aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/pbkdf/argon2/argon2pwhash.cpp4
-rwxr-xr-xsrc/scripts/test_cli.py8
-rw-r--r--src/scripts/tls_scanner/boa.txt1
-rw-r--r--src/tests/test_pbkdf.cpp34
4 files changed, 32 insertions, 15 deletions
diff --git a/src/lib/pbkdf/argon2/argon2pwhash.cpp b/src/lib/pbkdf/argon2/argon2pwhash.cpp
index 2ea6c60c7..465c52c95 100644
--- a/src/lib/pbkdf/argon2/argon2pwhash.cpp
+++ b/src/lib/pbkdf/argon2/argon2pwhash.cpp
@@ -128,7 +128,7 @@ std::unique_ptr<PasswordHash> Argon2_Family::tune(size_t /*output_length*/,
std::unique_ptr<PasswordHash> Argon2_Family::default_params() const
{
- return this->from_params(64*1024*1024, 3, 4);
+ return this->from_params(128*1024, 1, 1);
}
std::unique_ptr<PasswordHash> Argon2_Family::from_iterations(size_t iter) const
@@ -139,7 +139,7 @@ std::unique_ptr<PasswordHash> Argon2_Family::from_iterations(size_t iter) const
mapping from iteration count to params
*/
const size_t M = iter;
- const size_t t = 3;
+ const size_t t = 1;
const size_t p = 1;
return this->from_params(M, t, p);
}
diff --git a/src/scripts/test_cli.py b/src/scripts/test_cli.py
index c891d5ffb..2683bbd2f 100755
--- a/src/scripts/test_cli.py
+++ b/src/scripts/test_cli.py
@@ -322,6 +322,14 @@ def cli_pbkdf_tune_tests():
if expected_pbkdf2.match(line) is None:
logging.error("Unexpected line '%s'" % (line))
+ expected_argon2 = re.compile(r'For (default|[1-9][0-9]*) ms selected Argon2id\([0-9]+,[0-9]+,[0-9]+\)')
+
+ output = test_cli("pbkdf_tune", ["--algo=Argon2id", "--check", "1", "10", "50", "default"], None).split('\n')
+
+ for line in output:
+ if expected_argon2.match(line) is None:
+ logging.error("Unexpected line '%s'" % (line))
+
def cli_psk_db_tests():
if not check_for_command("psk_get"):
return
diff --git a/src/scripts/tls_scanner/boa.txt b/src/scripts/tls_scanner/boa.txt
new file mode 100644
index 000000000..436b78572
--- /dev/null
+++ b/src/scripts/tls_scanner/boa.txt
@@ -0,0 +1 @@
+bankofamerica.com
diff --git a/src/tests/test_pbkdf.cpp b/src/tests/test_pbkdf.cpp
index 9ddb1e171..113d1bc2c 100644
--- a/src/tests/test_pbkdf.cpp
+++ b/src/tests/test_pbkdf.cpp
@@ -88,48 +88,56 @@ class Pwdhash_Tests : public Test
{
std::vector<Test::Result> results;
- for(std::string pwdhash : { "Scrypt", "PBKDF2(SHA-256)", "OpenPGP-S2K(SHA-384)"})
+ for(std::string pwdhash : { "Scrypt", "PBKDF2(SHA-256)", "OpenPGP-S2K(SHA-384)", "Argon2d", "Argon2i", "Argon2id" })
{
Test::Result result("Pwdhash " + pwdhash);
auto pwdhash_fam = Botan::PasswordHashFamily::create(pwdhash);
if(pwdhash_fam)
{
+ result.start_timer();
+
const std::vector<uint8_t> salt(8);
const std::string password = "test";
- auto pwdhash_tune = pwdhash_fam->tune(32, std::chrono::milliseconds(50));
+ auto tuned_pwhash = pwdhash_fam->tune(32, std::chrono::milliseconds(10));
std::vector<uint8_t> output1(32);
- pwdhash_tune->derive_key(output1.data(), output1.size(),
+ tuned_pwhash->derive_key(output1.data(), output1.size(),
password.c_str(), password.size(),
salt.data(), salt.size());
std::unique_ptr<Botan::PasswordHash> pwhash;
- if(pwdhash_fam->name() == "Scrypt")
+ if(pwdhash_fam->name() == "Scrypt" || pwdhash_fam->name().find("Argon2") == 0)
{
- pwhash = pwdhash_fam->from_params(pwdhash_tune->memory_param(),
- pwdhash_tune->iterations(),
- pwdhash_tune->parallelism());
+ pwhash = pwdhash_fam->from_params(tuned_pwhash->memory_param(),
+ tuned_pwhash->iterations(),
+ tuned_pwhash->parallelism());
}
else
{
- pwhash = pwdhash_fam->from_params(pwdhash_tune->iterations());
+ pwhash = pwdhash_fam->from_params(tuned_pwhash->iterations());
}
std::vector<uint8_t> output2(32);
- pwdhash_tune->derive_key(output2.data(), output2.size(),
- password.c_str(), password.size(),
- salt.data(), salt.size());
+ pwhash->derive_key(output2.data(), output2.size(),
+ password.c_str(), password.size(),
+ salt.data(), salt.size());
result.test_eq("PasswordHash produced same output when run with same params",
output1, output2);
+ auto default_pwhash = pwdhash_fam->default_params();
+ std::vector<uint8_t> output3(32);
+ default_pwhash->derive_key(output3.data(), output3.size(),
+ password.c_str(), password.size(),
+ salt.data(), salt.size());
- //auto pwdhash_tuned = pwdhash_fam->tune(32, std::chrono::milliseconds(150));
-
+ result.end_timer();
}
+ else
+ result.test_failure("No such algo " + pwdhash);
results.push_back(result);
}