X-Git-Url: http://www.git.cypherpunks.ru/?a=blobdiff_plain;f=src%2Fcypherpunks.ru%2Fgovpn%2Fverifier.go;h=b68063b94823361f25bc5734d50cd7aa43a6502b;hb=f9209136cff0331fc2293f25061971f6c77ff213;hp=15955e77a2cf65e35ab18172d638a677170a3200;hpb=96b730405d6c9468e156a5386ca6b25a3bcdd3ec;p=govpn.git

diff --git a/src/cypherpunks.ru/govpn/verifier.go b/src/cypherpunks.ru/govpn/verifier.go
index 15955e7..b68063b 100644
--- a/src/cypherpunks.ru/govpn/verifier.go
+++ b/src/cypherpunks.ru/govpn/verifier.go
@@ -28,19 +28,20 @@ import (
 	"os"
 	"strings"
 
+	"cypherpunks.ru/balloon"
 	"github.com/agl/ed25519"
-	"github.com/magical/argon2"
+	"github.com/dchest/blake2b"
 	"golang.org/x/crypto/ssh/terminal"
 )
 
 const (
-	DefaultM = 1 << 12
-	DefaultT = 1 << 7
-	DefaultP = 1
+	DefaultS = 1 << 20 / 32
+	DefaultT = 1 << 4
+	DefaultP = 2
 )
 
 type Verifier struct {
-	M   int
+	S   int
 	T   int
 	P   int
 	Id  *PeerId
@@ -49,17 +50,14 @@ type Verifier struct {
 
 // Generate new verifier for given peer, with specified password and
 // hashing parameters.
-func VerifierNew(m, t, p int, id *PeerId) *Verifier {
-	return &Verifier{M: m, T: t, P: p, Id: id}
+func VerifierNew(s, t, p int, id *PeerId) *Verifier {
+	return &Verifier{S: s, T: t, P: p, Id: id}
 }
 
 // Apply the password: create Ed25519 keypair based on it, save public
 // key in verifier.
 func (v *Verifier) PasswordApply(password string) *[ed25519.PrivateKeySize]byte {
-	r, err := argon2.Key([]byte(password), v.Id[:], v.T, v.P, int64(v.M), 32)
-	if err != nil {
-		log.Fatalln("Unable to apply Argon2d", err)
-	}
+	r := balloon.H(blake2b.New256, []byte(password), v.Id[:], v.S, v.T, v.P)
 	defer SliceZero(r)
 	src := bytes.NewBuffer(r)
 	pub, prv, err := ed25519.GenerateKey(src)
@@ -72,26 +70,26 @@ func (v *Verifier) PasswordApply(password string) *[ed25519.PrivateKeySize]byte
 
 // Parse either short or long verifier form.
 func VerifierFromString(input string) (*Verifier, error) {
-	s := strings.Split(input, "$")
-	if len(s) < 4 || s[1] != "argon2d" {
+	ss := strings.Split(input, "$")
+	if len(ss) < 4 || ss[1] != "balloon" {
 		return nil, errors.New("Invalid verifier structure")
 	}
-	var m, t, p int
-	n, err := fmt.Sscanf(s[2], "m=%d,t=%d,p=%d", &m, &t, &p)
+	var s, t, p int
+	n, err := fmt.Sscanf(ss[2], "s=%d,t=%d,p=%d", &s, &t, &p)
 	if n != 3 || err != nil {
 		return nil, errors.New("Invalid verifier parameters")
 	}
-	salt, err := base64.RawStdEncoding.DecodeString(s[3])
+	salt, err := base64.RawStdEncoding.DecodeString(ss[3])
 	if err != nil {
 		return nil, err
 	}
-	v := Verifier{M: m, T: t, P: p}
+	v := Verifier{S: s, T: t, P: p}
 	id := new([IDSize]byte)
 	copy(id[:], salt)
 	pid := PeerId(*id)
 	v.Id = &pid
-	if len(s) == 5 {
-		pub, err := base64.RawStdEncoding.DecodeString(s[4])
+	if len(ss) == 5 {
+		pub, err := base64.RawStdEncoding.DecodeString(ss[4])
 		if err != nil {
 			return nil, err
 		}
@@ -105,8 +103,8 @@ func VerifierFromString(input string) (*Verifier, error) {
 // Does not include public key.
 func (v *Verifier) ShortForm() string {
 	return fmt.Sprintf(
-		"$argon2d$m=%d,t=%d,p=%d$%s",
-		v.M, v.T, v.P, base64.RawStdEncoding.EncodeToString(v.Id[:]),
+		"$balloon$s=%d,t=%d,p=%d$%s",
+		v.S, v.T, v.P, base64.RawStdEncoding.EncodeToString(v.Id[:]),
 	)
 }