feat(server): Implement GOST 34.11-2012 "Streebog" password hashing

server/Cargo.toml

@@ -16,11 +16,13 @@ blake3 = "1.5.1"
 color-eyre = "0.6.3"
 diesel = { version = "2.1.6", features = ["postgres", "uuid", "r2d2"] }
 futures = "0.3.30"
+hex = { version = "0.4.3", optional = true }
 prost = "0.12.6"
 prost-types = "0.12.4"
 rand_chacha = "0.3.1"
 rand_core = "0.6.4"
 redis = { version = "0.25.3", features = ["uuid", "tokio-comp", "aio"] }
+streebog = { version = "0.10.2", optional = true } # GOST 34.11-2012 Hash function (Codename "Streebog")
 thiserror = "1.0.61"
 tokio = { version = "1.37.0", features = ["macros", "rt-multi-thread"] }
 tokio-util = "0.7.11"
@@ -32,6 +34,10 @@ uuid = { version = "1.8.0", features = ["v4"] }
 [build-dependencies]
 tonic-build = "0.11"
 
+[features]
+# default = ["streebog"]
+streebog = ["dep:streebog", "dep:hex"]
+
 # `cargo-machete` reports this as unused, but it's absolutely used by `tonic` :)
 [package.metadata.cargo-machete]
 ignored = ["prost", "prost-types"]

server/src/services/registry.rs

@@ -38,8 +38,7 @@ impl proto::registry_server::Registry for Registry {
 
         // Import some traits and methods to interact with the ORM.
         use crate::entities::schema::users::dsl::*;
-        use diesel::query_dsl::methods::{FilterDsl, SelectDsl};
-        use diesel::{ExpressionMethods, OptionalExtension, RunQueryDsl, SelectableHelper};
+        use diesel::prelude::*;
 
         let mut credentials = request.into_inner();
         let duplicate_user = users
@@ -52,8 +51,24 @@ impl proto::registry_server::Registry for Registry {
         match duplicate_user {
             // No duplicate usernames found, registering a new account.
             None => {
-                // Hash the password using Blake3.
-                credentials.password = blake3::hash(credentials.password.as_bytes()).to_string();
+                // Hash the password using Blake3 hash function.
+                #[cfg(not(feature = "streebog"))]
+                {
+                    credentials.password =
+                        blake3::hash(credentials.password.as_bytes()).to_string();
+                }
+
+                // Hash the password using GOST 34.11-2012 hash function.
+                //
+                // - Reference:      https://en.wikipedia.org/wiki/Streebog
+                // - Implementation: https://docs.rs/streebog/latest/streebog/index.html
+                #[cfg(feature = "streebog")]
+                {
+                    use streebog::{Digest, Streebog256};
+                    let mut hasher = Streebog256::new();
+                    hasher.update(credentials.password.as_str());
+                    credentials.password = hex::encode(hasher.finalize());
+                }
 
                 let mut rng = self.rng.lock().await;
                 let user = User::new(credentials.username.clone(), credentials.password, &mut rng);
@@ -91,8 +106,23 @@ impl proto::registry_server::Registry for Registry {
 
         let mut credentials = request.into_inner();
 
-        // Hash the password using Blake3.
-        credentials.password = blake3::hash(credentials.password.as_bytes()).to_string();
+        // Hash the password using Blake3 hash function.
+        #[cfg(not(feature = "streebog"))]
+        {
+            credentials.password = blake3::hash(credentials.password.as_bytes()).to_string();
+        }
+
+        // Hash the password using GOST 34.11-2012 hash function.
+        //
+        // - Reference:      https://en.wikipedia.org/wiki/Streebog
+        // - Implementation: https://docs.rs/streebog/latest/streebog/index.html
+        #[cfg(feature = "streebog")]
+        {
+            use streebog::{Digest, Streebog256};
+            let mut hasher = Streebog256::new();
+            hasher.update(credentials.password.as_str());
+            credentials.password = hex::encode(hasher.finalize());
+        }
 
         let candidate_user = users
             .filter(username.eq(&credentials.username))