Implement Passphrase.argon2

src/borg/helpers/passphrase.py

@@ -12,6 +12,8 @@
 
 from ..logger import create_logger
 
+import argon2.low_level
+
 logger = create_logger()
 
 
@@ -140,5 +142,22 @@ def __repr__(self):
     def kdf(self, salt, iterations, length):
         return pbkdf2_hmac('sha256', self.encode('utf-8'), salt, iterations, length)
 
-    def argon2(*, salt, time_cost, memory_cost, parallelism, type):
-        return b'', b''
+    def argon2(
+        self,
+        *,
+        salt: bytes,
+        time_cost,
+        memory_cost,
+        parallelism,
+        type: argon2.low_level.Type
+    ) -> (bytes, bytes):
+        key = argon2.low_level.hash_secret_raw(
+            secret=self.encode("utf-8"),
+            hash_len=64,  # hash_len is in bytes
+            salt=salt,
+            time_cost=time_cost,
+            memory_cost=memory_cost,
+            parallelism=parallelism,
+            type=type,
+        )
+        return key[:32], key[32:]

src/borg/testsuite/helpers.py

@@ -1213,13 +1213,19 @@ def test_passphrase_repr(self):
     def test_argon2(self, monkeypatch):
         # Arrange
         monkeypatch.setenv('BORG_PASSPHRASE', "hello, pass phrase")
-        Passphrase.new()
+        p = Passphrase.new()
 
         # Act
-        enc_key, mac_key = Passphrase.argon2(
+        enc_key, mac_key = p.argon2(
             salt=b'salt'*16,
             time_cost=1,
             memory_cost=2**10,
             parallelism=1,
             type=argon2.low_level.Type.I
         )
+
+        # Assert
+        assert len(enc_key)*8 == 256
+        assert len(mac_key)*8 == 256
+        assert enc_key == b'\n\x93\x03\x1fZ\xc1y\x99\xden\xbagA\xba\xb2(\xec\xd6\xb8\x15\xeaf\x9d\x8a\xbc\xf0?\xc2\x16\xfa\xa8\x1f'
+        assert mac_key == b'\xa7\x16\x12\xe1\x08\xa6\x93\xcc\xb5I\x91\xbf\xd0|}\x88\xe7\x0e_\xd6\xbb\xc5@EuL\x07\x9b\x92I\xc3l'