Argon2: PasswordHash, documentation, hash formatting

2 files changed, 91 insertions, 0 deletions

diff --git a/src/tests/data/passhash/argon2.vec b/src/tests/data/passhash/argon2.vec
new file mode 100644
index 000000000..6de6724d5
--- /dev/null
+++ b/src/tests/data/passhash/argon2.vec
@@ -0,0 +1,38 @@
+
+[Verify]
+Password = pass
+Passhash = $argon2i$v=19$m=8,t=1,p=1$YWFhYWFhYWE$3ney028aI7naIJ/5U///1ICfSVF0Ta4jh2SpJ1jhsCE
+
+Password = pass
+Passhash = $argon2d$v=19$m=8,t=1,p=1$YWFhYWFhYWE$0WM+IC/fpCF2boiNXmu0lnBXDAKes/BHiYuq9abKsWQ
+
+Password = pass
+Passhash = $argon2id$v=19$m=8,t=1,p=1$YWFhYWFhYWE$tPAla38/iYe0rtvQKVaPv04WYar67QEGlc4fhxU185s
+
+[Generate]
+Password = pass
+Mode = 2
+M = 8
+T = 1
+P = 1
+Salt = 313233343536373839616263646566
+OutLen = 32
+Passhash = $argon2id$v=19$m=8,t=1,p=1$MTIzNDU2Nzg5YWJjZGVm$+iAchMa6urtGUvqS2c2ly5SxSb3Jj9S/nq4SZaIgLaI
+
+Password = pass
+Mode = 0
+M = 8192
+T = 3
+P = 1
+Salt = 313233343536373839616263646566
+OutLen = 32
+Passhash = $argon2d$v=19$m=8192,t=3,p=1$MTIzNDU2Nzg5YWJjZGVm$6C4pewOLgibFqWOo9mKTN2xV8KBRq7wjD8PM7DsoV0k
+
+Password = pass
+Mode = 1
+M = 8192
+T = 3
+P = 1
+Salt = 313233343536373839616263646566
+OutLen = 32
+Passhash = $argon2i$v=19$m=8192,t=3,p=1$MTIzNDU2Nzg5YWJjZGVm$7iO3QHobBZHBgjSM+u92dRHJeKpsMdbZ+sLxPjcm9MI
diff --git a/src/tests/test_passhash.cpp b/src/tests/test_passhash.cpp
index b6bd268b1..0b39e7ffc 100644
--- a/src/tests/test_passhash.cpp
+++ b/src/tests/test_passhash.cpp
@@ -14,6 +14,11 @@
    #include <botan/passhash9.h>
 #endif
 
+#if defined(BOTAN_HAS_ARGON2)
+   #include <botan/argon2.h>
+   #include "test_rng.h"
+#endif
+
 namespace Botan_Tests {
 
 namespace {
@@ -76,6 +81,54 @@ BOTAN_REGISTER_TEST("bcrypt", Bcrypt_Tests);
 
 #endif
 
+#if defined(BOTAN_HAS_ARGON2)
+class Argon2_Tests final : public Text_Based_Test
+   {
+   public:
+      Argon2_Tests() : Text_Based_Test("passhash/argon2.vec", "Password,Passhash", "Mode,M,T,P,Salt,OutLen") {}
+
+      Test::Result run_one_test(const std::string& header, const VarMap& vars) override
+         {
+         const std::string password = vars.get_req_str("Password");
+         const std::string passhash = vars.get_req_str("Passhash");
+
+         Test::Result result("Argon2 password hash");
+
+         if(header == "Verify")
+            {
+            const bool accepted = Botan::argon2_check_pwhash(password.data(), password.size(), passhash);
+            result.test_eq("correct hash accepted", accepted, true);
+            }
+         else if(header == "Generate")
+            {
+            const std::vector<uint8_t> salt = vars.get_req_bin("Salt");
+            const size_t y = vars.get_req_sz("Mode");
+            const size_t M = vars.get_req_sz("M");
+            const size_t t = vars.get_req_sz("T");
+            const size_t p = vars.get_req_sz("P");
+            const size_t out_len = vars.get_req_sz("OutLen");
+
+            Fixed_Output_RNG rng(salt);
+
+            const std::string generated = Botan::argon2_generate_pwhash(password.data(), password.size(),
+                                                                        rng,
+                                                                        p, M, t, y, salt.size(), out_len);
+
+            result.test_eq("expected hash generated", generated, passhash);
+            const bool accepted = Botan::argon2_check_pwhash(password.data(), password.size(), generated);
+            result.test_eq("generated hash accepted", accepted, true);
+            }
+         else
+            throw Test_Error("Unexpected header in Argon2 password hash test file");
+
+         return result;
+         }
+   };
+
+BOTAN_REGISTER_TEST("argon2_pass", Argon2_Tests);
+
+#endif
+
 #if defined(BOTAN_HAS_PASSHASH9)
 class Passhash9_Tests final : public Text_Based_Test
    {