Avoid using the bare argon2() function

author: Jack Lloyd <[email protected]> 2021-04-15 07:52:53 -0400
committer: Jack Lloyd <[email protected]> 2021-04-15 08:00:45 -0400
commit: 0c3036417bebf12457e060666c4ee9447e73c583 (patch)
tree: a3d8f5eada5ef0796715a6f8cc1dba4c548b8ef3 /src/lib
parent: 776e4eb7ce241dafd213d0069c7105ab9bf9ac2a (diff)
2 files changed, 31 insertions, 14 deletions
diff --git a/src/lib/passhash/argon2fmt/argon2fmt.cpp b/src/lib/passhash/argon2fmt/argon2fmt.cpp
index 1bec44593..022499505 100644
--- a/src/lib/passhash/argon2fmt/argon2fmt.cpp
+++ b/src/lib/passhash/argon2fmt/argon2fmt.cpp
@@ -5,7 +5,7 @@
 */
 
 #include <botan/argon2fmt.h>
-#include <botan/argon2.h>
+#include <botan/pwdhash.h>
 #include <botan/rng.h>
 #include <botan/base64.h>
 #include <botan/internal/parsing.h>
@@ -22,6 +22,18 @@ std::string strip_padding(std::string s)
    return s;
    }
 
+std::string argon2_family(uint8_t y)
+   {
+   if(y == 0)
+      return "Argon2d";
+   else if(y == 1)
+      return "Argon2i";
+   else if(y == 2)
+      return "Argon2id";
+   else
+      throw Not_Implemented("Unknown Argon2 family type");
+   }
+
 }
 
 std::string argon2_generate_pwhash(const char* password, size_t password_len,
@@ -33,12 +45,13 @@ std::string argon2_generate_pwhash(const char* password, size_t password_len,
    rng.randomize(salt.data(), salt.size());
 
    std::vector<uint8_t> output(output_len);
-   argon2(output.data(), output.size(),
-          password, password_len,
-          salt.data(), salt.size(),
-          nullptr, 0,
-          nullptr, 0,
-          y, p, M, t);
+
+   auto pwdhash_fam = PasswordHashFamily::create_or_throw(argon2_family(y));
+   auto pwdhash = pwdhash_fam->from_params(M, t, p);
+
+   pwdhash->derive_key(output.data(), output.size(),
+                       password, password_len,
+                       salt.data(), salt.size());
 
    std::ostringstream oss;
 
@@ -113,12 +126,12 @@ bool argon2_check_pwhash(const char* password, size_t password_len,
       return false;
 
    std::vector<uint8_t> generated(hash.size());
-   argon2(generated.data(), generated.size(),
-          password, password_len,
-          salt.data(), salt.size(),
-          nullptr, 0,
-          nullptr, 0,
-          family, p, M, t);
+   auto pwdhash_fam = PasswordHashFamily::create_or_throw(argon2_family(family));
+   auto pwdhash = pwdhash_fam->from_params(M, t, p);
+
+   pwdhash->derive_key(generated.data(), generated.size(),
+                       password, password_len,
+                       salt.data(), salt.size());
 
    return constant_time_compare(generated.data(), hash.data(), generated.size());
    }
diff --git a/src/lib/pbkdf/argon2/argon2pwhash.cpp b/src/lib/pbkdf/argon2/argon2pwhash.cpp
index 9886ba723..0bf2210d0 100644
--- a/src/lib/pbkdf/argon2/argon2pwhash.cpp
+++ b/src/lib/pbkdf/argon2/argon2pwhash.cpp
@@ -99,9 +99,13 @@ std::unique_ptr<PasswordHash> Argon2_Family::tune(size_t /*output_length*/,
    Timer timer("Argon2");
    const auto tune_time = BOTAN_PBKDF_TUNING_TIME;
 
+   auto pwhash = this->from_params(tune_M, t, p);
+
    timer.run_until_elapsed(tune_time, [&]() {
       uint8_t output[64] = { 0 };
-      argon2(output, sizeof(output), "test", 4, nullptr, 0, nullptr, 0, nullptr, 0, m_family, p, tune_M, t);
+      pwhash->derive_key(output, sizeof(output),
+                         "test", 4,
+                         nullptr, 0);
       });
 
    if(timer.events() == 0 || timer.value() == 0)
author	Jack Lloyd <[email protected]>	2021-04-15 07:52:53 -0400
committer	Jack Lloyd <[email protected]>	2021-04-15 08:00:45 -0400
commit	0c3036417bebf12457e060666c4ee9447e73c583 (patch)
tree	a3d8f5eada5ef0796715a6f8cc1dba4c548b8ef3 /src/lib
parent	776e4eb7ce241dafd213d0069c7105ab9bf9ac2a (diff)