Christian Nennemann
8d5c1b3b9b
Add opaque-ke (v4, ristretto255) for password-based registration and login. Extend NodeService schema with opaqueRegisterStart/Finish and opaqueLoginStart/Finish RPCs. Add Store trait methods for OPAQUE server setup and user records. Initial e2e integration test scaffolding. Note: FileBackedStore does not yet implement the new Store trait methods — server compilation is temporarily broken. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
23 lines
764 B
Rust
23 lines
764 B
Rust
//! Shared OPAQUE (RFC 9497) cipher suite configuration.
|
|
//!
|
|
//! Both client and server import this module to ensure they use exactly
|
|
//! the same cryptographic parameters during registration and login.
|
|
|
|
use opaque_ke::CipherSuite;
|
|
|
|
/// OPAQUE cipher suite for quicnprotochat.
|
|
///
|
|
/// - **OPRF**: Ristretto255 (curve25519-based, ~128-bit security)
|
|
/// - **Key exchange**: Triple-DH (3DH) over Ristretto255 with SHA-512
|
|
/// - **KSF**: Identity (no key stretching; upgrade to Argon2 later)
|
|
pub struct OpaqueSuite;
|
|
|
|
impl CipherSuite for OpaqueSuite {
|
|
type OprfCs = opaque_ke::Ristretto255;
|
|
type KeyExchange = opaque_ke::key_exchange::tripledh::TripleDh<
|
|
opaque_ke::Ristretto255,
|
|
sha2::Sha512,
|
|
>;
|
|
type Ksf = opaque_ke::ksf::Identity;
|
|
}
|