Improvement: PHC string handling & verify fn

[malobre]

A nice DX improvement would be to provide verify and hash functions that handles PHC strings.

Here's a wrapper I currently use which only depends on the rfc4648 package for base64 (by far the best implementation I could find) :

PHC string handlers

// This is free and unencumbered software released into the public domain.
// 
// Anyone is free to copy, modify, publish, use, compile, sell, or
// distribute this software, either in source code form or as a compiled
// binary, for any purpose, commercial or non-commercial, and by any
// means.
// 
// In jurisdictions that recognize copyright laws, the author or authors
// of this software dedicate any and all copyright interest in the
// software to the public domain. We make this dedication for the benefit
// of the public at large and to the detriment of our heirs and
// successors. We intend this dedication to be an overt act of
// relinquishment in perpetuity of all present and future rights to this
// software under copyright law.
// 
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
// IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
// OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
// ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
// OTHER DEALINGS IN THE SOFTWARE.
// 
// For more information, please refer to <https://unlicense.org>

import { base64 } from "rfc4648";

import loadArgon2idWasm, { Argon2idParams } from "argon2id";

const argon2id = await loadArgon2idWasm();

export const hash = (params: Argon2idParams) => {
  const digest = argon2id(params);

  return "$".concat(
    [
      "argon2id",
      `v=${0x13}`,
      [
        `m=${params.memorySize}`,
        `t=${params.passes}`,
        `p=${params.parallelism}`,
      ].join(","),
      base64.stringify(params.salt, { pad: false }),
      base64.stringify(digest, { pad: false }),
    ].join("$"),
  );
};

// NOT CONSTANT-TIME !
export const verify = (
  password: Uint8Array,
  phcString: string,
  secret?: Uint8Array,
) => {
  const [id, version, paramsString, saltB64, digestB64] = phcString
    .substring(1)
    .split("$", 5);

  if (id !== "argon2id") throw `unknown hashing function: ${id}`;
  if (version !== `v=${0x13}`) throw `unknown argon2id version: ${version}`;

  const params = Object.fromEntries(
    paramsString.split(",").map((param) => param.split("=", 2)),
  );

  if (!("m" in params)) throw "missing `m` parameter";
  if (!("t" in params)) throw "missing `t` parameter";
  if (!("p" in params)) throw "missing `p` parameter";

  const memorySize = Number.parseInt(params.m);
  const passes = Number.parseInt(params.t);
  const parallelism = Number.parseInt(params.p);
  const ad =
    "data" in params ? base64.parse(params.data, { loose: true }) : undefined;

  const salt = base64.parse(saltB64, { loose: true });
  const digest = base64.parse(digestB64, { loose: true });

  const expectedDigest = argon2id({
    password,
    salt,
    secret,
    ad,
    memorySize,
    passes,
    parallelism,
    tagLength: digest.length,
  });

  for (let i = 0; i < digest.length; i++) {
    if (digest[i] !== expectedDigest[i]) return false;
  }

  return true;
};

export default {
  hash,
  verify,
};

By the way, thank you for this high quality package :)

[mitar]

Yes, PHC would be great to have to have interoperability with server-side code.