argon2 0.1.4 → 1.0.0

data/ext/phc-winner-argon2/src/ref.c

@@ -16,14 +16,13 @@
 #include <stdlib.h>
 
 #include "argon2.h"
-#include "core.h"
 #include "ref.h"
 
 #include "blake2/blamka-round-ref.h"
 #include "blake2/blake2-impl.h"
 #include "blake2/blake2.h"
 
-void fill_block(const block *prev_block, const block *ref_block,
+void fill_block_with_xor(const block *prev_block, const block *ref_block,
                 block *next_block) {
     block blockR, block_tmp;
     unsigned i;
@@ -31,7 +30,8 @@ void fill_block(const block *prev_block, const block *ref_block,
     copy_block(&blockR, ref_block);
     xor_block(&blockR, prev_block);
     copy_block(&block_tmp, &blockR);
-
+    xor_block(&block_tmp, next_block); /*Saving the next block contents for XOR over*/
+    /*Now blockR = ref_block + prev_block and bloc_tmp = ref_block + prev_block + next_block*/
     /* Apply Blake2 on columns of 64-bit words: (0,1,...,15) , then
        (16,17,..31)... finally (112,113,...127) */
     for (i = 0; i < 8; ++i) {
@@ -63,12 +63,11 @@ void fill_block(const block *prev_block, const block *ref_block,
 void generate_addresses(const argon2_instance_t *instance,
                         const argon2_position_t *position,
                         uint64_t *pseudo_rands) {
-    block zero_block, input_block, address_block;
+    block zero_block, input_block, address_block,tmp_block;
     uint32_t i;
 
     init_block_value(&zero_block, 0);
     init_block_value(&input_block, 0);
-    init_block_value(&address_block, 0);
 
     if (instance != NULL && position != NULL) {
         input_block.v[0] = position->pass;
@@ -81,8 +80,10 @@ void generate_addresses(const argon2_instance_t *instance,
         for (i = 0; i < instance->segment_length; ++i) {
             if (i % ARGON2_ADDRESSES_IN_BLOCK == 0) {
                 input_block.v[6]++;
-                fill_block(&zero_block, &input_block, &address_block);
-                fill_block(&zero_block, &address_block, &address_block);
+                init_block_value(&tmp_block, 0);
+                init_block_value(&address_block, 0);
+                fill_block_with_xor(&zero_block, &input_block, &tmp_block);
+                fill_block_with_xor(&zero_block, &tmp_block, &address_block);
             }
 
             pseudo_rands[i] = address_block.v[i % ARGON2_ADDRESSES_IN_BLOCK];
@@ -97,7 +98,7 @@ void fill_segment(const argon2_instance_t *instance,
     uint32_t prev_offset, curr_offset;
     uint32_t starting_index;
     uint32_t i;
-    int data_independent_addressing = (instance->type == Argon2_i);
+    int data_independent_addressing;
     /* Pseudo-random values that determine the reference block position */
     uint64_t *pseudo_rands = NULL;
 
@@ -105,6 +106,8 @@ void fill_segment(const argon2_instance_t *instance,
         return;
     }
 
+    data_independent_addressing = (instance->type == Argon2_i);
+
     pseudo_rands =
         (uint64_t *)malloc(sizeof(uint64_t) * (instance->segment_length));
 
@@ -168,7 +171,7 @@ void fill_segment(const argon2_instance_t *instance,
         ref_block =
             instance->memory + instance->lane_length * ref_lane + ref_index;
         curr_block = instance->memory + curr_offset;
-        fill_block(instance->memory + prev_offset, ref_block, curr_block);
+        fill_block_with_xor(instance->memory + prev_offset, ref_block, curr_block);
     }
 
     free(pseudo_rands);

data/ext/phc-winner-argon2/src/ref.h

@@ -14,14 +14,16 @@
 #ifndef ARGON2_REF_H
 #define ARGON2_REF_H
 
+#include "core.h"
+
 /*
- * Function fills a new memory block
+ * Function fills a new memory block by XORing over @next_block. @next_block must be initialized
  * @param prev_block Pointer to the previous block
  * @param ref_block Pointer to the reference block
  * @param next_block Pointer to the block to be constructed
  * @pre all block pointers must be valid
  */
-void fill_block(const block *prev_block, const block *ref_block,
+void fill_block_with_xor(const block *prev_block, const block *ref_block,
                 block *next_block);
 
 /*
@@ -36,14 +38,4 @@ void generate_addresses(const argon2_instance_t *instance,
                         const argon2_position_t *position,
                         uint64_t *pseudo_rands);
 
-/*
- * Function that fills the segment using previous segments also from other
- * threads
- * @param instance Pointer to the current instance
- * @param position Current position
- * @pre all block pointers must be valid
- */
-void fill_segment(const argon2_instance_t *instance,
-                  argon2_position_t position);
-
 #endif /* ARGON2_REF_H */

data/ext/phc-winner-argon2/src/run.c

@@ -11,9 +11,11 @@
  * <http://creativecommons.org/publicdomain/zero/1.0/>.
  */
 
-#include <stdio.h>
-#include <stdint.h>
+#define _GNU_SOURCE 1
+
 #include <inttypes.h>
+#include <stdint.h>
+#include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 #include <time.h>
@@ -25,34 +27,17 @@
 #define LOG_M_COST_DEF 12 /* 2^12 = 4 MiB */
 #define LANES_DEF 1
 #define THREADS_DEF 1
-#define OUT_LEN 32
-#define SALT_LEN 16
-/* Sample encode: $argon2i$m=65536,t=2,p=4$c29tZXNhbHQAAAAAAAAAAA$QWLzI4TY9HkL2ZTLc8g6SinwdhZewYrzz9zxCo0bkGY
- * Maximumum lengths are defined as:
- * strlen $argon2i$ = 9
- * m=65536 with strlen (uint32_t)-1 = 10, so this total is 12
- * ,t=2,p=4 If we consider each number to potentially reach four digits in future, this = 14
- * $c29tZXNhbHQAAAAAAAAAAA Formula for this is (SALT_LEN * 4 + 3) / 3 + 1 = 23
- * $QWLzI4TY9HkL2ZTLc8g6SinwdhZewYrzz9zxCo0bkGY per above formula, = 44
- * + NULL byte
- * 9 + 12 + 14 + 23 + 44 + 1 = 103
- * Rounded to 4 byte boundary: 104
- *
- * WARNING: 104 is only for the parameters supported by this
-   command-line utility. You'll need a longer ENCODED_LEN to support
-   longer salts and ouputs, as supported by the argon2 library
- */
-#define ENCODED_LEN 108
+#define OUTLEN_DEF 32
 
 #define UNUSED_PARAMETER(x) (void)(x)
 
 static void usage(const char *cmd) {
     printf("Usage:  %s salt [-d] [-t iterations] [-m memory] "
-           "[-p parallelism]\n",
+           "[-p parallelism] [-h hash length]\n",
            cmd);
     printf("\tPassword is read from stdin\n");
     printf("Parameters:\n");
-    printf("\tsalt\t\tThe salt to use, at most 16 characters\n");
+    printf("\tsalt\t\tThe salt to use, at least 8 characters\n");
     printf("\t-d\t\tUse Argon2d instead of Argon2i (which is the default)\n");
     printf("\t-t N\t\tSets the number of iterations to N (default = %d)\n",
            T_COST_DEF);
@@ -60,6 +45,8 @@ static void usage(const char *cmd) {
            LOG_M_COST_DEF);
     printf("\t-p N\t\tSets parallelism to N threads (default %d)\n",
            THREADS_DEF);
+    printf("\t-h N\t\tSets hash output length to N bytes (default %d)\n",
+           OUTLEN_DEF);
 }
 
 static void fatal(const char *error) {
@@ -67,24 +54,43 @@ static void fatal(const char *error) {
     exit(1);
 }
 
+static uint32_t b64len(uint32_t len) {
+    return ((len + 2) / 3) * 4;
+}
+
+static uint32_t numlen(uint32_t num) {
+    uint32_t len = 1;
+    while (num >= 10) {
+        ++len;
+        num = num / 10;
+    }
+    return len;
+}
+
+static uint32_t enclen(uint32_t outlen, uint32_t saltlen, uint32_t t_cost,
+                           uint32_t m_cost, uint32_t lanes) {
+    return strlen("$argon2x$m=,t=,p=$$") + numlen(t_cost) + numlen(m_cost)
+        + numlen(lanes) + b64len(saltlen) + b64len(outlen);
+}
+
+
 /*
 Runs Argon2 with certain inputs and parameters, inputs not cleared. Prints the
 Base64-encoded hash string
 @out output array with at least 32 bytes allocated
 @pwd NULL-terminated string, presumably from argv[]
-@salt salt array with at least SALTLEN_DEF bytes allocated
+@salt salt array
 @t_cost number of iterations
 @m_cost amount of requested memory in KB
 @lanes amount of requested parallelism
 @threads actual parallelism
 @type String, only "d" and "i" are accepted
 */
-static void run(uint8_t *out, char *pwd, uint8_t *salt, uint32_t t_cost,
+static void run(uint32_t outlen, char *pwd, char *salt, uint32_t t_cost,
                 uint32_t m_cost, uint32_t lanes, uint32_t threads,
                 argon2_type type) {
     clock_t start_time, stop_time;
-    size_t pwdlen;
-    char encoded[ENCODED_LEN];
+    size_t pwdlen, saltlen, encodedlen;
     uint32_t i;
     int result;
 
@@ -100,20 +106,35 @@ static void run(uint8_t *out, char *pwd, uint8_t *salt, uint32_t t_cost,
     }
 
     pwdlen = strlen(pwd);
+    saltlen = strlen(salt);
 
     UNUSED_PARAMETER(lanes);
 
-    result = argon2_hash(t_cost, m_cost, threads, pwd, pwdlen, salt, SALT_LEN,
-                         out, OUT_LEN, encoded, sizeof encoded, type);
+    unsigned char* out = malloc(outlen + 1);
+    if (!out) {
+        secure_wipe_memory(pwd, strlen(pwd));
+        fatal("could not allocate memory for output");
+    }
+
+    encodedlen = enclen(outlen, saltlen, t_cost, m_cost, lanes);
+    char* encoded = malloc(encodedlen + 1);
+    if (!encoded) {
+        secure_wipe_memory(pwd, strlen(pwd));
+        fatal("could not allocate memory for hash");
+    }
+
+    result = argon2_hash(t_cost, m_cost, threads, pwd, pwdlen, salt, saltlen,
+                         out, outlen, encoded, encodedlen, type);
     if (result != ARGON2_OK)
-        fatal(error_message(result));
+        fatal(argon2_error_message(result));
 
     stop_time = clock();
 
     printf("Hash:\t\t");
-    for (i = 0; i < OUT_LEN; ++i) {
+    for (i = 0; i < outlen; ++i) {
         printf("%02x", out[i]);
     }
+    free(out);
     printf("\n");
     printf("Encoded:\t%s\n", encoded);
 
@@ -122,27 +143,29 @@ static void run(uint8_t *out, char *pwd, uint8_t *salt, uint32_t t_cost,
 
     result = argon2_verify(encoded, pwd, pwdlen, type);
     if (result != ARGON2_OK)
-        fatal(error_message(result));
+        fatal(argon2_error_message(result));
     printf("Verification ok\n");
+    free(encoded);
 }
 
 int main(int argc, char *argv[]) {
-    unsigned char out[OUT_LEN];
+    uint32_t outlen = OUTLEN_DEF;
     uint32_t m_cost = 1 << LOG_M_COST_DEF;
     uint32_t t_cost = T_COST_DEF;
     uint32_t lanes = LANES_DEF;
     uint32_t threads = THREADS_DEF;
-    uint8_t salt[SALT_LEN];
     argon2_type type = Argon2_i;
     int i;
     size_t n;
-    char pwd[128];
+    char pwd[128], *salt;
 
     if (argc < 2) {
         usage(argv[0]);
         return ARGON2_MISSING_ARGS;
     }
 
+    salt = argv[1];
+
     /* get password from stdin */
     while ((n = fread(pwd, 1, sizeof pwd - 1, stdin)) > 0) {
         pwd[n] = '\0';
@@ -150,13 +173,6 @@ int main(int argc, char *argv[]) {
             pwd[n - 1] = '\0';
     }
 
-    /* get salt from command line */
-    if (strlen(argv[1]) > SALT_LEN) {
-        fatal("salt too long");
-    }
-    memset(salt, 0x00, SALT_LEN); /* pad with null bytes */
-    memcpy(salt, argv[1], strlen(argv[1]));
-
     /* parse options */
     for (i = 2; i < argc; i++) {
         const char *a = argv[i];
@@ -204,6 +220,15 @@ int main(int argc, char *argv[]) {
             } else {
                 fatal("missing -p argument");
             }
+        } else if (!strcmp(a, "-h")) {
+            if (i < argc - 1) {
+                i++;
+                input = strtoul(argv[i], NULL, 10);
+                outlen = input;
+                continue;
+            } else {
+                fatal("missing -h argument");
+            }
         } else if (!strcmp(a, "-d")) {
             type = Argon2_d;
         } else {
@@ -218,7 +243,7 @@ int main(int argc, char *argv[]) {
     printf("Iterations:\t%" PRIu32 " \n", t_cost);
     printf("Memory:\t\t%" PRIu32 " KiB\n", m_cost);
     printf("Parallelism:\t%" PRIu32 " \n", lanes);
-    run(out, pwd, salt, t_cost, m_cost, lanes, threads, type);
+    run(outlen, pwd, salt, t_cost, m_cost, lanes, threads, type);
 
     return ARGON2_OK;
 }

data/ext/phc-winner-argon2/src/test.c

@@ -0,0 +1,131 @@
+#include <stdio.h>
+#include <stdint.h>
+#include <inttypes.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <assert.h>
+
+#include "argon2.h"
+
+#define OUT_LEN 32
+#define SALT_LEN 16
+#define ENCODED_LEN 108
+
+uint8_t salt[SALT_LEN];
+
+/* Test harness will assert:
+ * argon_hash2() returns ARGON2_OK
+ * HEX output matches expected
+ * encoded output matches expected
+ * argon2_verify() correctly verifies value
+ */
+
+void hashtest(uint32_t t, uint32_t m, uint32_t p, char *pwd, char *hexref,
+              char *mcfref) {
+    unsigned char out[OUT_LEN];
+    unsigned char hex_out[OUT_LEN * 2 + 4];
+    char encoded[ENCODED_LEN];
+    int ret, i;
+
+    printf("Hash test: t=%d, m=%d, p=%d, pass=%s, salt=%s: ", t, m, p, pwd,
+           salt);
+    ret = argon2_hash(t, 1 << m, p, pwd, strlen(pwd), salt, SALT_LEN, out,
+                      OUT_LEN, encoded, ENCODED_LEN, Argon2_i);
+    assert(ret == ARGON2_OK);
+
+    for (i = 0; i < OUT_LEN; ++i)
+        sprintf((char *)(hex_out + i * 2), "%02x", out[i]);
+
+    assert(memcmp(hex_out, hexref, OUT_LEN * 2) == 0);
+    assert(memcmp(encoded, mcfref, strlen(mcfref)) == 0);
+    ret = argon2_verify(encoded, pwd, strlen(pwd), Argon2_i);
+    assert(ret == ARGON2_OK);
+    printf("PASS\n");
+}
+
+int main() {
+    int ret;
+    unsigned char out[OUT_LEN];
+    char const *msg;
+
+    memset(salt, 0x00, SALT_LEN); /* pad with null bytes */
+    memcpy(salt, "somesalt", 8);
+
+    /* Multiple test cases for various input values */
+    hashtest(2, 16, 1, "password",
+             "1c7eeef9e0e969b3024722fc864a1ca9f6ca20da73f9bf3f1731881beae2039e",
+             "$argon2i$m=65536,t=2,p=1$c29tZXNhbHQAAAAAAAAAAA"
+             "$HH7u+eDpabMCRyL8hkocqfbKINpz+b8/FzGIG+riA54");
+    hashtest(2, 20, 1, "password",
+             "253068ce02908829f9c8a026dc7cf4bd4497fd781faa1665a0d0b10d699e0ebd",
+             "$argon2i$m=1048576,t=2,p=1$c29tZXNhbHQAAAAAAAAAAA"
+             "$JTBozgKQiCn5yKAm3Hz0vUSX/XgfqhZloNCxDWmeDr0");
+    hashtest(2, 18, 1, "password",
+             "5c6dfd2712110cf88f1426059b01d87f8210d5368da0e7ee68586e9d4af4954b",
+             "$argon2i$m=262144,t=2,p=1$c29tZXNhbHQAAAAAAAAAAA"
+             "$XG39JxIRDPiPFCYFmwHYf4IQ1TaNoOfuaFhunUr0lUs");
+    hashtest(2, 8, 1, "password",
+             "dfebf9d4eadd6859f4cc6a9bb20043fd9da7e1e36bdacdbb05ca569f463269f8",
+             "$argon2i$m=256,t=2,p=1$c29tZXNhbHQAAAAAAAAAAA"
+             "$3+v51OrdaFn0zGqbsgBD/Z2n4eNr2s27BcpWn0Yyafg");
+    hashtest(2, 8, 2, "password",
+             "aea9db129d7f8c50d410a6599b0fb3d786a60ec16a3030b9ddd21ee7b6470f7f",
+             "$argon2i$m=256,t=2,p=2$c29tZXNhbHQAAAAAAAAAAA"
+             "$rqnbEp1/jFDUEKZZmw+z14amDsFqMDC53dIe57ZHD38");
+    hashtest(1, 16, 1, "password",
+             "fabd1ddbd86a101d326ac2abe79660202b10192925d2fd2483085df94df0c91a",
+             "$argon2i$m=65536,t=1,p=1$c29tZXNhbHQAAAAAAAAAAA"
+             "$+r0d29hqEB0yasKr55ZgICsQGSkl0v0kgwhd+U3wyRo");
+    hashtest(4, 16, 1, "password",
+             "b3b4cb3d6e2c1cb1e7bffdb966ab3ceafae701d6b7789c3f1e6c6b22d82d99d5",
+             "$argon2i$m=65536,t=4,p=1$c29tZXNhbHQAAAAAAAAAAA"
+             "$s7TLPW4sHLHnv/25Zqs86vrnAda3eJw/HmxrItgtmdU");
+    hashtest(2, 16, 1, "differentpassword",
+             "b2db9d7c0d1288951aec4b6e1cd3835ea29a7da2ac13e6f48554a26b127146f9",
+             "$argon2i$m=65536,t=2,p=1$c29tZXNhbHQAAAAAAAAAAA"
+             "$studfA0SiJUa7EtuHNODXqKafaKsE+b0hVSiaxJxRvk");
+    memcpy(salt, "diffsalt", 8);
+    hashtest(2, 16, 1, "password",
+             "bb6686865f2c1093f70f543c9535f807d5b42d5dc6d71f14a4a7a291913e05e0",
+             "$argon2i$m=65536,t=2,p=1$ZGlmZnNhbHQAAAAAAAAAAA"
+             "$u2aGhl8sEJP3D1Q8lTX4B9W0LV3G1x8UpKeikZE+BeA");
+
+    /* Error state tests */
+
+    ret = argon2_hash(2, 1, 1, "password", strlen("password"), salt, SALT_LEN,
+                      out, OUT_LEN, NULL, 0, Argon2_i);
+    assert(ret == ARGON2_MEMORY_TOO_LITTLE);
+    printf("Fail on invalid memory: PASS\n");
+
+    ret = argon2_hash(2, 1 << 12, 1, NULL, strlen("password"), salt, SALT_LEN,
+                      out, OUT_LEN, NULL, 0, Argon2_i);
+    assert(ret == ARGON2_PWD_PTR_MISMATCH);
+    printf("Fail on invalid null pointer: PASS\n");
+
+    ret = argon2_hash(2, 1 << 12, 1, "password", strlen("password"), salt, 1,
+                      out, OUT_LEN, NULL, 0, Argon2_i);
+    assert(ret == ARGON2_SALT_TOO_SHORT);
+    printf("Fail on salt too short: PASS\n");
+
+    /* Handle an invalid encoding correctly (it is missing a $) */
+    ret = argon2_verify("$argon2i$m=65536,t=2,p=1$"
+                        "c29tZXNhbHQAAAAAAAAAAA"
+                        "HH7u+eDpabMCRyL8hkocqfbKINpz+b8/FzGIG+riA54",
+                        "password", strlen("password"), Argon2_i);
+    assert(ret == ARGON2_DECODING_FAIL);
+    printf("Recognise an invalid encoding: PASS\n");
+
+    /* Handle an mismatching hash (the encoded password is "passwore") */
+    ret = argon2_verify("$argon2i$m=65536,t=2,p=1$c29tZXNhbHQAAAAAAAAAAA"
+                        "$tiY53ekuxy5gUQV9pEgGgu3cfe2vKl3l+lKxTna33I4",
+                        "password", strlen("password"), Argon2_i);
+    assert(ret == ARGON2_VERIFY_MISMATCH);
+    printf("Verify with mismatched password: PASS\n");
+
+    msg = argon2_error_message(ARGON2_DECODING_FAIL);
+    assert(strcmp(msg, "Decoding failed")==0);
+    printf("Decode an error message: PASS\n");
+
+    return 0;
+}