Requires libsodium ≥ 1.0.9 to be present at compile time.
Thus, the following distributions will have support for at least
ARGON2i:
* rhel ≥ 7 (with EPEL enabled)
* Debian ≥ 9 (stretch)
* Ubuntu ≥ Bionic (18.04)
Fixes#4895
Extend NSData+Crypto to support PBKDF2 with SHA1 HMAC as dovecot
is using it since v2.3.0.
The format hashed passwords is {PBKDF2}$1$<salt>$<rounds>$<hashed value in hex>
The implementation of pkcs#5 PBKDF2 is taken from openbsd (with minor
adjustments) as OpenSSL and GnuTLS would require quite new versions to
support this hash.
Instead of converting binary data to base64 in order to get printable
data, use a white list of characters allowed and select from those.
This also makes sure we will get the right amount of characters as
requested, not potentially longer strings.
Dovecot promotes the use of BLF-CRYPT as a hashing scheme [1].
However, as not all libc-crypt() implementations support this scheme,
use the implementation added in a previous commit.
Also, update the references to the dovecot implementation and a small
test case for testing the blowfish implementation.
[1] https://doc.dovecot.org/configuration_manual/authentication/password_schemes/Fixes#4958