argon2 0.0.2 → 0.1.0

data/ext/phc-winner-argon2/.gitignore

@@ -5,3 +5,4 @@ libargon2.dylib
 .DS_Store
 src/*.o
 src/blake2/*.o
+test.c

data/ext/phc-winner-argon2/Makefile

@@ -14,7 +14,7 @@ GENKAT = genkat
 DIST = phc-winner-argon2
 
 CC = gcc
-SRC = src/argon2.c src/core.c src/blake2/blake2b.c src/thread.c
+SRC = src/argon2.c src/core.c src/blake2/blake2b.c src/thread.c src/encoding.c
 SRC_RUN = src/run.c
 SRC_BENCH = src/bench.c
 SRC_GENKAT = src/genkat.c

data/ext/phc-winner-argon2/README.md

@@ -36,10 +36,9 @@ results.
 on your system. To show usage instructions, run
 `./argon2` without arguments as
 ```
-$ ./argon2
-Usage:  ./argon2 pwd salt [-d] [-t iterations] [-m memory] [-p parallelism]
+Usage:  ./argon2 salt [-d] [-t iterations] [-m memory] [-p parallelism]
+        Password is read from stdin
 Parameters:
-        pwd             The password to hash
         salt            The salt to use, at most 16 characters
         -d              Use Argon2d instead of Argon2i (which is the default)
         -t N            Sets the number of iterations to N (default = 3)
@@ -49,13 +48,15 @@ Parameters:
 For example, to hash "password" using "somesalt" as a salt and doing 2
 iterations, consuming 64 MiB, and using four parallel threads:
 ```
-$ ./argon2 password somesalt -t 2 -m 16 -p 4
+$ echo -n "password" | ./argon2 somesalt -t 2 -m 16 -p 4
 Type:           Argon2i
 Iterations:     2
 Memory:         65536 KiB
 Parallelism:    4
 Hash:           4162f32384d8f4790bd994cb73c83a4a29f076165ec18af3cfdcf10a8d1b9066
-0.265 seconds
+Encoded:        $argon2i$m=65536,t=2,p=4$c29tZXNhbHQAAAAAAAAAAA$QWLzI4TY9HkL2ZTLc8g6SinwdhZewYrzz9zxCo0bkGY
+0.271 seconds
+Verification ok
 ```
 
 ### Library
@@ -83,48 +84,47 @@ below is named `test.c` and placed in the project's root directory.
 #include <string.h>
 #include <stdlib.h>
 
-#define OUTLEN 32
+#define HASHLEN 32
 #define SALTLEN 16
 #define PWD "password"
 
 int main(void)
 {
-    uint8_t out1[OUTLEN];
-    uint8_t out2[OUTLEN];
+    uint8_t hash1[HASHLEN];
+    uint8_t hash2[HASHLEN];
 
     uint8_t salt[SALTLEN];
     memset( salt, 0x00, SALTLEN );
 
-    uint8_t *in = (uint8_t *)strdup(PWD);
-    uint32_t inlen = strlen((char *)in);
+    uint8_t *pwd = (uint8_t *)strdup(PWD);
+    uint32_t pwdlen = strlen((char *)pwd);
 
     uint32_t t_cost = 2;            // 1-pass computation
     uint32_t m_cost = (1<<16);      // 64 mebibytes memory usage
+    uint32_t parallelism = 1;       // number of threads and lanes
 
     // high-level API
-    hash_argon2i( out1, OUTLEN, in, inlen, salt, SALTLEN, t_cost, m_cost );
-    free(in);
+    argon2i_hash_raw(t_cost, m_cost, parallelism, pwd, pwdlen, salt, SALTLEN, hash1, HASHLEN);
 
     // low-level API
-    uint32_t lanes = 1;             // lanes 1 by default
-    uint32_t threads = 1;           // threads 1 by default
-    in = (uint8_t *)strdup(PWD);    // was erased by previous call
+    uint32_t lanes = parallelism;
+    uint32_t threads = parallelism;
     argon2_context context = {
-        out2, OUTLEN, 
-        in, inlen, 
+        hash2, HASHLEN, 
+        pwd, pwdlen, 
         salt, SALTLEN,
         NULL, 0, /* secret data */
         NULL, 0, /* associated data */
-        t_cost, m_cost, lanes, threads, 
+        t_cost, m_cost, parallelism, parallelism, 
         NULL, NULL, /* custom memory allocation / deallocation functions */
         ARGON2_DEFAULT_FLAGS /* by default the password is zeroed on exit */
     };
     argon2i( &context );
-    free(in);
+    free(pwd);
 
-    for( int i=0; i<OUTLEN; ++i ) printf( "%02x", out1[i] ); printf( "\n" );
-    if (memcmp(out1, out2, OUTLEN)) {
-        for( int i=0; i<OUTLEN; ++i ) printf( "%02x", out2[i] ); printf( "\n" );
+    for( int i=0; i<HASHLEN; ++i ) printf( "%02x", hash1[i] ); printf( "\n" );
+    if (memcmp(hash1, hash2, HASHLEN)) {
+        for( int i=0; i<HASHLEN; ++i ) printf( "%02x", hash2[i] ); printf( "\n" );
         printf("fail\n");
     }
     else printf("ok\n");
@@ -133,17 +133,22 @@ int main(void)
 }
 ```
 
-To use Argon2d instead of Argon2i call `hash_argon2d` instead of
-`hash_argon2i` using the high-level API, and `argon2d` instead of
+To use Argon2d instead of Argon2i call `argon2d_hash` instead of
+`argon2i_hash` using the high-level API, and `argon2d` instead of
 `argon2i` using the low-level API.
 
+To produce the crypt-like encoding rather than the raw hash, call
+`argon2i_hash_encoded` for Argon2i and `argon2d_hash_encoded` for Argon2d.
+
+See [`src/argon2.h`](src/argon2.h) for API detais.
+
 *Note: in this example the salt is set to the all-`0x00` string for the
 sake of simplicity, but in your application you should use a random salt.*
 
 
 ### Benchmarks
 
-`make bench` creates the exectuble `bench`, which measures the execution
+`make bench` creates the executable `bench`, which measures the execution
 time of various Argon2 instances:
 
 ```
@@ -182,7 +187,7 @@ repository is copyright (c) 2015 Daniel Dinu, Dmitry Khovratovich (main
 authors), Jean-Philippe Aumasson and Samuel Neves, and under
 [CC0 license](https://creativecommons.org/about/cc0).
 
-The string encoding routines in [`src/argon2.c`](src/argon2.c) are
+The string encoding routines in [`src/encoding.c`](src/encoding.c) are
 copyright (c) 2015 Thomas Pornin, and under [CC0
 license](https://creativecommons.org/about/cc0).
 

data/ext/phc-winner-argon2/src/argon2.c

@@ -13,10 +13,12 @@
 
 #include <stdint.h>
 #include <string.h>
+#include <stdlib.h>
 #include <stdio.h>
 #include <limits.h>
 
 #include "argon2.h"
+#include "encoding.h"
 #include "core.h"
 
 /* Error messages */
@@ -96,22 +98,30 @@ static const char *Argon2_ErrorMessage[] = {
     /*},
 {ARGON2_THREADS_TOO_MANY, */ "Too many threads",
     /*},
-{ARGON2_MISSING_ARGS, */ "Missing arguments", /*},*/
+{ARGON2_MISSING_ARGS, */ "Missing arguments",
+    /*},
+{ARGON2_ENCODING_FAIL, */ "Encoding failed",
+    /*},
+{ARGON2_DECODING_FAIL, */ "Decoding failed", /*},*/
 };
 
-int hash_argon2i(void *out, size_t outlen, const void *in, size_t inlen,
-                 const void *salt, size_t saltlen, unsigned int t_cost,
-                 unsigned int m_cost) {
+int argon2_hash(const uint32_t t_cost, const uint32_t m_cost,
+                const uint32_t parallelism, const void *pwd,
+                const size_t pwdlen, const void *salt, const size_t saltlen,
+                void *hash, const size_t hashlen, char *encoded,
+                const size_t encodedlen, argon2_type type) {
 
     argon2_context context;
+    int result;
+    uint8_t *out;
 
     /* Detect and reject overflowing sizes */
     /* TODO: This should probably be fixed in the function signature */
-    if (inlen > UINT32_MAX) {
+    if (pwdlen > UINT32_MAX) {
         return ARGON2_PWD_TOO_LONG;
     }
 
-    if (outlen > UINT32_MAX) {
+    if (hashlen > UINT32_MAX) {
         return ARGON2_OUTPUT_TOO_LONG;
     }
 
@@ -119,10 +129,12 @@ int hash_argon2i(void *out, size_t outlen, const void *in, size_t inlen,
         return ARGON2_SALT_TOO_LONG;
     }
 
+    out = malloc(hashlen);
+
     context.out = (uint8_t *)out;
-    context.outlen = (uint32_t)outlen;
-    context.pwd = (uint8_t *)in;
-    context.pwdlen = (uint32_t)inlen;
+    context.outlen = (uint32_t)hashlen;
+    context.pwd = (uint8_t *)pwd;
+    context.pwdlen = (uint32_t)pwdlen;
     context.salt = (uint8_t *)salt;
     context.saltlen = (uint32_t)saltlen;
     context.secret = NULL;
@@ -131,53 +143,131 @@ int hash_argon2i(void *out, size_t outlen, const void *in, size_t inlen,
     context.adlen = 0;
     context.t_cost = t_cost;
     context.m_cost = m_cost;
-    context.lanes = 1;
-    context.threads = 1;
+    context.lanes = parallelism;
+    context.threads = parallelism;
     context.allocate_cbk = NULL;
     context.free_cbk = NULL;
     context.flags = ARGON2_DEFAULT_FLAGS;
 
-    return argon2_core(&context, Argon2_i);
-}
+    result = argon2_core(&context, type);
 
-int hash_argon2d(void *out, size_t outlen, const void *in, size_t inlen,
-                 const void *salt, size_t saltlen, unsigned int t_cost,
-                 unsigned int m_cost) {
-    argon2_context context;
+    if (result != ARGON2_OK) {
+        memset(out, 0x00, hashlen);
+        free(out);
+        return result;
+    }
 
-    /* Detect and reject overflowing sizes */
-    /* TODO: This should probably be fixed in the function signature */
-    if (inlen > UINT32_MAX) {
-        return ARGON2_PWD_TOO_LONG;
+    /* if raw hash requested, write it */
+    if (hash) {
+        memcpy(hash, out, hashlen);
     }
 
-    if (outlen > UINT32_MAX) {
-        return ARGON2_OUTPUT_TOO_LONG;
+    /* if encoding requested, write it */
+    if (encoded && encodedlen) {
+        if (!encode_string(encoded, encodedlen, &context, type)) {
+            memset(out, 0x00, hashlen);
+            memset(encoded, 0x00, encodedlen);
+            free(out);
+            return ARGON2_ENCODING_FAIL;
+        }
     }
 
-    if (saltlen > UINT32_MAX) {
-        return ARGON2_SALT_TOO_LONG;
+    free(out);
+
+    return ARGON2_OK;
+}
+
+int argon2i_hash_encoded(const uint32_t t_cost, const uint32_t m_cost,
+                         const uint32_t parallelism, const void *pwd,
+                         const size_t pwdlen, const void *salt,
+                         const size_t saltlen, const size_t hashlen,
+                         char *encoded, const size_t encodedlen) {
+
+    return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen,
+                       NULL, hashlen, encoded, encodedlen, Argon2_i);
+}
+
+int argon2i_hash_raw(const uint32_t t_cost, const uint32_t m_cost,
+                     const uint32_t parallelism, const void *pwd,
+                     const size_t pwdlen, const void *salt,
+                     const size_t saltlen, void *hash, const size_t hashlen) {
+
+    return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen,
+                       hash, hashlen, NULL, 0, Argon2_i);
+}
+
+int argon2d_hash_encoded(const uint32_t t_cost, const uint32_t m_cost,
+                         const uint32_t parallelism, const void *pwd,
+                         const size_t pwdlen, const void *salt,
+                         const size_t saltlen, const size_t hashlen,
+                         char *encoded, const size_t encodedlen) {
+
+    return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen,
+                       NULL, hashlen, encoded, encodedlen, Argon2_d);
+}
+
+int argon2d_hash_raw(const uint32_t t_cost, const uint32_t m_cost,
+                     const uint32_t parallelism, const void *pwd,
+                     const size_t pwdlen, const void *salt,
+                     const size_t saltlen, void *hash, const size_t hashlen) {
+
+    return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen,
+                       hash, hashlen, NULL, 0, Argon2_d);
+}
+
+int argon2_compare(const uint8_t *b1, const uint8_t *b2, size_t len) {
+    size_t i;
+    uint8_t d = 0U;
+
+    for (i = 0U; i < len; i++) {
+        d |= b1[i] ^ b2[i];
     }
+    return (int)((1 & ((d - 1) >> 8)) - 1);
+}
 
-    context.out = (uint8_t *)out;
-    context.outlen = (uint32_t)outlen;
-    context.pwd = (uint8_t *)in;
-    context.pwdlen = (uint32_t)inlen;
-    context.salt = (uint8_t *)salt;
-    context.saltlen = (uint32_t)saltlen;
-    context.secret = NULL;
-    context.secretlen = 0;
-    context.ad = NULL;
-    context.adlen = 0;
-    context.t_cost = t_cost;
-    context.m_cost = m_cost;
-    context.lanes = 1;
-    context.threads = 1;
-    context.allocate_cbk = NULL;
-    context.free_cbk = NULL;
-    context.flags = ARGON2_DEFAULT_FLAGS;
+int argon2_verify(const char *encoded, const void *pwd, const size_t pwdlen,
+                  argon2_type type) {
+
+    argon2_context ctx;
+    uint8_t *out;
 
-    return argon2_core(&context, Argon2_d);
+    /* max values, to be updated in decode_string */
+    ctx.adlen = 512;
+    ctx.saltlen = 512;
+    ctx.outlen = 512;
+
+    ctx.ad = malloc(ctx.adlen);
+    ctx.salt = malloc(ctx.saltlen);
+    ctx.out = malloc(ctx.outlen);
+    out = malloc(ctx.outlen);
+
+    decode_string(&ctx, encoded, type);
+
+    argon2_hash(ctx.t_cost, ctx.m_cost, ctx.threads, pwd, pwdlen, ctx.salt,
+                ctx.saltlen, out, ctx.outlen, NULL, 0, type);
+
+    free(ctx.ad);
+    free(ctx.salt);
+
+    if (argon2_compare(out, ctx.out, ctx.outlen)) {
+        free(out);
+        free(ctx.out);
+        return ARGON2_DECODING_FAIL;
+    }
+    free(out);
+    free(ctx.out);
+
+    return ARGON2_OK;
+}
+
+int argon2i_verify(const char *encoded, const void *pwd, const size_t pwdlen) {
+
+    return argon2_verify(encoded, pwd, pwdlen, Argon2_i);
+}
+
+int argon2d_verify(const char *encoded, const void *pwd, const size_t pwdlen) {
+
+    return argon2_verify(encoded, pwd, pwdlen, Argon2_d);
 }
 
 int argon2d(argon2_context *context) { return argon2_core(context, Argon2_d); }
@@ -213,148 +303,3 @@ const char *error_message(int error_code) {
     }
     return "Unknown error code.";
 }
-
-/* encoding/decoding helpers */
-
-/*
- * Some macros for constant-time comparisons. These work over values in
- * the 0..255 range. Returned value is 0x00 on "false", 0xFF on "true".
- */
-#define EQ(x, y) ((((0U - ((unsigned)(x) ^ (unsigned)(y))) >> 8) & 0xFF) ^ 0xFF)
-#define GT(x, y) ((((unsigned)(y) - (unsigned)(x)) >> 8) & 0xFF)
-#define GE(x, y) (GT(y, x) ^ 0xFF)
-#define LT(x, y) GT(y, x)
-#define LE(x, y) GE(y, x)
-
-/*
- * Convert value x (0..63) to corresponding Base64 character.
- */
-static int b64_byte_to_char(unsigned x) {
-    return (LT(x, 26) & (x + 'A')) |
-           (GE(x, 26) & LT(x, 52) & (x + ('a' - 26))) |
-           (GE(x, 52) & LT(x, 62) & (x + ('0' - 52))) | (EQ(x, 62) & '+') |
-           (EQ(x, 63) & '/');
-}
-
-/*
- * Convert some bytes to Base64. 'dst_len' is the length (in characters)
- * of the output buffer 'dst'; if that buffer is not large enough to
- * receive the result (including the terminating 0), then (size_t)-1
- * is returned. Otherwise, the zero-terminated Base64 string is written
- * in the buffer, and the output length (counted WITHOUT the terminating
- * zero) is returned.
- */
-static size_t to_base64(char *dst, size_t dst_len, const void *src,
-                        size_t src_len) {
-    size_t olen;
-    const unsigned char *buf;
-    unsigned acc, acc_len;
-
-    olen = (src_len / 3) << 2;
-    switch (src_len % 3) {
-    case 2:
-        olen++;
-    /* fall through */
-    case 1:
-        olen += 2;
-        break;
-    }
-    if (dst_len <= olen) {
-        return (size_t)-1;
-    }
-    acc = 0;
-    acc_len = 0;
-    buf = (const unsigned char *)src;
-    while (src_len-- > 0) {
-        acc = (acc << 8) + (*buf++);
-        acc_len += 8;
-        while (acc_len >= 6) {
-            acc_len -= 6;
-            *dst++ = b64_byte_to_char((acc >> acc_len) & 0x3F);
-        }
-    }
-    if (acc_len > 0) {
-        *dst++ = b64_byte_to_char((acc << (6 - acc_len)) & 0x3F);
-    }
-    *dst++ = 0;
-    return olen;
-}
-
-/* ==================================================================== */
-/*
- * Code specific to Argon2i.
- *
- * The code below applies the following format:
- *
- *  $argon2i$m=<num>,t=<num>,p=<num>[,keyid=<bin>][,data=<bin>][$<bin>[$<bin>]]
- *
- * where <num> is a decimal integer (positive, fits in an 'unsigned long')
- * and <bin> is Base64-encoded data (no '=' padding characters, no newline
- * or whitespace). The "keyid" is a binary identifier for a key (up to 8
- * bytes); "data" is associated data (up to 32 bytes). When the 'keyid'
- * (resp. the 'data') is empty, then it is ommitted from the output.
- *
- * The last two binary chunks (encoded in Base64) are, in that order,
- * the salt and the output. Both are optional, but you cannot have an
- * output without a salt. The binary salt length is between 8 and 48 bytes.
- * The output length is always exactly 32 bytes.
- */
-
-int encode_string(char *dst, size_t dst_len, argon2_context *ctx) {
-#define SS(str)                                                                \
-    do {                                                                       \
-        size_t pp_len = strlen(str);                                           \
-        if (pp_len >= dst_len) {                                               \
-            return 0;                                                          \
-        }                                                                      \
-        memcpy(dst, str, pp_len + 1);                                          \
-        dst += pp_len;                                                         \
-        dst_len -= pp_len;                                                     \
-    } while (0)
-
-#define SX(x)                                                                  \
-    do {                                                                       \
-        char tmp[30];                                                          \
-        sprintf(tmp, "%lu", (unsigned long)(x));                               \
-        SS(tmp);                                                               \
-    } while (0);
-
-#define SB(buf, len)                                                           \
-    do {                                                                       \
-        size_t sb_len = to_base64(dst, dst_len, buf, len);                     \
-        if (sb_len == (size_t)-1) {                                            \
-            return 0;                                                          \
-        }                                                                      \
-        dst += sb_len;                                                         \
-        dst_len -= sb_len;                                                     \
-    } while (0);
-
-    SS("$argon2i$m=");
-    SX(ctx->m_cost);
-    SS(",t=");
-    SX(ctx->t_cost);
-    SS(",p=");
-    SX(ctx->lanes);
-
-    if (ctx->adlen > 0) {
-        SS(",data=");
-        SB(ctx->ad, ctx->adlen);
-    }
-
-    if (ctx->saltlen == 0)
-        return 1;
-
-    SS("$");
-    SB(ctx->salt, ctx->saltlen);
-
-    if (ctx->outlen == 0)
-        return 1;
-
-    SS("$");
-    SB(ctx->out, ctx->outlen);
-    return 1;
-
-#undef SS
-#undef SX
-#undef SB
-}