { version = "3.0.0-pre.5", features = ["argon2"] } parking_lot = "0.12.1" rand = "0.8.5" rustc-hash = "2.0.0" diff --git a/perovskite_core/Cargo.toml b/perovskite_core/Cargo.toml index 082e2b4..9d239da 100644 --- a/perovskite_core/Cargo.toml +++ b/perovskite_core/Cargo.toml @@ -10,11 +10,11 @@ maintenance = { status = "experimental" } [dependencies] anyhow = "1.0.70" -argon2 = "0.4.1" +argon2 = "0.5.3" bitvec = "1.0.1" bytemuck = { version = "1.16.1", features = ["derive"] } cgmath = "0.18.0" -opaque-ke = { version = "2.0.0", features = ["argon2"] } +opaque-ke = { version = "3.0.0-pre.5", features = ["argon2"] } parking_lot = "0.12.1" prost = "0.13.1" prost-types = "0.13.1" diff --git a/perovskite_core/proto/game_rpc.proto b/perovskite_core/proto/game_rpc.proto index 3bd6f1b..0f79dbf 100644 --- a/perovskite_core/proto/game_rpc.proto +++ b/perovskite_core/proto/game_rpc.proto @@ -352,6 +352,10 @@ message StartAuth { // * MVP of entity kinematics w/ pending move queues // * Entity definition with meshes // * Checkboxes in popups + // 5 - circa 2024-09-01 onward + // * Audio (sampled sounds, entity sounds without per-entity-class details) + // * TLS supported + // * opaque_ke bump to v3 uint32 min_protocol_version = 4; uint32 max_protocol_version = 5; } diff --git a/perovskite_server/Cargo.toml b/perovskite_server/Cargo.toml index a049576..09d3a8a 100644 --- a/perovskite_server/Cargo.toml +++ b/perovskite_server/Cargo.toml @@ -25,7 +25,7 @@ itertools = "0.13.0" lazy_static = "1.4.0" log = "0.4.17" microbench = "0.5.0" -opaque-ke = { version = "2.0.0", features = ["argon2"] } +opaque-ke = { version = "3.0.0-pre.5", features = ["argon2"] } parking_lot = { version = "0.12.1" } prost = "0.13.1" rand = "0.8.5"