DecodeHash fixes

argon2id.go

@@ -7,11 +7,13 @@
 package argon2id
 
 import (
+	"bytes"
 	"crypto/rand"
 	"crypto/subtle"
 	"encoding/base64"
 	"errors"
 	"fmt"
+	"io/ioutil"
 	"runtime"
 	"strings"
 
@@ -148,17 +150,16 @@ func generateRandomBytes(n uint32) ([]byte, error) {
 // DecodeHash expects a hash created from this package, and parses it to return the params used to
 // create it, as well as the salt and key (password hash).
 func DecodeHash(hash string) (params *Params, salt, key []byte, err error) {
-	vals := strings.Split(hash, "$")
-	if len(vals) != 6 {
-		return nil, nil, nil, ErrInvalidHash
-	}
 
-	if vals[1] != "argon2id" {
+	r := strings.NewReader(hash)
+
+	_, err = fmt.Fscanf(r, "$argon2id$")
+	if err != nil {
 		return nil, nil, nil, ErrIncompatibleVariant
 	}
 
 	var version int
-	_, err = fmt.Sscanf(vals[2], "v=%d", &version)
+	_, err = fmt.Fscanf(r, "v=%d$", &version)
 	if err != nil {
 		return nil, nil, nil, err
 	}
@@ -167,18 +168,35 @@ func DecodeHash(hash string) (params *Params, salt, key []byte, err error) {
 	}
 
 	params = &Params{}
-	_, err = fmt.Sscanf(vals[3], "m=%d,t=%d,p=%d", &params.Memory, &params.Iterations, &params.Parallelism)
+	_, err = fmt.Fscanf(r, "m=%d,t=%d,p=%d$", &params.Memory, &params.Iterations, &params.Parallelism)
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	rest, err := ioutil.ReadAll(r)
 	if err != nil {
 		return nil, nil, nil, err
 	}
+	if bytes.ContainsAny(rest, "\r\n") { // base64 decoder ignores these
+		return nil, nil, nil, ErrInvalidHash
+	}
+
+	var i int
+	if i = bytes.IndexByte(rest, '$'); i == -1 {
+		return nil, nil, nil, ErrInvalidHash
+	}
+
+	b64Enc := base64.RawStdEncoding.Strict()
 
-	salt, err = base64.RawStdEncoding.Strict().DecodeString(vals[4])
+	salt = make([]byte, b64Enc.DecodedLen(i))
+	_, err = b64Enc.Decode(salt, rest[:i])
 	if err != nil {
 		return nil, nil, nil, err
 	}
 	params.SaltLength = uint32(len(salt))
 
-	key, err = base64.RawStdEncoding.Strict().DecodeString(vals[5])
+	key = make([]byte, b64Enc.DecodedLen(len(rest)-i-1))
+	_, err = b64Enc.Decode(key, rest[i+1:])
 	if err != nil {
 		return nil, nil, nil, err
 	}

argon2id_test.go

@@ -56,6 +56,8 @@ func TestComparePasswordAndHash(t *testing.T) {
 	}
 }
 
+const bugHash = "$argon2id$v=19$m=65536,t=1,p=2$UDk0zEuIzbt0x3bwkf8Bgw$ihSfHWUJpTgDvNWiojrgcN4E0pJdUVmqCEdRZesx9tE"
+
 func TestDecodeHash(t *testing.T) {
 	hash, err := CreateHash("pa$$word", DefaultParams)
 	if err != nil {
@@ -69,6 +71,24 @@ func TestDecodeHash(t *testing.T) {
 	if *params != *DefaultParams {
 		t.Fatalf("expected %#v got %#v", *DefaultParams, *params)
 	}
+
+	for _, c := range []string{"v", "m", "t", "p"} {
+		re := regexp.MustCompile("([$,])(" + c + "=[^$,]+)")
+		_, _, _, err = DecodeHash(re.ReplaceAllString(bugHash, "$1JUNK+$2"))
+		if err == nil {
+			t.Fatalf("leading %s key junk should fail decode", c)
+		}
+		_, _, _, err = DecodeHash(re.ReplaceAllString(bugHash, "$1$2+JUNK"))
+		if err == nil {
+			t.Fatalf("trailing %s value junk should fail decode", c)
+		}
+	}
+
+	i := strings.LastIndex(bugHash, "$")
+	_, _, _, err = DecodeHash(bugHash[:i] + "\r$\n" + bugHash[i+1:])
+	if err == nil {
+		t.Fatalf(`\r and \n in base64 data should fail decode`)
+	}
 }
 
 func TestCheckHash(t *testing.T) {
@@ -90,8 +110,7 @@ func TestCheckHash(t *testing.T) {
 }
 
 func TestStrictDecoding(t *testing.T) {
-	// "bug" valid hash: $argon2id$v=19$m=65536,t=1,p=2$UDk0zEuIzbt0x3bwkf8Bgw$ihSfHWUJpTgDvNWiojrgcN4E0pJdUVmqCEdRZesx9tE
-	ok, _, err := CheckHash("bug", "$argon2id$v=19$m=65536,t=1,p=2$UDk0zEuIzbt0x3bwkf8Bgw$ihSfHWUJpTgDvNWiojrgcN4E0pJdUVmqCEdRZesx9tE")
+	ok, _, err := CheckHash("bug", bugHash)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -100,7 +119,7 @@ func TestStrictDecoding(t *testing.T) {
 	}
 
 	// changed one last character of the hash
-	ok, _, err = CheckHash("bug", "$argon2id$v=19$m=65536,t=1,p=2$UDk0zEuIzbt0x3bwkf8Bgw$ihSfHWUJpTgDvNWiojrgcN4E0pJdUVmqCEdRZesx9tF")
+	ok, _, err = CheckHash("bug", bugHash[:len(bugHash)-1]+"F")
 	if err == nil {
 		t.Fatal("Hash validation should fail")
 	}