From 409eea677ddc6f57bc77ecbbbe6610f7b9cb5f7c Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Mon, 24 May 2021 11:50:53 -0400
Subject: [PATCH] Continue removal of argon hashing

---
 salt/common/init.sls           |  2 --
 salt/common/tools/sbin/so-user | 11 ++++-------
 setup/so-functions             |  4 ++--
 3 files changed, 6 insertions(+), 11 deletions(-)

diff --git a/salt/common/init.sls b/salt/common/init.sls
index 33a8b9984..79a7c5300 100644
--- a/salt/common/init.sls
+++ b/salt/common/init.sls
@@ -95,7 +95,6 @@ commonpkgs:
       - netcat
       - python3-mysqldb
       - sqlite3
-      - argon2
       - libssl-dev
       - python3-dateutil
       - python3-m2crypto
@@ -128,7 +127,6 @@ commonpkgs:
       - net-tools
       - curl
       - sqlite
-      - argon2
       - mariadb-devel
       - nmap-ncat
       - python3
diff --git a/salt/common/tools/sbin/so-user b/salt/common/tools/sbin/so-user
index b97cc8a8b..edfa4b303 100755
--- a/salt/common/tools/sbin/so-user
+++ b/salt/common/tools/sbin/so-user
@@ -39,10 +39,7 @@ email=$2
 
 kratosUrl=${KRATOS_URL:-http://127.0.0.1:4434}
 databasePath=${KRATOS_DB_PATH:-/opt/so/conf/kratos/db/db.sqlite}
-argon2Iterations=${ARGON2_ITERATIONS:-3}
-argon2Memory=${ARGON2_MEMORY:-14}
-argon2Parallelism=${ARGON2_PARALLELISM:-2}
-argon2HashSize=${ARGON2_HASH_SIZE:-32}
+bcryptRounds=${BCRYPT_ROUNDS:-12}
 
 function fail() {
   msg=$1
@@ -58,7 +55,7 @@ function require() {
 
 # Verify this environment is capable of running this script
 function verifyEnvironment() {
-  require "argon2"
+  require "htpasswd"
   require "jq"
   require "curl"
   require "openssl"
@@ -111,8 +108,8 @@ function updatePassword() {
 
   if [[ -n $identityId ]]; then
     # Generate password hash
-    salt=$(openssl rand -hex 8)
-    passwordHash=$(echo "${password}" | argon2 ${salt} -id -t $argon2Iterations -m $argon2Memory -p $argon2Parallelism -l $argon2HashSize -e)
+    passwordHash=$(echo "${password}" | htpasswd -niBC $bcryptRounds SOUSER) | cut -c 11-
+    passwordHash="\$2a${passwordHash}
 
     # Update DB with new hash
     echo "update identity_credentials set config=CAST('{\"hashed_password\":\"${passwordHash}\"}' as BLOB) where identity_id=${identityId};" | sqlite3 "$databasePath"
diff --git a/setup/so-functions b/setup/so-functions
index 5ce3d6dee..33e0514fc 100755
--- a/setup/so-functions
+++ b/setup/so-functions
@@ -2079,7 +2079,7 @@ saltify() {
 			'MANAGER' | 'EVAL' | 'MANAGERSEARCH' | 'FLEET' | 'HELIXSENSOR' | 'STANDALONE'| 'IMPORT')
 				reserve_group_ids >> "$setup_log" 2>&1
 				if [[ ! $is_iso ]]; then
-				  logCmd "yum -y install sqlite argon2 curl mariadb-devel"
+				  logCmd "yum -y install sqlite curl mariadb-devel"
 				fi 
 				# Download Ubuntu Keys in case manager updates = 1
 				mkdir -p /opt/so/gpg >> "$setup_log" 2>&1
@@ -2175,7 +2175,7 @@ saltify() {
 				
 				retry 50 10 "apt-get update" >> "$setup_log" 2>&1 || exit 1
 				set_progress_str 6 'Installing various dependencies'
-				retry 50 10 "apt-get -y install sqlite3 argon2 libssl-dev" >> "$setup_log" 2>&1 || exit 1
+				retry 50 10 "apt-get -y install sqlite3 libssl-dev" >> "$setup_log" 2>&1 || exit 1
 				set_progress_str 7 'Installing salt-master'
 				retry 50 10 "apt-get -y install salt-master=3003+ds-1" >> "$setup_log" 2>&1 || exit 1
 				retry 50 10 "apt-mark hold salt-master" >> "$setup_log" 2>&1 || exit 1