nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-07-18 11:31:00 -05:00
Code Issues Projects Releases Wiki Activity

Add implementation of the Argon2 password hash.

Browse Source 
This is going to be used in the new version of the PPK file format. It
was the winner of the Password Hashing Context, which I think makes it
a reasonable choice.

Argon2 comes in three flavours: one with no data dependency in its
memory addressing, one with _deliberate_ data dependency (intended to
serialise computation, to hinder parallel brute-forcing), and a hybrid
form that starts off data-independent and then switches over to the
dependent version once the sensitive input data has been adequately
mixed around. I test all three in the test suite; the side-channel
tester can only expect Argon2i to pass; and, following the spec's
recommendation, I'll be using Argon2id for the actual key file
encryption.
This commit is contained in:
Simon Tatham
2021-02-13 17:30:12 +00:00
parent 5c8f3bf924
commit 0faeb82ccd
8 changed files with 882 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
testsc.c
View File

@ -327,6 +327,7 @@ VOLATILE_WRAPPED_DEFN(static, size_t, looplimit, (size_t x))
CIPHERS(CIPHER_TESTLIST, X) \
MACS(MAC_TESTLIST, X) \
HASHES(HASH_TESTLIST, X) \
X(argon2) \
/* end of list */
static void test_mp_get_nbits(void)
@ -1409,6 +1410,36 @@ struct test {
void (*testfn)(void);
};
static void test_argon2(void)
{
/*
* We can only expect the Argon2i variant to pass this stringent
* test for no data-dependency, because the other two variants of
* Argon2 have _deliberate_ data-dependency.
*/
size_t inlen = 48+16+24+8;
uint8_t *indata = snewn(inlen, uint8_t);
ptrlen password = make_ptrlen(indata, 48);
ptrlen salt = make_ptrlen(indata+48, 16);
ptrlen secret = make_ptrlen(indata+48+16, 24);
ptrlen assoc = make_ptrlen(indata+48+16+24, 8);
strbuf *outdata = strbuf_new();
strbuf_append(outdata, 256);
for (size_t i = 0; i < looplimit(16); i++) {
strbuf_clear(outdata);
random_read(indata, inlen);
log_start();
argon2(Argon2i, 32, 2, 2, 144, password, salt, secret, assoc, outdata);
log_end();
}
sfree(indata);
strbuf_free(outdata);
}
static const struct test tests[] = {
#define STRUCT_TEST(X) { #X, test_##X },
TESTLIST(STRUCT_TEST)