diff options
-rw-r--r-- | src/lib/pbkdf/argon2/argon2.cpp | 27 | ||||
-rw-r--r-- | src/lib/pbkdf/argon2/argon2.h | 40 | ||||
-rw-r--r-- | src/lib/pbkdf/argon2/argon2pwhash.cpp | 12 |
3 files changed, 52 insertions, 27 deletions
diff --git a/src/lib/pbkdf/argon2/argon2.cpp b/src/lib/pbkdf/argon2/argon2.cpp index e7d02a9ea..f6d3ec43e 100644 --- a/src/lib/pbkdf/argon2/argon2.cpp +++ b/src/lib/pbkdf/argon2/argon2.cpp @@ -407,37 +407,32 @@ void process_blocks(secure_vector<uint64_t>& B, } -void argon2(uint8_t output[], size_t output_len, - const char* password, size_t password_len, - const uint8_t salt[], size_t salt_len, - const uint8_t key[], size_t key_len, - const uint8_t ad[], size_t ad_len, - uint8_t mode, size_t threads, size_t M, size_t t) +void Argon2::argon2(uint8_t output[], size_t output_len, + const char* password, size_t password_len, + const uint8_t salt[], size_t salt_len, + const uint8_t key[], size_t key_len, + const uint8_t ad[], size_t ad_len) const { - BOTAN_ARG_CHECK(mode == 0 || mode == 1 || mode == 2, "Unknown Argon2 mode parameter"); BOTAN_ARG_CHECK(output_len >= 4, "Invalid Argon2 output length"); - BOTAN_ARG_CHECK(threads >= 1 && threads <= 128, "Invalid Argon2 threads parameter"); - BOTAN_ARG_CHECK(M >= 8*threads && M <= 8192*1024, "Invalid Argon2 M parameter"); - BOTAN_ARG_CHECK(t >= 1, "Invalid Argon2 t parameter"); - std::unique_ptr<HashFunction> blake2 = HashFunction::create_or_throw("BLAKE2b"); + auto blake2 = HashFunction::create_or_throw("BLAKE2b"); const auto H0 = argon2_H0(*blake2, output_len, password, password_len, salt, salt_len, key, key_len, ad, ad_len, - mode, threads, M, t); + m_family, m_p, m_M, m_t); - const size_t memory = (M / (SYNC_POINTS*threads)) * (SYNC_POINTS*threads); + const size_t memory = (m_M / (SYNC_POINTS*m_p)) * (SYNC_POINTS*m_p); secure_vector<uint64_t> B(memory * 1024/8); - init_blocks(B, *blake2, H0, memory, threads); - process_blocks(B, t, memory, threads, mode); + init_blocks(B, *blake2, H0, memory, m_p); + process_blocks(B, m_t, memory, m_p, m_family); clear_mem(output, output_len); - extract_key(output, output_len, B, memory, threads); + extract_key(output, output_len, B, memory, m_p); } } diff --git a/src/lib/pbkdf/argon2/argon2.h b/src/lib/pbkdf/argon2/argon2.h index 44447360b..e83168d6b 100644 --- a/src/lib/pbkdf/argon2/argon2.h +++ b/src/lib/pbkdf/argon2/argon2.h @@ -8,6 +8,7 @@ #define BOTAN_ARGON2_H_ #include <botan/pwdhash.h> +#include <botan/exceptn.h> #if defined(BOTAN_HAS_ARGON2_FMT) #include <botan/argon2fmt.h> @@ -58,6 +59,13 @@ class BOTAN_PUBLIC_API(2,11) Argon2 final : public PasswordHash size_t total_memory_usage() const override { return M() * 1024; } private: + + void argon2(uint8_t output[], size_t output_len, + const char* password, size_t password_len, + const uint8_t salt[], size_t salt_len, + const uint8_t key[], size_t key_len, + const uint8_t ad[], size_t ad_len) const; + uint8_t m_family; size_t m_M, m_t, m_p; }; @@ -101,12 +109,32 @@ class BOTAN_PUBLIC_API(2,11) Argon2_Family final : public PasswordHashFamily * @param M the amount of memory to use in Kb * @param t the number of iterations to use */ -void BOTAN_PUBLIC_API(2,11) argon2(uint8_t output[], size_t output_len, - const char* password, size_t password_len, - const uint8_t salt[], size_t salt_len, - const uint8_t key[], size_t key_len, - const uint8_t ad[], size_t ad_len, - uint8_t y, size_t p, size_t M, size_t t); +inline void argon2(uint8_t output[], size_t output_len, + const char* password, size_t password_len, + const uint8_t salt[], size_t salt_len, + const uint8_t key[], size_t key_len, + const uint8_t ad[], size_t ad_len, + uint8_t y, size_t p, size_t M, size_t t) + { + std::unique_ptr<PasswordHashFamily> pwdhash_fam; + + if(y == 0) + pwdhash_fam = PasswordHashFamily::create_or_throw("Argon2d"); + else if(y == 1) + pwdhash_fam = PasswordHashFamily::create_or_throw("Argon2i"); + else if(y == 2) + pwdhash_fam = PasswordHashFamily::create_or_throw("Argon2id"); + else + throw Not_Implemented("Unknown Argon2 family type"); + + auto pwdhash = pwdhash_fam->from_params(M, t, p); + + pwdhash->derive_key(output, output_len, + password, password_len, + salt, salt_len, + ad, ad_len, + key, key_len); + } } diff --git a/src/lib/pbkdf/argon2/argon2pwhash.cpp b/src/lib/pbkdf/argon2/argon2pwhash.cpp index a9d1994c3..9886ba723 100644 --- a/src/lib/pbkdf/argon2/argon2pwhash.cpp +++ b/src/lib/pbkdf/argon2/argon2pwhash.cpp @@ -16,7 +16,11 @@ Argon2::Argon2(uint8_t family, size_t M, size_t t, size_t p) : m_M(M), m_t(t), m_p(p) - {} + { + BOTAN_ARG_CHECK(m_p >= 1 && m_p <= 128, "Invalid Argon2 threads parameter"); + BOTAN_ARG_CHECK(m_M >= 8*m_p && m_M <= 8192*1024, "Invalid Argon2 M parameter"); + BOTAN_ARG_CHECK(m_t >= 1, "Invalid Argon2 t parameter"); + } void Argon2::derive_key(uint8_t output[], size_t output_len, const char* password, size_t password_len, @@ -26,8 +30,7 @@ void Argon2::derive_key(uint8_t output[], size_t output_len, password, password_len, salt, salt_len, nullptr, 0, - nullptr, 0, - m_family, m_p, m_M, m_t); + nullptr, 0); } void Argon2::derive_key(uint8_t output[], size_t output_len, @@ -40,8 +43,7 @@ void Argon2::derive_key(uint8_t output[], size_t output_len, password, password_len, salt, salt_len, key, key_len, - ad, ad_len, - m_family, m_p, m_M, m_t); + ad, ad_len); } namespace { |