ITS#9206 contrib/passwd/argon2: consolidate libsodium implementation

* use 'crypto_pwhash_str_alg(..., crypto_pwhash_ALG_ARGON2ID13)' to set
  the algorithm to Argon2.
  According to libsodium's documentation, the original 'crypto_pwhash_str()'
  only guarantees a "memory-hard, CPU-intensive hash function", but not
  necessarily Argon2.  Although in released versions of libsodium Argon2 is
  the only implemented backend, this may chane in the future.
* multiply the 'memory' parameter by 1024 to align it with the libargon2
  implementation. The objective is to have consistent configuration in
  OpenLDAP's pw-argon2 module no matter what backend implementation is used.

Signed-off-by: Peter Marschall <peter@adpm.de>

diff --git a/contrib/slapd-modules/passwd/argon2/pw-argon2.c b/contrib/slapd-modules/passwd/argon2/pw-argon2.c
index a39f8521956b82a8cceaaec57bd37c7b0557c480..e273943c857341413c88e0dab9480b15dbcfe9a9 100644 (file)
--- a/contrib/slapd-modules/passwd/argon2/pw-argon2.c
+++ b/contrib/slapd-modules/passwd/argon2/pw-argon2.c
@@ -128,8 +128,9 @@ slapd_argon2_hash(
        AC_MEMCPY( hash->bv_val, scheme->bv_val, scheme->bv_len );
        p += scheme->bv_len;
 
-       if ( crypto_pwhash_str( p, passwd->bv_val, passwd->bv_len,
-                               iterations, memory ) == 0 ) {
+       if ( crypto_pwhash_str_alg( p, passwd->bv_val, passwd->bv_len,
+                               iterations, memory * 1024,
+                               crypto_pwhash_ALG_ARGON2ID13 ) == 0 ) {
                hash->bv_len = strlen( hash->bv_val );
                rc = LUTIL_PASSWD_OK;
        }