aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/pbkdf/argon2/argon2fmt.cpp
blob: 480be5fa364d497c4379d2fc8860d015bb9e3f23 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
/**
* (C) 2019 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/argon2.h>
#include <botan/rng.h>
#include <botan/base64.h>
#include <botan/parsing.h>
#include <sstream>

namespace Botan {

namespace {

std::string strip_padding(std::string s)
   {
   while(s.size() > 0 && s[s.size()-1] == '=')
      s.resize(s.size() - 1);
   return s;
   }

}

std::string argon2_generate_pwhash(const char* password, size_t password_len,
                                   RandomNumberGenerator& rng,
                                   size_t p, size_t M, size_t t,
                                   uint8_t y, size_t salt_len, size_t output_len)
   {
   std::vector<uint8_t> salt(salt_len);
   rng.randomize(salt.data(), salt.size());

   std::vector<uint8_t> output(output_len);
   argon2(output.data(), output.size(),
          password, password_len,
          salt.data(), salt.size(),
          nullptr, 0,
          nullptr, 0,
          y, p, M, t);

   std::ostringstream oss;

   if(y == 0)
      oss << "$argon2d$";
   else if(y == 1)
      oss << "$argon2i$";
   else
      oss << "$argon2id$";

   oss << "v=19$m=" << M << ",t=" << t << ",p=" << p << "$";
   oss << strip_padding(base64_encode(salt)) << "$" << strip_padding(base64_encode(output));

   return oss.str();
   }

bool argon2_check_pwhash(const char* password, size_t password_len,
                         const std::string& input_hash)
   {
   const std::vector<std::string> parts = split_on(input_hash, '$');

   if(parts.size() != 5)
      return false;

   uint8_t family = 0;

   if(parts[0] == "argon2d")
      family = 0;
   else if(parts[0] == "argon2i")
      family = 1;
   else if(parts[0] == "argon2id")
      family = 2;
   else
      return false;

   if(parts[1] != "v=19")
      return false;

   const std::vector<std::string> params = split_on(parts[2], ',');

   if(params.size() != 3)
      return false;

   size_t M = 0, t = 0, p = 0;

   for(auto param_str : params)
      {
      const std::vector<std::string> param = split_on(param_str, '=');

      if(param.size() != 2)
         return false;

      const std::string key = param[0];
      const size_t val = to_u32bit(param[1]);
      if(key == "m")
         M = val;
      else if(key == "t")
         t = val;
      else if(key == "p")
         p = val;
      else
         return false;
      }

   std::vector<uint8_t> salt(base64_decode_max_output(parts[3].size()));
   salt.resize(base64_decode(salt.data(), parts[3], false));

   std::vector<uint8_t> hash(base64_decode_max_output(parts[4].size()));
   hash.resize(base64_decode(hash.data(), parts[4], false));

   if(hash.size() < 4)
      return false;

   std::vector<uint8_t> generated(hash.size());
   argon2(generated.data(), generated.size(),
          password, password_len,
          salt.data(), salt.size(),
          nullptr, 0,
          nullptr, 0,
          family, p, M, t);

   return constant_time_compare(generated.data(), hash.data(), generated.size());
   }

}