diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/lib/pbkdf/argon2/argon2pwhash.cpp | 4 | ||||
-rwxr-xr-x | src/scripts/test_cli.py | 8 | ||||
-rw-r--r-- | src/scripts/tls_scanner/boa.txt | 1 | ||||
-rw-r--r-- | src/tests/test_pbkdf.cpp | 34 |
4 files changed, 32 insertions, 15 deletions
diff --git a/src/lib/pbkdf/argon2/argon2pwhash.cpp b/src/lib/pbkdf/argon2/argon2pwhash.cpp index 2ea6c60c7..465c52c95 100644 --- a/src/lib/pbkdf/argon2/argon2pwhash.cpp +++ b/src/lib/pbkdf/argon2/argon2pwhash.cpp @@ -128,7 +128,7 @@ std::unique_ptr<PasswordHash> Argon2_Family::tune(size_t /*output_length*/, std::unique_ptr<PasswordHash> Argon2_Family::default_params() const { - return this->from_params(64*1024*1024, 3, 4); + return this->from_params(128*1024, 1, 1); } std::unique_ptr<PasswordHash> Argon2_Family::from_iterations(size_t iter) const @@ -139,7 +139,7 @@ std::unique_ptr<PasswordHash> Argon2_Family::from_iterations(size_t iter) const mapping from iteration count to params */ const size_t M = iter; - const size_t t = 3; + const size_t t = 1; const size_t p = 1; return this->from_params(M, t, p); } diff --git a/src/scripts/test_cli.py b/src/scripts/test_cli.py index c891d5ffb..2683bbd2f 100755 --- a/src/scripts/test_cli.py +++ b/src/scripts/test_cli.py @@ -322,6 +322,14 @@ def cli_pbkdf_tune_tests(): if expected_pbkdf2.match(line) is None: logging.error("Unexpected line '%s'" % (line)) + expected_argon2 = re.compile(r'For (default|[1-9][0-9]*) ms selected Argon2id\([0-9]+,[0-9]+,[0-9]+\)') + + output = test_cli("pbkdf_tune", ["--algo=Argon2id", "--check", "1", "10", "50", "default"], None).split('\n') + + for line in output: + if expected_argon2.match(line) is None: + logging.error("Unexpected line '%s'" % (line)) + def cli_psk_db_tests(): if not check_for_command("psk_get"): return diff --git a/src/scripts/tls_scanner/boa.txt b/src/scripts/tls_scanner/boa.txt new file mode 100644 index 000000000..436b78572 --- /dev/null +++ b/src/scripts/tls_scanner/boa.txt @@ -0,0 +1 @@ +bankofamerica.com diff --git a/src/tests/test_pbkdf.cpp b/src/tests/test_pbkdf.cpp index 9ddb1e171..113d1bc2c 100644 --- a/src/tests/test_pbkdf.cpp +++ b/src/tests/test_pbkdf.cpp @@ -88,48 +88,56 @@ class Pwdhash_Tests : public Test { std::vector<Test::Result> results; - for(std::string pwdhash : { "Scrypt", "PBKDF2(SHA-256)", "OpenPGP-S2K(SHA-384)"}) + for(std::string pwdhash : { "Scrypt", "PBKDF2(SHA-256)", "OpenPGP-S2K(SHA-384)", "Argon2d", "Argon2i", "Argon2id" }) { Test::Result result("Pwdhash " + pwdhash); auto pwdhash_fam = Botan::PasswordHashFamily::create(pwdhash); if(pwdhash_fam) { + result.start_timer(); + const std::vector<uint8_t> salt(8); const std::string password = "test"; - auto pwdhash_tune = pwdhash_fam->tune(32, std::chrono::milliseconds(50)); + auto tuned_pwhash = pwdhash_fam->tune(32, std::chrono::milliseconds(10)); std::vector<uint8_t> output1(32); - pwdhash_tune->derive_key(output1.data(), output1.size(), + tuned_pwhash->derive_key(output1.data(), output1.size(), password.c_str(), password.size(), salt.data(), salt.size()); std::unique_ptr<Botan::PasswordHash> pwhash; - if(pwdhash_fam->name() == "Scrypt") + if(pwdhash_fam->name() == "Scrypt" || pwdhash_fam->name().find("Argon2") == 0) { - pwhash = pwdhash_fam->from_params(pwdhash_tune->memory_param(), - pwdhash_tune->iterations(), - pwdhash_tune->parallelism()); + pwhash = pwdhash_fam->from_params(tuned_pwhash->memory_param(), + tuned_pwhash->iterations(), + tuned_pwhash->parallelism()); } else { - pwhash = pwdhash_fam->from_params(pwdhash_tune->iterations()); + pwhash = pwdhash_fam->from_params(tuned_pwhash->iterations()); } std::vector<uint8_t> output2(32); - pwdhash_tune->derive_key(output2.data(), output2.size(), - password.c_str(), password.size(), - salt.data(), salt.size()); + pwhash->derive_key(output2.data(), output2.size(), + password.c_str(), password.size(), + salt.data(), salt.size()); result.test_eq("PasswordHash produced same output when run with same params", output1, output2); + auto default_pwhash = pwdhash_fam->default_params(); + std::vector<uint8_t> output3(32); + default_pwhash->derive_key(output3.data(), output3.size(), + password.c_str(), password.size(), + salt.data(), salt.size()); - //auto pwdhash_tuned = pwdhash_fam->tune(32, std::chrono::milliseconds(150)); - + result.end_timer(); } + else + result.test_failure("No such algo " + pwdhash); results.push_back(result); } |