Prefix passhash with "$9$" in a manner similar with other

password hashing schemes.

Increase salt size to 80 bits.

Research shows that virtually no other PBKDF2 implementations support
anything but SHA-1; for ease of implementation elsehwere switch back
from SHA-512 to SHA-1. Should be mostly harmless; it limits total
entropy of the password to a maximum of 160 bits, but this is unlikely
anyway.

Use two bytes to specify the work factor for future-proofing.

Add a test.

1 files changed, 32 insertions, 0 deletions

diff --git a/checks/validate.cpp b/checks/validate.cpp
index 9500589ca..bbb710b91 100644
--- a/checks/validate.cpp
+++ b/checks/validate.cpp
@@ -18,6 +18,11 @@
 #include <botan/exceptn.h>
 #include <botan/selftest.h>
 #include <botan/libstate.h>
+
+#if defined(BOTAN_HAS_PASSHASH)
+  #include <botan/passhash.h>
+#endif
+
 using namespace Botan;
 
 #include "validate.h"
@@ -61,6 +66,26 @@ std::vector<std::string> parse(const std::string&);
 void strip(std::string&);
 Botan::SecureVector<byte> decode_hex(const std::string&);
 
+bool test_passhash(RandomNumberGenerator& rng)
+   {
+#if defined(BOTAN_HAS_PASSHASH)
+
+   const std::string input = "secret";
+   const std::string fixed_hash = "$9$AArBRAG0kcKp3XPDUgd32ONhutn9HMQKix7H";
+
+   if(!password_hash_ok(input, fixed_hash))
+      return false;
+
+   std::string gen_hash = password_hash(input, rng, 5);
+
+   if(!password_hash_ok(input, gen_hash))
+      return false;
+
+#endif
+
+   return true;
+   }
+
 u32bit do_validation_tests(const std::string& filename,
                            RandomNumberGenerator& rng,
                            bool should_pass)
@@ -179,6 +204,13 @@ u32bit do_validation_tests(const std::string& filename,
          }
 
       }
+
+   if(should_pass && !test_passhash(rng))
+      {
+      std::cout << "Passhash tests failed" << std::endl;
+      errors++;
+      }
+
    if(should_pass)
       std::cout << std::endl;
    return errors;