Revision control
Copy as Markdown
Other Tools
/**
* (C) 2019 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
#include <botan/argon2.h>
#include <botan/rng.h>
#include <botan/base64.h>
#include <botan/parsing.h>
#include <sstream>
namespace Botan {
namespace {
std::string strip_padding(std::string s)
{
while(s.size() > 0 && s[s.size()-1] == '=')
s.resize(s.size() - 1);
return s;
}
}
std::string argon2_generate_pwhash(const char* password, size_t password_len,
RandomNumberGenerator& rng,
size_t p, size_t M, size_t t,
uint8_t y, size_t salt_len, size_t output_len)
{
std::vector<uint8_t> salt(salt_len);
rng.randomize(salt.data(), salt.size());
std::vector<uint8_t> output(output_len);
argon2(output.data(), output.size(),
password, password_len,
salt.data(), salt.size(),
nullptr, 0,
nullptr, 0,
y, p, M, t);
std::ostringstream oss;
if(y == 0)
oss << "$argon2d$";
else if(y == 1)
oss << "$argon2i$";
else
oss << "$argon2id$";
oss << "v=19$m=" << M << ",t=" << t << ",p=" << p << "$";
oss << strip_padding(base64_encode(salt)) << "$" << strip_padding(base64_encode(output));
return oss.str();
}
bool argon2_check_pwhash(const char* password, size_t password_len,
const std::string& input_hash)
{
const std::vector<std::string> parts = split_on(input_hash, '$');
if(parts.size() != 5)
return false;
uint8_t family = 0;
if(parts[0] == "argon2d")
family = 0;
else if(parts[0] == "argon2i")
family = 1;
else if(parts[0] == "argon2id")
family = 2;
else
return false;
if(parts[1] != "v=19")
return false;
const std::vector<std::string> params = split_on(parts[2], ',');
if(params.size() != 3)
return false;
size_t M = 0, t = 0, p = 0;
for(auto param_str : params)
{
const std::vector<std::string> param = split_on(param_str, '=');
if(param.size() != 2)
return false;
const std::string key = param[0];
const size_t val = to_u32bit(param[1]);
if(key == "m")
M = val;
else if(key == "t")
t = val;
else if(key == "p")
p = val;
else
return false;
}
std::vector<uint8_t> salt(base64_decode_max_output(parts[3].size()));
salt.resize(base64_decode(salt.data(), parts[3], false));
std::vector<uint8_t> hash(base64_decode_max_output(parts[4].size()));
hash.resize(base64_decode(hash.data(), parts[4], false));
if(hash.size() < 4)
return false;
std::vector<uint8_t> generated(hash.size());
argon2(generated.data(), generated.size(),
password, password_len,
salt.data(), salt.size(),
nullptr, 0,
nullptr, 0,
family, p, M, t);
return constant_time_compare(generated.data(), hash.data(), generated.size());
}
}