From d3e20869afb7051cedd7abbd08156ac4e844ff96 Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 1 Oct 2017 12:12:13 +0200 Subject: [PATCH] crypto_pwhash_ALG_DEFAULT is now Argon2id --- src/libsodium/crypto_pwhash/crypto_pwhash.c | 6 +- src/libsodium/include/sodium/crypto_pwhash.h | 36 +- test/default/pwhash_argon2i.c | 186 ++++------ test/default/pwhash_argon2id.c | 365 ++++++++++++------- test/default/pwhash_argon2id.exp | 1 - 5 files changed, 314 insertions(+), 280 deletions(-) diff --git a/src/libsodium/crypto_pwhash/crypto_pwhash.c b/src/libsodium/crypto_pwhash/crypto_pwhash.c index 01176c57..8168f962 100644 --- a/src/libsodium/crypto_pwhash/crypto_pwhash.c +++ b/src/libsodium/crypto_pwhash/crypto_pwhash.c @@ -20,7 +20,7 @@ crypto_pwhash_alg_argon2id13(void) int crypto_pwhash_alg_default(void) { - return crypto_pwhash_ALG_ARGON2I13; + return crypto_pwhash_ALG_DEFAULT; } size_t @@ -149,8 +149,8 @@ crypto_pwhash_str(char out[crypto_pwhash_STRBYTES], const char * const passwd, unsigned long long passwdlen, unsigned long long opslimit, size_t memlimit) { - return crypto_pwhash_argon2i_str(out, passwd, passwdlen, - opslimit, memlimit); + return crypto_pwhash_argon2id_str(out, passwd, passwdlen, + opslimit, memlimit); } int diff --git a/src/libsodium/include/sodium/crypto_pwhash.h b/src/libsodium/include/sodium/crypto_pwhash.h index 0b0f3633..2c76461f 100644 --- a/src/libsodium/include/sodium/crypto_pwhash.h +++ b/src/libsodium/include/sodium/crypto_pwhash.h @@ -22,75 +22,75 @@ int crypto_pwhash_alg_argon2i13(void); SODIUM_EXPORT int crypto_pwhash_alg_argon2id13(void); -#define crypto_pwhash_ALG_DEFAULT crypto_pwhash_ALG_ARGON2I13 +#define crypto_pwhash_ALG_DEFAULT crypto_pwhash_ALG_ARGON2ID13 SODIUM_EXPORT int crypto_pwhash_alg_default(void); -#define crypto_pwhash_BYTES_MIN crypto_pwhash_argon2i_BYTES_MIN +#define crypto_pwhash_BYTES_MIN crypto_pwhash_argon2id_BYTES_MIN SODIUM_EXPORT size_t crypto_pwhash_bytes_min(void); -#define crypto_pwhash_BYTES_MAX crypto_pwhash_argon2i_BYTES_MAX +#define crypto_pwhash_BYTES_MAX crypto_pwhash_argon2id_BYTES_MAX SODIUM_EXPORT size_t crypto_pwhash_bytes_max(void); -#define crypto_pwhash_PASSWD_MIN crypto_pwhash_argon2i_PASSWD_MIN +#define crypto_pwhash_PASSWD_MIN crypto_pwhash_argon2id_PASSWD_MIN SODIUM_EXPORT size_t crypto_pwhash_passwd_min(void); -#define crypto_pwhash_PASSWD_MAX crypto_pwhash_argon2i_PASSWD_MAX +#define crypto_pwhash_PASSWD_MAX crypto_pwhash_argon2id_PASSWD_MAX SODIUM_EXPORT size_t crypto_pwhash_passwd_max(void); -#define crypto_pwhash_SALTBYTES crypto_pwhash_argon2i_SALTBYTES +#define crypto_pwhash_SALTBYTES crypto_pwhash_argon2id_SALTBYTES SODIUM_EXPORT size_t crypto_pwhash_saltbytes(void); -#define crypto_pwhash_STRBYTES crypto_pwhash_argon2i_STRBYTES +#define crypto_pwhash_STRBYTES crypto_pwhash_argon2id_STRBYTES SODIUM_EXPORT size_t crypto_pwhash_strbytes(void); -#define crypto_pwhash_STRPREFIX crypto_pwhash_argon2i_STRPREFIX +#define crypto_pwhash_STRPREFIX crypto_pwhash_argon2id_STRPREFIX SODIUM_EXPORT const char *crypto_pwhash_strprefix(void); -#define crypto_pwhash_OPSLIMIT_MIN crypto_pwhash_argon2i_OPSLIMIT_MIN +#define crypto_pwhash_OPSLIMIT_MIN crypto_pwhash_argon2id_OPSLIMIT_MIN SODIUM_EXPORT size_t crypto_pwhash_opslimit_min(void); -#define crypto_pwhash_OPSLIMIT_MAX crypto_pwhash_argon2i_OPSLIMIT_MAX +#define crypto_pwhash_OPSLIMIT_MAX crypto_pwhash_argon2id_OPSLIMIT_MAX SODIUM_EXPORT size_t crypto_pwhash_opslimit_max(void); -#define crypto_pwhash_MEMLIMIT_MIN crypto_pwhash_argon2i_MEMLIMIT_MIN +#define crypto_pwhash_MEMLIMIT_MIN crypto_pwhash_argon2id_MEMLIMIT_MIN SODIUM_EXPORT size_t crypto_pwhash_memlimit_min(void); -#define crypto_pwhash_MEMLIMIT_MAX crypto_pwhash_argon2i_MEMLIMIT_MAX +#define crypto_pwhash_MEMLIMIT_MAX crypto_pwhash_argon2id_MEMLIMIT_MAX SODIUM_EXPORT size_t crypto_pwhash_memlimit_max(void); -#define crypto_pwhash_OPSLIMIT_INTERACTIVE crypto_pwhash_argon2i_OPSLIMIT_INTERACTIVE +#define crypto_pwhash_OPSLIMIT_INTERACTIVE crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE SODIUM_EXPORT size_t crypto_pwhash_opslimit_interactive(void); -#define crypto_pwhash_MEMLIMIT_INTERACTIVE crypto_pwhash_argon2i_MEMLIMIT_INTERACTIVE +#define crypto_pwhash_MEMLIMIT_INTERACTIVE crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE SODIUM_EXPORT size_t crypto_pwhash_memlimit_interactive(void); -#define crypto_pwhash_OPSLIMIT_MODERATE crypto_pwhash_argon2i_OPSLIMIT_MODERATE +#define crypto_pwhash_OPSLIMIT_MODERATE crypto_pwhash_argon2id_OPSLIMIT_MODERATE SODIUM_EXPORT size_t crypto_pwhash_opslimit_moderate(void); -#define crypto_pwhash_MEMLIMIT_MODERATE crypto_pwhash_argon2i_MEMLIMIT_MODERATE +#define crypto_pwhash_MEMLIMIT_MODERATE crypto_pwhash_argon2id_MEMLIMIT_MODERATE SODIUM_EXPORT size_t crypto_pwhash_memlimit_moderate(void); -#define crypto_pwhash_OPSLIMIT_SENSITIVE crypto_pwhash_argon2i_OPSLIMIT_SENSITIVE +#define crypto_pwhash_OPSLIMIT_SENSITIVE crypto_pwhash_argon2id_OPSLIMIT_SENSITIVE SODIUM_EXPORT size_t crypto_pwhash_opslimit_sensitive(void); -#define crypto_pwhash_MEMLIMIT_SENSITIVE crypto_pwhash_argon2i_MEMLIMIT_SENSITIVE +#define crypto_pwhash_MEMLIMIT_SENSITIVE crypto_pwhash_argon2id_MEMLIMIT_SENSITIVE SODIUM_EXPORT size_t crypto_pwhash_memlimit_sensitive(void); diff --git a/test/default/pwhash_argon2i.c b/test/default/pwhash_argon2i.c index 7972b49f..393e412c 100644 --- a/test/default/pwhash_argon2i.c +++ b/test/default/pwhash_argon2i.c @@ -93,7 +93,7 @@ tv(void) if (crypto_pwhash(out, (unsigned long long) tests[i].outlen, passwd, tests[i].passwd_len, (const unsigned char *) salt, tests[i].opslimit, tests[i].memlimit, - crypto_pwhash_alg_default()) != 0) { + crypto_pwhash_alg_argon2i13()) != 0) { printf("[tv] pwhash failure (maybe intentional): [%u]\n", (unsigned int) i); continue; @@ -145,7 +145,7 @@ tv2(void) if (crypto_pwhash(out, (unsigned long long) tests[i].outlen, passwd, tests[i].passwd_len, (const unsigned char *) salt, tests[i].opslimit, tests[i].memlimit, - crypto_pwhash_alg_default()) != 0) { + crypto_pwhash_alg_argon2i13()) != 0) { printf("[tv2] pwhash failure: [%u]\n", (unsigned int) i); continue; } @@ -162,23 +162,23 @@ tv2(void) printf("[tv2] pwhash should have failed (0')\n"); } if (crypto_pwhash(out, sizeof out, "password", strlen("password"), salt, 3, - 1, crypto_pwhash_alg_default()) != -1) { + 1, crypto_pwhash_alg_argon2i13()) != -1) { printf("[tv2] pwhash should have failed (1)\n"); } if (crypto_pwhash(out, sizeof out, "password", strlen("password"), salt, 3, - 1ULL << 12, crypto_pwhash_alg_default()) != -1) { + 1ULL << 12, crypto_pwhash_alg_argon2i13()) != -1) { printf("[tv2] pwhash should have failed (2)\n"); } if (crypto_pwhash(out, sizeof out, "password", strlen("password"), salt, 2, - 1ULL << 12, crypto_pwhash_alg_default()) != -1) { + 1ULL << 12, crypto_pwhash_alg_argon2i13()) != -1) { printf("[tv2] pwhash should have failed (3)\n"); } if (crypto_pwhash(out, 15, "password", strlen("password"), salt, 3, - 1ULL << 12, crypto_pwhash_alg_default()) != -1) { + 1ULL << 12, crypto_pwhash_alg_argon2i13()) != -1) { printf("[tv2] pwhash with a short output length should have failed\n"); } if (crypto_pwhash(out, sizeof out, "password", 0x100000000ULL, salt, 3, - 1ULL << 12, crypto_pwhash_alg_default()) != -1) { + 1ULL << 12, crypto_pwhash_alg_argon2i13()) != -1) { printf("[tv2] pwhash with a long password length should have failed\n"); } } @@ -236,27 +236,27 @@ str_tests(void) str_out = (char *) sodium_malloc(crypto_pwhash_STRBYTES); str_out2 = (char *) sodium_malloc(crypto_pwhash_STRBYTES); memcpy(salt, ">A 16-bytes salt", crypto_pwhash_SALTBYTES); - if (crypto_pwhash_str(str_out, passwd, strlen(passwd), OPSLIMIT, - MEMLIMIT) != 0) { - printf("pwhash_str failure\n"); + if (crypto_pwhash_argon2i_str(str_out, passwd, strlen(passwd), OPSLIMIT, + MEMLIMIT) != 0) { + printf("pwhash_argon2i_str failure\n"); } - if (crypto_pwhash_str(str_out2, passwd, strlen(passwd), OPSLIMIT, - MEMLIMIT) != 0) { - printf("pwhash_str(2) failure\n"); + if (crypto_pwhash_argon2i_str(str_out2, passwd, strlen(passwd), OPSLIMIT, + MEMLIMIT) != 0) { + printf("pwhash_argon2i_str(2) failure\n"); } if (strcmp(str_out, str_out2) == 0) { - printf("pwhash_str() doesn't generate different salts\n"); + printf("pwhash_argon2i_str() doesn't generate different salts\n"); } - if (crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT) != 0) { + if (crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT) != 0) { printf("needs_rehash() false positive\n"); } - if (crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT / 2) != 1 || - crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT / 2, MEMLIMIT) != 1 || - crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT * 2) != 1 || - crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT * 2, MEMLIMIT) != 1) { + if (crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT / 2) != 1 || + crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT / 2, MEMLIMIT) != 1 || + crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT * 2) != 1 || + crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT * 2, MEMLIMIT) != 1) { printf("needs_rehash() false negative\n"); } - if (crypto_pwhash_str_needs_rehash(str_out + 1, OPSLIMIT, MEMLIMIT) != -1) { + if (crypto_pwhash_argon2i_str_needs_rehash(str_out + 1, OPSLIMIT, MEMLIMIT) != -1) { printf("needs_rehash() didn't fail with an invalid hash string\n"); } if (sodium_is_zero((const unsigned char *) str_out + strlen(str_out), @@ -265,37 +265,37 @@ str_tests(void) crypto_pwhash_STRBYTES - strlen(str_out2)) != 1) { printf("pwhash_str() doesn't properly pad with zeros\n"); } - if (crypto_pwhash_str_verify(str_out, passwd, strlen(passwd)) != 0) { + if (crypto_pwhash_argon2i_str_verify(str_out, passwd, strlen(passwd)) != 0) { printf("pwhash_str_verify(1) failure\n"); } str_out[14]++; - if (crypto_pwhash_str_verify(str_out, passwd, strlen(passwd)) != -1) { + if (crypto_pwhash_argon2i_str_verify(str_out, passwd, strlen(passwd)) != -1) { printf("pwhash_str_verify(2) failure\n"); } str_out[14]--; assert(str_out[crypto_pwhash_STRBYTES - 1U] == 0); - if (crypto_pwhash_str(str_out2, passwd, 0x100000000ULL, OPSLIMIT, - MEMLIMIT) != -1) { + if (crypto_pwhash_argon2i_str(str_out2, passwd, 0x100000000ULL, OPSLIMIT, + MEMLIMIT) != -1) { printf("pwhash_str() with a large password should have failed\n"); } - if (crypto_pwhash_str(str_out2, passwd, strlen(passwd), 1, MEMLIMIT) != + if (crypto_pwhash_argon2i_str(str_out2, passwd, strlen(passwd), 1, MEMLIMIT) != -1) { printf("pwhash_str() with a small opslimit should have failed\n"); } - if (crypto_pwhash_str_verify("$argon2i$m=65536,t=2,p=1c29tZXNhbHQ" - "$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ", - "password", 0x100000000ULL) != -1) { + if (crypto_pwhash_argon2i_str_verify("$argon2i$m=65536,t=2,p=1c29tZXNhbHQ" + "$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ", + "password", 0x100000000ULL) != -1) { printf("pwhash_str_verify(invalid(0)) failure\n"); } - if (crypto_pwhash_str_verify("$argon2i$m=65536,t=2,p=1c29tZXNhbHQ" + if (crypto_pwhash_argon2i_str_verify("$argon2i$m=65536,t=2,p=1c29tZXNhbHQ" "$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ", "password", strlen("password")) != -1) { printf("pwhash_str_verify(invalid(1)) failure %d\n", errno); } - if (crypto_pwhash_str_verify("$argon2i$m=65536,t=2,p=1$c29tZXNhbHQ" - "9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ", - "password", strlen("password")) != -1) { + if (crypto_pwhash_argon2i_str_verify("$argon2i$m=65536,t=2,p=1$c29tZXNhbHQ" + "9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ", + "password", strlen("password")) != -1) { printf("pwhash_str_verify(invalid(2)) failure\n"); } if (crypto_pwhash_str_verify("$argon2i$m=65536,t=2,p=1$c29tZXNhbHQ" @@ -396,101 +396,49 @@ main(void) tv3(); str_tests(); - assert(crypto_pwhash_bytes_min() > 0U); - assert(crypto_pwhash_bytes_max() > crypto_pwhash_bytes_min()); - assert(crypto_pwhash_passwd_max() > crypto_pwhash_passwd_min()); - assert(crypto_pwhash_saltbytes() > 0U); - assert(crypto_pwhash_strbytes() > 1U); - assert(crypto_pwhash_strbytes() > strlen(crypto_pwhash_strprefix())); + assert(crypto_pwhash_argon2i_bytes_min() > 0U); + assert(crypto_pwhash_argon2i_bytes_max() > crypto_pwhash_argon2i_bytes_min()); + assert(crypto_pwhash_argon2i_passwd_max() > crypto_pwhash_argon2i_passwd_min()); + assert(crypto_pwhash_argon2i_saltbytes() > 0U); + assert(crypto_pwhash_argon2i_strbytes() > 1U); + assert(crypto_pwhash_argon2i_strbytes() > strlen(crypto_pwhash_argon2i_strprefix())); - assert(crypto_pwhash_opslimit_min() > 0U); - assert(crypto_pwhash_opslimit_max() > 0U); - assert(crypto_pwhash_memlimit_min() > 0U); - assert(crypto_pwhash_memlimit_max() > 0U); - assert(crypto_pwhash_opslimit_interactive() > 0U); - assert(crypto_pwhash_memlimit_interactive() > 0U); - assert(crypto_pwhash_opslimit_moderate() > 0U); - assert(crypto_pwhash_memlimit_moderate() > 0U); - assert(crypto_pwhash_opslimit_sensitive() > 0U); - assert(crypto_pwhash_memlimit_sensitive() > 0U); - assert(strcmp(crypto_pwhash_primitive(), "argon2i") == 0); + assert(crypto_pwhash_argon2i_opslimit_min() > 0U); + assert(crypto_pwhash_argon2i_opslimit_max() > 0U); + assert(crypto_pwhash_argon2i_memlimit_min() > 0U); + assert(crypto_pwhash_argon2i_memlimit_max() > 0U); + assert(crypto_pwhash_argon2i_opslimit_interactive() > 0U); + assert(crypto_pwhash_argon2i_memlimit_interactive() > 0U); + assert(crypto_pwhash_argon2i_opslimit_moderate() > 0U); + assert(crypto_pwhash_argon2i_memlimit_moderate() > 0U); + assert(crypto_pwhash_argon2i_opslimit_sensitive() > 0U); + assert(crypto_pwhash_argon2i_memlimit_sensitive() > 0U); - assert(crypto_pwhash_bytes_min() == crypto_pwhash_BYTES_MIN); - assert(crypto_pwhash_bytes_max() == crypto_pwhash_BYTES_MAX); - assert(crypto_pwhash_passwd_min() == crypto_pwhash_PASSWD_MIN); - assert(crypto_pwhash_passwd_max() == crypto_pwhash_PASSWD_MAX); - assert(crypto_pwhash_saltbytes() == crypto_pwhash_SALTBYTES); - assert(crypto_pwhash_strbytes() == crypto_pwhash_STRBYTES); + assert(crypto_pwhash_argon2i_bytes_min() == crypto_pwhash_argon2i_BYTES_MIN); + assert(crypto_pwhash_argon2i_bytes_max() == crypto_pwhash_argon2i_BYTES_MAX); + assert(crypto_pwhash_argon2i_passwd_min() == crypto_pwhash_argon2i_PASSWD_MIN); + assert(crypto_pwhash_argon2i_passwd_max() == crypto_pwhash_argon2i_PASSWD_MAX); + assert(crypto_pwhash_argon2i_saltbytes() == crypto_pwhash_argon2i_SALTBYTES); + assert(crypto_pwhash_argon2i_strbytes() == crypto_pwhash_argon2i_STRBYTES); - assert(crypto_pwhash_opslimit_min() == crypto_pwhash_OPSLIMIT_MIN); - assert(crypto_pwhash_opslimit_max() == crypto_pwhash_OPSLIMIT_MAX); - assert(crypto_pwhash_memlimit_min() == crypto_pwhash_MEMLIMIT_MIN); - assert(crypto_pwhash_memlimit_max() == crypto_pwhash_MEMLIMIT_MAX); - assert(crypto_pwhash_opslimit_interactive() == - crypto_pwhash_OPSLIMIT_INTERACTIVE); - assert(crypto_pwhash_memlimit_interactive() == - crypto_pwhash_MEMLIMIT_INTERACTIVE); - assert(crypto_pwhash_opslimit_moderate() == - crypto_pwhash_OPSLIMIT_MODERATE); - assert(crypto_pwhash_memlimit_moderate() == - crypto_pwhash_MEMLIMIT_MODERATE); - assert(crypto_pwhash_opslimit_sensitive() == - crypto_pwhash_OPSLIMIT_SENSITIVE); - assert(crypto_pwhash_memlimit_sensitive() == - crypto_pwhash_MEMLIMIT_SENSITIVE); - - assert(crypto_pwhash_argon2i_bytes_min() == crypto_pwhash_bytes_min()); - assert(crypto_pwhash_argon2i_bytes_max() == crypto_pwhash_bytes_max()); - assert(crypto_pwhash_argon2i_passwd_min() == crypto_pwhash_passwd_min()); - assert(crypto_pwhash_argon2i_passwd_max() == crypto_pwhash_passwd_max()); - assert(crypto_pwhash_argon2i_saltbytes() == crypto_pwhash_saltbytes()); - assert(crypto_pwhash_argon2i_strbytes() == crypto_pwhash_strbytes()); - assert(strcmp(crypto_pwhash_argon2i_strprefix(), - crypto_pwhash_strprefix()) == 0); - assert(crypto_pwhash_argon2i_opslimit_min() == - crypto_pwhash_opslimit_min()); - assert(crypto_pwhash_argon2i_opslimit_max() == - crypto_pwhash_opslimit_max()); - assert(crypto_pwhash_argon2i_memlimit_min() == - crypto_pwhash_memlimit_min()); - assert(crypto_pwhash_argon2i_memlimit_max() == - crypto_pwhash_memlimit_max()); + assert(crypto_pwhash_argon2i_opslimit_min() == crypto_pwhash_argon2i_OPSLIMIT_MIN); + assert(crypto_pwhash_argon2i_opslimit_max() == crypto_pwhash_argon2i_OPSLIMIT_MAX); + assert(crypto_pwhash_argon2i_memlimit_min() == crypto_pwhash_argon2i_MEMLIMIT_MIN); + assert(crypto_pwhash_argon2i_memlimit_max() == crypto_pwhash_argon2i_MEMLIMIT_MAX); assert(crypto_pwhash_argon2i_opslimit_interactive() == - crypto_pwhash_opslimit_interactive()); - assert(crypto_pwhash_argon2i_opslimit_moderate() == - crypto_pwhash_opslimit_moderate()); - assert(crypto_pwhash_argon2i_opslimit_sensitive() == - crypto_pwhash_opslimit_sensitive()); + crypto_pwhash_argon2i_OPSLIMIT_INTERACTIVE); assert(crypto_pwhash_argon2i_memlimit_interactive() == - crypto_pwhash_memlimit_interactive()); + crypto_pwhash_argon2i_MEMLIMIT_INTERACTIVE); + assert(crypto_pwhash_argon2i_opslimit_moderate() == + crypto_pwhash_argon2i_OPSLIMIT_MODERATE); assert(crypto_pwhash_argon2i_memlimit_moderate() == - crypto_pwhash_memlimit_moderate()); + crypto_pwhash_argon2i_MEMLIMIT_MODERATE); + assert(crypto_pwhash_argon2i_opslimit_sensitive() == + crypto_pwhash_argon2i_OPSLIMIT_SENSITIVE); assert(crypto_pwhash_argon2i_memlimit_sensitive() == - crypto_pwhash_memlimit_sensitive()); - assert(crypto_pwhash_alg_argon2i13() == - crypto_pwhash_argon2i_alg_argon2i13()); - assert(crypto_pwhash_alg_argon2i13() == crypto_pwhash_ALG_ARGON2I13); - assert(crypto_pwhash_alg_argon2i13() == crypto_pwhash_alg_default()); - assert(crypto_pwhash_alg_argon2id13() == crypto_pwhash_ALG_ARGON2ID13); - assert(crypto_pwhash_alg_argon2id13() != crypto_pwhash_alg_argon2i13()); - assert(crypto_pwhash_alg_argon2id13() != crypto_pwhash_alg_default()); + crypto_pwhash_argon2i_MEMLIMIT_SENSITIVE); - assert(crypto_pwhash_argon2i(NULL, 0, NULL, 0, NULL, - crypto_pwhash_argon2i_OPSLIMIT_INTERACTIVE, - crypto_pwhash_argon2i_MEMLIMIT_INTERACTIVE, - 0) == -1); - assert(crypto_pwhash_argon2i(NULL, 0, NULL, 0, NULL, - crypto_pwhash_argon2i_OPSLIMIT_INTERACTIVE, - crypto_pwhash_argon2i_MEMLIMIT_INTERACTIVE, - crypto_pwhash_ALG_ARGON2ID13) == -1); - assert(crypto_pwhash_argon2id(NULL, 0, NULL, 0, NULL, - crypto_pwhash_argon2i_OPSLIMIT_INTERACTIVE, - crypto_pwhash_argon2i_MEMLIMIT_INTERACTIVE, - 0) == -1); - assert(crypto_pwhash_argon2id(NULL, 0, NULL, 0, NULL, - crypto_pwhash_argon2i_OPSLIMIT_INTERACTIVE, - crypto_pwhash_argon2i_MEMLIMIT_INTERACTIVE, - crypto_pwhash_ALG_ARGON2I13) == -1); + assert(crypto_pwhash_argon2i_alg_argon2i13() == crypto_pwhash_argon2i_ALG_ARGON2I13); printf("OK\n"); diff --git a/test/default/pwhash_argon2id.c b/test/default/pwhash_argon2id.c index 9afe7021..1e468c7d 100644 --- a/test/default/pwhash_argon2id.c +++ b/test/default/pwhash_argon2id.c @@ -79,7 +79,7 @@ tv(void) 167, 3, 1784128, 1 }, }; char passwd[256]; - unsigned char salt[crypto_pwhash_argon2id_SALTBYTES]; + unsigned char salt[crypto_pwhash_SALTBYTES]; unsigned char out[256]; char out_hex[256 * 2 + 1]; size_t i = 0U; @@ -90,10 +90,10 @@ tv(void) NULL, NULL); sodium_hex2bin(salt, sizeof salt, tests[i].salt_hex, strlen(tests[i].salt_hex), NULL, NULL, NULL); - if (crypto_pwhash_argon2id(out, (unsigned long long) tests[i].outlen, passwd, - tests[i].passwd_len, (const unsigned char *) salt, - tests[i].opslimit, tests[i].memlimit, - crypto_pwhash_argon2id_alg_argon2id13()) != 0) { + if (crypto_pwhash(out, (unsigned long long) tests[i].outlen, passwd, + tests[i].passwd_len, (const unsigned char *) salt, + tests[i].opslimit, tests[i].memlimit, + crypto_pwhash_alg_default()) != 0) { printf("[tv] pwhash failure (maybe intentional): [%u]\n", (unsigned int) i); continue; @@ -131,7 +131,7 @@ tv2(void) 155, 3, 1397645, 1 }, }; char passwd[256]; - unsigned char salt[crypto_pwhash_argon2id_SALTBYTES]; + unsigned char salt[crypto_pwhash_SALTBYTES]; unsigned char out[256]; char out_hex[256 * 2 + 1]; size_t i = 0U; @@ -142,10 +142,10 @@ tv2(void) NULL, NULL); sodium_hex2bin(salt, sizeof salt, tests[i].salt_hex, strlen(tests[i].salt_hex), NULL, NULL, NULL); - if (crypto_pwhash_argon2id(out, (unsigned long long) tests[i].outlen, passwd, - tests[i].passwd_len, (const unsigned char *) salt, - tests[i].opslimit, tests[i].memlimit, - crypto_pwhash_argon2id_alg_argon2id13()) != 0) { + if (crypto_pwhash(out, (unsigned long long) tests[i].outlen, passwd, + tests[i].passwd_len, (const unsigned char *) salt, + tests[i].opslimit, tests[i].memlimit, + crypto_pwhash_alg_default()) != 0) { printf("[tv2] pwhash failure: [%u]\n", (unsigned int) i); continue; } @@ -187,17 +187,17 @@ tv3(void) const char *out; } tests[] = { { "", - "$argon2i$v=19$m=4096,t=1,p=1$X1NhbHQAAAAAAAAAAAAAAA$bWh++" - "MKN1OiFHKgIWTLvIi1iHicmHH7+Fv3K88ifFfI" }, + "$argon2id$v=19$m=4096,t=0,p=1$X1NhbHQAAAAAAAAAAAAAAA$bWh++MKN1OiFHKgIWTLvIi1iHicmHH7+Fv3K88ifFfI" }, { "", - "$argon2i$v=19$m=2048,t=4,p=1$SWkxaUhpY21ISDcrRnYzSw$Mbg/" - "Eck1kpZir5T9io7C64cpffdTBaORgyriLQFgQj8" }, + "$argon2id$v=19$m=2048,t=4,p=1$SWkxaUhpY21ISDcrRnYzSw$Mbg/Eck1kpZir5T9io7C64cpffdTBaORgyriLQFgQj8" }, + { "", + "$argon2id$v=19$m=4882,t=2,p=1$bA81arsiXysd3WbTRzmEOw$Nm8QBM+7RH1DXo9rvp5cwKEOOOfD2g6JuxlXihoNcpE" }, { "^T5H$JYt39n%K*j:W]!1s?vg!:jGi]Ax?..l7[p0v:1jHTpla9;]bUN;?bWyCbtqg ", - "$argon2i$v=19$m=4096,t=3,p=2$X1NhbHQAAAAAAAAAAAAAAA$z/QMiU4lQxGsYNc/" - "+K/bizwsA1P11UG2dj/7+aILJ4I" }, + "$argon2id$v=19$m=4096,t=0,p=1$PkEgMTYtYnl0ZXMgc2FsdA$ltB/ue1kPtBMBGfsysMpPigE6hiNEKZ9vs8vLNVDQGA" }, + { "^T5H$JYt39n%K*j:W]!1s?vg!:jGi]Ax?..l7[p0v:1jHTpla9;]bUN;?bWyCbtqg ", + "$argon2id$v=19$m=4096,t=19,p=1$PkEgMTYtYnl0ZXMgc2FsdA$ltB/ue1kPtBMBGfsysMpPigE6hiNEKZ9vs8vLNVDQGA" }, { "K3S=KyH#)36_?]LxeR8QNKw6X=gFbxai$C%29V*", - "$argon2i$v=19$m=4096,t=3,p=1$X1NhbHQAAAAAAAAAAAAAAA$fu2Wsecyt+" - "yPnBvSvYN16oP5ozRmkp0ixJ1YL19V3Uo" } + "$argon2id$v=19$m=4096,t=1,p=3$PkEgcHJldHR5IGxvbmcgc2FsdA$HUqx5Z1b/ZypnUrvvJ5UC2Q+T6Q1WwASK/Kr9dRbGA0" } }; char *out; char *passwd; @@ -210,7 +210,7 @@ tv3(void) passwd = (char *) sodium_malloc(strlen(tests[i].passwd) + 1U); assert(passwd != NULL); memcpy(passwd, tests[i].passwd, strlen(tests[i].passwd) + 1U); - if (crypto_pwhash_argon2id_str_verify(out, passwd, strlen(passwd)) != 0) { + if (crypto_pwhash_str_verify(out, passwd, strlen(passwd)) != 0) { printf("[tv3] pwhash_argon2id_str failure (maybe intentional): [%u]\n", (unsigned int) i); continue; @@ -220,190 +220,277 @@ tv3(void) } while (++i < (sizeof tests) / (sizeof tests[0])); } -int -main(void) +static void +str_tests(void) { char *str_out; char *str_out2; char *salt; const char *passwd = "Correct Horse Battery Staple"; - tv(); - tv2(); - tv3(); + salt = (char *) sodium_malloc(crypto_pwhash_argon2id_SALTBYTES); str_out = (char *) sodium_malloc(crypto_pwhash_argon2id_STRBYTES); str_out2 = (char *) sodium_malloc(crypto_pwhash_argon2id_STRBYTES); memcpy(salt, ">A 16-bytes salt", crypto_pwhash_argon2id_SALTBYTES); - if (crypto_pwhash_argon2id_str(str_out, passwd, strlen(passwd), OPSLIMIT, - MEMLIMIT) != 0) { - printf("pwhash_argon2id_str failure: %s\n", strerror(errno)); - return 1; + if (crypto_pwhash_str(str_out, passwd, strlen(passwd), OPSLIMIT, + MEMLIMIT) != 0) { + printf("pwhash_str failure\n"); } - if (crypto_pwhash_argon2id_str(str_out2, passwd, strlen(passwd), OPSLIMIT, - MEMLIMIT) != 0) { - printf("pwhash_argon2id_str(2) failure\n"); - return 1; + if (crypto_pwhash_str(str_out2, passwd, strlen(passwd), OPSLIMIT, + MEMLIMIT) != 0) { + printf("pwhash_str(2) failure\n"); } if (strcmp(str_out, str_out2) == 0) { - printf("pwhash_argon2id_str() doesn't generate different salts\n"); + printf("pwhash_str() doesn't generate different salts\n"); } if (crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT) != 0 || - crypto_pwhash_argon2id_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT) != 0) { + crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT) != 0) { printf("needs_rehash() false positive\n"); } if (crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT / 2) != 1 || - crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT / 2, MEMLIMIT) != 1 || + crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT - 1, MEMLIMIT) != 1 || crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT * 2) != 1 || - crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT * 2, MEMLIMIT) != 1) { - printf("needs_rehash() false negative\n"); + crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT + 1, MEMLIMIT) != 1) { + printf("needs_rehash() false negative (0)\n"); } if (crypto_pwhash_argon2id_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT / 2) != 1 || - crypto_pwhash_argon2id_str_needs_rehash(str_out, OPSLIMIT / 2, MEMLIMIT) != 1 || + crypto_pwhash_argon2id_str_needs_rehash(str_out, OPSLIMIT - 1, MEMLIMIT) != 1 || crypto_pwhash_argon2id_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT * 2) != 1 || - crypto_pwhash_argon2id_str_needs_rehash(str_out, OPSLIMIT * 2, MEMLIMIT) != 1) { - printf("needs_rehash() false negative\n"); + crypto_pwhash_argon2id_str_needs_rehash(str_out, OPSLIMIT + 1, MEMLIMIT) != 1) { + printf("needs_rehash() false negative (1)\n"); + } + if (crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT / 2) != -1 || + crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT - 1, MEMLIMIT) != -1 || + crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT * 2) != -1 || + crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT + 1, MEMLIMIT) != -1) { + printf("needs_rehash() false negative (2)\n"); } if (crypto_pwhash_str_needs_rehash(str_out + 1, OPSLIMIT, MEMLIMIT) != -1 || crypto_pwhash_argon2id_str_needs_rehash(str_out + 1, OPSLIMIT, MEMLIMIT) != -1) { printf("needs_rehash() didn't fail with an invalid hash string\n"); } if (sodium_is_zero((const unsigned char *) str_out + strlen(str_out), - crypto_pwhash_argon2id_STRBYTES - strlen(str_out)) != 1 || + crypto_pwhash_STRBYTES - strlen(str_out)) != 1 || sodium_is_zero((const unsigned char *) str_out2 + strlen(str_out2), - crypto_pwhash_argon2id_STRBYTES - strlen(str_out2)) != 1) { + crypto_pwhash_STRBYTES - strlen(str_out2)) != 1) { printf("pwhash_argon2id_str() doesn't properly pad with zeros\n"); } if (crypto_pwhash_argon2id_str_verify(str_out, passwd, strlen(passwd)) != 0) { printf("pwhash_argon2id_str_verify(1) failure\n"); } if (crypto_pwhash_str_verify(str_out, passwd, strlen(passwd)) != 0) { - printf("pwhash_argon2id_str_verify(1') failure\n"); + printf("pwhash_str_verify(1') failure\n"); } str_out[14]++; - if (crypto_pwhash_argon2id_str_verify(str_out, passwd, strlen(passwd)) != -1) { + if (crypto_pwhash_str_verify(str_out, passwd, strlen(passwd)) != -1) { printf("pwhash_argon2id_str_verify(2) failure\n"); } str_out[14]--; assert(str_out[crypto_pwhash_argon2id_STRBYTES - 1U] == 0); - if (crypto_pwhash_argon2id_str(str_out2, passwd, 0x100000000ULL, OPSLIMIT, + if (crypto_pwhash_str(str_out2, passwd, 0x100000000ULL, OPSLIMIT, MEMLIMIT) != -1) { - printf("pwhash_argon2id_str() with a large password should have failed\n"); - return 1; + printf("pwhash_str() with a large password should have failed\n"); } - if (crypto_pwhash_argon2id_str(str_out2, passwd, strlen(passwd), 1, MEMLIMIT) != - 0) { - printf("pwhash_argon2id_str() with a small opslimit should not have failed\n"); - return 1; + if (crypto_pwhash_str(str_out2, passwd, strlen(passwd), 1, MEMLIMIT) != 0) { + printf("pwhash_str() with a small opslimit should not have failed\n"); } - if (crypto_pwhash_argon2id_str(str_out2, passwd, strlen(passwd), 0, MEMLIMIT) != - -1) { + if (crypto_pwhash_str(str_out2, passwd, strlen(passwd), 0, MEMLIMIT) != -1) { printf("pwhash_argon2id_str() with a null opslimit should have failed\n"); - return 1; } - if (crypto_pwhash_argon2id_str_verify("$argon2id$m=65536,t=2,p=1c29tZXNhbHQ" - "$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ", - "password", 0x100000000ULL) != -1) { - printf("pwhash_argon2id_str_verify(invalid(0)) failure\n"); + if (crypto_pwhash_str_verify("$argon2id$m=65536,t=2,p=1c29tZXNhbHQ" + "$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ", + "password", 0x100000000ULL) != -1) { + printf("pwhash_str_verify(invalid(0)) failure\n"); } - if (crypto_pwhash_argon2id_str_verify("$argon2id$m=65536,t=2,p=1c29tZXNhbHQ" - "$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ", - "password", strlen("password")) != -1) { - printf("pwhash_argon2id_str_verify(invalid(1)) failure %d\n", errno); + if (crypto_pwhash_str_verify("$argon2id$m=65536,t=2,p=1c29tZXNhbHQ" + "$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ", + "password", strlen("password")) != -1) { + printf("pwhash_str_verify(invalid(1)) failure %d\n", errno); } - if (crypto_pwhash_argon2id_str_verify("$argon2id$m=65536,t=2,p=1$c29tZXNhbHQ" - "9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ", - "password", strlen("password")) != -1) { - printf("pwhash_argon2id_str_verify(invalid(2)) failure\n"); + if (crypto_pwhash_str_verify("$argon2id$m=65536,t=2,p=1$c29tZXNhbHQ" + "9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ", + "password", strlen("password")) != -1) { + printf("pwhash_str_verify(invalid(2)) failure\n"); } - if (crypto_pwhash_argon2id_str_verify("$argon2id$m=65536,t=2,p=1$c29tZXNhbHQ" - "$b2G3seW+uPzerwQQC+/E1K50CLLO7YXy0JRcaTuswRo", - "password", strlen("password")) != -1) { - printf("pwhash_argon2id_str_verify(invalid(3)) failure\n"); + if (crypto_pwhash_str_verify("$argon2id$m=65536,t=2,p=1$c29tZXNhbHQ" + "$b2G3seW+uPzerwQQC+/E1K50CLLO7YXy0JRcaTuswRo", + "password", strlen("password")) != -1) { + printf("pwhash_str_verify(invalid(3)) failure\n"); } - if (crypto_pwhash_argon2id_str_verify("$argon2id$v=19$m=65536,t=2,p=1c29tZXNhbHQ" - "$wWKIMhR9lyDFvRz9YTZweHKfbftvj+qf+YFY4NeBbtA", - "password", strlen("password")) != -1) { - printf("pwhash_argon2id_str_verify(invalid(4)) failure\n"); + if (crypto_pwhash_str_verify("$argon2id$v=19$m=65536,t=2,p=1c29tZXNhbHQ" + "$wWKIMhR9lyDFvRz9YTZweHKfbftvj+qf+YFY4NeBbtA", + "password", strlen("password")) != -1) { + printf("pwhash_str_verify(invalid(4)) failure\n"); } - if (crypto_pwhash_argon2id_str_verify("$argon2id$v=19$m=65536,t=2,p=1$c29tZXNhbHQ" - "wWKIMhR9lyDFvRz9YTZweHKfbftvj+qf+YFY4NeBbtA", - "password", strlen("password")) != -1) { - printf("pwhash_argon2id_str_verify(invalid(5)) failure\n"); + if (crypto_pwhash_str_verify("$argon2id$v=19$m=65536,t=2,p=1$c29tZXNhbHQ" + "wWKIMhR9lyDFvRz9YTZweHKfbftvj+qf+YFY4NeBbtA", + "password", strlen("password")) != -1) { + printf("pwhash_str_verify(invalid(5)) failure\n"); } - if (crypto_pwhash_argon2id_str_verify("$argon2id$v=19$m=65536,t=2,p=1$c29tZXNhbHQ" - "$8iIuixkI73Js3G1uMbezQXD0b8LG4SXGsOwoQkdAQIM", - "password", strlen("password")) != -1) { - printf("pwhash_argon2id_str_verify(invalid(6)) failure\n"); + if (crypto_pwhash_str_verify("$argon2id$v=19$m=65536,t=2,p=1$c29tZXNhbHQ" + "$8iIuixkI73Js3G1uMbezQXD0b8LG4SXGsOwoQkdAQIM", + "password", strlen("password")) != -1) { + printf("pwhash_str_verify(invalid(6)) failure\n"); } if (crypto_pwhash_str_verify("$argon2id$v=19$m=256,t=3,p=1$MDEyMzQ1Njc" "$G5ajKFCoUzaXRLdz7UJb5wGkb2Xt+X5/GQjUYtS2+TE", "password", strlen("password")) != 0) { - printf("pwhash_argon2id_str_verify(valid(7)) failure\n"); + printf("pwhash_str_verify(valid(7)) failure\n"); } - if (crypto_pwhash_argon2id_str_verify("$argon2id$v=19$m=256,t=3,p=1$MDEyMzQ1Njc" - "$G5ajKFCoUzaXRLdz7UJb5wGkb2Xt+X5/GQjUYtS2+TE", - "passwore", strlen("passwore")) != -1 || errno != EINVAL) { - printf("pwhash_argon2id_str_verify(invalid(7)) failure\n"); + if (crypto_pwhash_str_verify("$argon2id$v=19$m=256,t=3,p=1$MDEyMzQ1Njc" + "$G5ajKFCoUzaXRLdz7UJb5wGkb2Xt+X5/GQjUYtS2+TE", + "passwore", strlen("passwore")) != -1 || errno != EINVAL) { + printf("pwhash_str_verify(invalid(7)) failure\n"); } - if (crypto_pwhash_argon2id_str_verify("$Argon2id$v=19$m=256,t=3,p=1$MDEyMzQ1Njc" - "$G5ajKFCoUzaXRLdz7UJb5wGkb2Xt+X5/GQjUYtS2+TE", - "password", strlen("password")) != -1 || errno != EINVAL) { - printf("pwhash_argon2id_str_verify(invalid(8)) failure\n"); + if (crypto_pwhash_str_verify("$Argon2id$v=19$m=256,t=3,p=1$MDEyMzQ1Njc" + "$G5ajKFCoUzaXRLdz7UJb5wGkb2Xt+X5/GQjUYtS2+TE", + "password", strlen("password")) != -1 || errno != EINVAL) { + printf("pwhash_str_verify(invalid(8)) failure\n"); } - if (crypto_pwhash_argon2id_str_verify("$argon2id$v=19$m=256,t=3,p=2$MDEyMzQ1Njc" - "$G5ajKFCoUzaXRLdz7UJb5wGkb2Xt+X5/GQjUYtS2+TE", - "password", strlen("password")) != -1 || errno != EINVAL) { - printf("pwhash_argon2id_str_verify(invalid(9)) failure\n"); + if (crypto_pwhash_str_verify("$argon2id$v=19$m=256,t=3,p=2$MDEyMzQ1Njc" + "$G5ajKFCoUzaXRLdz7UJb5wGkb2Xt+X5/GQjUYtS2+TE", + "password", strlen("password")) != -1 || errno != EINVAL) { + printf("pwhash_str_verify(invalid(9)) failure\n"); } - assert(crypto_pwhash_argon2id_bytes_min() > 0U); - assert(crypto_pwhash_argon2id_bytes_max() > crypto_pwhash_argon2id_bytes_min()); - assert(crypto_pwhash_argon2id_passwd_max() > crypto_pwhash_argon2id_passwd_min()); - assert(crypto_pwhash_argon2id_saltbytes() > 0U); - assert(crypto_pwhash_argon2id_strbytes() > 1U); - assert(crypto_pwhash_argon2id_strbytes() > strlen(crypto_pwhash_argon2id_strprefix())); - - assert(crypto_pwhash_argon2id_opslimit_min() > 0U); - assert(crypto_pwhash_argon2id_opslimit_max() > 0U); - assert(crypto_pwhash_argon2id_memlimit_min() > 0U); - assert(crypto_pwhash_argon2id_memlimit_max() > 0U); - assert(crypto_pwhash_argon2id_opslimit_interactive() > 0U); - assert(crypto_pwhash_argon2id_memlimit_interactive() > 0U); - assert(crypto_pwhash_argon2id_opslimit_moderate() > 0U); - assert(crypto_pwhash_argon2id_memlimit_moderate() > 0U); - assert(crypto_pwhash_argon2id_opslimit_sensitive() > 0U); - assert(crypto_pwhash_argon2id_memlimit_sensitive() > 0U); - - assert(crypto_pwhash_argon2id_bytes_min() == crypto_pwhash_argon2id_BYTES_MIN); - assert(crypto_pwhash_argon2id_bytes_max() == crypto_pwhash_argon2id_BYTES_MAX); - assert(crypto_pwhash_argon2id_passwd_min() == crypto_pwhash_argon2id_PASSWD_MIN); - assert(crypto_pwhash_argon2id_passwd_max() == crypto_pwhash_argon2id_PASSWD_MAX); - assert(crypto_pwhash_argon2id_saltbytes() == crypto_pwhash_argon2id_SALTBYTES); - assert(crypto_pwhash_argon2id_strbytes() == crypto_pwhash_argon2id_STRBYTES); - - assert(crypto_pwhash_argon2id_opslimit_min() == crypto_pwhash_argon2id_OPSLIMIT_MIN); - assert(crypto_pwhash_argon2id_opslimit_max() == crypto_pwhash_argon2id_OPSLIMIT_MAX); - assert(crypto_pwhash_argon2id_memlimit_min() == crypto_pwhash_argon2id_MEMLIMIT_MIN); - assert(crypto_pwhash_argon2id_memlimit_max() == crypto_pwhash_argon2id_MEMLIMIT_MAX); - assert(crypto_pwhash_argon2id_opslimit_interactive() == - crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE); - assert(crypto_pwhash_argon2id_memlimit_interactive() == - crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE); - assert(crypto_pwhash_argon2id_opslimit_moderate() == - crypto_pwhash_argon2id_OPSLIMIT_MODERATE); - assert(crypto_pwhash_argon2id_memlimit_moderate() == - crypto_pwhash_argon2id_MEMLIMIT_MODERATE); - assert(crypto_pwhash_argon2id_opslimit_sensitive() == - crypto_pwhash_argon2id_OPSLIMIT_SENSITIVE); - assert(crypto_pwhash_argon2id_memlimit_sensitive() == - crypto_pwhash_argon2id_MEMLIMIT_SENSITIVE); - - assert(crypto_pwhash_argon2id_alg_argon2id13() == crypto_pwhash_argon2id_ALG_ARGON2ID13); - + assert(crypto_pwhash_str_alg(str_out, "test", 4, OPSLIMIT, MEMLIMIT, + crypto_pwhash_ALG_ARGON2ID13) == 0); + assert(crypto_pwhash_argon2id_str_verify(str_out, "test", 4) == 0); + assert(crypto_pwhash_argon2id_str_needs_rehash(str_out, + OPSLIMIT, MEMLIMIT) == 0); + assert(crypto_pwhash_argon2id_str_needs_rehash(str_out, + OPSLIMIT / 2, MEMLIMIT) == 1); + assert(crypto_pwhash_argon2id_str_needs_rehash(str_out, + OPSLIMIT, MEMLIMIT / 2) == 1); + assert(crypto_pwhash_argon2id_str_needs_rehash(str_out, 0, 0) == 1); + assert(crypto_pwhash_argon2i_str_needs_rehash(str_out, 0, 0) == -1); + assert(crypto_pwhash_argon2id_str_needs_rehash(str_out + 1, + OPSLIMIT, MEMLIMIT) == -1); + assert(crypto_pwhash_argon2i_str_needs_rehash(str_out, 0, 0) == -1); + assert(crypto_pwhash_argon2i_str_needs_rehash("", OPSLIMIT, MEMLIMIT) == -1); + assert(crypto_pwhash_str_alg(str_out, "test", 4, OPSLIMIT, MEMLIMIT, + crypto_pwhash_ALG_ARGON2I13) == 0); + assert(crypto_pwhash_argon2i_str_verify(str_out, "test", 4) == 0); + assert(crypto_pwhash_argon2i_str_needs_rehash(str_out, + OPSLIMIT, MEMLIMIT) == 0); + assert(crypto_pwhash_argon2i_str_needs_rehash(str_out, + OPSLIMIT / 2, MEMLIMIT) == 1); + assert(crypto_pwhash_argon2i_str_needs_rehash(str_out, + OPSLIMIT, MEMLIMIT / 2) == 1); + assert(crypto_pwhash_argon2i_str_needs_rehash(str_out, 0, 0) == 1); + assert(crypto_pwhash_argon2id_str_needs_rehash(str_out, 0, 0) == -1); + assert(crypto_pwhash_argon2i_str_needs_rehash("", OPSLIMIT, MEMLIMIT) == -1); + assert(crypto_pwhash_argon2i_str_needs_rehash(str_out + 1, + OPSLIMIT, MEMLIMIT) == -1); sodium_free(salt); sodium_free(str_out); sodium_free(str_out2); +} + +int +main(void) +{ + tv(); + tv2(); + tv3(); + str_tests(); + + assert(crypto_pwhash_bytes_min() > 0U); + assert(crypto_pwhash_bytes_max() > crypto_pwhash_bytes_min()); + assert(crypto_pwhash_passwd_max() > crypto_pwhash_passwd_min()); + assert(crypto_pwhash_saltbytes() > 0U); + assert(crypto_pwhash_strbytes() > 1U); + assert(crypto_pwhash_strbytes() > strlen(crypto_pwhash_strprefix())); + + assert(crypto_pwhash_opslimit_min() > 0U); + assert(crypto_pwhash_opslimit_max() > 0U); + assert(crypto_pwhash_memlimit_min() > 0U); + assert(crypto_pwhash_memlimit_max() > 0U); + assert(crypto_pwhash_opslimit_interactive() > 0U); + assert(crypto_pwhash_memlimit_interactive() > 0U); + assert(crypto_pwhash_opslimit_moderate() > 0U); + assert(crypto_pwhash_memlimit_moderate() > 0U); + assert(crypto_pwhash_opslimit_sensitive() > 0U); + assert(crypto_pwhash_memlimit_sensitive() > 0U); + assert(strcmp(crypto_pwhash_primitive(), "argon2i") == 0); + + assert(crypto_pwhash_bytes_min() == crypto_pwhash_BYTES_MIN); + assert(crypto_pwhash_bytes_max() == crypto_pwhash_BYTES_MAX); + assert(crypto_pwhash_passwd_min() == crypto_pwhash_PASSWD_MIN); + assert(crypto_pwhash_passwd_max() == crypto_pwhash_PASSWD_MAX); + assert(crypto_pwhash_saltbytes() == crypto_pwhash_SALTBYTES); + assert(crypto_pwhash_strbytes() == crypto_pwhash_STRBYTES); + + assert(crypto_pwhash_opslimit_min() == crypto_pwhash_OPSLIMIT_MIN); + assert(crypto_pwhash_opslimit_max() == crypto_pwhash_OPSLIMIT_MAX); + assert(crypto_pwhash_memlimit_min() == crypto_pwhash_MEMLIMIT_MIN); + assert(crypto_pwhash_memlimit_max() == crypto_pwhash_MEMLIMIT_MAX); + assert(crypto_pwhash_opslimit_interactive() == + crypto_pwhash_OPSLIMIT_INTERACTIVE); + assert(crypto_pwhash_memlimit_interactive() == + crypto_pwhash_MEMLIMIT_INTERACTIVE); + assert(crypto_pwhash_opslimit_moderate() == + crypto_pwhash_OPSLIMIT_MODERATE); + assert(crypto_pwhash_memlimit_moderate() == + crypto_pwhash_MEMLIMIT_MODERATE); + assert(crypto_pwhash_opslimit_sensitive() == + crypto_pwhash_OPSLIMIT_SENSITIVE); + assert(crypto_pwhash_memlimit_sensitive() == + crypto_pwhash_MEMLIMIT_SENSITIVE); + + assert(crypto_pwhash_argon2id_bytes_min() == crypto_pwhash_bytes_min()); + assert(crypto_pwhash_argon2id_bytes_max() == crypto_pwhash_bytes_max()); + assert(crypto_pwhash_argon2id_passwd_min() == crypto_pwhash_passwd_min()); + assert(crypto_pwhash_argon2id_passwd_max() == crypto_pwhash_passwd_max()); + assert(crypto_pwhash_argon2id_saltbytes() == crypto_pwhash_saltbytes()); + assert(crypto_pwhash_argon2id_strbytes() == crypto_pwhash_strbytes()); + assert(strcmp(crypto_pwhash_argon2id_strprefix(), + crypto_pwhash_strprefix()) == 0); + assert(crypto_pwhash_argon2id_opslimit_min() == + crypto_pwhash_opslimit_min()); + assert(crypto_pwhash_argon2id_opslimit_max() == + crypto_pwhash_opslimit_max()); + assert(crypto_pwhash_argon2id_memlimit_min() == + crypto_pwhash_memlimit_min()); + assert(crypto_pwhash_argon2id_memlimit_max() == + crypto_pwhash_memlimit_max()); + assert(crypto_pwhash_argon2id_opslimit_interactive() == + crypto_pwhash_opslimit_interactive()); + assert(crypto_pwhash_argon2id_opslimit_moderate() == + crypto_pwhash_opslimit_moderate()); + assert(crypto_pwhash_argon2id_opslimit_sensitive() == + crypto_pwhash_opslimit_sensitive()); + assert(crypto_pwhash_argon2id_memlimit_interactive() == + crypto_pwhash_memlimit_interactive()); + assert(crypto_pwhash_argon2id_memlimit_moderate() == + crypto_pwhash_memlimit_moderate()); + assert(crypto_pwhash_argon2id_memlimit_sensitive() == + crypto_pwhash_memlimit_sensitive()); + assert(crypto_pwhash_alg_argon2id13() == + crypto_pwhash_argon2id_alg_argon2id13()); + assert(crypto_pwhash_alg_argon2i13() == crypto_pwhash_ALG_ARGON2I13); + assert(crypto_pwhash_alg_argon2i13() != crypto_pwhash_alg_default()); + assert(crypto_pwhash_alg_argon2id13() == crypto_pwhash_ALG_ARGON2ID13); + assert(crypto_pwhash_alg_argon2id13() != crypto_pwhash_alg_argon2i13()); + assert(crypto_pwhash_alg_argon2id13() == crypto_pwhash_alg_default()); + + assert(crypto_pwhash_argon2id(NULL, 0, NULL, 0, NULL, + crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE, + crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE, + 0) == -1); + assert(crypto_pwhash_argon2id(NULL, 0, NULL, 0, NULL, + crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE, + crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE, + crypto_pwhash_ALG_ARGON2I13) == -1); + assert(crypto_pwhash_argon2i(NULL, 0, NULL, 0, NULL, + crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE, + crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE, + 0) == -1); + assert(crypto_pwhash_argon2i(NULL, 0, NULL, 0, NULL, + crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE, + crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE, + crypto_pwhash_ALG_ARGON2ID13) == -1); printf("OK\n"); diff --git a/test/default/pwhash_argon2id.exp b/test/default/pwhash_argon2id.exp index 5d05ce48..7c679496 100644 --- a/test/default/pwhash_argon2id.exp +++ b/test/default/pwhash_argon2id.exp @@ -10,6 +10,5 @@ d6e9d6cabd42fb9ba7162fe9b8e41d59d3c7034756cb460c9affe393308bd0225ce0371f2e6c3ca3 34b207147fb7ef83e1ca1a97e30aa6e08ea9b6b1048c59c9c13050dff33e76ce3c440d7f018f817e6b8593e78f339ba633b9d7ec3519b5eafbcc4bc2d20b5136bbc7e5b7e92ff37d024bbbecf5738f718ab22c8adcdb82ceffc233b8ad61f91850abdfe8bb119775d9c4243ec1ac761dfbd132489228dfeab5268c7f0ddc29f56b957d1b76c874cdd77e16139e0df9b847248fd782c9a1147b8480 [tv3] pwhash_argon2id_str failure (maybe intentional): [0] [tv3] pwhash_argon2id_str failure (maybe intentional): [1] -[tv3] pwhash_argon2id_str failure (maybe intentional): [2] [tv3] pwhash_argon2id_str failure (maybe intentional): [3] OK