pg_argon2id.c

/*
 * pg_argon2id.c
 *
 * PostgreSQL extension for Argon2id password hashing.
 * Provides secure password hashing and verification using the Argon2id algorithm.
 *
 * Copyright (c) 2025 Polyák László
 * Licensed under the MIT License
 */

#include "postgres.h"
#include "fmgr.h"
#include "varatt.h"
#include "utils/builtins.h"
#include "libpq/pqformat.h"
#include "mb/pg_wchar.h"
#include "port.h"

#include <argon2.h>
#include <string.h>

PG_MODULE_MAGIC;

/* Default parameters for Argon2id (moderate security) */
#define DEFAULT_TIME_COST 3           /* Number of iterations */
#define DEFAULT_MEMORY_COST 262144    /* Memory usage in KiB (256 MB) */
#define DEFAULT_PARALLELISM 4         /* Number of parallel threads */
#define DEFAULT_SALT_LENGTH 16        /* Salt length in bytes */
#define DEFAULT_HASH_LENGTH 32        /* Hash length in bytes */

/* Minimum and maximum values for security parameters */
#define MIN_TIME_COST 1
#define MAX_TIME_COST 10
#define MIN_MEMORY_COST 8192          /* 8 MB minimum */
#define MAX_MEMORY_COST 2097152       /* 2 GB maximum */
#define MIN_PARALLELISM 1
#define MAX_PARALLELISM 16
#define MIN_SALT_LENGTH 8
#define MAX_SALT_LENGTH 32

/*
 * Function declarations
 * Note: We use pg_ prefix to avoid naming conflicts with argon2 library functions
 */
PG_FUNCTION_INFO_V1(pg_argon2id_hash);
PG_FUNCTION_INFO_V1(pg_argon2id_verify);

/*
 * pg_argon2id_hash
 *
 * Generate an Argon2id hash from a plaintext password.
 *
 * Parameters:
 *   password     - The plaintext password to hash
 *   salt_length  - Length of the random salt (default: 16 bytes)
 *   time_cost    - Number of iterations (default: 3)
 *   memory_cost  - Memory usage in KiB (default: 262144 = 256 MB)
 *   parallelism  - Number of parallel threads (default: 4)
 *
 * Returns:
 *   A text string containing the encoded hash in Argon2 format
 */
Datum
pg_argon2id_hash(PG_FUNCTION_ARGS)
{
	text *password_text;
	char *password;
	int password_len;
	int salt_length = DEFAULT_SALT_LENGTH;
	int time_cost = DEFAULT_TIME_COST;
	int memory_cost = DEFAULT_MEMORY_COST;
	int parallelism = DEFAULT_PARALLELISM;
	uint8 *salt;
	char *encoded;
	size_t encoded_len;
	int result;
	text *result_text;

	/* Get the password argument */
	if (PG_ARGISNULL(0))
		ereport(ERROR,
				(errcode(ERRCODE_NULL_VALUE_NOT_ALLOWED),
				 errmsg("password cannot be NULL")));

	password_text = PG_GETARG_TEXT_PP(0);
	password_len = VARSIZE_ANY_EXHDR(password_text);

	/* Allocate memory for null-terminated password string */
	password = (char *) palloc(password_len + 1);
	memcpy(password, VARDATA_ANY(password_text), password_len);
	password[password_len] = '\0';

	/* Get optional parameters if provided */
	if (!PG_ARGISNULL(1))
	{
		salt_length = PG_GETARG_INT32(1);
		if (salt_length < MIN_SALT_LENGTH || salt_length > MAX_SALT_LENGTH)
			ereport(ERROR,
					(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
					 errmsg("salt_length must be between %d and %d",
							MIN_SALT_LENGTH, MAX_SALT_LENGTH)));
	}

	if (!PG_ARGISNULL(2))
	{
		time_cost = PG_GETARG_INT32(2);
		if (time_cost < MIN_TIME_COST || time_cost > MAX_TIME_COST)
			ereport(ERROR,
					(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
					 errmsg("time_cost must be between %d and %d",
							MIN_TIME_COST, MAX_TIME_COST)));
	}

	if (!PG_ARGISNULL(3))
	{
		memory_cost = PG_GETARG_INT32(3);
		if (memory_cost < MIN_MEMORY_COST || memory_cost > MAX_MEMORY_COST)
			ereport(ERROR,
					(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
					 errmsg("memory_cost must be between %d and %d KiB",
							MIN_MEMORY_COST, MAX_MEMORY_COST)));
	}

	if (!PG_ARGISNULL(4))
	{
		parallelism = PG_GETARG_INT32(4);
		if (parallelism < MIN_PARALLELISM || parallelism > MAX_PARALLELISM)
			ereport(ERROR,
					(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
					 errmsg("parallelism must be between %d and %d",
							MIN_PARALLELISM, MAX_PARALLELISM)));
	}

	/*
	 * Generate cryptographically secure random salt.
	 * We use PostgreSQL's pg_strong_random() which provides
	 * cryptographic-quality random bytes.
	 */
	salt = (uint8 *) palloc(salt_length);
	if (!pg_strong_random(salt, salt_length))
	{
		pfree(salt);
		memset(password, 0, password_len);
		pfree(password);
		ereport(ERROR,
				(errcode(ERRCODE_INTERNAL_ERROR),
				 errmsg("failed to generate random salt")));
	}

	/*
	 * Calculate the maximum length of the encoded hash.
	 * The argon2_encodedlen function calculates the required buffer size.
	 */
	encoded_len = argon2_encodedlen(time_cost, memory_cost, parallelism,
									salt_length, DEFAULT_HASH_LENGTH,
									Argon2_id);

	/* Allocate buffer for the encoded hash */
	encoded = (char *) palloc(encoded_len);

	/*
	 * Generate the hash using argon2id_hash_encoded.
	 * We provide the salt we generated using pg_strong_random().
	 */
	result = argon2id_hash_encoded(time_cost, memory_cost, parallelism,
								   password, password_len,
								   salt, salt_length,
								   DEFAULT_HASH_LENGTH,
								   encoded, encoded_len);

	/* Clean up the salt (no longer needed) */
	pfree(salt);

	/* Clear the password from memory for security */
	memset(password, 0, password_len);
	pfree(password);

	/* Check for errors during hash generation */
	if (result != ARGON2_OK)
	{
		pfree(encoded);
		ereport(ERROR,
				(errcode(ERRCODE_EXTERNAL_ROUTINE_EXCEPTION),
				 errmsg("argon2 hash generation failed: %s",
						argon2_error_message(result))));
	}

	/* Convert C string to PostgreSQL text type */
	result_text = cstring_to_text(encoded);
	pfree(encoded);

	PG_RETURN_TEXT_P(result_text);
}

/*
 * pg_argon2id_verify
 *
 * Verify a plaintext password against an Argon2id hash.
 *
 * Parameters:
 *   password - The plaintext password to verify
 *   hash     - The encoded Argon2id hash to check against
 *
 * Returns:
 *   true if the password matches the hash, false otherwise
 */
Datum
pg_argon2id_verify(PG_FUNCTION_ARGS)
{
	text *password_text;
	text *hash_text;
	char *password;
	char *hash;
	int password_len;
	int hash_len;
	int result;
	bool verified;

	/* Get the password argument */
	if (PG_ARGISNULL(0))
		ereport(ERROR,
				(errcode(ERRCODE_NULL_VALUE_NOT_ALLOWED),
				 errmsg("password cannot be NULL")));

	/* Get the hash argument */
	if (PG_ARGISNULL(1))
		ereport(ERROR,
				(errcode(ERRCODE_NULL_VALUE_NOT_ALLOWED),
				 errmsg("hash cannot be NULL")));

	password_text = PG_GETARG_TEXT_PP(0);
	hash_text = PG_GETARG_TEXT_PP(1);

	password_len = VARSIZE_ANY_EXHDR(password_text);
	hash_len = VARSIZE_ANY_EXHDR(hash_text);

	/* Allocate memory for null-terminated strings */
	password = (char *) palloc(password_len + 1);
	memcpy(password, VARDATA_ANY(password_text), password_len);
	password[password_len] = '\0';

	hash = (char *) palloc(hash_len + 1);
	memcpy(hash, VARDATA_ANY(hash_text), hash_len);
	hash[hash_len] = '\0';

	/*
	 * Verify the password against the hash.
	 * The encoded hash contains all necessary parameters (time cost,
	 * memory cost, parallelism, salt), so we only need to provide
	 * the password and the encoded hash.
	 * Using argon2_verify which works with encoded hashes.
	 */
	result = argon2_verify(hash, password, password_len, Argon2_id);

	/* Clear the password from memory for security */
	memset(password, 0, password_len);
	pfree(password);
	pfree(hash);

	/* Check the verification result */
	if (result == ARGON2_OK)
	{
		/* Password matches */
		verified = true;
	}
	else if (result == ARGON2_VERIFY_MISMATCH)
	{
		/* Password doesn't match */
		verified = false;
	}
	else
	{
		/* Some other error occurred */
		ereport(ERROR,
				(errcode(ERRCODE_EXTERNAL_ROUTINE_EXCEPTION),
				 errmsg("argon2 verification failed: %s",
						argon2_error_message(result))));
	}

	PG_RETURN_BOOL(verified);
}