aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/lib/pbkdf/argon2/argon2.cpp27
-rw-r--r--src/lib/pbkdf/argon2/argon2.h40
-rw-r--r--src/lib/pbkdf/argon2/argon2pwhash.cpp12
3 files changed, 52 insertions, 27 deletions
diff --git a/src/lib/pbkdf/argon2/argon2.cpp b/src/lib/pbkdf/argon2/argon2.cpp
index e7d02a9ea..f6d3ec43e 100644
--- a/src/lib/pbkdf/argon2/argon2.cpp
+++ b/src/lib/pbkdf/argon2/argon2.cpp
@@ -407,37 +407,32 @@ void process_blocks(secure_vector<uint64_t>& B,
}
-void argon2(uint8_t output[], size_t output_len,
- const char* password, size_t password_len,
- const uint8_t salt[], size_t salt_len,
- const uint8_t key[], size_t key_len,
- const uint8_t ad[], size_t ad_len,
- uint8_t mode, size_t threads, size_t M, size_t t)
+void Argon2::argon2(uint8_t output[], size_t output_len,
+ const char* password, size_t password_len,
+ const uint8_t salt[], size_t salt_len,
+ const uint8_t key[], size_t key_len,
+ const uint8_t ad[], size_t ad_len) const
{
- BOTAN_ARG_CHECK(mode == 0 || mode == 1 || mode == 2, "Unknown Argon2 mode parameter");
BOTAN_ARG_CHECK(output_len >= 4, "Invalid Argon2 output length");
- BOTAN_ARG_CHECK(threads >= 1 && threads <= 128, "Invalid Argon2 threads parameter");
- BOTAN_ARG_CHECK(M >= 8*threads && M <= 8192*1024, "Invalid Argon2 M parameter");
- BOTAN_ARG_CHECK(t >= 1, "Invalid Argon2 t parameter");
- std::unique_ptr<HashFunction> blake2 = HashFunction::create_or_throw("BLAKE2b");
+ auto blake2 = HashFunction::create_or_throw("BLAKE2b");
const auto H0 = argon2_H0(*blake2, output_len,
password, password_len,
salt, salt_len,
key, key_len,
ad, ad_len,
- mode, threads, M, t);
+ m_family, m_p, m_M, m_t);
- const size_t memory = (M / (SYNC_POINTS*threads)) * (SYNC_POINTS*threads);
+ const size_t memory = (m_M / (SYNC_POINTS*m_p)) * (SYNC_POINTS*m_p);
secure_vector<uint64_t> B(memory * 1024/8);
- init_blocks(B, *blake2, H0, memory, threads);
- process_blocks(B, t, memory, threads, mode);
+ init_blocks(B, *blake2, H0, memory, m_p);
+ process_blocks(B, m_t, memory, m_p, m_family);
clear_mem(output, output_len);
- extract_key(output, output_len, B, memory, threads);
+ extract_key(output, output_len, B, memory, m_p);
}
}
diff --git a/src/lib/pbkdf/argon2/argon2.h b/src/lib/pbkdf/argon2/argon2.h
index 44447360b..e83168d6b 100644
--- a/src/lib/pbkdf/argon2/argon2.h
+++ b/src/lib/pbkdf/argon2/argon2.h
@@ -8,6 +8,7 @@
#define BOTAN_ARGON2_H_
#include <botan/pwdhash.h>
+#include <botan/exceptn.h>
#if defined(BOTAN_HAS_ARGON2_FMT)
#include <botan/argon2fmt.h>
@@ -58,6 +59,13 @@ class BOTAN_PUBLIC_API(2,11) Argon2 final : public PasswordHash
size_t total_memory_usage() const override { return M() * 1024; }
private:
+
+ void argon2(uint8_t output[], size_t output_len,
+ const char* password, size_t password_len,
+ const uint8_t salt[], size_t salt_len,
+ const uint8_t key[], size_t key_len,
+ const uint8_t ad[], size_t ad_len) const;
+
uint8_t m_family;
size_t m_M, m_t, m_p;
};
@@ -101,12 +109,32 @@ class BOTAN_PUBLIC_API(2,11) Argon2_Family final : public PasswordHashFamily
* @param M the amount of memory to use in Kb
* @param t the number of iterations to use
*/
-void BOTAN_PUBLIC_API(2,11) argon2(uint8_t output[], size_t output_len,
- const char* password, size_t password_len,
- const uint8_t salt[], size_t salt_len,
- const uint8_t key[], size_t key_len,
- const uint8_t ad[], size_t ad_len,
- uint8_t y, size_t p, size_t M, size_t t);
+inline void argon2(uint8_t output[], size_t output_len,
+ const char* password, size_t password_len,
+ const uint8_t salt[], size_t salt_len,
+ const uint8_t key[], size_t key_len,
+ const uint8_t ad[], size_t ad_len,
+ uint8_t y, size_t p, size_t M, size_t t)
+ {
+ std::unique_ptr<PasswordHashFamily> pwdhash_fam;
+
+ if(y == 0)
+ pwdhash_fam = PasswordHashFamily::create_or_throw("Argon2d");
+ else if(y == 1)
+ pwdhash_fam = PasswordHashFamily::create_or_throw("Argon2i");
+ else if(y == 2)
+ pwdhash_fam = PasswordHashFamily::create_or_throw("Argon2id");
+ else
+ throw Not_Implemented("Unknown Argon2 family type");
+
+ auto pwdhash = pwdhash_fam->from_params(M, t, p);
+
+ pwdhash->derive_key(output, output_len,
+ password, password_len,
+ salt, salt_len,
+ ad, ad_len,
+ key, key_len);
+ }
}
diff --git a/src/lib/pbkdf/argon2/argon2pwhash.cpp b/src/lib/pbkdf/argon2/argon2pwhash.cpp
index a9d1994c3..9886ba723 100644
--- a/src/lib/pbkdf/argon2/argon2pwhash.cpp
+++ b/src/lib/pbkdf/argon2/argon2pwhash.cpp
@@ -16,7 +16,11 @@ Argon2::Argon2(uint8_t family, size_t M, size_t t, size_t p) :
m_M(M),
m_t(t),
m_p(p)
- {}
+ {
+ BOTAN_ARG_CHECK(m_p >= 1 && m_p <= 128, "Invalid Argon2 threads parameter");
+ BOTAN_ARG_CHECK(m_M >= 8*m_p && m_M <= 8192*1024, "Invalid Argon2 M parameter");
+ BOTAN_ARG_CHECK(m_t >= 1, "Invalid Argon2 t parameter");
+ }
void Argon2::derive_key(uint8_t output[], size_t output_len,
const char* password, size_t password_len,
@@ -26,8 +30,7 @@ void Argon2::derive_key(uint8_t output[], size_t output_len,
password, password_len,
salt, salt_len,
nullptr, 0,
- nullptr, 0,
- m_family, m_p, m_M, m_t);
+ nullptr, 0);
}
void Argon2::derive_key(uint8_t output[], size_t output_len,
@@ -40,8 +43,7 @@ void Argon2::derive_key(uint8_t output[], size_t output_len,
password, password_len,
salt, salt_len,
key, key_len,
- ad, ad_len,
- m_family, m_p, m_M, m_t);
+ ad, ad_len);
}
namespace {