Line data    Source code

       1             : /* Copyright (C) 2021 Wildfire Games.
       2             :  * This file is part of 0 A.D.
       3             :  *
       4             :  * 0 A.D. is free software: you can redistribute it and/or modify
       5             :  * it under the terms of the GNU General Public License as published by
       6             :  * the Free Software Foundation, either version 2 of the License, or
       7             :  * (at your option) any later version.
       8             :  *
       9             :  * 0 A.D. is distributed in the hope that it will be useful,
      10             :  * but WITHOUT ANY WARRANTY; without even the implied warranty of
      11             :  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      12             :  * GNU General Public License for more details.
      13             :  *
      14             :  * You should have received a copy of the GNU General Public License
      15             :  * along with 0 A.D.  If not, see <http://www.gnu.org/licenses/>.
      16             :  */
      17             : #include "precompiled.h"
      18             : 
      19             : #include "ps/CStr.h"
      20             : #include "ps/Util.h"
      21             : 
      22             : #include <sodium.h>
      23             : 
      24          15 : CStr8 HashCryptographically(const CStr8& string, const CStr8& salt)
      25             : {
      26          15 :     if (string.empty())
      27           2 :         return string;
      28             : 
      29          13 :     ENSURE(sodium_init() >= 0);
      30             : 
      31          13 :     constexpr int SALTSIZE = crypto_pwhash_SALTBYTES;
      32             :     static_assert(SALTSIZE >= crypto_generichash_BYTES_MIN);
      33             :     static_assert(SALTSIZE <= crypto_generichash_BYTES_MAX);
      34             :     static_assert(SALTSIZE >= crypto_generichash_KEYBYTES_MIN);
      35             :     static_assert(SALTSIZE <= crypto_generichash_KEYBYTES_MAX);
      36             : 
      37             :     // First generate a fixed-size salt from out variable-sized one (libsodium requires it).
      38          13 :     unsigned char salt_buffer[SALTSIZE] = {
      39             :         235, 82, 29, 20, 135, 168, 184, 97, 7, 240, 48, 109, 8, 34, 158, 32,
      40             :     };
      41             :     crypto_generichash_state state;
      42          13 :     crypto_generichash_init(&state, salt_buffer, SALTSIZE, SALTSIZE);
      43          13 :     crypto_generichash_update(&state, reinterpret_cast<const unsigned char*>(salt.c_str()), salt.size());
      44          13 :     crypto_generichash_final(&state, salt_buffer, SALTSIZE);
      45             : 
      46          13 :     constexpr int HASHSIZE = 32;
      47             :     static_assert(HASHSIZE >= crypto_pwhash_BYTES_MIN);
      48             :     static_assert(HASHSIZE <= crypto_pwhash_BYTES_MAX);
      49             : 
      50             :     // Now that we have a fixed-length key, use that to hash the password.
      51          13 :     unsigned char output[HASHSIZE] = { 0 };
      52             :     // For HashCryptographically, we use 'fast' parameters, corresponding to low values.
      53             :     // These parameters must not change, or hashes will change, hence why the #defined values are copied.
      54          13 :     constexpr size_t memLimit = 8192 * 4; // 4 * crypto_pwhash_argon2id_MEMLIMIT_MIN
      55          13 :     constexpr size_t opsLimit = 2; // crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE
      56          13 :     ENSURE(crypto_pwhash(output, HASHSIZE, string.c_str(), string.size(), salt_buffer, opsLimit, memLimit, crypto_pwhash_ALG_ARGON2ID13) == 0);
      57             : 
      58          13 :     return CStr(Hexify(output, HASHSIZE)).UpperCase();
      59           3 : }