c,python: Change the algorithm for hashing the master password to Argon2

2021-11-14 09:59:51 +01:00
parent c869c79619
commit cc473f4c24
4 changed files with 21 additions and 10 deletions
--- a/c/passgeny/inc/passgeny.h
+++ b/c/passgeny/inc/passgeny.h
@ -8,7 +8,7 @@ typedef struct passgeny passgeny_t;

 struct passgeny
 {
-    uint8_t     pg_master_hash[32];                 /* SHA256 of the master password */
+    uint8_t     pg_master_hash[128];                /* Hash of the master password */
    char       *pg_pattern;                         /* Password pattern */
    double      pg_last_bits_total;                 /* Total bits that were available for generating the last password */
    double      pg_last_bits_used;                  /* Bits consumed when calculating the last password */
--- a/c/passgeny/meson.build
+++ b/c/passgeny/meson.build
@ -5,6 +5,6 @@ passgeny_lib = static_library(
        'passgeny',
        ['src/passgeny.c'],
        include_directories : passgeny_inc,
-        dependencies: [ dependency('libcrypto'), dependency('libargon2'), phogen_dep, bhash_dep])
+        dependencies: [ dependency('libargon2'), phogen_dep, bhash_dep])

 passgeny_dep = declare_dependency(link_with : passgeny_lib, include_directories : passgeny_inc)
--- a/c/passgeny/src/passgeny.c
+++ b/c/passgeny/src/passgeny.c
@ -39,8 +39,8 @@

 /* Ensure that pg_master_hash is big enough to hold a SHA256 hash */
 _Static_assert(
-        sizeof(((passgeny_t *)NULL)->pg_master_hash) == SHA256_DIGEST_LENGTH,
-        "pg_master_hash doesn't match SHA256_DIGEST_LENGTH");
+        sizeof(((passgeny_t *)NULL)->pg_master_hash) == PASSGENY_ARGON2_HASH_LEN,
+        "pg_master_hash doesn't match PASSGENY_ARGON2_HASH_LEN");

 static bool passgeny_patmatch(
        const char **pstr,
@ -57,13 +57,25 @@ static void passgeny_gen_str(char *out, size_t out_sz, const char *pool, bhash_t
 */
 bool passgeny_init(passgeny_t *passgeny, const char *master_password)
 {
-    SHA256_CTX sha256;
+    bool rc;

    memset(passgeny, 0, sizeof(*passgeny));

-    SHA256_Init(&sha256);
-    SHA256_Update(&sha256, master_password, strlen(master_password));
-    SHA256_Final(passgeny->pg_master_hash, &sha256);
+    rc = argon2id_hash_raw(
+            PASSGENY_ARGON2_TIME_COST,
+            PASSGENY_ARGON2_MEMORY_COST,
+            PASSGENY_ARGON2_PARALLEL,
+            master_password,
+            strlen(master_password),
+            PASSGENY_ARGON2_SALT,
+            strlen(PASSGENY_ARGON2_SALT),
+            passgeny->pg_master_hash,
+            sizeof(passgeny->pg_master_hash));
+    if (rc != 0)
+    {
+        fprintf(stderr, "Error generating master hash.");
+        return false;
+    }

    passgeny->pg_pattern = strdup(PASSGENY_DEFAULT_PATTERN);

--- a/python/passgeny/passgeny.py
+++ b/python/passgeny/passgeny.py
@ -3,7 +3,6 @@
 #
 import argon2
 import argparse
-import hashlib
 import re

 from . import bhash, phogen
@ -33,7 +32,7 @@ class PassgenyInvalidPattern(Exception):

 class Passgeny:
    def __init__(self, master_password):
-        self.master_password = hashlib.sha256(master_password.encode()).digest()
+        self.master_password = self.__argon2_hash(master_password.encode())
        self.pattern = PASSGENY_DEFAULT_PATTERN

    def generate(self, domain, user, *tokens):