From: Peter Marschall <peter@adpm.de>
Date: Tue, 7 Apr 2020 10:11:38 +0000 (+0200)
Subject: ITS#9206 contrib/passwd/argon2: consolidate libsodium implementation
X-Git-Tag: OPENLDAP_REL_ENG_2_4_50~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8ff81631875690938dc775fcc92b4c86cc89ea6d;p=thirdparty%2Fopenldap.git

ITS#9206 contrib/passwd/argon2: consolidate libsodium implementation

* use 'crypto_pwhash_str_alg(..., crypto_pwhash_ALG_ARGON2ID13)' to set
  the algorithm to Argon2.
  According to libsodium's documentation, the original 'crypto_pwhash_str()'
  only guarantees a "memory-hard, CPU-intensive hash function", but not
  necessarily Argon2.  Although in released versions of libsodium Argon2 is
  the only implemented backend, this may chane in the future.
* multiply the 'memory' parameter by 1024 to align it with the libargon2
  implementation. The objective is to have consistent configuration in
  OpenLDAP's pw-argon2 module no matter what backend implementation is used.

Signed-off-by: Peter Marschall <peter@adpm.de>
---

diff --git a/contrib/slapd-modules/passwd/argon2/pw-argon2.c b/contrib/slapd-modules/passwd/argon2/pw-argon2.c
index a39f852195..e273943c85 100644
--- a/contrib/slapd-modules/passwd/argon2/pw-argon2.c
+++ b/contrib/slapd-modules/passwd/argon2/pw-argon2.c
@@ -128,8 +128,9 @@ slapd_argon2_hash(
 	AC_MEMCPY( hash->bv_val, scheme->bv_val, scheme->bv_len );
 	p += scheme->bv_len;
 
-	if ( crypto_pwhash_str( p, passwd->bv_val, passwd->bv_len,
-				iterations, memory ) == 0 ) {
+	if ( crypto_pwhash_str_alg( p, passwd->bv_val, passwd->bv_len,
+				iterations, memory * 1024,
+				crypto_pwhash_ALG_ARGON2ID13 ) == 0 ) {
 		hash->bv_len = strlen( hash->bv_val );
 		rc = LUTIL_PASSWD_OK;
 	}