1*0ac341f1SConrad Meyer 2*0ac341f1SConrad Meyer #define TEST_NAME "pwhash_argon2i" 3*0ac341f1SConrad Meyer #include "cmptest.h" 4*0ac341f1SConrad Meyer 5*0ac341f1SConrad Meyer #define OUT_LEN 128 6*0ac341f1SConrad Meyer #define OPSLIMIT 3 7*0ac341f1SConrad Meyer #define MEMLIMIT 5000000 8*0ac341f1SConrad Meyer 9*0ac341f1SConrad Meyer static void 10*0ac341f1SConrad Meyer tv(void) 11*0ac341f1SConrad Meyer { 12*0ac341f1SConrad Meyer static struct { 13*0ac341f1SConrad Meyer const char * passwd_hex; 14*0ac341f1SConrad Meyer size_t passwd_len; 15*0ac341f1SConrad Meyer const char * salt_hex; 16*0ac341f1SConrad Meyer size_t outlen; 17*0ac341f1SConrad Meyer unsigned long long opslimit; 18*0ac341f1SConrad Meyer size_t memlimit; 19*0ac341f1SConrad Meyer unsigned int lanes; 20*0ac341f1SConrad Meyer } tests[] = { 21*0ac341f1SConrad Meyer { "a347ae92bce9f80f6f595a4480fc9c2fe7e7d7148d371e9487d75f5c23008ffae0" 22*0ac341f1SConrad Meyer "65577a928febd9b1973a5a95073acdbeb6a030cfc0d79caa2dc5cd011cef02c08d" 23*0ac341f1SConrad Meyer "a232d76d52dfbca38ca8dcbd665b17d1665f7cf5fe59772ec909733b24de97d6f5" 24*0ac341f1SConrad Meyer "8d220b20c60d7c07ec1fd93c52c31020300c6c1facd77937a597c7a6", 25*0ac341f1SConrad Meyer 127, 26*0ac341f1SConrad Meyer "5541fbc995d5c197ba290346d2c559dedf405cf97e5f95482143202f9e74f5c2", 27*0ac341f1SConrad Meyer 155, 5, 7256678, 1 }, 28*0ac341f1SConrad Meyer { "e125cee61c8cb7778d9e5ad0a6f5d978ce9f84de213a8556d9ffe202020ab4a6ed" 29*0ac341f1SConrad Meyer "9074a4eb3416f9b168f137510f3a30b70b96cbfa219ff99f6c6eaffb15c06b60e0" 30*0ac341f1SConrad Meyer "0cc2890277f0fd3c622115772f7048adaebed86e", 31*0ac341f1SConrad Meyer 86, 32*0ac341f1SConrad Meyer "f1192dd5dc2368b9cd421338b22433455ee0a3699f9379a08b9650ea2c126f0d", 33*0ac341f1SConrad Meyer 250, 4, 7849083, 1 }, 34*0ac341f1SConrad Meyer { "92263cbf6ac376499f68a4289d3bb59e5a22335eba63a32e6410249155b956b6a3" 35*0ac341f1SConrad Meyer "b48d4a44906b18b897127300b375b8f834f1ceffc70880a885f47c33876717e392" 36*0ac341f1SConrad Meyer "be57f7da3ae58da4fd1f43daa7e44bb82d3717af4319349c24cd31e46d295856b0" 37*0ac341f1SConrad Meyer "441b6b289992a11ced1cc3bf3011604590244a3eb737ff221129215e4e4347f491" 38*0ac341f1SConrad Meyer "5d41292b5173d196eb9add693be5319fdadc242906178bb6c0286c9b6ca6012746" 39*0ac341f1SConrad Meyer "711f58c8c392016b2fdfc09c64f0f6b6ab7b", 40*0ac341f1SConrad Meyer 183, 41*0ac341f1SConrad Meyer "3b840e20e9555e9fb031c4ba1f1747ce25cc1d0ff664be676b9b4a90641ff194", 42*0ac341f1SConrad Meyer 249, 3, 7994791, 1 }, 43*0ac341f1SConrad Meyer { "027b6d8e8c8c474e9b69c7d9ed4f9971e8e1ce2f6ba95048414c3970f0f09b70e3" 44*0ac341f1SConrad Meyer "b6c5ae05872b3d8678705b7d381829c351a5a9c88c233569b35d6b0b809df44b64" 45*0ac341f1SConrad Meyer "51a9c273f1150e2ef8a0b5437eb701e373474cd44b97ef0248ebce2ca0400e1b53" 46*0ac341f1SConrad Meyer "f3d86221eca3f18eb45b702b9172440f774a82cbf1f6f525df30a6e293c873cce6" 47*0ac341f1SConrad Meyer "9bb078ed1f0d31e7f9b8062409f37f19f8550aae", 48*0ac341f1SConrad Meyer 152, 49*0ac341f1SConrad Meyer "eb2a3056a09ad2d7d7f975bcd707598f24cd32518cde3069f2e403b34bfee8a5", 5, 50*0ac341f1SConrad Meyer 4, 1397645, 1 }, 51*0ac341f1SConrad Meyer { "4a857e2ee8aa9b6056f2424e84d24a72473378906ee04a46cb05311502d5250b82" 52*0ac341f1SConrad Meyer "ad86b83c8f20a23dbb74f6da60b0b6ecffd67134d45946ac8ebfb3064294bc097d" 53*0ac341f1SConrad Meyer "43ced68642bfb8bbbdd0f50b30118f5e", 54*0ac341f1SConrad Meyer 82, 55*0ac341f1SConrad Meyer "39d82eef32010b8b79cc5ba88ed539fbaba741100f2edbeca7cc171ffeabf258", 56*0ac341f1SConrad Meyer 190, 3, 1432947, 1 }, 57*0ac341f1SConrad Meyer { "c7b09aec680e7b42fedd7fc792e78b2f6c1bea8f4a884320b648f81e8cf515e8ba" 58*0ac341f1SConrad Meyer "9dcfb11d43c4aae114c1734aa69ca82d44998365db9c93744fa28b63fd16000e82" 59*0ac341f1SConrad Meyer "61cbbe083e7e2da1e5f696bde0834fe53146d7e0e35e7de9920d041f5a5621aabe" 60*0ac341f1SConrad Meyer "02da3e2b09b405b77937efef3197bd5772e41fdb73fb5294478e45208063b5f58e" 61*0ac341f1SConrad Meyer "089dbeb6d6342a909c1307b3fff5fe2cf4da56bdae50848f", 62*0ac341f1SConrad Meyer 156, 63*0ac341f1SConrad Meyer "039c056d933b475032777edbaffac50f143f64c123329ed9cf59e3b65d3f43b6", 64*0ac341f1SConrad Meyer 178, 3, 4886999, 1 }, 65*0ac341f1SConrad Meyer { "b540beb016a5366524d4605156493f9874514a5aa58818cd0c6dfffaa9e90205f1" 66*0ac341f1SConrad Meyer "7b", 67*0ac341f1SConrad Meyer 34, 68*0ac341f1SConrad Meyer "44071f6d181561670bda728d43fb79b443bb805afdebaf98622b5165e01b15fb", 69*0ac341f1SConrad Meyer 231, 1, 1631659, 1 }, 70*0ac341f1SConrad Meyer { "a14975c26c088755a8b715ff2528d647cd343987fcf4aa25e7194a8417fb2b4b3f" 71*0ac341f1SConrad Meyer "7268da9f3182b4cfb22d138b2749d673a47ecc7525dd15a0a3c66046971784bb63" 72*0ac341f1SConrad Meyer "d7eae24cc84f2631712075a10e10a96b0e0ee67c43e01c423cb9c44e5371017e9c" 73*0ac341f1SConrad Meyer "496956b632158da3fe12addecb88912e6759bc37f9af2f45af72c5cae3b179ffb6" 74*0ac341f1SConrad Meyer "76a697de6ebe45cd4c16d4a9d642d29ddc0186a0a48cb6cd62bfc3dd229d313b30" 75*0ac341f1SConrad Meyer "1560971e740e2cf1f99a9a090a5b283f35475057e96d7064e2e0fc81984591068d" 76*0ac341f1SConrad Meyer "55a3b4169f22cccb0745a2689407ea1901a0a766eb99", 77*0ac341f1SConrad Meyer 220, 78*0ac341f1SConrad Meyer "3d968b2752b8838431165059319f3ff8910b7b8ecb54ea01d3f54769e9d98daf", 79*0ac341f1SConrad Meyer 167, 3, 1784128, 1 }, 80*0ac341f1SConrad Meyer }; 81*0ac341f1SConrad Meyer char passwd[256]; 82*0ac341f1SConrad Meyer unsigned char salt[crypto_pwhash_SALTBYTES]; 83*0ac341f1SConrad Meyer unsigned char out[256]; 84*0ac341f1SConrad Meyer char out_hex[256 * 2 + 1]; 85*0ac341f1SConrad Meyer size_t i = 0U; 86*0ac341f1SConrad Meyer 87*0ac341f1SConrad Meyer do { 88*0ac341f1SConrad Meyer sodium_hex2bin((unsigned char *) passwd, sizeof passwd, 89*0ac341f1SConrad Meyer tests[i].passwd_hex, strlen(tests[i].passwd_hex), NULL, 90*0ac341f1SConrad Meyer NULL, NULL); 91*0ac341f1SConrad Meyer sodium_hex2bin(salt, sizeof salt, tests[i].salt_hex, 92*0ac341f1SConrad Meyer strlen(tests[i].salt_hex), NULL, NULL, NULL); 93*0ac341f1SConrad Meyer if (crypto_pwhash(out, (unsigned long long) tests[i].outlen, passwd, 94*0ac341f1SConrad Meyer tests[i].passwd_len, (const unsigned char *) salt, 95*0ac341f1SConrad Meyer tests[i].opslimit, tests[i].memlimit, 96*0ac341f1SConrad Meyer crypto_pwhash_alg_argon2i13()) != 0) { 97*0ac341f1SConrad Meyer printf("[tv] pwhash failure (maybe intentional): [%u]\n", 98*0ac341f1SConrad Meyer (unsigned int) i); 99*0ac341f1SConrad Meyer continue; 100*0ac341f1SConrad Meyer } 101*0ac341f1SConrad Meyer sodium_bin2hex(out_hex, sizeof out_hex, out, tests[i].outlen); 102*0ac341f1SConrad Meyer printf("%s\n", out_hex); 103*0ac341f1SConrad Meyer } while (++i < (sizeof tests) / (sizeof tests[0])); 104*0ac341f1SConrad Meyer } 105*0ac341f1SConrad Meyer 106*0ac341f1SConrad Meyer static void 107*0ac341f1SConrad Meyer tv2(void) 108*0ac341f1SConrad Meyer { 109*0ac341f1SConrad Meyer static struct { 110*0ac341f1SConrad Meyer const char * passwd_hex; 111*0ac341f1SConrad Meyer size_t passwd_len; 112*0ac341f1SConrad Meyer const char * salt_hex; 113*0ac341f1SConrad Meyer size_t outlen; 114*0ac341f1SConrad Meyer unsigned long long opslimit; 115*0ac341f1SConrad Meyer size_t memlimit; 116*0ac341f1SConrad Meyer unsigned int lanes; 117*0ac341f1SConrad Meyer } tests[] = { 118*0ac341f1SConrad Meyer { "a347ae92bce9f80f6f595a4480fc9c2fe7e7d7148d371e9487d75f5c23008ffae0" 119*0ac341f1SConrad Meyer "65577a928febd9b1973a5a95073acdbeb6a030cfc0d79caa2dc5cd011cef02c08d" 120*0ac341f1SConrad Meyer "a232d76d52dfbca38ca8dcbd665b17d1665f7cf5fe59772ec909733b24de97d6f5" 121*0ac341f1SConrad Meyer "8d220b20c60d7c07ec1fd93c52c31020300c6c1facd77937a597c7a6", 122*0ac341f1SConrad Meyer 127, 123*0ac341f1SConrad Meyer "5541fbc995d5c197ba290346d2c559dedf405cf97e5f95482143202f9e74f5c2", 124*0ac341f1SConrad Meyer 155, 4, 397645, 1 }, 125*0ac341f1SConrad Meyer { "a347ae92bce9f80f6f595a4480fc9c2fe7e7d7148d371e9487d75f5c23008ffae0" 126*0ac341f1SConrad Meyer "65577a928febd9b1973a5a95073acdbeb6a030cfc0d79caa2dc5cd011cef02c08d" 127*0ac341f1SConrad Meyer "a232d76d52dfbca38ca8dcbd665b17d1665f7cf5fe59772ec909733b24de97d6f5" 128*0ac341f1SConrad Meyer "8d220b20c60d7c07ec1fd93c52c31020300c6c1facd77937a597c7a6", 129*0ac341f1SConrad Meyer 127, 130*0ac341f1SConrad Meyer "5541fbc995d5c197ba290346d2c559dedf405cf97e5f95482143202f9e74f5c2", 131*0ac341f1SConrad Meyer 155, 3, 397645, 1 }, 132*0ac341f1SConrad Meyer }; 133*0ac341f1SConrad Meyer char passwd[256]; 134*0ac341f1SConrad Meyer unsigned char salt[crypto_pwhash_SALTBYTES]; 135*0ac341f1SConrad Meyer unsigned char out[256]; 136*0ac341f1SConrad Meyer char out_hex[256 * 2 + 1]; 137*0ac341f1SConrad Meyer size_t i = 0U; 138*0ac341f1SConrad Meyer 139*0ac341f1SConrad Meyer do { 140*0ac341f1SConrad Meyer sodium_hex2bin((unsigned char *) passwd, sizeof passwd, 141*0ac341f1SConrad Meyer tests[i].passwd_hex, strlen(tests[i].passwd_hex), NULL, 142*0ac341f1SConrad Meyer NULL, NULL); 143*0ac341f1SConrad Meyer sodium_hex2bin(salt, sizeof salt, tests[i].salt_hex, 144*0ac341f1SConrad Meyer strlen(tests[i].salt_hex), NULL, NULL, NULL); 145*0ac341f1SConrad Meyer if (crypto_pwhash(out, (unsigned long long) tests[i].outlen, passwd, 146*0ac341f1SConrad Meyer tests[i].passwd_len, (const unsigned char *) salt, 147*0ac341f1SConrad Meyer tests[i].opslimit, tests[i].memlimit, 148*0ac341f1SConrad Meyer crypto_pwhash_alg_argon2i13()) != 0) { 149*0ac341f1SConrad Meyer printf("[tv2] pwhash failure: [%u]\n", (unsigned int) i); 150*0ac341f1SConrad Meyer continue; 151*0ac341f1SConrad Meyer } 152*0ac341f1SConrad Meyer sodium_bin2hex(out_hex, sizeof out_hex, out, tests[i].outlen); 153*0ac341f1SConrad Meyer printf("%s\n", out_hex); 154*0ac341f1SConrad Meyer } while (++i < (sizeof tests) / (sizeof tests[0])); 155*0ac341f1SConrad Meyer 156*0ac341f1SConrad Meyer if (crypto_pwhash(out, sizeof out, "password", strlen("password"), salt, 3, 157*0ac341f1SConrad Meyer 1ULL << 12, 0) != -1) { 158*0ac341f1SConrad Meyer printf("[tv2] pwhash should have failed (0)\n"); 159*0ac341f1SConrad Meyer } 160*0ac341f1SConrad Meyer if (crypto_pwhash_argon2i(out, sizeof out, "password", strlen("password"), salt, 3, 161*0ac341f1SConrad Meyer 1ULL << 12, 0) != -1) { 162*0ac341f1SConrad Meyer printf("[tv2] pwhash should have failed (0')\n"); 163*0ac341f1SConrad Meyer } 164*0ac341f1SConrad Meyer if (crypto_pwhash(out, sizeof out, "password", strlen("password"), salt, 3, 165*0ac341f1SConrad Meyer 1, crypto_pwhash_alg_argon2i13()) != -1) { 166*0ac341f1SConrad Meyer printf("[tv2] pwhash should have failed (1)\n"); 167*0ac341f1SConrad Meyer } 168*0ac341f1SConrad Meyer if (crypto_pwhash(out, sizeof out, "password", strlen("password"), salt, 3, 169*0ac341f1SConrad Meyer 1ULL << 12, crypto_pwhash_alg_argon2i13()) != -1) { 170*0ac341f1SConrad Meyer printf("[tv2] pwhash should have failed (2)\n"); 171*0ac341f1SConrad Meyer } 172*0ac341f1SConrad Meyer if (crypto_pwhash(out, sizeof out, "password", strlen("password"), salt, 2, 173*0ac341f1SConrad Meyer 1ULL << 12, crypto_pwhash_alg_argon2i13()) != -1) { 174*0ac341f1SConrad Meyer printf("[tv2] pwhash should have failed (3)\n"); 175*0ac341f1SConrad Meyer } 176*0ac341f1SConrad Meyer if (crypto_pwhash(out, 15, "password", strlen("password"), salt, 3, 177*0ac341f1SConrad Meyer 1ULL << 12, crypto_pwhash_alg_argon2i13()) != -1) { 178*0ac341f1SConrad Meyer printf("[tv2] pwhash with a short output length should have failed\n"); 179*0ac341f1SConrad Meyer } 180*0ac341f1SConrad Meyer if (crypto_pwhash(out, sizeof out, "password", 0x100000000ULL, salt, 3, 181*0ac341f1SConrad Meyer 1ULL << 12, crypto_pwhash_alg_argon2i13()) != -1) { 182*0ac341f1SConrad Meyer printf("[tv2] pwhash with a long password length should have failed\n"); 183*0ac341f1SConrad Meyer } 184*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i(out, sizeof out, "password", strlen("password"), salt, 185*0ac341f1SConrad Meyer OPSLIMIT, MEMLIMIT, crypto_pwhash_alg_argon2id13()) == -1); 186*0ac341f1SConrad Meyer } 187*0ac341f1SConrad Meyer 188*0ac341f1SConrad Meyer static void 189*0ac341f1SConrad Meyer tv3(void) 190*0ac341f1SConrad Meyer { 191*0ac341f1SConrad Meyer static struct { 192*0ac341f1SConrad Meyer const char *passwd; 193*0ac341f1SConrad Meyer const char *out; 194*0ac341f1SConrad Meyer } tests[] = { 195*0ac341f1SConrad Meyer { "", 196*0ac341f1SConrad Meyer "$argon2i$v=19$m=4096,t=1,p=1$X1NhbHQAAAAAAAAAAAAAAA$bWh++" 197*0ac341f1SConrad Meyer "MKN1OiFHKgIWTLvIi1iHicmHH7+Fv3K88ifFfI" }, 198*0ac341f1SConrad Meyer { "", 199*0ac341f1SConrad Meyer "$argon2i$v=19$m=2048,t=4,p=1$SWkxaUhpY21ISDcrRnYzSw$Mbg/" 200*0ac341f1SConrad Meyer "Eck1kpZir5T9io7C64cpffdTBaORgyriLQFgQj8" }, 201*0ac341f1SConrad Meyer { "^T5H$JYt39n%K*j:W]!1s?vg!:jGi]Ax?..l7[p0v:1jHTpla9;]bUN;?bWyCbtqg ", 202*0ac341f1SConrad Meyer "$argon2i$v=19$m=4096,t=3,p=2$X1NhbHQAAAAAAAAAAAAAAA$z/QMiU4lQxGsYNc/" 203*0ac341f1SConrad Meyer "+K/bizwsA1P11UG2dj/7+aILJ4I" }, 204*0ac341f1SConrad Meyer { "K3S=KyH#)36_?]LxeR8QNKw6X=gFbxai$C%29V*", 205*0ac341f1SConrad Meyer "$argon2i$v=19$m=4096,t=3,p=1$X1NhbHQAAAAAAAAAAAAAAA$fu2Wsecyt+" 206*0ac341f1SConrad Meyer "yPnBvSvYN16oP5ozRmkp0ixJ1YL19V3Uo" } 207*0ac341f1SConrad Meyer }; 208*0ac341f1SConrad Meyer char *out; 209*0ac341f1SConrad Meyer char *passwd; 210*0ac341f1SConrad Meyer size_t i = 0U; 211*0ac341f1SConrad Meyer int ret; 212*0ac341f1SConrad Meyer 213*0ac341f1SConrad Meyer do { 214*0ac341f1SConrad Meyer out = (char *) sodium_malloc(strlen(tests[i].out) + 1U); 215*0ac341f1SConrad Meyer assert(out != NULL); 216*0ac341f1SConrad Meyer memcpy(out, tests[i].out, strlen(tests[i].out) + 1U); 217*0ac341f1SConrad Meyer passwd = (char *) sodium_malloc(strlen(tests[i].passwd) + 1U); 218*0ac341f1SConrad Meyer assert(passwd != NULL); 219*0ac341f1SConrad Meyer memcpy(passwd, tests[i].passwd, strlen(tests[i].passwd) + 1U); 220*0ac341f1SConrad Meyer ret = crypto_pwhash_str_verify(out, passwd, strlen(passwd)); 221*0ac341f1SConrad Meyer sodium_free(out); 222*0ac341f1SConrad Meyer sodium_free(passwd); 223*0ac341f1SConrad Meyer if (ret != 0) { 224*0ac341f1SConrad Meyer printf("[tv3] pwhash_str failure (maybe intentional): [%u]\n", 225*0ac341f1SConrad Meyer (unsigned int) i); 226*0ac341f1SConrad Meyer } 227*0ac341f1SConrad Meyer } while (++i < (sizeof tests) / (sizeof tests[0])); 228*0ac341f1SConrad Meyer } 229*0ac341f1SConrad Meyer 230*0ac341f1SConrad Meyer static void 231*0ac341f1SConrad Meyer str_tests(void) 232*0ac341f1SConrad Meyer { 233*0ac341f1SConrad Meyer char *str_out; 234*0ac341f1SConrad Meyer char *str_out2; 235*0ac341f1SConrad Meyer char *salt; 236*0ac341f1SConrad Meyer const char *passwd = "Correct Horse Battery Staple"; 237*0ac341f1SConrad Meyer 238*0ac341f1SConrad Meyer salt = (char *) sodium_malloc(crypto_pwhash_SALTBYTES); 239*0ac341f1SConrad Meyer str_out = (char *) sodium_malloc(crypto_pwhash_STRBYTES); 240*0ac341f1SConrad Meyer str_out2 = (char *) sodium_malloc(crypto_pwhash_STRBYTES); 241*0ac341f1SConrad Meyer memcpy(salt, ">A 16-bytes salt", crypto_pwhash_SALTBYTES); 242*0ac341f1SConrad Meyer if (crypto_pwhash_argon2i_str(str_out, passwd, strlen(passwd), OPSLIMIT, 243*0ac341f1SConrad Meyer MEMLIMIT) != 0) { 244*0ac341f1SConrad Meyer printf("pwhash_argon2i_str failure\n"); 245*0ac341f1SConrad Meyer } 246*0ac341f1SConrad Meyer if (crypto_pwhash_argon2i_str(str_out2, passwd, strlen(passwd), OPSLIMIT, 247*0ac341f1SConrad Meyer MEMLIMIT) != 0) { 248*0ac341f1SConrad Meyer printf("pwhash_argon2i_str(2) failure\n"); 249*0ac341f1SConrad Meyer } 250*0ac341f1SConrad Meyer if (strcmp(str_out, str_out2) == 0) { 251*0ac341f1SConrad Meyer printf("pwhash_argon2i_str() doesn't generate different salts\n"); 252*0ac341f1SConrad Meyer } 253*0ac341f1SConrad Meyer if (crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT) != 0) { 254*0ac341f1SConrad Meyer printf("needs_rehash() false positive\n"); 255*0ac341f1SConrad Meyer } 256*0ac341f1SConrad Meyer if (crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT / 2) != 1 || 257*0ac341f1SConrad Meyer crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT / 2, MEMLIMIT) != 1 || 258*0ac341f1SConrad Meyer crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT * 2) != 1 || 259*0ac341f1SConrad Meyer crypto_pwhash_argon2i_str_needs_rehash(str_out, OPSLIMIT * 2, MEMLIMIT) != 1) { 260*0ac341f1SConrad Meyer printf("needs_rehash() false negative\n"); 261*0ac341f1SConrad Meyer } 262*0ac341f1SConrad Meyer if (crypto_pwhash_str_needs_rehash(str_out, OPSLIMIT, MEMLIMIT / 2) != 1) { 263*0ac341f1SConrad Meyer printf("pwhash_str_needs_rehash() didn't handle argon2i\n"); 264*0ac341f1SConrad Meyer } 265*0ac341f1SConrad Meyer if (crypto_pwhash_str_needs_rehash(str_out + 1, OPSLIMIT, MEMLIMIT) != -1 || 266*0ac341f1SConrad Meyer crypto_pwhash_argon2i_str_needs_rehash(str_out + 1, OPSLIMIT, MEMLIMIT) != -1) { 267*0ac341f1SConrad Meyer printf("needs_rehash() didn't fail with an invalid hash string\n"); 268*0ac341f1SConrad Meyer } 269*0ac341f1SConrad Meyer if (sodium_is_zero((const unsigned char *) str_out + strlen(str_out), 270*0ac341f1SConrad Meyer crypto_pwhash_STRBYTES - strlen(str_out)) != 1 || 271*0ac341f1SConrad Meyer sodium_is_zero((const unsigned char *) str_out2 + strlen(str_out2), 272*0ac341f1SConrad Meyer crypto_pwhash_STRBYTES - strlen(str_out2)) != 1) { 273*0ac341f1SConrad Meyer printf("pwhash_str() doesn't properly pad with zeros\n"); 274*0ac341f1SConrad Meyer } 275*0ac341f1SConrad Meyer if (crypto_pwhash_argon2i_str_verify(str_out, passwd, strlen(passwd)) != 0) { 276*0ac341f1SConrad Meyer printf("pwhash_str_verify(1) failure\n"); 277*0ac341f1SConrad Meyer } 278*0ac341f1SConrad Meyer str_out[14]++; 279*0ac341f1SConrad Meyer if (crypto_pwhash_argon2i_str_verify(str_out, passwd, strlen(passwd)) != -1) { 280*0ac341f1SConrad Meyer printf("pwhash_str_verify(2) failure\n"); 281*0ac341f1SConrad Meyer } 282*0ac341f1SConrad Meyer str_out[14]--; 283*0ac341f1SConrad Meyer assert(str_out[crypto_pwhash_STRBYTES - 1U] == 0); 284*0ac341f1SConrad Meyer 285*0ac341f1SConrad Meyer if (crypto_pwhash_argon2i_str(str_out2, passwd, 0x100000000ULL, OPSLIMIT, 286*0ac341f1SConrad Meyer MEMLIMIT) != -1) { 287*0ac341f1SConrad Meyer printf("pwhash_str() with a large password should have failed\n"); 288*0ac341f1SConrad Meyer } 289*0ac341f1SConrad Meyer if (crypto_pwhash_argon2i_str(str_out2, passwd, strlen(passwd), 1, MEMLIMIT) != 290*0ac341f1SConrad Meyer -1) { 291*0ac341f1SConrad Meyer printf("pwhash_str() with a small opslimit should have failed\n"); 292*0ac341f1SConrad Meyer } 293*0ac341f1SConrad Meyer if (crypto_pwhash_argon2i_str_verify("$argon2i$m=65536,t=2,p=1c29tZXNhbHQ" 294*0ac341f1SConrad Meyer "$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ", 295*0ac341f1SConrad Meyer "password", 0x100000000ULL) != -1) { 296*0ac341f1SConrad Meyer printf("pwhash_str_verify(invalid(0)) failure\n"); 297*0ac341f1SConrad Meyer } 298*0ac341f1SConrad Meyer if (crypto_pwhash_argon2i_str_verify("$argon2i$m=65536,t=2,p=1c29tZXNhbHQ" 299*0ac341f1SConrad Meyer "$9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ", 300*0ac341f1SConrad Meyer "password", strlen("password")) != -1) { 301*0ac341f1SConrad Meyer printf("pwhash_str_verify(invalid(1)) failure %d\n", errno); 302*0ac341f1SConrad Meyer } 303*0ac341f1SConrad Meyer if (crypto_pwhash_argon2i_str_verify("$argon2i$m=65536,t=2,p=1$c29tZXNhbHQ" 304*0ac341f1SConrad Meyer "9sTbSlTio3Biev89thdrlKKiCaYsjjYVJxGAL3swxpQ", 305*0ac341f1SConrad Meyer "password", strlen("password")) != -1) { 306*0ac341f1SConrad Meyer printf("pwhash_str_verify(invalid(2)) failure\n"); 307*0ac341f1SConrad Meyer } 308*0ac341f1SConrad Meyer if (crypto_pwhash_str_verify("$argon2i$m=65536,t=2,p=1$c29tZXNhbHQ" 309*0ac341f1SConrad Meyer "$b2G3seW+uPzerwQQC+/E1K50CLLO7YXy0JRcaTuswRo", 310*0ac341f1SConrad Meyer "password", strlen("password")) != -1) { 311*0ac341f1SConrad Meyer printf("pwhash_str_verify(invalid(3)) failure\n"); 312*0ac341f1SConrad Meyer } 313*0ac341f1SConrad Meyer if (crypto_pwhash_str_verify("$argon2i$v=19$m=65536,t=2,p=1c29tZXNhbHQ" 314*0ac341f1SConrad Meyer "$wWKIMhR9lyDFvRz9YTZweHKfbftvj+qf+YFY4NeBbtA", 315*0ac341f1SConrad Meyer "password", strlen("password")) != -1) { 316*0ac341f1SConrad Meyer printf("pwhash_str_verify(invalid(4)) failure\n"); 317*0ac341f1SConrad Meyer } 318*0ac341f1SConrad Meyer if (crypto_pwhash_str_verify("$argon2i$v=19$m=65536,t=2,p=1$c29tZXNhbHQ" 319*0ac341f1SConrad Meyer "wWKIMhR9lyDFvRz9YTZweHKfbftvj+qf+YFY4NeBbtA", 320*0ac341f1SConrad Meyer "password", strlen("password")) != -1) { 321*0ac341f1SConrad Meyer printf("pwhash_str_verify(invalid(5)) failure\n"); 322*0ac341f1SConrad Meyer } 323*0ac341f1SConrad Meyer if (crypto_pwhash_str_verify("$argon2i$v=19$m=65536,t=2,p=1$c29tZXNhbHQ" 324*0ac341f1SConrad Meyer "$8iIuixkI73Js3G1uMbezQXD0b8LG4SXGsOwoQkdAQIM", 325*0ac341f1SConrad Meyer "password", strlen("password")) != -1) { 326*0ac341f1SConrad Meyer printf("pwhash_str_verify(invalid(6)) failure\n"); 327*0ac341f1SConrad Meyer } 328*0ac341f1SConrad Meyer if (crypto_pwhash_str_verify( 329*0ac341f1SConrad Meyer "$argon2i$v=19$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw" 330*0ac341f1SConrad Meyer "$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M", 331*0ac341f1SConrad Meyer "password", strlen("password")) != 0) { 332*0ac341f1SConrad Meyer printf("pwhash_str_verify(valid(7)) failure\n"); 333*0ac341f1SConrad Meyer } 334*0ac341f1SConrad Meyer if (crypto_pwhash_str_verify( 335*0ac341f1SConrad Meyer "$argon2i$v=19$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw" 336*0ac341f1SConrad Meyer "$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M", 337*0ac341f1SConrad Meyer "passwore", strlen("passwore")) != -1 || errno != EINVAL) { 338*0ac341f1SConrad Meyer printf("pwhash_str_verify(invalid(7)) failure\n"); 339*0ac341f1SConrad Meyer } 340*0ac341f1SConrad Meyer if (crypto_pwhash_str_verify( 341*0ac341f1SConrad Meyer "$Argon2i$v=19$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw" 342*0ac341f1SConrad Meyer "$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M", 343*0ac341f1SConrad Meyer "password", strlen("password")) != -1 || errno != EINVAL) { 344*0ac341f1SConrad Meyer printf("pwhash_str_verify(invalid(8)) failure\n"); 345*0ac341f1SConrad Meyer } 346*0ac341f1SConrad Meyer if (crypto_pwhash_str_verify( 347*0ac341f1SConrad Meyer "$argon2i$v=1$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw" 348*0ac341f1SConrad Meyer "$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M", 349*0ac341f1SConrad Meyer "password", strlen("password")) != -1 || errno != EINVAL) { 350*0ac341f1SConrad Meyer printf("pwhash_str_verify(invalid(9)) failure\n"); 351*0ac341f1SConrad Meyer } 352*0ac341f1SConrad Meyer if (crypto_pwhash_str_verify( 353*0ac341f1SConrad Meyer "$argon2i$v=1$m=4096,t=3,p=2$b2RpZHVla~=mRpc29kaXNrdw" 354*0ac341f1SConrad Meyer "$TNnWIwlu1061JHrnCqIAmjs3huSxYIU+0jWipu7Kc9M", 355*0ac341f1SConrad Meyer "password", strlen("password")) != -1 || errno != EINVAL) { 356*0ac341f1SConrad Meyer printf("pwhash_str_verify(invalid(10)) failure\n"); 357*0ac341f1SConrad Meyer } 358*0ac341f1SConrad Meyer if (crypto_pwhash_str_verify( 359*0ac341f1SConrad Meyer "$argon2i$v=1$m=4096,t=3,p=2$b2RpZHVlamRpc29kaXNrdw" 360*0ac341f1SConrad Meyer "$TNnWIwlu1061JHrnCqIAmjs3huSxYI~=U+0jWipu7Kc9M", 361*0ac341f1SConrad Meyer "password", strlen("password")) != -1 || errno != EINVAL) { 362*0ac341f1SConrad Meyer printf("pwhash_str_verify(invalid(11)) failure\n"); 363*0ac341f1SConrad Meyer } 364*0ac341f1SConrad Meyer assert(crypto_pwhash_str_alg(str_out, "test", 4, OPSLIMIT, MEMLIMIT, 365*0ac341f1SConrad Meyer crypto_pwhash_ALG_ARGON2I13) == 0); 366*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_str_verify(str_out, "test", 4) == 0); 367*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_str_needs_rehash(str_out, 368*0ac341f1SConrad Meyer OPSLIMIT, MEMLIMIT) == 0); 369*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_str_needs_rehash(str_out, 370*0ac341f1SConrad Meyer OPSLIMIT / 2, MEMLIMIT) == 1); 371*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_str_needs_rehash(str_out, 372*0ac341f1SConrad Meyer OPSLIMIT, MEMLIMIT / 2) == 1); 373*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_str_needs_rehash(str_out, 0, 0) == 1); 374*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2id_str_needs_rehash(str_out, 0, 0) == -1); 375*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_str_needs_rehash(str_out + 1, 376*0ac341f1SConrad Meyer OPSLIMIT, MEMLIMIT) == -1); 377*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2id_str_needs_rehash(str_out, 0, 0) == -1); 378*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2id_str_needs_rehash("", OPSLIMIT, MEMLIMIT) == -1); 379*0ac341f1SConrad Meyer assert(crypto_pwhash_str_alg(str_out, "test", 4, OPSLIMIT, MEMLIMIT, 380*0ac341f1SConrad Meyer crypto_pwhash_ALG_ARGON2ID13) == 0); 381*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2id_str_verify(str_out, "test", 4) == 0); 382*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2id_str_needs_rehash(str_out, 383*0ac341f1SConrad Meyer OPSLIMIT, MEMLIMIT) == 0); 384*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2id_str_needs_rehash(str_out, 385*0ac341f1SConrad Meyer OPSLIMIT / 2, MEMLIMIT) == 1); 386*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2id_str_needs_rehash(str_out, 387*0ac341f1SConrad Meyer OPSLIMIT, MEMLIMIT / 2) == 1); 388*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2id_str_needs_rehash(str_out, 0, 0) == 1); 389*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_str_needs_rehash(str_out, 0, 0) == -1); 390*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2id_str_needs_rehash("", OPSLIMIT, MEMLIMIT) == -1); 391*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2id_str_needs_rehash(str_out + 1, 392*0ac341f1SConrad Meyer OPSLIMIT, MEMLIMIT) == -1); 393*0ac341f1SConrad Meyer sodium_free(salt); 394*0ac341f1SConrad Meyer sodium_free(str_out); 395*0ac341f1SConrad Meyer sodium_free(str_out2); 396*0ac341f1SConrad Meyer } 397*0ac341f1SConrad Meyer 398*0ac341f1SConrad Meyer int 399*0ac341f1SConrad Meyer main(void) 400*0ac341f1SConrad Meyer { 401*0ac341f1SConrad Meyer tv(); 402*0ac341f1SConrad Meyer tv2(); 403*0ac341f1SConrad Meyer tv3(); 404*0ac341f1SConrad Meyer str_tests(); 405*0ac341f1SConrad Meyer 406*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_bytes_min() > 0U); 407*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_bytes_max() > crypto_pwhash_argon2i_bytes_min()); 408*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_passwd_max() > crypto_pwhash_argon2i_passwd_min()); 409*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_saltbytes() > 0U); 410*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_strbytes() > 1U); 411*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_strbytes() > strlen(crypto_pwhash_argon2i_strprefix())); 412*0ac341f1SConrad Meyer 413*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_opslimit_min() > 0U); 414*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_opslimit_max() > 0U); 415*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_memlimit_min() > 0U); 416*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_memlimit_max() > 0U); 417*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_opslimit_interactive() > 0U); 418*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_memlimit_interactive() > 0U); 419*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_opslimit_moderate() > 0U); 420*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_memlimit_moderate() > 0U); 421*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_opslimit_sensitive() > 0U); 422*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_memlimit_sensitive() > 0U); 423*0ac341f1SConrad Meyer 424*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_bytes_min() == crypto_pwhash_argon2i_BYTES_MIN); 425*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_bytes_max() == crypto_pwhash_argon2i_BYTES_MAX); 426*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_passwd_min() == crypto_pwhash_argon2i_PASSWD_MIN); 427*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_passwd_max() == crypto_pwhash_argon2i_PASSWD_MAX); 428*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_saltbytes() == crypto_pwhash_argon2i_SALTBYTES); 429*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_strbytes() == crypto_pwhash_argon2i_STRBYTES); 430*0ac341f1SConrad Meyer 431*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_opslimit_min() == crypto_pwhash_argon2i_OPSLIMIT_MIN); 432*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_opslimit_max() == crypto_pwhash_argon2i_OPSLIMIT_MAX); 433*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_memlimit_min() == crypto_pwhash_argon2i_MEMLIMIT_MIN); 434*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_memlimit_max() == crypto_pwhash_argon2i_MEMLIMIT_MAX); 435*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_opslimit_interactive() == 436*0ac341f1SConrad Meyer crypto_pwhash_argon2i_OPSLIMIT_INTERACTIVE); 437*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_memlimit_interactive() == 438*0ac341f1SConrad Meyer crypto_pwhash_argon2i_MEMLIMIT_INTERACTIVE); 439*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_opslimit_moderate() == 440*0ac341f1SConrad Meyer crypto_pwhash_argon2i_OPSLIMIT_MODERATE); 441*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_memlimit_moderate() == 442*0ac341f1SConrad Meyer crypto_pwhash_argon2i_MEMLIMIT_MODERATE); 443*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_opslimit_sensitive() == 444*0ac341f1SConrad Meyer crypto_pwhash_argon2i_OPSLIMIT_SENSITIVE); 445*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_memlimit_sensitive() == 446*0ac341f1SConrad Meyer crypto_pwhash_argon2i_MEMLIMIT_SENSITIVE); 447*0ac341f1SConrad Meyer 448*0ac341f1SConrad Meyer assert(crypto_pwhash_argon2i_alg_argon2i13() == crypto_pwhash_argon2i_ALG_ARGON2I13); 449*0ac341f1SConrad Meyer 450*0ac341f1SConrad Meyer printf("OK\n"); 451*0ac341f1SConrad Meyer 452*0ac341f1SConrad Meyer return 0; 453*0ac341f1SConrad Meyer } 454