-/*
-balloon -- Balloon password hashing function
-Copyright (C) 2016-2019 Sergey Matveev <stargrave@stargrave.org>
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU Lesser General Public License as
-published by the Free Software Foundation, either version 3 of the
-License, or (at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU Lesser General Public License for more details.
-
-You should have received a copy of the GNU Lesser General Public
-License along with this program. If not, see
-<http://www.gnu.org/licenses/>.
-*/
+// balloon -- Balloon password hashing function
+// Copyright (C) 2016-2024 Sergey Matveev <stargrave@stargrave.org>
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Lesser General Public License as
+// the Free Software Foundation, version 3 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public
+// License along with this program. If not, see
+// <http://www.gnu.org/licenses/>.
package balloon
import (
+ "bytes"
"crypto/rand"
"crypto/sha256"
+ "crypto/sha512"
+ "encoding/hex"
"testing"
"testing/quick"
)
if len(passwd) == 0 || len(salt) == 0 {
return true
}
- B(sha256.New(), passwd, salt, int(s)%16+1, int(t)%16+1)
+ B(sha512.New(), passwd, salt, uint64(s)%16+1, uint64(t)%16+1)
return true
}
if err := quick.Check(f, nil); err != nil {
if len(passwd) == 0 || len(salt) == 0 {
return true
}
- H(sha256.New, passwd, salt, int(s)%16+1, int(t)%16+1, int(p)%8+1)
+ H(sha512.New, passwd, salt, int(s)%16+1, int(t)%16+1, int(p)%8+1)
return true
}
if err := quick.Check(f, nil); err != nil {
rand.Read(passwd)
salt := make([]byte, 8)
rand.Read(salt)
+ h := sha512.New()
+ sCost := uint64(1 << 10 / h.Size())
b.ResetTimer()
for i := 0; i < b.N; i++ {
- B(sha256.New(), passwd, salt, 1<<10/sha256.New().Size(), 4)
+ B(h, passwd, salt, sCost, 4)
}
}
rand.Read(passwd)
salt := make([]byte, 8)
rand.Read(salt)
+ sCost := 1 << 10 / sha512.New().Size()
b.ResetTimer()
for i := 0; i < b.N; i++ {
- H(sha256.New, passwd, salt, 1<<10/sha256.New().Size(), 4, 4)
+ H(sha512.New, passwd, salt, sCost, 4, 4)
+ }
+}
+
+func mustHexDecode(s string) []byte {
+ b, err := hex.DecodeString(s)
+ if err != nil {
+ panic(err)
+ }
+ return b
+}
+
+func TestVectors(t *testing.T) {
+ // taken from Nettle 3.9
+ if !bytes.Equal(
+ B(sha256.New(), []byte("password"), []byte("salt"), 1, 1),
+ mustHexDecode("eefda4a8a75b461fa389c1dcfaf3e9dfacbc26f81f22e6f280d15cc18c417545"),
+ ) {
+ t.FailNow()
+ }
+
+ if !bytes.Equal(
+ B(sha256.New(), []byte{0}, []byte{0}, 3, 3),
+ mustHexDecode("4fc7e302ffa29ae0eac31166cee7a552d1d71135f4e0da66486fb68a749b73a4"),
+ ) {
+ t.FailNow()
+ }
+
+ if !bytes.Equal(
+ B(sha256.New(), nil, []byte("salt"), 3, 3),
+ mustHexDecode("5f02f8206f9cd212485c6bdf85527b698956701ad0852106f94b94ee94577378"),
+ ) {
+ t.FailNow()
+ }
+
+ if !bytes.Equal(
+ B(sha256.New(), []byte("password"), nil, 3, 3),
+ mustHexDecode("20aa99d7fe3f4df4bd98c655c5480ec98b143107a331fd491deda885c4d6a6cc"),
+ ) {
+ t.FailNow()
+ }
+
+ if !bytes.Equal(
+ B(sha256.New(), []byte("hunter42"), []byte("examplesalt"), 1024, 3),
+ mustHexDecode("716043dff777b44aa7b88dcbab12c078abecfac9d289c5b5195967aa63440dfb"),
+ ) {
+ t.FailNow()
}
}