Update hash password function to prep the password

Author: JackTrapper

Argon2.pas

@@ -59,12 +59,16 @@ 	TArgon2 = class(TObject)
 		FSalt: TBytes;
 		FKnownSecret: TBytes;
 		FAssociatedData: TBytes;
+		class function StringToUtf8(Source: UnicodeString): TBytes;
+		class function PasswordStringPrep(Source: UnicodeString): UnicodeString;
 	protected
 		FHashType: Cardinal; //0=Argon2d, 1=Argon2i, 2=Argon2id
 		function GenerateSeedBlock(const Passphrase; PassphraseLength, DesiredNumberOfBytes: Integer): TBytes;
 		function GenerateInitialBlock(const H0: TBytes; ColumnIndex, LaneIndex: Integer): TBytes;
 		class procedure BurnBytes(var data: TBytes);
-		class function PasswordStringPrep(Source: UnicodeString): TBytes;
+		class procedure BurnString(var s: UnicodeString);
+
+		class function PasswordToBytes(Source: UnicodeString): TBytes;
 
 		class function Base64Encode(const data: array of Byte): string;
 		class function Base64Decode(const s: string): TBytes;
@@ -431,6 +435,16 @@ class procedure TArgon2.BurnBytes(var data: TBytes);
 	SetLength(data, 0);
 end;
 
+class procedure TArgon2.BurnString(var s: UnicodeString);
+begin
+	if Length(s) > 0 then
+	begin
+		UniqueString({var}s); //We can't FillChar the string if it's shared, or its in the constant data page
+		FillChar(s[1], Length(s), 0);
+		s := '';
+	end;
+end;
+
 const
 	//The Blake2 IV comes from the SHA2-512 IV.
 	//The values are the the fractional part of the square root of the first 8 primes (2, 3, 5, 7, 11, 13, 17, 19)
@@ -462,6 +476,7 @@ class function TArgon2.CheckPassword(const Password: UnicodeString; const Expect
 var
 	ar: TArgon2;
 	algorithm: string;
+	passwordUtf8: TBytes;
 	version, iterations, memorySizeKB, parallelism: Integer;
 	salt, expected, actual: TBytes;
 	t1, t2, freq: Int64;
@@ -475,8 +490,9 @@ class function TArgon2.CheckPassword(const Password: UnicodeString; const Expect
 		if not ar.TryParseHashString(ExpectedHashString, {out}algorithm, {out}version, {out}iterations, {out}memorySizeKB, {out}parallelism, {out}salt, {out}expected) then
 			raise EArgon2Exception.Create('Could not parse password hash string');
 		try
+			passwordUtf8 := TArgon2.PasswordToBytes(Password);
 			QueryPerformanceCounter(t1);
-			actual := TArgon2.DeriveBytes(Password, Length(Password)*SizeOf(WideChar), salt, iterations, memorySizeKB, parallelism, 32);
+			actual := TArgon2.DeriveBytes(passwordUtf8, Length(Password)*SizeOf(WideChar), salt, iterations, memorySizeKB, parallelism, 32);
 			QueryPerformanceCounter(t2);
 
 			if Length(actual) <> Length(expected) then
@@ -499,6 +515,7 @@ class function TArgon2.CheckPassword(const Password: UnicodeString; const Expect
 		finally
 			ar.BurnBytes(actual);
 			ar.BurnBytes(expected);
+			ar.BurnBytes({var}passwordUtf8);
 		end;
 	finally
 		ar.Free;
@@ -846,7 +863,7 @@ class function TArgon2.HashPassword(const Password: UnicodeString; const Iterati
 	try
 		salt := ar.GenerateSalt;
 
-		utf8Password := TArgon2.PasswordStringPrep(Password); //use proper normalization of spaces,
+		utf8Password := TArgon2.PasswordToBytes(Password); //use proper normalization Form C, convert all spaces, utf8 encoding
 		try
 			derivedBytes := TArgon2.DeriveBytes(utf8Password, Length(Password)*SizeOf(WideChar), salt, Iterations, MemorySizeKB, Parallelism, 32);
 		finally
@@ -869,23 +886,20 @@ procedure BurnString(var s: UnicodeString);
 	end;
 end;
 
-class function TArgon2.PasswordStringPrep(Source: UnicodeString): TBytes;
+class function TArgon2.PasswordStringPrep(Source: UnicodeString): UnicodeString;
 var
-	normalizedLength: Integer;
-	normalized: UnicodeString;
 	strLen: Integer;
+	normalized: UnicodeString;
 	dw: DWORD;
 	i: Integer;
 const
 	CodePage = CP_UTF8;
 	SLenError = '[PasswordStringPrep] Could not get length of destination string. Error %d (%s)';
 	SConvertStringError = '[PasswordStringPrep] Could not convert utf16 to utf8 string. Error %d (%s)';
 begin
+	Result := '';
 	if Length(Source) = 0 then
-	begin
-		SetLength(Result, 0);
 		Exit;
-	end;
 
 	{
 		NIST Special Publication 800-63-3B (Digital Authentication Guideline - Authentication and Lifecycle Management)
@@ -896,7 +910,7 @@ class function TArgon2.PasswordStringPrep(Source: UnicodeString): TBytes;
 			- C (Composition):                 adds character+diacritic into single code point (if possible)
 			- D (Decomposition):               separates an accented character into the letter and the diacritic
 
-		SASLprep (rfc4013) says to use NFKC:
+		SASLprep (RFC4013) agrees, saying to use NFKC:
 
 			2.2.  Normalization
 
@@ -928,7 +942,7 @@ class function TArgon2.PasswordStringPrep(Source: UnicodeString): TBytes;
 
 				RFC7613 - Preparation, Enforcement, and Comparison of Internationalized Strings Representing Usernames and Passwords
 
-		reverses earlier RFC, and specifies NFC:
+		and reverses earlier RFC, and specifies NFC:
 
 			4.2.2.  Enforcement
 
@@ -979,7 +993,7 @@ class function TArgon2.PasswordStringPrep(Source: UnicodeString): TBytes;
 
 		This loss of data when using KC is evident in RFC7613's requirement:
 
-				... halfwidth characters MUST NOT be mapped to their decomposition mappings...
+				...halfwidth characters MUST NOT be mapped to their decomposition mappings...
 
 		Using Form NFKC causes the half-width character
 
@@ -1037,59 +1051,76 @@ class function TArgon2.PasswordStringPrep(Source: UnicodeString): TBytes;
 
 	//We use concrete variable for length, because i've seen it return asking for 64 bytes for a 6 byte string
 //	normalizedLength := NormalizeString(5, PWideChar(Source), Length(Source), nil, 0);
-	normalizedLength := FoldString(MAP_PRECOMPOSED, PWideChar(Source), Length(Source), nil, 0);
-	if normalizedLength = 0 then
+	strLen := FoldString(MAP_PRECOMPOSED, PWideChar(Source), Length(Source), nil, 0);
+	if strLen = 0 then
 	begin
 		dw := GetLastError;
 		raise EConvertError.CreateFmt(SLenError, [dw, SysErrorMessage(dw)]);
 	end;
 
 	// Allocate memory for destination string
-	SetLength(normalized, normalizedLength);
+	SetLength(Result, strLen);
 
 	// Now do it for real
+//	normalizedLength := NormalizeString(5, PWideChar(Source), Length(Source), PWideChar(normalized), Length(normalized));
+	strLen := FoldString(MAP_PRECOMPOSED, PWideChar(Source), Length(Source), PWideChar(Result), Length(Result));
+	if strLen = 0 then
+	begin
+		dw := GetLastError;
+		raise EConvertError.CreateFmt(SLenError, [dw, SysErrorMessage(dw)]);
+	end;
+end;
+
+class function TArgon2.PasswordToBytes(Source: UnicodeString): TBytes;
+var
+	prepared: UnicodeString;
+begin
+	prepared := TArgon2.PasswordStringPrep(Source);
 	try
-//		normalizedLength := NormalizeString(5, PWideChar(Source), Length(Source), PWideChar(normalized), Length(normalized));
-		normalizedLength := FoldString(MAP_PRECOMPOSED, PWideChar(Source), Length(Source), PWideChar(normalized), Length(normalized));
-		if normalizedLength = 0 then
-		begin
-			dw := GetLastError;
-			raise EConvertError.CreateFmt(SLenError, [dw, SysErrorMessage(dw)]);
-		end;
+		Result := TArgon2.StringToUtf8(prepared);
+	finally
+		TArgon2.BurnString({var}prepared);
+	end;
+end;
 
-		{
-			Now perform the conversion of UTF-16 to UTF-8
-		}
-		// Determine real size of destination string, in bytes
-		strLen := WideCharToMultiByte(CodePage, 0,
-				PWideChar(normalized), normalizedLength, //Source
-				nil, 0, //Destination
-				nil, nil);
-		if strLen = 0 then
-		begin
-			dw := GetLastError;
-			raise EConvertError.CreateFmt(SLenError, [dw, SysErrorMessage(dw)]);
-		end;
+class function TArgon2.StringToUtf8(Source: UnicodeString): TBytes;
+var
+	strLen: Integer;
+	dw: DWORD;
+	i: Integer;
+const
+	CodePage = CP_UTF8;
+	SLenError = '[StringToUtf8] Could not get length of destination string. Error %d (%s)';
+	SConvertStringError = '[StringToUtf8] Could not convert utf16 to utf8 string. Error %d (%s)';
+begin
+	SetLength(Result, 0);
 
-		// Allocate memory for destination string
-		SetLength(Result, strLen+1); //+1 for the null terminator
+	if Length(Source) = 0 then
+		Exit;
 
-		// Convert source UTF-16 string (WideString) to the destination using the code-page
-		strLen := WideCharToMultiByte(CodePage, 0,
-				PWideChar(normalized), normalizedLength, //Source
-				PAnsiChar(Result), strLen, //Destination
-				nil, nil);
-		if strLen = 0 then
-		begin
-			dw := GetLastError;
-			raise EConvertError.CreateFmt(SConvertStringError, [dw, SysErrorMessage(dw)]);
-		end;
+	// Determine real size of destination string, in bytes
+	strLen := WideCharToMultiByte(CP_UTF8, 0,
+			PWideChar(Source), Length(Source), //Source
+			nil, 0, //Destination
+			nil, nil);
+	if strLen = 0 then
+	begin
+		dw := GetLastError;
+		raise EConvertError.CreateFmt(SLenError, [dw, SysErrorMessage(dw)]);
+	end;
 
-		//Set the null terminator
-		Result[strLen] := 0;
-	finally
-		//Burn the intermediate normalized form
-		BurnString(normalized);
+	// Allocate memory for destination string
+	SetLength(Result, strLen);
+
+	// Convert source UTF-16 string (WideString) to the destination using the code-page
+	strLen := WideCharToMultiByte(CodePage, 0,
+			PWideChar(Source), Length(Source), //Source
+			PAnsiChar(Result), strLen, //Destination
+			nil, nil);
+	if strLen = 0 then
+	begin
+		dw := GetLastError;
+		raise EConvertError.CreateFmt(SConvertStringError, [dw, SysErrorMessage(dw)]);
 	end;
 end;
 

Argon2Tests.pas

@@ -119,8 +119,8 @@ procedure TArgon2Tests.NormalizedPasswordsMatch;
 				i:  U+0069
 				n:  U+006E
 	}
-	password1 := 'A' + #$0308 + #$FB01 + 'n';
-	password2 := #$00C4 + 'f' + 'i' + 'n';
+	password1 := 'A' + #$0308 + #$FB01 + 'n'; //uncomposed form
+	password2 := #$00C4 + 'f' + 'i' + 'n';    //composed form
 
 	hash := TArgon2.HashPassword(password1, 1, 16, 1);
 	bRes := TArgon2.CheckPassword(password2, hash, {out}passwordRehashNeeded);
@@ -161,7 +161,7 @@ procedure TArgon2Tests.PasswordPrep_HalfWidthFullWidth;
 			U+FF54  FULLWIDTH LATIN SMALL   LETTER t   UTF8 0xEF 0xBD 0x94
 	}
 	pass := #$ff34 + #$ff45 + #$ff53 + #$ff54;
-	TestStringPrep(pass, [$ef, $bc, $b4, $ef, $bd, $85, $ef, $bd, $93, $ef, $bd, $94, 0]);
+	TestStringPrep(pass, [$ef, $bc, $b4, $ef, $bd, $85, $ef, $bd, $93, $ef, $bd, $94]);
 
 	{
 		Halfwidth
@@ -174,12 +174,10 @@ procedure TArgon2Tests.PasswordPrep_HalfWidthFullWidth;
 			U+1162  HANGUL JUNGSEONG AE                UTF8 0xE1 0x85 0xA2
 	}
 	pass := #$ffc3;
-	TestStringPrep(pass, [$ef, $bf, $83, 0]);
+	TestStringPrep(pass, [$ef, $bf, $83]);
 end;
 
 procedure TArgon2Tests.PasswordPrep_Spaces;
-var
-	pass: UnicodeString;
 begin
 	{
 		SASLprep rules for passwords
@@ -200,23 +198,23 @@ procedure TArgon2Tests.PasswordPrep_Spaces;
 
 		4.  Normalization Rule: Unicode Normalization Form C (NFC) MUST be applied to all characters.
 	}
-	TestStringPrep(#$0020, [$20, $00]); //U+0020	SPACE
-	TestStringPrep(#$00A0, [$20, $00]); //U+00A0	NO-BREAK SPACE
-	TestStringPrep(#$1680, [$20, $00]); //U+1680	OGHAM SPACE MARK
-	TestStringPrep(#$2000, [$20, $00]); //U+2000	EN QUAD
-	TestStringPrep(#$2001, [$20, $00]); //U+2001	EM QUAD
-	TestStringPrep(#$2002, [$20, $00]); //U+2002	EN SPACE
-	TestStringPrep(#$2003, [$20, $00]); //U+2003	EM SPACE
-	TestStringPrep(#$2004, [$20, $00]); //U+2004	THREE-PER-EM SPACE
-	TestStringPrep(#$2005, [$20, $00]); //U+2005	FOUR-PER-EM SPACE
-	TestStringPrep(#$2006, [$20, $00]); //U+2006	SIX-PER-EM SPACE
-	TestStringPrep(#$2007, [$20, $00]); //U+2007	FIGURE SPACE
-	TestStringPrep(#$2008, [$20, $00]); //U+2008	PUNCTUATION SPACE
-	TestStringPrep(#$2009, [$20, $00]); //U+2009	THIN SPACE
-	TestStringPrep(#$200A, [$20, $00]); //U+200A	HAIR SPACE
-	TestStringPrep(#$202F, [$20, $00]); //U+202F	NARROW NO-BREAK SPACE
-	TestStringPrep(#$205F, [$20, $00]); //U+205F	MEDIUM MATHEMATICAL SPACE
-	TestStringPrep(#$3000, [$20, $00]); //U+3000	IDEOGRAPHIC SPACE
+	TestStringPrep(#$0020, [$20]); //U+0020	SPACE
+	TestStringPrep(#$00A0, [$20]); //U+00A0	NO-BREAK SPACE
+	TestStringPrep(#$1680, [$20]); //U+1680	OGHAM SPACE MARK
+	TestStringPrep(#$2000, [$20]); //U+2000	EN QUAD
+	TestStringPrep(#$2001, [$20]); //U+2001	EM QUAD
+	TestStringPrep(#$2002, [$20]); //U+2002	EN SPACE
+	TestStringPrep(#$2003, [$20]); //U+2003	EM SPACE
+	TestStringPrep(#$2004, [$20]); //U+2004	THREE-PER-EM SPACE
+	TestStringPrep(#$2005, [$20]); //U+2005	FOUR-PER-EM SPACE
+	TestStringPrep(#$2006, [$20]); //U+2006	SIX-PER-EM SPACE
+	TestStringPrep(#$2007, [$20]); //U+2007	FIGURE SPACE
+	TestStringPrep(#$2008, [$20]); //U+2008	PUNCTUATION SPACE
+	TestStringPrep(#$2009, [$20]); //U+2009	THIN SPACE
+	TestStringPrep(#$200A, [$20]); //U+200A	HAIR SPACE
+	TestStringPrep(#$202F, [$20]); //U+202F	NARROW NO-BREAK SPACE
+	TestStringPrep(#$205F, [$20]); //U+205F	MEDIUM MATHEMATICAL SPACE
+	TestStringPrep(#$3000, [$20]); //U+3000	IDEOGRAPHIC SPACE
 end;
 
 function TArgon2Tests.Blake2b(const Data; DataLen, DesiredBytes: Integer; const Key; KeyLen: Integer): TBytes;
@@ -393,6 +391,10 @@ procedure TArgon2Tests.Test_Argon2i;
 	ar: TArgon2;
 	expected, actual: TBytes;
 begin
+	{
+		Argon2d test vector
+		https://tools.ietf.org/id/draft-irtf-cfrg-argon2-03.html#rfc.section.6.1
+	}
 	password := TBytes.Create(1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1); //32 bytes of 1
 
 	//Argon2i
@@ -404,6 +406,7 @@ procedure TArgon2Tests.Test_Argon2i;
 		ar.Salt := TBytes.Create(2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2); //16 bytes of 2
 		ar.KnownSecret := TBytes.Create(3, 3, 3, 3, 3, 3, 3, 3); //8 bytes of 3
 		ar.AssociatedData := TBytes.Create(4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4); //12 bytes of 4
+
 		actual := ar.GetBytes(password[0], Length(password), 32);
 	finally
 		ar.Free;
@@ -785,7 +788,7 @@ procedure TArgon2Tests.UnicodeNormalizationComposition;
 	}
 	password := 'A' + #$0308 + #$FB01 + 'n';
 
-	TestStringPrep(password, [$C3, $84, $EF, $AC, $81, $6E, 0]);
+	TestStringPrep(password, [$C3, $84, $EF, $AC, $81, $6E]);
 end;
 
 function TArgon2Tests.GetBlake2bUnkeyedTestVector(Index: Integer): string;
@@ -1234,11 +1237,11 @@ procedure TArgon2Tests.CheckEqualsBytes(const ExpectedBytes: array of Byte; cons
 
 procedure TArgon2Tests.TestStringPrep(const s: UnicodeString; Expected: array of Byte);
 var
-	data: TBytes;
+	actual: TBytes;
 begin
-	data := TArgon2Friend.PasswordStringPrep(s);
+	actual := TArgon2Friend.PasswordToBytes(s);
 
-	CheckEqualsBytes(Expected, data, s);
+	CheckEqualsBytes(Expected, actual, s);
 end;
 
 function TArgon2Tests.GetBlake2bKeyedTestVector(Index: Integer): string;
@@ -1575,6 +1578,12 @@ procedure TArgon2Tests.HashAlgorithm_Blake2b_Splits;
 	hasher: IHashAlgorithm;
 	split1, split2: Integer;
 begin
+	if not FindCmdLineSwitch('IncludeSlowTests', ['-','/'], True) then
+	begin
+		Status('Skipping slow test. Use -IncludeSlowTests');
+		Exit;
+	end;
+
 	{
 		https://github.com/BLAKE2/BLAKE2/blob/master/csharp/Blake2Sharp.Tests/SequentialTests.cs