4 files changed, 32 insertions, 15 deletions

diff --git a/src/lib/pbkdf/argon2/argon2pwhash.cpp b/src/lib/pbkdf/argon2/argon2pwhash.cpp
index 2ea6c60c7..465c52c95 100644
--- a/src/lib/pbkdf/argon2/argon2pwhash.cpp
+++ b/src/lib/pbkdf/argon2/argon2pwhash.cpp
@@ -128,7 +128,7 @@ std::unique_ptr<PasswordHash> Argon2_Family::tune(size_t /*output_length*/,
 
 std::unique_ptr<PasswordHash> Argon2_Family::default_params() const
    {
-   return this->from_params(64*1024*1024, 3, 4);
+   return this->from_params(128*1024, 1, 1);
    }
 
 std::unique_ptr<PasswordHash> Argon2_Family::from_iterations(size_t iter) const
@@ -139,7 +139,7 @@ std::unique_ptr<PasswordHash> Argon2_Family::from_iterations(size_t iter) const
    mapping from iteration count to params
    */
    const size_t M = iter;
-   const size_t t = 3;
+   const size_t t = 1;
    const size_t p = 1;
    return this->from_params(M, t, p);
    }
diff --git a/src/scripts/test_cli.py b/src/scripts/test_cli.py
index c891d5ffb..2683bbd2f 100755
--- a/src/scripts/test_cli.py
+++ b/src/scripts/test_cli.py
@@ -322,6 +322,14 @@ def cli_pbkdf_tune_tests():
         if expected_pbkdf2.match(line) is None:
             logging.error("Unexpected line '%s'" % (line))
 
+    expected_argon2 = re.compile(r'For (default|[1-9][0-9]*) ms selected Argon2id\([0-9]+,[0-9]+,[0-9]+\)')
+
+    output = test_cli("pbkdf_tune", ["--algo=Argon2id", "--check", "1", "10", "50", "default"], None).split('\n')
+
+    for line in output:
+        if expected_argon2.match(line) is None:
+            logging.error("Unexpected line '%s'" % (line))
+
 def cli_psk_db_tests():
     if not check_for_command("psk_get"):
         return
diff --git a/src/scripts/tls_scanner/boa.txt b/src/scripts/tls_scanner/boa.txt
new file mode 100644
index 000000000..436b78572
--- /dev/null
+++ b/src/scripts/tls_scanner/boa.txt
@@ -0,0 +1 @@
+bankofamerica.com
diff --git a/src/tests/test_pbkdf.cpp b/src/tests/test_pbkdf.cpp
index 9ddb1e171..113d1bc2c 100644
--- a/src/tests/test_pbkdf.cpp
+++ b/src/tests/test_pbkdf.cpp
@@ -88,48 +88,56 @@ class Pwdhash_Tests : public Test
          {
          std::vector<Test::Result> results;
 
-         for(std::string pwdhash : { "Scrypt", "PBKDF2(SHA-256)", "OpenPGP-S2K(SHA-384)"})
+         for(std::string pwdhash : { "Scrypt", "PBKDF2(SHA-256)", "OpenPGP-S2K(SHA-384)", "Argon2d", "Argon2i", "Argon2id" })
             {
             Test::Result result("Pwdhash " + pwdhash);
             auto pwdhash_fam = Botan::PasswordHashFamily::create(pwdhash);
 
             if(pwdhash_fam)
                {
+               result.start_timer();
+
                const std::vector<uint8_t> salt(8);
                const std::string password = "test";
 
-               auto pwdhash_tune = pwdhash_fam->tune(32, std::chrono::milliseconds(50));
+               auto tuned_pwhash = pwdhash_fam->tune(32, std::chrono::milliseconds(10));
 
                std::vector<uint8_t> output1(32);
-               pwdhash_tune->derive_key(output1.data(), output1.size(),
+               tuned_pwhash->derive_key(output1.data(), output1.size(),
                                         password.c_str(), password.size(),
                                         salt.data(), salt.size());
 
                std::unique_ptr<Botan::PasswordHash> pwhash;
 
-               if(pwdhash_fam->name() == "Scrypt")
+               if(pwdhash_fam->name() == "Scrypt" || pwdhash_fam->name().find("Argon2") == 0)
                   {
-                  pwhash = pwdhash_fam->from_params(pwdhash_tune->memory_param(),
-                                                    pwdhash_tune->iterations(),
-                                                    pwdhash_tune->parallelism());
+                  pwhash = pwdhash_fam->from_params(tuned_pwhash->memory_param(),
+                                                    tuned_pwhash->iterations(),
+                                                    tuned_pwhash->parallelism());
                   }
                else
                   {
-                  pwhash = pwdhash_fam->from_params(pwdhash_tune->iterations());
+                  pwhash = pwdhash_fam->from_params(tuned_pwhash->iterations());
                   }
 
                std::vector<uint8_t> output2(32);
-               pwdhash_tune->derive_key(output2.data(), output2.size(),
-                                        password.c_str(), password.size(),
-                                        salt.data(), salt.size());
+               pwhash->derive_key(output2.data(), output2.size(),
+                                  password.c_str(), password.size(),
+                                  salt.data(), salt.size());
 
                result.test_eq("PasswordHash produced same output when run with same params",
                               output1, output2);
 
+               auto default_pwhash = pwdhash_fam->default_params();
+               std::vector<uint8_t> output3(32);
+               default_pwhash->derive_key(output3.data(), output3.size(),
+                                          password.c_str(), password.size(),
+                                          salt.data(), salt.size());
 
-               //auto pwdhash_tuned = pwdhash_fam->tune(32, std::chrono::milliseconds(150));
-
+               result.end_timer();
                }
+            else
+               result.test_failure("No such algo " + pwdhash);
 
             results.push_back(result);
             }