1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
/* Copyright (c) 2018 Dovecot authors, see the included COPYING file */
#include "lib.h"
#include "password-scheme.h"
#ifdef HAVE_LIBSODIUM
#include <sodium.h>
static void
generate_argon2i(const char *plaintext, const struct password_generate_params *params,
const unsigned char **raw_password_r, size_t *size_r)
{
unsigned long long rounds = params->rounds;
size_t memlimit;
char result[crypto_pwhash_STRBYTES];
if (rounds == 0)
rounds = crypto_pwhash_argon2i_OPSLIMIT_INTERACTIVE;
if (rounds >= crypto_pwhash_argon2i_OPSLIMIT_SENSITIVE)
memlimit = crypto_pwhash_argon2i_MEMLIMIT_SENSITIVE;
else if (rounds >= crypto_pwhash_argon2i_OPSLIMIT_MODERATE)
memlimit = crypto_pwhash_argon2i_MEMLIMIT_MODERATE;
else
memlimit = crypto_pwhash_argon2i_MEMLIMIT_INTERACTIVE;
if (crypto_pwhash_argon2i_str(result, plaintext, strlen(plaintext), rounds, memlimit) < 0)
i_fatal("crypto_pwhash_argon2i_str failed: %m");
*raw_password_r = (const unsigned char*)t_strdup(result);
*size_r = strlen(result);
}
#ifdef crypto_pwhash_ALG_ARGON2ID13
static void
generate_argon2id(const char *plaintext, const struct password_generate_params *params,
const unsigned char **raw_password_r, size_t *size_r)
{
unsigned long long rounds = params->rounds;
size_t memlimit;
char result[crypto_pwhash_argon2id_STRBYTES];
i_zero(&result);
if (rounds == 0)
rounds = crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE;
if (rounds >= crypto_pwhash_argon2id_OPSLIMIT_SENSITIVE)
memlimit = crypto_pwhash_argon2id_MEMLIMIT_SENSITIVE;
else if (rounds >= crypto_pwhash_argon2id_OPSLIMIT_MODERATE)
memlimit = crypto_pwhash_argon2id_MEMLIMIT_MODERATE;
else
memlimit = crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE;
/* XXX: Bug in sodium-1.0.13, it expects rounds to be 3 */
if (rounds < 3)
rounds = 3;
if (crypto_pwhash_argon2id_str(result, plaintext, strlen(plaintext), rounds, memlimit) < 0)
i_fatal("crypto_pwhash_argon2id_str failed: %m");
*raw_password_r = (const unsigned char*)t_strdup(result);
*size_r = strlen(result);
}
#endif
static int
verify_argon2(const char *plaintext, const struct password_generate_params *params ATTR_UNUSED,
const unsigned char *raw_password, size_t size,
const char **error_r ATTR_UNUSED)
{
const char *passwd = t_strndup(raw_password, size);
if (crypto_pwhash_str_verify(passwd, plaintext, strlen(plaintext)) < 0)
return 0;
return 1;
}
static const struct password_scheme sodium_schemes[] = {
{ "ARGON2I", PW_ENCODING_NONE, 0, verify_argon2,
generate_argon2i },
#ifdef crypto_pwhash_ALG_ARGON2ID13
{ "ARGON2ID", PW_ENCODING_NONE, 0, verify_argon2,
generate_argon2id },
#endif
};
void password_scheme_register_sodium(void)
{
if (sodium_init() != 0)
i_fatal("sodium_init() failed");
for(size_t i = 0; i < N_ELEMENTS(sodium_schemes); i++)
password_scheme_register(&sodium_schemes[i]);
}
#endif
|
