From 2f9f6102108e68e866e5ef9db34b3cf291c57bec Mon Sep 17 00:00:00 2001 From: Francis Lachapelle Date: Tue, 5 Jul 2022 12:42:57 -0400 Subject: [PATCH] fix(core): handle argon2i password scheme Fixes #5531 --- Documentation/SOGoInstallationGuide.asciidoc | 2 +- SoObjects/SOGo/NSData+Crypto.m | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Documentation/SOGoInstallationGuide.asciidoc b/Documentation/SOGoInstallationGuide.asciidoc index ef4074b91..bf9a06a62 100644 --- a/Documentation/SOGoInstallationGuide.asciidoc +++ b/Documentation/SOGoInstallationGuide.asciidoc @@ -1700,7 +1700,7 @@ passwords. Possible values are: `none`, `plain`, `crypt`, `md5`, `sha256-crypt`, `sha512`, `sha512-crypt`, its ssha (e.g. `ssha` or `ssha256`) variants, `blf-crypt`, `PBKDF2`, and `sym-aes-128-cbc`. The `argon2i` and `argon2id` password hashing algorithms are supported -if SOGo is compiled with `libsodium`. +if SOGo is compiled with `libsodium`. `argon2` is a synonym for `argon2i`. Passwords can have the scheme prepended in the form `{scheme}encryptedPass`. diff --git a/SoObjects/SOGo/NSData+Crypto.m b/SoObjects/SOGo/NSData+Crypto.m index ed7912494..6a2f241d1 100644 --- a/SoObjects/SOGo/NSData+Crypto.m +++ b/SoObjects/SOGo/NSData+Crypto.m @@ -272,7 +272,8 @@ static const char salt_chars[] = return [self asPBKDF2SHA1UsingSalt: theSalt]; } #ifdef HAVE_SODIUM - else if ([passwordScheme caseInsensitiveCompare: @"argon2i"] == NSOrderedSame) + else if ([passwordScheme caseInsensitiveCompare: @"argon2i"] == NSOrderedSame || + [passwordScheme caseInsensitiveCompare: @"argon2"] == NSOrderedSame) { return [self asArgon2iUsingSalt: theSalt]; }