argon2 1.0.0 → 1.1.0

data/ext/phc-winner-argon2/src/encoding.c

@@ -229,7 +229,7 @@ static const char *decode_decimal(const char *str, unsigned long *v) {
  *
  * The code below applies the following format:
  *
- *  $argon2<T>$m=<num>,t=<num>,p=<num>[,keyid=<bin>][,data=<bin>][$<bin>[$<bin>]]
+ *  $argon2<T>[$v=<num>]$m=<num>,t=<num>,p=<num>[,keyid=<bin>][,data=<bin>][$<bin>[$<bin>]]
  *
  * where <T> is either 'd' or 'i', <num> is a decimal integer (positive, fits in
  * an 'unsigned long'), and <bin> is Base64-encoded data (no '=' padding
@@ -303,6 +303,9 @@ int decode_string(argon2_context *ctx, const char *str, argon2_type type) {
         CC("$argon2d");
     else
         return ARGON2_INCORRECT_TYPE;
+    ctx->version = ARGON2_VERSION_10;
+    /* Reading the version number if the default is suppressed */
+    CC_opt("$v=", DECIMAL(ctx->version));
     CC("$m=");
     DECIMAL(ctx->m_cost);
     CC(",t=");
@@ -368,15 +371,17 @@ int encode_string(char *dst, size_t dst_len, argon2_context *ctx,
     } while ((void)0, 0)
 
     if (type == Argon2_i)
-        SS("$argon2i$m=");
+        SS("$argon2i$v=");
     else if (type == Argon2_d)
-        SS("$argon2d$m=");
+        SS("$argon2d$v=");
     else
         return ARGON2_ENCODING_FAIL;
 
     if (validate_inputs(ctx) != ARGON2_OK) {
         return validate_inputs(ctx);
     }
+    SX(ctx->version);
+    SS("$m=");
     SX(ctx->m_cost);
     SS(",t=");
     SX(ctx->t_cost);
@@ -405,3 +410,17 @@ int encode_string(char *dst, size_t dst_len, argon2_context *ctx,
 #undef SX
 #undef SB
 }
+
+size_t b64len(uint32_t len) {
+    return (((size_t)len + 2) / 3) * 4;
+}
+
+size_t numlen(uint32_t num) {
+    size_t len = 1;
+    while (num >= 10) {
+        ++len;
+        num = num / 10;
+    }
+    return len;
+}
+

data/ext/phc-winner-argon2/src/encoding.h

@@ -31,4 +31,10 @@ int encode_string(char *dst, size_t dst_len, argon2_context *ctx,
 */
 int decode_string(argon2_context *ctx, const char *str, argon2_type type);
 
+/* Returns the length of the encoded byte stream with length len */
+size_t b64len(uint32_t len);
+
+/* Returns the length of the encoded number num */
+size_t numlen(uint32_t num);
+
 #endif

data/ext/phc-winner-argon2/src/genkat.c

@@ -23,21 +23,24 @@ void initial_kat(const uint8_t *blockhash, const argon2_context *context,
     unsigned i;
 
     if (blockhash != NULL && context != NULL) {
-        printf("=======================================");
+        printf("=======================================\n");
 
         switch (type) {
         case Argon2_d:
-            printf("Argon2d\n");
+            printf("Argon2d version number %d\n", context->version);
             break;
 
         case Argon2_i:
-            printf("Argon2i\n");
+            printf("Argon2i version number %d\n", context->version);
             break;
 
         default:
             break;
         }
 
+        printf("=======================================\n");
+
+
         printf("Memory: %u KiB, Iterations: %u, Parallelism: %u lanes, Tag "
                "length: %u bytes\n",
                context->m_cost, context->t_cost, context->lanes,
@@ -130,7 +133,7 @@ static void fatal(const char *error) {
     exit(1);
 }
 
-static void generate_testvectors(const char *type) {
+static void generate_testvectors(const char *type, const uint32_t version) {
 #define TEST_OUTLEN 32
 #define TEST_PWDLEN 32
 #define TEST_SALTLEN 16
@@ -157,6 +160,7 @@ static void generate_testvectors(const char *type) {
 
     context.out = out;
     context.outlen = TEST_OUTLEN;
+    context.version = ARGON2_VERSION_NUMBER;
     context.pwd = pwd;
     context.pwdlen = TEST_PWDLEN;
     context.salt = salt;
@@ -173,6 +177,12 @@ static void generate_testvectors(const char *type) {
     context.free_cbk = myown_deallocator;
     context.flags = 0;
 
+    if(ARGON2_VERSION_10 == version || ARGON2_VERSION_NUMBER == version) {
+        context.version = version;
+    } else {
+        fatal("wrong Argon2 version number");
+    }
+
 #undef TEST_OUTLEN
 #undef TEST_PWDLEN
 #undef TEST_SALTLEN
@@ -188,7 +198,15 @@ static void generate_testvectors(const char *type) {
 }
 
 int main(int argc, char *argv[]) {
+    /* Argon2 type */
     const char *type = (argc > 1) ? argv[1] : "i";
-    generate_testvectors(type);
+
+    /* Argon2 version number */
+    uint32_t version = ARGON2_VERSION_NUMBER;
+    if(argc > 2) {
+        version = strtoul(argv[2], NULL, 10);
+    }
+
+    generate_testvectors(type, version);
     return ARGON2_OK;
 }

data/ext/phc-winner-argon2/src/opt.c

@@ -21,7 +21,35 @@
 #include "blake2/blake2.h"
 #include "blake2/blamka-round-opt.h"
 
-void fill_block_with_xor(__m128i *state, const uint8_t *ref_block, uint8_t *next_block) {
+void fill_block(__m128i *state, const uint8_t *ref_block, uint8_t *next_block) {
+    __m128i block_XY[ARGON2_OWORDS_IN_BLOCK];
+    uint32_t i;
+
+    for (i = 0; i < ARGON2_OWORDS_IN_BLOCK; i++) {
+        block_XY[i] = state[i] = _mm_xor_si128(
+            state[i], _mm_loadu_si128((__m128i const *)(&ref_block[16 * i])));
+    }
+
+    for (i = 0; i < 8; ++i) {
+        BLAKE2_ROUND(state[8 * i + 0], state[8 * i + 1], state[8 * i + 2],
+            state[8 * i + 3], state[8 * i + 4], state[8 * i + 5],
+            state[8 * i + 6], state[8 * i + 7]);
+    }
+
+    for (i = 0; i < 8; ++i) {
+        BLAKE2_ROUND(state[8 * 0 + i], state[8 * 1 + i], state[8 * 2 + i],
+            state[8 * 3 + i], state[8 * 4 + i], state[8 * 5 + i],
+            state[8 * 6 + i], state[8 * 7 + i]);
+    }
+
+    for (i = 0; i < ARGON2_OWORDS_IN_BLOCK; i++) {
+        state[i] = _mm_xor_si128(state[i], block_XY[i]);
+        _mm_storeu_si128((__m128i *)(&next_block[16 * i]), state[i]);
+    }
+}
+
+void fill_block_with_xor(__m128i *state, const uint8_t *ref_block,
+                         uint8_t *next_block) {
     __m128i block_XY[ARGON2_OWORDS_IN_BLOCK];
     uint32_t i;
 
@@ -173,7 +201,19 @@ void fill_segment(const argon2_instance_t *instance,
         ref_block =
             instance->memory + instance->lane_length * ref_lane + ref_index;
         curr_block = instance->memory + curr_offset;
-        fill_block_with_xor(state, (uint8_t *)ref_block->v, (uint8_t *)curr_block->v);
+        if (ARGON2_VERSION_10 == instance->version) {
+            /* version 1.2.1 and earlier: overwrite, not XOR */
+            fill_block(state, (uint8_t *)ref_block->v,
+                       (uint8_t *)curr_block->v);
+        } else {
+            if(0 == position.pass) {
+                fill_block(state, (uint8_t *)ref_block->v,
+                           (uint8_t *)curr_block->v);
+            } else {
+                fill_block_with_xor(state, (uint8_t *)ref_block->v,
+                                    (uint8_t *)curr_block->v);
+            }
+        }
     }
 
     free(pseudo_rands);

data/ext/phc-winner-argon2/src/opt.h

@@ -27,6 +27,16 @@
  */
 void fill_block_with_xor(__m128i *state, const uint8_t *ref_block, uint8_t *next_block);
 
+/* LEGACY CODE: version 1.2.1 and earlier
+* Function fills a new memory block by overwriting @next_block.
+* @param state Pointer to the just produced block. Content will be updated(!)
+* @param ref_block Pointer to the reference block
+* @param next_block Pointer to the block to be XORed over. May coincide with @ref_block
+* @pre all block pointers must be valid
+*/
+void fill_block(__m128i *state, const uint8_t *ref_block, uint8_t *next_block);
+
+
 /*
  * Generate pseudo-random values to reference blocks in the segment and puts
  * them into the array

data/ext/phc-winner-argon2/src/ref.c

@@ -22,6 +22,45 @@
 #include "blake2/blake2-impl.h"
 #include "blake2/blake2.h"
 
+
+void fill_block(const block *prev_block, const block *ref_block,
+    block *next_block) {
+    block blockR, block_tmp;
+    unsigned i;
+
+    copy_block(&blockR, ref_block);
+    xor_block(&blockR, prev_block);
+    copy_block(&block_tmp, &blockR);
+            /*Now blockR = ref_block + prev_block and bloc_tmp = ref_block + prev_block */
+                /* Apply Blake2 on columns of 64-bit words: (0,1,...,15) , then
+                (16,17,..31)... finally (112,113,...127) */
+    for (i = 0; i < 8; ++i) {
+        BLAKE2_ROUND_NOMSG(
+            blockR.v[16 * i], blockR.v[16 * i + 1], blockR.v[16 * i + 2],
+            blockR.v[16 * i + 3], blockR.v[16 * i + 4], blockR.v[16 * i + 5],
+            blockR.v[16 * i + 6], blockR.v[16 * i + 7], blockR.v[16 * i + 8],
+            blockR.v[16 * i + 9], blockR.v[16 * i + 10], blockR.v[16 * i + 11],
+            blockR.v[16 * i + 12], blockR.v[16 * i + 13], blockR.v[16 * i + 14],
+            blockR.v[16 * i + 15]);
+    }
+
+    /* Apply Blake2 on rows of 64-bit words: (0,1,16,17,...112,113), then
+    (2,3,18,19,...,114,115).. finally (14,15,30,31,...,126,127) */
+    for (i = 0; i < 8; i++) {
+        BLAKE2_ROUND_NOMSG(
+            blockR.v[2 * i], blockR.v[2 * i + 1], blockR.v[2 * i + 16],
+            blockR.v[2 * i + 17], blockR.v[2 * i + 32], blockR.v[2 * i + 33],
+            blockR.v[2 * i + 48], blockR.v[2 * i + 49], blockR.v[2 * i + 64],
+            blockR.v[2 * i + 65], blockR.v[2 * i + 80], blockR.v[2 * i + 81],
+            blockR.v[2 * i + 96], blockR.v[2 * i + 97], blockR.v[2 * i + 112],
+            blockR.v[2 * i + 113]);
+    }
+
+    copy_block(next_block, &block_tmp);
+    xor_block(next_block, &blockR);
+}
+
+
 void fill_block_with_xor(const block *prev_block, const block *ref_block,
                 block *next_block) {
     block blockR, block_tmp;
@@ -171,7 +210,18 @@ void fill_segment(const argon2_instance_t *instance,
         ref_block =
             instance->memory + instance->lane_length * ref_lane + ref_index;
         curr_block = instance->memory + curr_offset;
-        fill_block_with_xor(instance->memory + prev_offset, ref_block, curr_block);
+        if (ARGON2_VERSION_10 == instance->version) {
+            /* version 1.2.1 and earlier: overwrite, not XOR */
+            fill_block(instance->memory + prev_offset, ref_block, curr_block);
+        } else {
+            if(0 == position.pass) {
+                fill_block(instance->memory + prev_offset, ref_block,
+                           curr_block);
+            } else {
+                fill_block_with_xor(instance->memory + prev_offset, ref_block,
+                                    curr_block);
+            }
+        }
     }
 
     free(pseudo_rands);

data/ext/phc-winner-argon2/src/ref.h

@@ -26,6 +26,16 @@
 void fill_block_with_xor(const block *prev_block, const block *ref_block,
                 block *next_block);
 
+/* LEGACY CODE: version 1.2.1 and earlier
+* Function fills a new memory block by overwriting @next_block. 
+* @param prev_block Pointer to the previous block
+* @param ref_block Pointer to the reference block
+* @param next_block Pointer to the block to be constructed
+* @pre all block pointers must be valid
+*/
+void fill_block(const block *prev_block, const block *ref_block,
+    block *next_block);
+
 /*
  * Generate pseudo-random values to reference blocks in the segment and puts
  * them into the array

data/ext/phc-winner-argon2/src/run.c

@@ -28,12 +28,13 @@
 #define LANES_DEF 1
 #define THREADS_DEF 1
 #define OUTLEN_DEF 32
+#define MAX_PASS_LEN 128
 
 #define UNUSED_PARAMETER(x) (void)(x)
 
 static void usage(const char *cmd) {
     printf("Usage:  %s salt [-d] [-t iterations] [-m memory] "
-           "[-p parallelism] [-h hash length]\n",
+           "[-p parallelism] [-h hash length] [-e|-r]\n",
            cmd);
     printf("\tPassword is read from stdin\n");
     printf("Parameters:\n");
@@ -47,6 +48,8 @@ static void usage(const char *cmd) {
            THREADS_DEF);
     printf("\t-h N\t\tSets hash output length to N bytes (default %d)\n",
            OUTLEN_DEF);
+    printf("\t-e\t\tOutput only encoded hash\n");
+    printf("\t-r\t\tOutput only the raw bytes of the hash\n");
 }
 
 static void fatal(const char *error) {
@@ -54,26 +57,14 @@ static void fatal(const char *error) {
     exit(1);
 }
 
-static uint32_t b64len(uint32_t len) {
-    return ((len + 2) / 3) * 4;
-}
-
-static uint32_t numlen(uint32_t num) {
-    uint32_t len = 1;
-    while (num >= 10) {
-        ++len;
-        num = num / 10;
+static void print_hex(uint8_t *bytes, size_t bytes_len) {
+    size_t i;
+    for (i = 0; i < bytes_len; ++i) {
+        printf("%02x", bytes[i]);
     }
-    return len;
-}
-
-static uint32_t enclen(uint32_t outlen, uint32_t saltlen, uint32_t t_cost,
-                           uint32_t m_cost, uint32_t lanes) {
-    return strlen("$argon2x$m=,t=,p=$$") + numlen(t_cost) + numlen(m_cost)
-        + numlen(lanes) + b64len(saltlen) + b64len(outlen);
+    printf("\n");
 }
 
-
 /*
 Runs Argon2 with certain inputs and parameters, inputs not cleared. Prints the
 Base64-encoded hash string
@@ -84,14 +75,15 @@ Base64-encoded hash string
 @m_cost amount of requested memory in KB
 @lanes amount of requested parallelism
 @threads actual parallelism
-@type String, only "d" and "i" are accepted
+@type String, only "d" and "i" are acceptedi
+@encoded_only display only the encoded hash
+@raw_only display only the hexadecimal of the hash
 */
 static void run(uint32_t outlen, char *pwd, char *salt, uint32_t t_cost,
                 uint32_t m_cost, uint32_t lanes, uint32_t threads,
-                argon2_type type) {
+                argon2_type type, int encoded_only, int raw_only) {
     clock_t start_time, stop_time;
     size_t pwdlen, saltlen, encodedlen;
-    uint32_t i;
     int result;
 
     start_time = clock();
@@ -116,7 +108,7 @@ static void run(uint32_t outlen, char *pwd, char *salt, uint32_t t_cost,
         fatal("could not allocate memory for output");
     }
 
-    encodedlen = enclen(outlen, saltlen, t_cost, m_cost, lanes);
+    encodedlen = argon2_encodedlen(t_cost, m_cost, lanes, saltlen, outlen);
     char* encoded = malloc(encodedlen + 1);
     if (!encoded) {
         secure_wipe_memory(pwd, strlen(pwd));
@@ -124,18 +116,29 @@ static void run(uint32_t outlen, char *pwd, char *salt, uint32_t t_cost,
     }
 
     result = argon2_hash(t_cost, m_cost, threads, pwd, pwdlen, salt, saltlen,
-                         out, outlen, encoded, encodedlen, type);
+                         out, outlen, encoded, encodedlen, type,
+                         ARGON2_VERSION_NUMBER);
     if (result != ARGON2_OK)
         fatal(argon2_error_message(result));
 
     stop_time = clock();
 
-    printf("Hash:\t\t");
-    for (i = 0; i < outlen; ++i) {
-        printf("%02x", out[i]);
+    if (encoded_only)
+        puts(encoded);
+
+    if (raw_only)
+        print_hex(out, outlen);
+
+    if (encoded_only || raw_only) {
+        free(out);
+        free(encoded);
+        return;
     }
+
+    printf("Hash:\t\t");
+    print_hex(out, outlen);
     free(out);
-    printf("\n");
+
     printf("Encoded:\t%s\n", encoded);
 
     printf("%2.3f seconds\n",
@@ -155,23 +158,32 @@ int main(int argc, char *argv[]) {
     uint32_t lanes = LANES_DEF;
     uint32_t threads = THREADS_DEF;
     argon2_type type = Argon2_i;
+    int encoded_only = 0;
+    int raw_only = 0;
     int i;
     size_t n;
-    char pwd[128], *salt;
+    char pwd[MAX_PASS_LEN], *salt;
 
     if (argc < 2) {
         usage(argv[0]);
         return ARGON2_MISSING_ARGS;
     }
 
-    salt = argv[1];
-
     /* get password from stdin */
-    while ((n = fread(pwd, 1, sizeof pwd - 1, stdin)) > 0) {
-        pwd[n] = '\0';
-        if (pwd[n - 1] == '\n')
-            pwd[n - 1] = '\0';
+    n = fread(pwd, 1, sizeof pwd - 1, stdin);
+    if(n < 1) {
+        fatal("no password read");
     }
+    if(n == MAX_PASS_LEN-1) {
+        fatal("Provided password longer than supported in command line utility");
+    }
+
+    pwd[n] = '\0';
+    if (pwd[n - 1] == '\n') {
+        pwd[n - 1] = '\0';
+    }
+
+    salt = argv[1];
 
     /* parse options */
     for (i = 2; i < argc; i++) {
@@ -231,19 +243,32 @@ int main(int argc, char *argv[]) {
             }
         } else if (!strcmp(a, "-d")) {
             type = Argon2_d;
+        } else if (!strcmp(a, "-e")) {
+            encoded_only = 1;
+        } else if (!strcmp(a, "-r")) {
+            raw_only = 1;
         } else {
             fatal("unknown argument");
         }
     }
-    if (type == Argon2_i) {
-        printf("Type:\t\tArgon2i\n");
-    } else {
-        printf("Type:\t\tArgon2d\n");
+
+    if(encoded_only && raw_only)
+        fatal("cannot provide both -e and -r");
+
+    if(!encoded_only && !raw_only) {
+        if (type == Argon2_i) {
+            printf("Type:\t\tArgon2i\n");
+        } else {
+            printf("Type:\t\tArgon2d\n");
+        }
+        printf("Iterations:\t%" PRIu32 " \n", t_cost);
+        printf("Memory:\t\t%" PRIu32 " KiB\n", m_cost);
+        printf("Parallelism:\t%" PRIu32 " \n", lanes);
     }
-    printf("Iterations:\t%" PRIu32 " \n", t_cost);
-    printf("Memory:\t\t%" PRIu32 " KiB\n", m_cost);
-    printf("Parallelism:\t%" PRIu32 " \n", lanes);
-    run(outlen, pwd, salt, t_cost, m_cost, lanes, threads, type);
+
+    run(outlen, pwd, salt, t_cost, m_cost, lanes, threads, type,
+       encoded_only, raw_only);
 
     return ARGON2_OK;
 }
+