1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
/**
* (C) 2019 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
#include <botan/argon2.h>
#include <botan/rng.h>
#include <botan/base64.h>
#include <botan/parsing.h>
#include <sstream>
namespace Botan {
namespace {
std::string strip_padding(std::string s)
{
while(s.size() > 0 && s[s.size()-1] == '=')
s.resize(s.size() - 1);
return s;
}
}
std::string argon2_generate_pwhash(const char* password, size_t password_len,
RandomNumberGenerator& rng,
size_t p, size_t M, size_t t,
uint8_t y, size_t salt_len, size_t output_len)
{
std::vector<uint8_t> salt(salt_len);
rng.randomize(salt.data(), salt.size());
std::vector<uint8_t> output(output_len);
argon2(output.data(), output.size(),
password, password_len,
salt.data(), salt.size(),
nullptr, 0,
nullptr, 0,
y, p, M, t);
std::ostringstream oss;
if(y == 0)
oss << "$argon2d$";
else if(y == 1)
oss << "$argon2i$";
else
oss << "$argon2id$";
oss << "v=19$m=" << M << ",t=" << t << ",p=" << p << "$";
oss << strip_padding(base64_encode(salt)) << "$" << strip_padding(base64_encode(output));
return oss.str();
}
bool argon2_check_pwhash(const char* password, size_t password_len,
const std::string& input_hash)
{
const std::vector<std::string> parts = split_on(input_hash, '$');
if(parts.size() != 5)
return false;
uint8_t family = 0;
if(parts[0] == "argon2d")
family = 0;
else if(parts[0] == "argon2i")
family = 1;
else if(parts[0] == "argon2id")
family = 2;
else
return false;
if(parts[1] != "v=19")
return false;
const std::vector<std::string> params = split_on(parts[2], ',');
if(params.size() != 3)
return false;
size_t M = 0, t = 0, p = 0;
for(auto param_str : params)
{
const std::vector<std::string> param = split_on(param_str, '=');
if(param.size() != 2)
return false;
const std::string key = param[0];
const size_t val = to_u32bit(param[1]);
if(key == "m")
M = val;
else if(key == "t")
t = val;
else if(key == "p")
p = val;
else
return false;
}
std::vector<uint8_t> salt(base64_decode_max_output(parts[3].size()));
salt.resize(base64_decode(salt.data(), parts[3], false));
std::vector<uint8_t> hash(base64_decode_max_output(parts[4].size()));
hash.resize(base64_decode(hash.data(), parts[4], false));
if(hash.size() < 4)
return false;
std::vector<uint8_t> generated(hash.size());
argon2(generated.data(), generated.size(),
password, password_len,
salt.data(), salt.size(),
nullptr, 0,
nullptr, 0,
family, p, M, t);
return constant_time_compare(generated.data(), hash.data(), generated.size());
}
}
|