From cc473f4c24d60512949469dd53374ea497deb837 Mon Sep 17 00:00:00 2001 From: Mitja HORVAT Date: Sun, 14 Nov 2021 09:59:51 +0100 Subject: [PATCH] c,python: Change the algorithm for hashing the master password to Argon2 --- c/passgeny/inc/passgeny.h | 2 +- c/passgeny/meson.build | 2 +- c/passgeny/src/passgeny.c | 24 ++++++++++++++++++------ python/passgeny/passgeny.py | 3 +-- 4 files changed, 21 insertions(+), 10 deletions(-) diff --git a/c/passgeny/inc/passgeny.h b/c/passgeny/inc/passgeny.h index 26b53a7..9d45087 100644 --- a/c/passgeny/inc/passgeny.h +++ b/c/passgeny/inc/passgeny.h @@ -8,7 +8,7 @@ typedef struct passgeny passgeny_t; struct passgeny { - uint8_t pg_master_hash[32]; /* SHA256 of the master password */ + uint8_t pg_master_hash[128]; /* Hash of the master password */ char *pg_pattern; /* Password pattern */ double pg_last_bits_total; /* Total bits that were available for generating the last password */ double pg_last_bits_used; /* Bits consumed when calculating the last password */ diff --git a/c/passgeny/meson.build b/c/passgeny/meson.build index 1379abe..8b1cc2c 100644 --- a/c/passgeny/meson.build +++ b/c/passgeny/meson.build @@ -5,6 +5,6 @@ passgeny_lib = static_library( 'passgeny', ['src/passgeny.c'], include_directories : passgeny_inc, - dependencies: [ dependency('libcrypto'), dependency('libargon2'), phogen_dep, bhash_dep]) + dependencies: [ dependency('libargon2'), phogen_dep, bhash_dep]) passgeny_dep = declare_dependency(link_with : passgeny_lib, include_directories : passgeny_inc) diff --git a/c/passgeny/src/passgeny.c b/c/passgeny/src/passgeny.c index ea325b8..8558120 100644 --- a/c/passgeny/src/passgeny.c +++ b/c/passgeny/src/passgeny.c @@ -39,8 +39,8 @@ /* Ensure that pg_master_hash is big enough to hold a SHA256 hash */ _Static_assert( - sizeof(((passgeny_t *)NULL)->pg_master_hash) == SHA256_DIGEST_LENGTH, - "pg_master_hash doesn't match SHA256_DIGEST_LENGTH"); + sizeof(((passgeny_t *)NULL)->pg_master_hash) == PASSGENY_ARGON2_HASH_LEN, + "pg_master_hash doesn't match PASSGENY_ARGON2_HASH_LEN"); static bool passgeny_patmatch( const char **pstr, @@ -57,13 +57,25 @@ static void passgeny_gen_str(char *out, size_t out_sz, const char *pool, bhash_t */ bool passgeny_init(passgeny_t *passgeny, const char *master_password) { - SHA256_CTX sha256; + bool rc; memset(passgeny, 0, sizeof(*passgeny)); - SHA256_Init(&sha256); - SHA256_Update(&sha256, master_password, strlen(master_password)); - SHA256_Final(passgeny->pg_master_hash, &sha256); + rc = argon2id_hash_raw( + PASSGENY_ARGON2_TIME_COST, + PASSGENY_ARGON2_MEMORY_COST, + PASSGENY_ARGON2_PARALLEL, + master_password, + strlen(master_password), + PASSGENY_ARGON2_SALT, + strlen(PASSGENY_ARGON2_SALT), + passgeny->pg_master_hash, + sizeof(passgeny->pg_master_hash)); + if (rc != 0) + { + fprintf(stderr, "Error generating master hash."); + return false; + } passgeny->pg_pattern = strdup(PASSGENY_DEFAULT_PATTERN); diff --git a/python/passgeny/passgeny.py b/python/passgeny/passgeny.py index 42a5e8c..436c6d8 100644 --- a/python/passgeny/passgeny.py +++ b/python/passgeny/passgeny.py @@ -3,7 +3,6 @@ # import argon2 import argparse -import hashlib import re from . import bhash, phogen @@ -33,7 +32,7 @@ class PassgenyInvalidPattern(Exception): class Passgeny: def __init__(self, master_password): - self.master_password = hashlib.sha256(master_password.encode()).digest() + self.master_password = self.__argon2_hash(master_password.encode()) self.pattern = PASSGENY_DEFAULT_PATTERN def generate(self, domain, user, *tokens):