argon2 0.0.1 → 0.0.2

data/ext/phc-winner-argon2/src/opt.c

@@ -0,0 +1,173 @@
+/*
+ * Argon2 source code package
+ *
+ * Written by Daniel Dinu and Dmitry Khovratovich, 2015
+ *
+ * This work is licensed under a Creative Commons CC0 1.0 License/Waiver.
+ *
+ * You should have received a copy of the CC0 Public Domain Dedication along
+ * with
+ * this software. If not, see
+ * <http://creativecommons.org/publicdomain/zero/1.0/>.
+ */
+
+#include <stdint.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include <immintrin.h>
+
+#include "argon2.h"
+#include "core.h"
+#include "opt.h"
+
+#include "blake2/blake2.h"
+#include "blake2/blamka-round-opt.h"
+
+void fill_block(__m128i *state, const uint8_t *ref_block, uint8_t *next_block) {
+    __m128i block_XY[ARGON2_QWORDS_IN_BLOCK];
+    uint32_t i;
+
+    for (i = 0; i < ARGON2_QWORDS_IN_BLOCK; i++) {
+        block_XY[i] = state[i] = _mm_xor_si128(
+            state[i], _mm_loadu_si128((__m128i const *)(&ref_block[16 * i])));
+    }
+
+    for (i = 0; i < 8; ++i) {
+        BLAKE2_ROUND(state[8 * i + 0], state[8 * i + 1], state[8 * i + 2],
+                     state[8 * i + 3], state[8 * i + 4], state[8 * i + 5],
+                     state[8 * i + 6], state[8 * i + 7]);
+    }
+
+    for (i = 0; i < 8; ++i) {
+        BLAKE2_ROUND(state[8 * 0 + i], state[8 * 1 + i], state[8 * 2 + i],
+                     state[8 * 3 + i], state[8 * 4 + i], state[8 * 5 + i],
+                     state[8 * 6 + i], state[8 * 7 + i]);
+    }
+
+    for (i = 0; i < ARGON2_QWORDS_IN_BLOCK; i++) {
+        state[i] = _mm_xor_si128(state[i], block_XY[i]);
+        _mm_storeu_si128((__m128i *)(&next_block[16 * i]), state[i]);
+    }
+}
+
+void generate_addresses(const argon2_instance_t *instance,
+                        const argon2_position_t *position,
+                        uint64_t *pseudo_rands) {
+    block address_block, input_block;
+    uint32_t i;
+
+    init_block_value(&address_block, 0);
+    init_block_value(&input_block, 0);
+
+    if (instance != NULL && position != NULL) {
+        input_block.v[0] = position->pass;
+        input_block.v[1] = position->lane;
+        input_block.v[2] = position->slice;
+        input_block.v[3] = instance->memory_blocks;
+        input_block.v[4] = instance->passes;
+        input_block.v[5] = instance->type;
+
+        for (i = 0; i < instance->segment_length; ++i) {
+            if (i % ARGON2_ADDRESSES_IN_BLOCK == 0) {
+                __m128i zero_block[ARGON2_QWORDS_IN_BLOCK];
+                __m128i zero2_block[ARGON2_QWORDS_IN_BLOCK];
+                memset(zero_block, 0, sizeof(zero_block));
+                memset(zero2_block, 0, sizeof(zero2_block));
+                input_block.v[6]++;
+                fill_block(zero_block, (uint8_t *)&input_block.v,
+                           (uint8_t *)&address_block.v);
+                fill_block(zero2_block, (uint8_t *)&address_block.v,
+                           (uint8_t *)&address_block.v);
+            }
+
+            pseudo_rands[i] = address_block.v[i % ARGON2_ADDRESSES_IN_BLOCK];
+        }
+    }
+}
+
+void fill_segment(const argon2_instance_t *instance,
+                  argon2_position_t position) {
+    block *ref_block = NULL, *curr_block = NULL;
+    uint64_t pseudo_rand, ref_index, ref_lane;
+    uint32_t prev_offset, curr_offset;
+    uint32_t starting_index, i;
+    __m128i state[64];
+    int data_independent_addressing = (instance->type == Argon2_i);
+
+    /* Pseudo-random values that determine the reference block position */
+    uint64_t *pseudo_rands = NULL;
+
+    if (instance == NULL) {
+        return;
+    }
+
+    pseudo_rands =
+        (uint64_t *)malloc(sizeof(uint64_t) * instance->segment_length);
+    if (pseudo_rands == NULL) {
+        return;
+    }
+
+    if (data_independent_addressing) {
+        generate_addresses(instance, &position, pseudo_rands);
+    }
+
+    starting_index = 0;
+
+    if ((0 == position.pass) && (0 == position.slice)) {
+        starting_index = 2; /* we have already generated the first two blocks */
+    }
+
+    /* Offset of the current block */
+    curr_offset = position.lane * instance->lane_length +
+                  position.slice * instance->segment_length + starting_index;
+
+    if (0 == curr_offset % instance->lane_length) {
+        /* Last block in this lane */
+        prev_offset = curr_offset + instance->lane_length - 1;
+    } else {
+        /* Previous block */
+        prev_offset = curr_offset - 1;
+    }
+
+    memcpy(state, ((instance->memory + prev_offset)->v), ARGON2_BLOCK_SIZE);
+
+    for (i = starting_index; i < instance->segment_length;
+         ++i, ++curr_offset, ++prev_offset) {
+        /*1.1 Rotating prev_offset if needed */
+        if (curr_offset % instance->lane_length == 1) {
+            prev_offset = curr_offset - 1;
+        }
+
+        /* 1.2 Computing the index of the reference block */
+        /* 1.2.1 Taking pseudo-random value from the previous block */
+        if (data_independent_addressing) {
+            pseudo_rand = pseudo_rands[i];
+        } else {
+            pseudo_rand = instance->memory[prev_offset].v[0];
+        }
+
+        /* 1.2.2 Computing the lane of the reference block */
+        ref_lane = ((pseudo_rand >> 32)) % instance->lanes;
+
+        if ((position.pass == 0) && (position.slice == 0)) {
+            /* Can not reference other lanes yet */
+            ref_lane = position.lane;
+        }
+
+        /* 1.2.3 Computing the number of possible reference block within the
+         * lane.
+         */
+        position.index = i;
+        ref_index = index_alpha(instance, &position, pseudo_rand & 0xFFFFFFFF,
+                                ref_lane == position.lane);
+
+        /* 2 Creating a new block */
+        ref_block =
+            instance->memory + instance->lane_length * ref_lane + ref_index;
+        curr_block = instance->memory + curr_offset;
+        fill_block(state, (uint8_t *)ref_block->v, (uint8_t *)curr_block->v);
+    }
+
+    free(pseudo_rands);
+}

data/ext/phc-winner-argon2/src/opt.h

@@ -0,0 +1,49 @@
+/*
+ * Argon2 source code package
+ *
+ * Written by Daniel Dinu and Dmitry Khovratovich, 2015
+ *
+ * This work is licensed under a Creative Commons CC0 1.0 License/Waiver.
+ *
+ * You should have received a copy of the CC0 Public Domain Dedication along
+ * with
+ * this software. If not, see
+ * <http://creativecommons.org/publicdomain/zero/1.0/>.
+ */
+
+#ifndef ARGON2_OPT_H
+#define ARGON2_OPT_H
+
+/*
+ * Function fills a new memory block. Differs from the
+ * @param state Pointer to the just produced block. Content will be updated(!)
+ * @param ref_block Pointer to the reference block
+ * @param next_block Pointer to the block to be constructed
+ * @pre all block pointers must be valid
+ */
+void fill_block(__m128i *state, const uint8_t *ref_block, uint8_t *next_block);
+
+/*
+ * Generate pseudo-random values to reference blocks in the segment and puts
+ * them into the array
+ * @param instance Pointer to the current instance
+ * @param position Pointer to the current position
+ * @param pseudo_rands Pointer to the array of 64-bit values
+ * @pre pseudo_rands must point to @a instance->segment_length allocated values
+ */
+void generate_addresses(const argon2_instance_t *instance,
+                        const argon2_position_t *position,
+                        uint64_t *pseudo_rands);
+
+/*
+ * Function that fills the segment using previous segments also from other
+ * threads.
+ * Identical to the reference code except that it calls optimized FillBlock()
+ * @param instance Pointer to the current instance
+ * @param position Current position
+ * @pre all block pointers must be valid
+ */
+void fill_segment(const argon2_instance_t *instance,
+                  argon2_position_t position);
+
+#endif /* ARGON2_OPT_H */

data/ext/phc-winner-argon2/src/ref.c

@@ -0,0 +1,175 @@
+/*
+ * Argon2 source code package
+ *
+ * Written by Daniel Dinu and Dmitry Khovratovich, 2015
+ *
+ * This work is licensed under a Creative Commons CC0 1.0 License/Waiver.
+ *
+ * You should have received a copy of the CC0 Public Domain Dedication along
+ * with
+ * this software. If not, see
+ * <http://creativecommons.org/publicdomain/zero/1.0/>.
+ */
+
+#include <stdint.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "argon2.h"
+#include "core.h"
+#include "ref.h"
+
+#include "blake2/blamka-round-ref.h"
+#include "blake2/blake2-impl.h"
+#include "blake2/blake2.h"
+
+void fill_block(const block *prev_block, const block *ref_block,
+                block *next_block) {
+    block blockR, block_tmp;
+    unsigned i;
+
+    copy_block(&blockR, ref_block);
+    xor_block(&blockR, prev_block);
+    copy_block(&block_tmp, &blockR);
+
+    /* Apply Blake2 on columns of 64-bit words: (0,1,...,15) , then
+       (16,17,..31)... finally (112,113,...127) */
+    for (i = 0; i < 8; ++i) {
+        BLAKE2_ROUND_NOMSG(
+            blockR.v[16 * i], blockR.v[16 * i + 1], blockR.v[16 * i + 2],
+            blockR.v[16 * i + 3], blockR.v[16 * i + 4], blockR.v[16 * i + 5],
+            blockR.v[16 * i + 6], blockR.v[16 * i + 7], blockR.v[16 * i + 8],
+            blockR.v[16 * i + 9], blockR.v[16 * i + 10], blockR.v[16 * i + 11],
+            blockR.v[16 * i + 12], blockR.v[16 * i + 13], blockR.v[16 * i + 14],
+            blockR.v[16 * i + 15]);
+    }
+
+    /* Apply Blake2 on rows of 64-bit words: (0,1,16,17,...112,113), then
+       (2,3,18,19,...,114,115).. finally (14,15,30,31,...,126,127) */
+    for (i = 0; i < 8; i++) {
+        BLAKE2_ROUND_NOMSG(
+            blockR.v[2 * i], blockR.v[2 * i + 1], blockR.v[2 * i + 16],
+            blockR.v[2 * i + 17], blockR.v[2 * i + 32], blockR.v[2 * i + 33],
+            blockR.v[2 * i + 48], blockR.v[2 * i + 49], blockR.v[2 * i + 64],
+            blockR.v[2 * i + 65], blockR.v[2 * i + 80], blockR.v[2 * i + 81],
+            blockR.v[2 * i + 96], blockR.v[2 * i + 97], blockR.v[2 * i + 112],
+            blockR.v[2 * i + 113]);
+    }
+
+    copy_block(next_block, &block_tmp);
+    xor_block(next_block, &blockR);
+}
+
+void generate_addresses(const argon2_instance_t *instance,
+                        const argon2_position_t *position,
+                        uint64_t *pseudo_rands) {
+    block zero_block, input_block, address_block;
+    uint32_t i;
+
+    init_block_value(&zero_block, 0);
+    init_block_value(&input_block, 0);
+    init_block_value(&address_block, 0);
+
+    if (instance != NULL && position != NULL) {
+        input_block.v[0] = position->pass;
+        input_block.v[1] = position->lane;
+        input_block.v[2] = position->slice;
+        input_block.v[3] = instance->memory_blocks;
+        input_block.v[4] = instance->passes;
+        input_block.v[5] = instance->type;
+
+        for (i = 0; i < instance->segment_length; ++i) {
+            if (i % ARGON2_ADDRESSES_IN_BLOCK == 0) {
+                input_block.v[6]++;
+                fill_block(&zero_block, &input_block, &address_block);
+                fill_block(&zero_block, &address_block, &address_block);
+            }
+
+            pseudo_rands[i] = address_block.v[i % ARGON2_ADDRESSES_IN_BLOCK];
+        }
+    }
+}
+
+void fill_segment(const argon2_instance_t *instance,
+                  argon2_position_t position) {
+    block *ref_block = NULL, *curr_block = NULL;
+    uint64_t pseudo_rand, ref_index, ref_lane;
+    uint32_t prev_offset, curr_offset;
+    uint32_t starting_index;
+    uint32_t i;
+    int data_independent_addressing = (instance->type == Argon2_i);
+    /* Pseudo-random values that determine the reference block position */
+    uint64_t *pseudo_rands = NULL;
+
+    if (instance == NULL) {
+        return;
+    }
+
+    pseudo_rands =
+        (uint64_t *)malloc(sizeof(uint64_t) * (instance->segment_length));
+
+    if (pseudo_rands == NULL) {
+        return;
+    }
+
+    if (data_independent_addressing) {
+        generate_addresses(instance, &position, pseudo_rands);
+    }
+
+    starting_index = 0;
+
+    if ((0 == position.pass) && (0 == position.slice)) {
+        starting_index = 2; /* we have already generated the first two blocks */
+    }
+
+    /* Offset of the current block */
+    curr_offset = position.lane * instance->lane_length +
+                  position.slice * instance->segment_length + starting_index;
+
+    if (0 == curr_offset % instance->lane_length) {
+        /* Last block in this lane */
+        prev_offset = curr_offset + instance->lane_length - 1;
+    } else {
+        /* Previous block */
+        prev_offset = curr_offset - 1;
+    }
+
+    for (i = starting_index; i < instance->segment_length;
+         ++i, ++curr_offset, ++prev_offset) {
+        /*1.1 Rotating prev_offset if needed */
+        if (curr_offset % instance->lane_length == 1) {
+            prev_offset = curr_offset - 1;
+        }
+
+        /* 1.2 Computing the index of the reference block */
+        /* 1.2.1 Taking pseudo-random value from the previous block */
+        if (data_independent_addressing) {
+            pseudo_rand = pseudo_rands[i];
+        } else {
+            pseudo_rand = instance->memory[prev_offset].v[0];
+        }
+
+        /* 1.2.2 Computing the lane of the reference block */
+        ref_lane = ((pseudo_rand >> 32)) % instance->lanes;
+
+        if ((position.pass == 0) && (position.slice == 0)) {
+            /* Can not reference other lanes yet */
+            ref_lane = position.lane;
+        }
+
+        /* 1.2.3 Computing the number of possible reference block within the
+         * lane.
+         */
+        position.index = i;
+        ref_index = index_alpha(instance, &position, pseudo_rand & 0xFFFFFFFF,
+                                ref_lane == position.lane);
+
+        /* 2 Creating a new block */
+        ref_block =
+            instance->memory + instance->lane_length * ref_lane + ref_index;
+        curr_block = instance->memory + curr_offset;
+        fill_block(instance->memory + prev_offset, ref_block, curr_block);
+    }
+
+    free(pseudo_rands);
+}

data/ext/phc-winner-argon2/src/ref.h

@@ -0,0 +1,49 @@
+/*
+ * Argon2 source code package
+ *
+ * Written by Daniel Dinu and Dmitry Khovratovich, 2015
+ *
+ * This work is licensed under a Creative Commons CC0 1.0 License/Waiver.
+ *
+ * You should have received a copy of the CC0 Public Domain Dedication along
+ * with
+ * this software. If not, see
+ * <http://creativecommons.org/publicdomain/zero/1.0/>.
+ */
+
+#ifndef ARGON2_REF_H
+#define ARGON2_REF_H
+
+/*
+ * Function fills a new memory block
+ * @param prev_block Pointer to the previous block
+ * @param ref_block Pointer to the reference block
+ * @param next_block Pointer to the block to be constructed
+ * @pre all block pointers must be valid
+ */
+void fill_block(const block *prev_block, const block *ref_block,
+                block *next_block);
+
+/*
+ * Generate pseudo-random values to reference blocks in the segment and puts
+ * them into the array
+ * @param instance Pointer to the current instance
+ * @param position Pointer to the current position
+ * @param pseudo_rands Pointer to the array of 64-bit values
+ * @pre pseudo_rands must point to @a instance->segment_length allocated values
+ */
+void generate_addresses(const argon2_instance_t *instance,
+                        const argon2_position_t *position,
+                        uint64_t *pseudo_rands);
+
+/*
+ * Function that fills the segment using previous segments also from other
+ * threads
+ * @param instance Pointer to the current instance
+ * @param position Current position
+ * @pre all block pointers must be valid
+ */
+void fill_segment(const argon2_instance_t *instance,
+                  argon2_position_t position);
+
+#endif /* ARGON2_REF_H */

data/ext/phc-winner-argon2/src/run.c

@@ -0,0 +1,223 @@
+/*
+ * Argon2 source code package
+ *
+ * Written by Daniel Dinu and Dmitry Khovratovich, 2015
+ *
+ * This work is licensed under a Creative Commons CC0 1.0 License/Waiver.
+ *
+ * You should have received a copy of the CC0 Public Domain Dedication along
+ * with
+ * this software. If not, see
+ * <http://creativecommons.org/publicdomain/zero/1.0/>.
+ */
+
+#include <stdio.h>
+#include <stdint.h>
+#include <inttypes.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+
+#include "argon2.h"
+#include "core.h"
+
+#define T_COST_DEF 3
+#define LOG_M_COST_DEF 12 /* 2^12 = 4 MiB */
+#define LANES_DEF 1
+#define THREADS_DEF 1
+#define OUT_LEN 32
+#define SALT_LEN 16
+
+#define UNUSED_PARAMETER(x) (void)(x)
+
+static void usage(const char *cmd) {
+    printf("Usage:  %s pwd salt [-d] [-t iterations] [-m memory] "
+           "[-p parallelism]\n",
+           cmd);
+
+    printf("Parameters:\n");
+    printf("\tpwd\t\tThe password to hash\n");
+    printf("\tsalt\t\tThe salt to use, at most 16 characters\n");
+    printf("\t-d\t\tUse Argon2d instead of Argon2i (which is the default)\n");
+    printf("\t-t N\t\tSets the number of iterations to N (default = %d)\n",
+           T_COST_DEF);
+    printf("\t-m N\t\tSets the memory usage of 2^N KiB (default %d)\n",
+           LOG_M_COST_DEF);
+    printf("\t-p N\t\tSets parallelism to N threads (default %d)\n",
+           THREADS_DEF);
+}
+
+static void fatal(const char *error) {
+    fprintf(stderr, "Error: %s\n", error);
+    exit(1);
+}
+
+/*
+Runs Argon2 with certain inputs and parameters, inputs not cleared. Prints the
+Base64-encoded hash string
+@out output array with at least 32 bytes allocated
+@pwd NULL-terminated string, presumably from argv[]
+@salt salt array with at least SALTLEN_DEF bytes allocated
+@t_cost number of iterations
+@m_cost amount of requested memory in KB
+@lanes amount of requested parallelism
+@threads actual parallelism
+@type String, only "d" and "i" are accepted
+*/
+static void run(uint8_t *out, char *pwd, uint8_t *salt, uint32_t t_cost,
+                uint32_t m_cost, uint32_t lanes, uint32_t threads,
+                const char *type) {
+    clock_t start_time, stop_time;
+    unsigned pwd_length;
+    argon2_context context;
+    uint32_t i;
+
+    start_time = clock();
+
+    if (!pwd) {
+        fatal("password missing");
+    }
+
+    if (!salt) {
+        secure_wipe_memory(pwd, strlen(pwd));
+        fatal("salt missing");
+    }
+
+    pwd_length = strlen(pwd);
+
+    UNUSED_PARAMETER(threads);
+
+    context.out = out;
+    context.outlen = OUT_LEN;
+    context.pwd = (uint8_t *)pwd;
+    context.pwdlen = pwd_length;
+    context.salt = salt;
+    context.saltlen = SALT_LEN;
+    context.secret = NULL;
+    context.secretlen = 0;
+    context.ad = NULL;
+    context.adlen = 0;
+    context.t_cost = t_cost;
+    context.m_cost = m_cost;
+    context.lanes = lanes;
+    context.threads = lanes;
+    context.allocate_cbk = NULL;
+    context.free_cbk = NULL;
+    context.flags = ARGON2_FLAG_CLEAR_PASSWORD;
+
+    if (!strcmp(type, "d")) {
+        int result = argon2d(&context);
+        if (result != ARGON2_OK)
+            fatal(error_message(result));
+    } else if (!strcmp(type, "i")) {
+        int result = argon2i(&context);
+        if (result != ARGON2_OK)
+            fatal(error_message(result));
+    } else {
+        secure_wipe_memory(pwd, strlen(pwd));
+        fatal("wrong Argon2 type");
+    }
+
+    stop_time = clock();
+
+    /* add back when proper decoding */
+    /*
+    char encoded[300];
+    encode_string(encoded, sizeof encoded, &context);
+    printf("%s\n", encoded);
+    */
+    printf("Hash:\t\t");
+    for (i = 0; i < context.outlen; ++i) {
+        printf("%02x", context.out[i]);
+    }
+    printf("\n");
+
+    printf("%2.3f seconds\n",
+           ((double)stop_time - start_time) / (CLOCKS_PER_SEC));
+}
+
+int main(int argc, char *argv[]) {
+    unsigned char out[OUT_LEN];
+    uint32_t m_cost = 1 << LOG_M_COST_DEF;
+    uint32_t t_cost = T_COST_DEF;
+    uint32_t lanes = LANES_DEF;
+    uint32_t threads = THREADS_DEF;
+    char *pwd = NULL;
+    uint8_t salt[SALT_LEN];
+    const char *type = "i";
+    int i;
+
+    if (argc < 3) {
+        usage(argv[0]);
+        return ARGON2_MISSING_ARGS;
+    }
+
+    /* get password and salt from command line */
+    pwd = argv[1];
+    if (strlen(argv[2]) > SALT_LEN) {
+        fatal("salt too long");
+    }
+    memset(salt, 0x00, SALT_LEN); /* pad with null bytes */
+    memcpy(salt, argv[2], strlen(argv[2]));
+
+    /* parse options */
+    for (i = 3; i < argc; i++) {
+        const char *a = argv[i];
+        unsigned long input = 0;
+        if (!strcmp(a, "-m")) {
+            if (i < argc - 1) {
+                i++;
+                input = strtoul(argv[i], NULL, 10);
+                if (input == 0 || input == ULONG_MAX ||
+                    input > ARGON2_MAX_MEMORY_BITS) {
+                    fatal("bad numeric input for -m");
+                }
+                m_cost = ARGON2_MIN(UINT64_C(1) << input, UINT32_C(0xFFFFFFFF));
+                if (m_cost > ARGON2_MAX_MEMORY) {
+                    fatal("m_cost overflow");
+                }
+                continue;
+            } else {
+                fatal("missing -m argument");
+            }
+        } else if (!strcmp(a, "-t")) {
+            if (i < argc - 1) {
+                i++;
+                input = strtoul(argv[i], NULL, 10);
+                if (input == 0 || input == ULONG_MAX ||
+                    input > ARGON2_MAX_TIME) {
+                    fatal("bad numeric input for -t");
+                }
+                t_cost = input;
+                continue;
+            } else {
+                fatal("missing -t argument");
+            }
+        } else if (!strcmp(a, "-p")) {
+            if (i < argc - 1) {
+                i++;
+                input = strtoul(argv[i], NULL, 10);
+                if (input == 0 || input == ULONG_MAX ||
+                    input > ARGON2_MAX_THREADS || input > ARGON2_MAX_LANES) {
+                    fatal("bad numeric input for -p");
+                }
+                threads = input;
+                lanes = threads;
+                continue;
+            } else {
+                fatal("missing -p argument");
+            }
+        } else if (!strcmp(a, "-d")) {
+            type = "d";
+        } else {
+            fatal("unknown argument");
+        }
+    }
+    printf("Type:\t\tArgon2%c\n", type[0]);
+    printf("Iterations:\t%" PRIu32 " \n", t_cost);
+    printf("Memory:\t\t%" PRIu32 " KiB\n", m_cost);
+    printf("Parallelism:\t%" PRIu32 " \n", lanes);
+    run(out, pwd, salt, t_cost, m_cost, lanes, threads, type);
+
+    return ARGON2_OK;
+}