argon2 0.1.4 → 1.0.0

data/ext/phc-winner-argon2/README.md

@@ -1,21 +1,34 @@
 # Argon2
 
+[![Build Status](https://travis-ci.org/P-H-C/phc-winner-argon2.svg?branch=master)](https://travis-ci.org/P-H-C/phc-winner-argon2)
+[![codecov.io](https://codecov.io/github/P-H-C/phc-winner-argon2/coverage.svg?branch=master)](https://codecov.io/github/P-H-C/phc-winner-argon2?branch=master)
+
 This is the reference C implementation of Argon2, the password-hashing
 function that won the [Password Hashing Competition
-(PHC)](https://password-hashing.net). 
+(PHC)](https://password-hashing.net).
+
+Argon2 is a password-hashing function that summarizes the state of the
+art in the design of memory-hard functions and can be used to hash
+passwords for credential storage, key derivation, or other applications.
 
-You should use Argon2 whenever you need to hash passwords for credential
-storage, key derivation, or other applications.
+It has a simple design aimed at the highest memory filling rate and
+effective use of multiple computing units, while still providing defense
+against tradeoff attacks (by exploiting the cache and memory organization
+of the recent processors).
 
-There are two main versions of Argon2, **Argon2i** and **Argon2d**. Argon2i
-is the safest against side-channel attacks, while Argon2d provides the
-highest resistance against GPU cracking attacks.
+Argon2 has two variants: Argon2d and Argon2i. Argon2d is faster and
+uses data-depending memory access, which makes it highly resistant
+against GPU cracking attacks and suitable for applications with no threats
+from side-channel timing attacks (eg. cryptocurrencies). Argon2i instead
+uses data-independent memory access, which is preferred for password
+hashing and password-based key derivation, but it is slower as it makes
+more passes over the memory to protect from tradeoff attacks.
 
-Argon2i and Argon2d are parametrized by
+Argon2i and Argon2d are parametrized by:
 
 * A **time** cost, which defines the amount of computation realized and
   therefore the execution time, given in number of iterations
-* A **memory** cost, which defines the memory usage, given in kibibytes 
+* A **memory** cost, which defines the memory usage, given in kibibytes
 * A **parallelism** degree, which defines the number of parallel threads
 
 The [Argon2 document](argon2-specs.pdf) gives detailed specs and design
@@ -39,23 +52,25 @@ on your system. To show usage instructions, run
 Usage:  ./argon2 salt [-d] [-t iterations] [-m memory] [-p parallelism]
         Password is read from stdin
 Parameters:
-        salt            The salt to use, at most 16 characters
+        salt            The salt to use, at least 8 characters 
         -d              Use Argon2d instead of Argon2i (which is the default)
         -t N            Sets the number of iterations to N (default = 3)
         -m N            Sets the memory usage of 2^N KiB (default 12)
         -p N            Sets parallelism to N threads (default 1)
+        -h N            Sets hash output length to N bytes (default 32)
 ```
 For example, to hash "password" using "somesalt" as a salt and doing 2
-iterations, consuming 64 MiB, and using four parallel threads:
+iterations, consuming 64 MiB, using four parallel threads and an output hash
+of 24 bytes
 ```
-$ echo -n "password" | ./argon2 somesalt -t 2 -m 16 -p 4
+$ echo -n "password" | ./argon2 somesalt -t 2 -m 16 -p 4 -h 24
 Type:           Argon2i
 Iterations:     2
 Memory:         65536 KiB
 Parallelism:    4
-Hash:           4162f32384d8f4790bd994cb73c83a4a29f076165ec18af3cfdcf10a8d1b9066
-Encoded:        $argon2i$m=65536,t=2,p=4$c29tZXNhbHQAAAAAAAAAAA$QWLzI4TY9HkL2ZTLc8g6SinwdhZewYrzz9zxCo0bkGY
-0.271 seconds
+Hash:           5a028f1a99c9eae671ee448ab80057b78510430865abe57f
+Encoded:        $argon2i$m=65536,t=2,p=4$c29tZXNhbHQ$WgKPGpnJ6uZx7kSKuABXt4UQQwhlq+V/
+0.188 seconds
 Verification ok
 ```
 
@@ -68,7 +83,7 @@ The example program below hashes the string "password" with Argon2i
 using the high-level API and then using the low-level API. While the
 high-level API only takes input/output buffers and the two cost
 parameters, the low-level API additionally takes parallelism parameters
-and several others, as defined in [`src/argon2.h`](src/argon2.h).
+and several others, as defined in [`include/argon2.h`](include/argon2.h).
 
 
 Here the time cost `t_cost` is set to 2 iterations, the
@@ -110,12 +125,12 @@ int main(void)
     uint32_t lanes = parallelism;
     uint32_t threads = parallelism;
     argon2_context context = {
-        hash2, HASHLEN, 
-        pwd, pwdlen, 
+        hash2, HASHLEN,
+        pwd, pwdlen,
         salt, SALTLEN,
         NULL, 0, /* secret data */
         NULL, 0, /* associated data */
-        t_cost, m_cost, parallelism, parallelism, 
+        t_cost, m_cost, parallelism, parallelism,
         NULL, NULL, /* custom memory allocation / deallocation functions */
         ARGON2_DEFAULT_FLAGS /* by default the password is zeroed on exit */
     };
@@ -140,7 +155,7 @@ To use Argon2d instead of Argon2i call `argon2d_hash` instead of
 To produce the crypt-like encoding rather than the raw hash, call
 `argon2i_hash_encoded` for Argon2i and `argon2d_hash_encoded` for Argon2d.
 
-See [`src/argon2.h`](src/argon2.h) for API detais.
+See [`include/argon2.h`](include/argon2.h) for API details.
 
 *Note: in this example the salt is set to the all-`0x00` string for the
 sake of simplicity, but in your application you should use a random salt.*
@@ -183,10 +198,24 @@ Argon2i 1 iterations  4096 MiB 4 threads:  2.72 cpb 11124.86 Mcycles
 Bindings are available for the following languages (make sure to read
 their documentation):
 
+* [Go](https://github.com/tvdburgt/go-argon2) by [@tvdburgt](https://github.com/tvdburgt)
+* [Haskell](https://hackage.haskell.org/package/argon2-1.0.0/docs/Crypto-Argon2.html) by [@ocharles](https://github.com/ocharles)
 * [Javascript](https://github.com/ranisalt/node-argon2), by [@ranisalt](https://github.com/ranisalt)
+* [JVM](https://github.com/phxql/argon2-jvm) by [@phXql](https://github.com/phxql)
+* [Lua](https://github.com/thibaultCha/lua-argon2) by [@thibaultCha](https://github.com/thibaultCha)
+* [OCaml](https://github.com/Khady/ocaml-argon2) by [@Khady](https://github.com/Khady)
 * [Python](https://pypi.python.org/pypi/argon2), by [@flamewow](https://github.com/flamewow)
+* [Python](https://pypi.python.org/pypi/argon2_cffi), by [@hynek](https://github.com/hynek)
 * [Ruby](https://github.com/technion/ruby-argon2) by [@technion](https://github.com/technion)
+* [Rust](https://github.com/quininer/argon2-rs) by [@quininer](https://github.com/quininer)
+
+## Test Suite
+
+There are two sets of test suites. One is a low level test for the hash
+function, the other tests the higher level API. Both of these are built and
+executed by running:
 
+`make test`
 
 ## Intellectual property
 

data/ext/phc-winner-argon2/{src → include}/argon2.h

@@ -5,11 +5,11 @@
  *
  * This work is licensed under a Creative Commons CC0 1.0 License/Waiver.
  *
- * You should have received a copy of the CC0 Public Domain Dedication along
- * with
- * this software. If not, see
+ * You should have received a copy of the CC0 Public Domain Dedication
+ * along with this software. If not, see
  * <http://creativecommons.org/publicdomain/zero/1.0/>.
  */
+
 #ifndef ARGON2_H
 #define ARGON2_H
 
@@ -21,8 +21,16 @@
 extern "C" {
 #endif
 
-/*************************Argon2 input parameter
- * restrictions**************************************************/
+/* Symbols visibility control */
+#ifdef A2_VISCTL
+#define ARGON2_PUBLIC __attribute__((visibility("default")))
+#else
+#define ARGON2_PUBLIC
+#endif
+
+/*
+ * Argon2 input parameter restrictions
+ */
 
 /* Minimum and maximum number of lanes (degree of parallelism) */
 #define ARGON2_MIN_LANES UINT32_C(1)
@@ -43,8 +51,7 @@ extern "C" {
 #define ARGON2_MIN_MEMORY (2 * ARGON2_SYNC_POINTS) /* 2 blocks per slice */
 
 #define ARGON2_MIN(a, b) ((a) < (b) ? (a) : (b))
-/* Max memory size is half the addressing space, topping at 2^32 blocks (4 TB)
- */
+/* Max memory size is addressing-space/2, topping at 2^32 blocks (4 TB) */
 #define ARGON2_MAX_MEMORY_BITS                                                 \
     ARGON2_MIN(UINT32_C(32), (sizeof(void *) * CHAR_BIT - 10 - 1))
 #define ARGON2_MAX_MEMORY                                                      \
@@ -79,59 +86,61 @@ extern "C" {
 typedef enum Argon2_ErrorCodes {
     ARGON2_OK = 0,
 
-    ARGON2_OUTPUT_PTR_NULL = 1,
+    ARGON2_OUTPUT_PTR_NULL = -1,
+
+    ARGON2_OUTPUT_TOO_SHORT = -2,
+    ARGON2_OUTPUT_TOO_LONG = -3,
 
-    ARGON2_OUTPUT_TOO_SHORT = 2,
-    ARGON2_OUTPUT_TOO_LONG = 3,
+    ARGON2_PWD_TOO_SHORT = -4,
+    ARGON2_PWD_TOO_LONG = -5,
 
-    ARGON2_PWD_TOO_SHORT = 4,
-    ARGON2_PWD_TOO_LONG = 5,
+    ARGON2_SALT_TOO_SHORT = -6,
+    ARGON2_SALT_TOO_LONG = -7,
 
-    ARGON2_SALT_TOO_SHORT = 6,
-    ARGON2_SALT_TOO_LONG = 7,
+    ARGON2_AD_TOO_SHORT = -8,
+    ARGON2_AD_TOO_LONG = -9,
 
-    ARGON2_AD_TOO_SHORT = 8,
-    ARGON2_AD_TOO_LONG = 9,
+    ARGON2_SECRET_TOO_SHORT = -10,
+    ARGON2_SECRET_TOO_LONG = -11,
 
-    ARGON2_SECRET_TOO_SHORT = 10,
-    ARGON2_SECRET_TOO_LONG = 11,
+    ARGON2_TIME_TOO_SMALL = -12,
+    ARGON2_TIME_TOO_LARGE = -13,
 
-    ARGON2_TIME_TOO_SMALL = 12,
-    ARGON2_TIME_TOO_LARGE = 13,
+    ARGON2_MEMORY_TOO_LITTLE = -14,
+    ARGON2_MEMORY_TOO_MUCH = -15,
 
-    ARGON2_MEMORY_TOO_LITTLE = 14,
-    ARGON2_MEMORY_TOO_MUCH = 15,
+    ARGON2_LANES_TOO_FEW = -16,
+    ARGON2_LANES_TOO_MANY = -17,
 
-    ARGON2_LANES_TOO_FEW = 16,
-    ARGON2_LANES_TOO_MANY = 17,
+    ARGON2_PWD_PTR_MISMATCH = -18,    /* NULL ptr with non-zero length */
+    ARGON2_SALT_PTR_MISMATCH = -19,   /* NULL ptr with non-zero length */
+    ARGON2_SECRET_PTR_MISMATCH = -20, /* NULL ptr with non-zero length */
+    ARGON2_AD_PTR_MISMATCH = -21,     /* NULL ptr with non-zero length */
 
-    ARGON2_PWD_PTR_MISMATCH = 18,    /* NULL ptr with non-zero length */
-    ARGON2_SALT_PTR_MISMATCH = 19,   /* NULL ptr with non-zero length */
-    ARGON2_SECRET_PTR_MISMATCH = 20, /* NULL ptr with non-zero length */
-    ARGON2_AD_PTR_MISMATCH = 21,     /* NULL ptr with non-zero length */
+    ARGON2_MEMORY_ALLOCATION_ERROR = -22,
 
-    ARGON2_MEMORY_ALLOCATION_ERROR = 22,
+    ARGON2_FREE_MEMORY_CBK_NULL = -23,
+    ARGON2_ALLOCATE_MEMORY_CBK_NULL = -24,
 
-    ARGON2_FREE_MEMORY_CBK_NULL = 23,
-    ARGON2_ALLOCATE_MEMORY_CBK_NULL = 24,
+    ARGON2_INCORRECT_PARAMETER = -25,
+    ARGON2_INCORRECT_TYPE = -26,
 
-    ARGON2_INCORRECT_PARAMETER = 25,
-    ARGON2_INCORRECT_TYPE = 26,
+    ARGON2_OUT_PTR_MISMATCH = -27,
 
-    ARGON2_OUT_PTR_MISMATCH = 27,
+    ARGON2_THREADS_TOO_FEW = -28,
+    ARGON2_THREADS_TOO_MANY = -29,
 
-    ARGON2_THREADS_TOO_FEW = 28,
-    ARGON2_THREADS_TOO_MANY = 29,
+    ARGON2_MISSING_ARGS = -30,
 
-    ARGON2_MISSING_ARGS = 30,
+    ARGON2_ENCODING_FAIL = -31,
 
-    ARGON2_ENCODING_FAIL = 31,
+    ARGON2_DECODING_FAIL = -32,
 
-    ARGON2_DECODING_FAIL = 32,
+    ARGON2_THREAD_FAIL = -33,
 
-    ARGON2_ERROR_CODES_LENGTH /* Do NOT remove; Do NOT add error codes after
-                                 this
-                                 error code */
+    ARGON2_DECODING_LENGTH_FAIL = -34,
+
+    ARGON2_VERIFY_MISMATCH = -35
 } argon2_error_codes;
 
 /* Memory allocator types --- for external allocation */
@@ -141,28 +150,29 @@ typedef void (*deallocate_fptr)(uint8_t *memory, size_t bytes_to_allocate);
 /* Argon2 external data structures */
 
 /*
- *****Context: structure to hold Argon2 inputs:
- * output array and its length,
- * password and its length,
- * salt and its length,
- * secret and its length,
- * associated data and its length,
- * number of passes, amount of used memory (in KBytes, can be rounded up a bit)
- * number of parallel threads that will be run.
+ *****
+ * Context: structure to hold Argon2 inputs:
+ *  output array and its length,
+ *  password and its length,
+ *  salt and its length,
+ *  secret and its length,
+ *  associated data and its length,
+ *  number of passes, amount of used memory (in KBytes, can be rounded up a bit)
+ *  number of parallel threads that will be run.
  * All the parameters above affect the output hash value.
  * Additionally, two function pointers can be provided to allocate and
- deallocate the memory (if NULL, memory will be allocated internally).
+ * deallocate the memory (if NULL, memory will be allocated internally).
  * Also, three flags indicate whether to erase password, secret as soon as they
- are pre-hashed (and thus not needed anymore), and the entire memory
- ****************************
- Simplest situation: you have output array out[8], password is stored in
- pwd[32], salt is stored in salt[16], you do not have keys nor associated data.
- You need to spend 1 GB of RAM and you run 5 passes of Argon2d with 4 parallel
- lanes.
- You want to erase the password, but you're OK with last pass not being erased.
- You want to use the default memory allocator.
- Then you initialize
- Argon2_Context(out,8,pwd,32,salt,16,NULL,0,NULL,0,5,1<<20,4,4,NULL,NULL,true,false,false,false).
+ * are pre-hashed (and thus not needed anymore), and the entire memory
+ *****
+ * Simplest situation: you have output array out[8], password is stored in
+ * pwd[32], salt is stored in salt[16], you do not have keys nor associated
+ * data. You need to spend 1 GB of RAM and you run 5 passes of Argon2d with
+ * 4 parallel lanes.
+ * You want to erase the password, but you're OK with last pass not being
+ * erased. You want to use the default memory allocator.
+ * Then you initialize:
+ Argon2_Context(out,8,pwd,32,salt,16,NULL,0,NULL,0,5,1<<20,4,4,NULL,NULL,true,false,false,false)
  */
 typedef struct Argon2_Context {
     uint8_t *out;    /* output array */
@@ -194,18 +204,17 @@ typedef struct Argon2_Context {
 /* Argon2 primitive type */
 typedef enum Argon2_type { Argon2_d = 0, Argon2_i = 1 } argon2_type;
 
-
 /*
  * Function that performs memory-hard hashing with certain degree of parallelism
  * @param  context  Pointer to the Argon2 internal structure
  * @return Error code if smth is wrong, ARGON2_OK otherwise
  */
-int argon2_core(argon2_context *context, argon2_type type);
+ARGON2_PUBLIC int argon2_ctx(argon2_context *context, argon2_type type);
 
 /**
  * Hashes a password with Argon2i, producing an encoded hash
  * @param t_cost Number of iterations
- * @param m_cost Sets memory usage to 2^m_cost kibibytes
+ * @param m_cost Sets memory usage to m_cost kibibytes
  * @param parallelism Number of threads and compute lanes
  * @param pwd Pointer to password
  * @param pwdlen Password size in bytes
@@ -217,130 +226,121 @@ int argon2_core(argon2_context *context, argon2_type type);
  * @pre   Different parallelism levels will give different results
  * @pre   Returns ARGON2_OK if successful
  */
-int argon2i_hash_encoded(const uint32_t t_cost, const uint32_t m_cost,
-                         const uint32_t parallelism, const void *pwd,
-                         const size_t pwdlen, const void *salt,
-                         const size_t saltlen, const size_t hashlen,
-                         char *encoded, const size_t encodedlen);
+ARGON2_PUBLIC int argon2i_hash_encoded(const uint32_t t_cost,
+                                       const uint32_t m_cost,
+                                       const uint32_t parallelism,
+                                       const void *pwd, const size_t pwdlen,
+                                       const void *salt, const size_t saltlen,
+                                       const size_t hashlen, char *encoded,
+                                       const size_t encodedlen);
 
 /**
- * Hashes a password with Argon2i, producing a raw hash
+ * Hashes a password with Argon2i, producing a raw hash by allocating memory at
+ * @hash
  * @param t_cost Number of iterations
- * @param m_cost Sets memory usage to 2^m_cost kibibytes
+ * @param m_cost Sets memory usage to m_cost kibibytes
  * @param parallelism Number of threads and compute lanes
  * @param pwd Pointer to password
  * @param pwdlen Password size in bytes
  * @param salt Pointer to salt
  * @param saltlen Salt size in bytes
- * @param hash Buffer where to write the raw hash
+ * @param hash Buffer where to write the raw hash - updated by the function
  * @param hashlen Desired length of the hash in bytes
  * @pre   Different parallelism levels will give different results
  * @pre   Returns ARGON2_OK if successful
  */
-int argon2i_hash_raw(const uint32_t t_cost, const uint32_t m_cost,
-                     const uint32_t parallelism, const void *pwd,
-                     const size_t pwdlen, const void *salt,
-                     const size_t saltlen, void *hash, const size_t hashlen);
-
-int argon2d_hash_encoded(const uint32_t t_cost, const uint32_t m_cost,
-                         const uint32_t parallelism, const void *pwd,
-                         const size_t pwdlen, const void *salt,
-                         const size_t saltlen, const size_t hashlen,
-                         char *encoded, const size_t encodedlen);
-
-int argon2d_hash_raw(const uint32_t t_cost, const uint32_t m_cost,
-                     const uint32_t parallelism, const void *pwd,
-                     const size_t pwdlen, const void *salt,
-                     const size_t saltlen, void *hash, const size_t hashlen);
+ARGON2_PUBLIC int argon2i_hash_raw(const uint32_t t_cost, const uint32_t m_cost,
+                                   const uint32_t parallelism, const void *pwd,
+                                   const size_t pwdlen, const void *salt,
+                                   const size_t saltlen, void *hash,
+                                   const size_t hashlen);
+
+ARGON2_PUBLIC int argon2d_hash_encoded(const uint32_t t_cost,
+                                       const uint32_t m_cost,
+                                       const uint32_t parallelism,
+                                       const void *pwd, const size_t pwdlen,
+                                       const void *salt, const size_t saltlen,
+                                       const size_t hashlen, char *encoded,
+                                       const size_t encodedlen);
+
+ARGON2_PUBLIC int argon2d_hash_raw(const uint32_t t_cost, const uint32_t m_cost,
+                                   const uint32_t parallelism, const void *pwd,
+                                   const size_t pwdlen, const void *salt,
+                                   const size_t saltlen, void *hash,
+                                   const size_t hashlen);
 
 /* generic function underlying the above ones */
-int argon2_hash(const uint32_t t_cost, const uint32_t m_cost,
-                const uint32_t parallelism, const void *pwd,
-                const size_t pwdlen, const void *salt, const size_t saltlen,
-                void *hash, const size_t hashlen, char *encoded,
-                const size_t encodedlen, argon2_type type);
+ARGON2_PUBLIC int argon2_hash(const uint32_t t_cost, const uint32_t m_cost,
+                              const uint32_t parallelism, const void *pwd,
+                              const size_t pwdlen, const void *salt,
+                              const size_t saltlen, void *hash,
+                              const size_t hashlen, char *encoded,
+                              const size_t encodedlen, argon2_type type);
 
 /**
  * Verifies a password against an encoded string
+ * Encoded string is restricted as in validate_inputs()
  * @param encoded String encoding parameters, salt, hash
  * @param pwd Pointer to password
  * @pre   Returns ARGON2_OK if successful
  */
-int argon2i_verify(const char *encoded, const void *pwd, const size_t pwdlen);
+ARGON2_PUBLIC int argon2i_verify(const char *encoded, const void *pwd,
+                                 const size_t pwdlen);
 
-int argon2d_verify(const char *encoded, const void *pwd, const size_t pwdlen);
+ARGON2_PUBLIC int argon2d_verify(const char *encoded, const void *pwd,
+                                 const size_t pwdlen);
 
 /* generic function underlying the above ones */
-int argon2_verify(const char *encoded, const void *pwd, const size_t pwdlen,
-                  argon2_type type);
+ARGON2_PUBLIC int argon2_verify(const char *encoded, const void *pwd,
+                                const size_t pwdlen, argon2_type type);
 
-/*
- * **************Argon2d: Version of Argon2 that picks memory blocks depending
+/**
+ * Argon2d: Version of Argon2 that picks memory blocks depending
  * on the password and salt. Only for side-channel-free
- * environment!!***************
- * @param  context  Pointer to current Argon2 context
- * @return  Zero if successful, a non zero error code otherwise
- */
-int argon2d(argon2_context *context);
-
-/*
- *  * **************Argon2i: Version of Argon2 that picks memory blocks
- *independent on the password and salt. Good for side-channels,
- ******************* but worse w.r.t. tradeoff attacks if
- *******************only one pass is used***************
- * @param  context  Pointer to current Argon2 context
- * @return  Zero if successful, a non zero error code otherwise
- */
-int argon2i(argon2_context *context);
-
-/*
- *   * **************Argon2di: Reserved name***************
+ * environment!!
+ *****
  * @param  context  Pointer to current Argon2 context
  * @return  Zero if successful, a non zero error code otherwise
  */
-int argon2di(argon2_context *context);
+ARGON2_PUBLIC int argon2d_ctx(argon2_context *context);
 
-/*
- *   * **************Argon2ds: Argon2d hardened against GPU attacks, 20%
- * slower***************
- * @param  context  Pointer to current Argon2 context
- * @return  Zero if successful, a non zero error code otherwise
- */
-int argon2ds(argon2_context *context);
-
-/*
- *   * **************Argon2id: First half-pass over memory is
- *password-independent, the rest are password-dependent
- ********************OK against side channels: they reduce to 1/2-pass
- *Argon2i***************
+/**
+ * Argon2i: Version of Argon2 that picks memory blocks
+ * independent on the password and salt. Good for side-channels,
+ * but worse w.r.t. tradeoff attacks if only one pass is used.
+ *****
  * @param  context  Pointer to current Argon2 context
  * @return  Zero if successful, a non zero error code otherwise
  */
-int argon2id(argon2_context *context);
+ARGON2_PUBLIC int argon2i_ctx(argon2_context *context);
 
-/*
+/**
  * Verify if a given password is correct for Argon2d hashing
  * @param  context  Pointer to current Argon2 context
  * @param  hash  The password hash to verify. The length of the hash is
  * specified by the context outlen member
  * @return  Zero if successful, a non zero error code otherwise
  */
-int verify_d(argon2_context *context, const char *hash);
+ARGON2_PUBLIC int argon2d_verify_ctx(argon2_context *context, const char *hash);
 
-/*
+/**
  * Verify if a given password is correct for Argon2i hashing
  * @param  context  Pointer to current Argon2 context
  * @param  hash  The password hash to verify. The length of the hash is
  * specified by the context outlen member
  * @return  Zero if successful, a non zero error code otherwise
  */
-int verify_i(argon2_context *context, const char *hash);
+ARGON2_PUBLIC int argon2i_verify_ctx(argon2_context *context, const char *hash);
 
-/*
+/* generic function underlying the above ones */
+ARGON2_PUBLIC int argon2_verify_ctx(argon2_context *context, const char *hash,
+                                    argon2_type type);
+
+/**
  * Get the associated error message for given error code
  * @return  The error message associated with the given error code
  */
-const char *error_message(int error_code);
+ARGON2_PUBLIC const char *argon2_error_message(int error_code);
 
 #if defined(__cplusplus)
 }