argon2 1.1.1 → 1.1.2

data/ext/phc-winner-argon2/src/core.h

@@ -1,14 +1,18 @@
 /*
- * Argon2 source code package
+ * Argon2 reference source code package - reference C implementations
  *
- * Written by Daniel Dinu and Dmitry Khovratovich, 2015
+ * Copyright 2015
+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
  *
- * This work is licensed under a Creative Commons CC0 1.0 License/Waiver.
+ * You may use this work under the terms of a Creative Commons CC0 1.0 
+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of
+ * these licenses can be found at:
  *
- * You should have received a copy of the CC0 Public Domain Dedication along
- * with
- * this software. If not, see
- * <http://creativecommons.org/publicdomain/zero/1.0/>.
+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * You should have received a copy of both of these licenses along with this
+ * software. If not, they may be obtained at the above URLs.
  */
 
 #ifndef ARGON2_CORE_H
@@ -26,8 +30,7 @@
 
 #define CONST_CAST(x) (x)(uintptr_t)
 
-/*************************Argon2 internal
- * constants**************************************************/
+/**********************Argon2 internal constants*******************************/
 
 enum argon2_core_constants {
     /* Memory block size in bytes */
@@ -45,8 +48,7 @@ enum argon2_core_constants {
     ARGON2_PREHASH_SEED_LENGTH = 72
 };
 
-/*************************Argon2 internal data
- * types**************************************************/
+/*************************Argon2 internal data types***********************/
 
 /*
  * Structure for the (1KB) memory block implemented as 128 64-bit words.
@@ -83,6 +85,7 @@ typedef struct Argon2_instance_t {
     uint32_t threads;
     argon2_type type;
     int print_internals; /* whether to print the memory blocks */
+    argon2_context *context_ptr; /* points back to original context */
 } argon2_instance_t;
 
 /*
@@ -102,32 +105,43 @@ typedef struct Argon2_thread_data {
     argon2_position_t pos;
 } argon2_thread_data;
 
-/*************************Argon2 core
- * functions**************************************************/
+/*************************Argon2 core functions********************************/
 
-/* Allocates memory to the given pointer
+/* Allocates memory to the given pointer, uses the appropriate allocator as
+ * specified in the context. Total allocated memory is num*size.
+ * @param context argon2_context which specifies the allocator
  * @param memory pointer to the pointer to the memory
- * @param m_cost number of blocks to allocate in the memory
+ * @param size the size in bytes for each element to be allocated
+ * @param num the number of elements to be allocated
  * @return ARGON2_OK if @memory is a valid pointer and memory is allocated
  */
-int allocate_memory(block **memory, uint32_t m_cost);
+int allocate_memory(const argon2_context *context, uint8_t **memory,
+                    size_t num, size_t size);
 
-/* Function that securely cleans the memory
+/*
+ * Frees memory at the given pointer, uses the appropriate deallocator as
+ * specified in the context. Also cleans the memory using clear_internal_memory.
+ * @param context argon2_context which specifies the deallocator
+ * @param memory pointer to buffer to be freed
+ * @param size the size in bytes for each element to be deallocated
+ * @param num the number of elements to be deallocated
+ */
+void free_memory(const argon2_context *context, uint8_t *memory,
+                 size_t num, size_t size);
+
+/* Function that securely cleans the memory. This ignores any flags set
+ * regarding clearing memory. Usually one just calls clear_internal_memory.
  * @param mem Pointer to the memory
  * @param s Memory size in bytes
  */
 void secure_wipe_memory(void *v, size_t n);
 
-/* Clears memory
- * @param instance pointer to the current instance
- * @param clear_memory indicates if we clear the memory with zeros.
- */
-void clear_memory(argon2_instance_t *instance, int clear);
-
-/* Deallocates memory
- * @param memory pointer to the blocks
+/* Function that securely clears the memory if FLAG_clear_internal_memory is
+ * set. If the flag isn't set, this function does nothing.
+ * @param mem Pointer to the memory
+ * @param s Memory size in bytes
  */
-void free_memory(block *memory);
+void clear_internal_memory(void *v, size_t n);
 
 /*
  * Computes absolute position of reference block in the lane following a skewed
@@ -201,6 +215,7 @@ void finalize(const argon2_context *context, argon2_instance_t *instance);
 /*
  * Function that fills the segment using previous segments also from other
  * threads
+ * @param context current context
  * @param instance Pointer to the current instance
  * @param position Current position
  * @pre all block pointers must be valid

data/ext/phc-winner-argon2/src/encoding.c

@@ -1,3 +1,20 @@
+/*
+ * Argon2 reference source code package - reference C implementations
+ *
+ * Copyright 2015
+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
+ *
+ * You may use this work under the terms of a Creative Commons CC0 1.0 
+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of
+ * these licenses can be found at:
+ *
+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * You should have received a copy of both of these licenses along with this
+ * software. If not, they may be obtained at the above URLs.
+ */
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -22,11 +39,6 @@
  *   the parameters, salts and outputs. It does not compute the hash
  *   itself.
  *
- *   -- The third section is test code, with a main() function. With
- *   this section, the whole file compiles as a stand-alone program
- *   that exercises the encoding and decoding functions with some
- *   test vectors.
- *
  * The code was originally written by Thomas Pornin <pornin@bolet.org>,
  * to whom comments and remarks may be sent. It is released under what
  * should amount to Public Domain or its closest equivalent; the
@@ -229,19 +241,18 @@ static const char *decode_decimal(const char *str, unsigned long *v) {
  *
  * The code below applies the following format:
  *
- *  $argon2<T>[$v=<num>]$m=<num>,t=<num>,p=<num>[,keyid=<bin>][,data=<bin>][$<bin>[$<bin>]]
+ *  $argon2<T>[$v=<num>]$m=<num>,t=<num>,p=<num>$<bin>$<bin>
  *
- * where <T> is either 'd' or 'i', <num> is a decimal integer (positive, fits in
- * an 'unsigned long'), and <bin> is Base64-encoded data (no '=' padding
+ * where <T> is either 'd', 'id', or 'i', <num> is a decimal integer (positive,
+ * fits in an 'unsigned long'), and <bin> is Base64-encoded data (no '=' padding
  * characters, no newline or whitespace).
- * The "keyid" is a binary identifier for a key (up to 8 bytes);
- * "data" is associated data (up to 32 bytes). When the 'keyid'
- * (resp. the 'data') is empty, then it is ommitted from the output.
  *
  * The last two binary chunks (encoded in Base64) are, in that order,
- * the salt and the output. Both are optional, but you cannot have an
- * output without a salt. The binary salt length is between 8 and 48 bytes.
- * The output length is always exactly 32 bytes.
+ * the salt and the output. Both are required. The binary salt length and the
+ * output length must be in the allowed ranges defined in argon2.h.
+ *
+ * The ctx struct must contain buffers large enough to hold the salt and pwd
+ * when it is fed into decode_string.
  */
 
 int decode_string(argon2_context *ctx, const char *str, argon2_type type) {
@@ -256,7 +267,7 @@ int decode_string(argon2_context *ctx, const char *str, argon2_type type) {
         str += cc_len;                                                         \
     } while ((void)0, 0)
 
-/* prefix checking with supplied code */
+/* optional prefix checking with supplied code */
 #define CC_opt(prefix, code)                                                   \
     do {                                                                       \
         size_t cc_len = strlen(prefix);                                        \
@@ -266,7 +277,7 @@ int decode_string(argon2_context *ctx, const char *str, argon2_type type) {
         }                                                                      \
     } while ((void)0, 0)
 
-/* Decoding  prefix into decimal */
+/* Decoding prefix into decimal */
 #define DECIMAL(x)                                                             \
     do {                                                                       \
         unsigned long dec_x;                                                   \
@@ -277,6 +288,7 @@ int decode_string(argon2_context *ctx, const char *str, argon2_type type) {
         (x) = dec_x;                                                           \
     } while ((void)0, 0)
 
+/* Decoding base64 into a binary buffer */
 #define BIN(buf, max_len, len)                                                 \
     do {                                                                       \
         size_t bin_len = (max_len);                                            \
@@ -287,25 +299,24 @@ int decode_string(argon2_context *ctx, const char *str, argon2_type type) {
         (len) = (uint32_t)bin_len;                                             \
     } while ((void)0, 0)
 
-    size_t maxadlen = ctx->adlen;
     size_t maxsaltlen = ctx->saltlen;
     size_t maxoutlen = ctx->outlen;
     int validation_result;
+    const char* type_string;
 
-    ctx->adlen = 0;
-    ctx->saltlen = 0;
-    ctx->outlen = 0;
-    ctx->pwdlen = 0;
-
-    if (type == Argon2_i)
-        CC("$argon2i");
-    else if (type == Argon2_d)
-        CC("$argon2d");
-    else
+    /* We should start with the argon2_type we are using */
+    type_string = argon2_type2string(type, 0);
+    if (!type_string) {
         return ARGON2_INCORRECT_TYPE;
-    ctx->version = ARGON2_VERSION_10;
+    }
+
+    CC("$");
+    CC(type_string);
+
     /* Reading the version number if the default is suppressed */
+    ctx->version = ARGON2_VERSION_10;
     CC_opt("$v=", DECIMAL(ctx->version));
+
     CC("$m=");
     DECIMAL(ctx->m_cost);
     CC(",t=");
@@ -314,21 +325,27 @@ int decode_string(argon2_context *ctx, const char *str, argon2_type type) {
     DECIMAL(ctx->lanes);
     ctx->threads = ctx->lanes;
 
-    CC_opt(",data=", BIN(ctx->ad, maxadlen, ctx->adlen));
-    if (*str == 0) {
-        return ARGON2_OK;
-    }
     CC("$");
     BIN(ctx->salt, maxsaltlen, ctx->saltlen);
-    if (*str == 0) {
-        return ARGON2_OK;
-    }
     CC("$");
     BIN(ctx->out, maxoutlen, ctx->outlen);
+
+    /* The rest of the fields get the default values */
+    ctx->secret = NULL;
+    ctx->secretlen = 0;
+    ctx->ad = NULL;
+    ctx->adlen = 0;
+    ctx->allocate_cbk = NULL;
+    ctx->free_cbk = NULL;
+    ctx->flags = ARGON2_DEFAULT_FLAGS;
+
+    /* On return, must have valid context */
     validation_result = validate_inputs(ctx);
     if (validation_result != ARGON2_OK) {
         return validation_result;
     }
+
+    /* Can't have any additional characters */
     if (*str == 0) {
         return ARGON2_OK;
     } else {
@@ -370,17 +387,24 @@ int encode_string(char *dst, size_t dst_len, argon2_context *ctx,
         dst_len -= sb_len;                                                     \
     } while ((void)0, 0)
 
-    if (type == Argon2_i)
-        SS("$argon2i$v=");
-    else if (type == Argon2_d)
-        SS("$argon2d$v=");
-    else
-        return ARGON2_ENCODING_FAIL;
+    const char* type_string = argon2_type2string(type, 0);
+    int validation_result = validate_inputs(ctx);
+
+    if (!type_string) {
+      return ARGON2_ENCODING_FAIL;
+    }
 
-    if (validate_inputs(ctx) != ARGON2_OK) {
-        return validate_inputs(ctx);
+    if (validation_result != ARGON2_OK) {
+      return validation_result;
     }
+
+
+    SS("$");
+    SS(type_string);
+
+    SS("$v=");
     SX(ctx->version);
+
     SS("$m=");
     SX(ctx->m_cost);
     SS(",t=");
@@ -388,20 +412,9 @@ int encode_string(char *dst, size_t dst_len, argon2_context *ctx,
     SS(",p=");
     SX(ctx->lanes);
 
-    if (ctx->adlen > 0) {
-        SS(",data=");
-        SB(ctx->ad, ctx->adlen);
-    }
-
-    if (ctx->saltlen == 0)
-        return ARGON2_OK;
-
     SS("$");
     SB(ctx->salt, ctx->saltlen);
 
-    if (ctx->outlen == 0)
-        return ARGON2_OK;
-
     SS("$");
     SB(ctx->out, ctx->outlen);
     return ARGON2_OK;
@@ -412,7 +425,18 @@ int encode_string(char *dst, size_t dst_len, argon2_context *ctx,
 }
 
 size_t b64len(uint32_t len) {
-    return (((size_t)len + 2) / 3) * 4;
+    size_t olen = ((size_t)len / 3) << 2;
+
+    switch (len % 3) {
+    case 2:
+        olen++;
+    /* fall through */
+    case 1:
+        olen += 2;
+        break;
+    }
+
+    return olen;
 }
 
 size_t numlen(uint32_t num) {

data/ext/phc-winner-argon2/src/encoding.h

@@ -1,3 +1,20 @@
+/*
+ * Argon2 reference source code package - reference C implementations
+ *
+ * Copyright 2015
+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
+ *
+ * You may use this work under the terms of a Creative Commons CC0 1.0 
+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of
+ * these licenses can be found at:
+ *
+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * You should have received a copy of both of these licenses along with this
+ * software. If not, they may be obtained at the above URLs.
+ */
+
 #ifndef ENCODING_H
 #define ENCODING_H
 #include "argon2.h"
@@ -12,21 +29,21 @@
 * is less than the number of required characters (including the
 * terminating 0), then this function returns ARGON2_ENCODING_ERROR.
 *
-* if ctx->outlen is 0, then the hash string will be a salt string
-* (no output). if ctx->saltlen is also 0, then the string will be a
-* parameter-only string (no salt and no output).
-*
 * on success, ARGON2_OK is returned.
-*
-* No other parameters are checked
 */
 int encode_string(char *dst, size_t dst_len, argon2_context *ctx,
                   argon2_type type);
 
 /*
 * Decodes an Argon2 hash string into the provided structure 'ctx'.
-* The fields ctx.saltlen, ctx.adlen, ctx.outlen set the maximal salt, ad, out
-* length values that are allowed; invalid input string causes an error.
+* The only fields that must be set prior to this call are ctx.saltlen and
+* ctx.outlen (which must be the maximal salt and out length values that are
+* allowed), ctx.salt and ctx.out (which must be buffers of the specified
+* length), and ctx.pwd and ctx.pwdlen which must hold a valid password.
+*
+* Invalid input string causes an error. On success, the ctx is valid and all
+* fields have been initialized.
+*
 * Returned value is ARGON2_OK on success, other ARGON2_ codes on error.
 */
 int decode_string(argon2_context *ctx, const char *str, argon2_type type);

data/ext/phc-winner-argon2/src/genkat.c

@@ -1,14 +1,18 @@
 /*
- * Argon2 source code package
+ * Argon2 reference source code package - reference C implementations
  *
- * Written by Daniel Dinu and Dmitry Khovratovich, 2015
+ * Copyright 2015
+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
  *
- * This work is licensed under a Creative Commons CC0 1.0 License/Waiver.
+ * You may use this work under the terms of a Creative Commons CC0 1.0 
+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of
+ * these licenses can be found at:
  *
- * You should have received a copy of the CC0 Public Domain Dedication along
- * with
- * this software. If not, see
- * <http://creativecommons.org/publicdomain/zero/1.0/>.
+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * You should have received a copy of both of these licenses along with this
+ * software. If not, they may be obtained at the above URLs.
  */
 
 #include <inttypes.h>
@@ -25,18 +29,8 @@ void initial_kat(const uint8_t *blockhash, const argon2_context *context,
     if (blockhash != NULL && context != NULL) {
         printf("=======================================\n");
 
-        switch (type) {
-        case Argon2_d:
-            printf("Argon2d version number %d\n", context->version);
-            break;
-
-        case Argon2_i:
-            printf("Argon2i version number %d\n", context->version);
-            break;
-
-        default:
-            break;
-        }
+        printf("%s version number %d\n", argon2_type2string(type, 1),
+               context->version);
 
         printf("=======================================\n");
 
@@ -133,7 +127,7 @@ static void fatal(const char *error) {
     exit(1);
 }
 
-static void generate_testvectors(const char *type, const uint32_t version) {
+static void generate_testvectors(argon2_type type, const uint32_t version) {
 #define TEST_OUTLEN 32
 #define TEST_PWDLEN 32
 #define TEST_SALTLEN 16
@@ -160,7 +154,7 @@ static void generate_testvectors(const char *type, const uint32_t version) {
 
     context.out = out;
     context.outlen = TEST_OUTLEN;
-    context.version = ARGON2_VERSION_NUMBER;
+    context.version = version;
     context.pwd = pwd;
     context.pwdlen = TEST_PWDLEN;
     context.salt = salt;
@@ -175,13 +169,7 @@ static void generate_testvectors(const char *type, const uint32_t version) {
     context.threads = lanes;
     context.allocate_cbk = myown_allocator;
     context.free_cbk = myown_deallocator;
-    context.flags = 0;
-
-    if(ARGON2_VERSION_10 == version || ARGON2_VERSION_NUMBER == version) {
-        context.version = version;
-    } else {
-        fatal("wrong Argon2 version number");
-    }
+    context.flags = ARGON2_DEFAULT_FLAGS;
 
 #undef TEST_OUTLEN
 #undef TEST_PWDLEN
@@ -189,23 +177,31 @@ static void generate_testvectors(const char *type, const uint32_t version) {
 #undef TEST_SECRETLEN
 #undef TEST_ADLEN
 
-    if (!strcmp(type, "d")) {
-        argon2d_ctx(&context);
-    } else if (!strcmp(type, "i")) {
-        argon2i_ctx(&context);
-    } else
-        fatal("wrong Argon2 type");
+    argon2_ctx(&context, type);
 }
 
 int main(int argc, char *argv[]) {
-    /* Argon2 type */
-    const char *type = (argc > 1) ? argv[1] : "i";
-
-    /* Argon2 version number */
+    /* Get and check Argon2 type */
+    const char *type_str = (argc > 1) ? argv[1] : "i";
+    argon2_type type = Argon2_i;
     uint32_t version = ARGON2_VERSION_NUMBER;
-    if(argc > 2) {
+    if (!strcmp(type_str, "d")) {
+        type = Argon2_d;
+    } else if (!strcmp(type_str, "i")) {
+        type = Argon2_i;
+    } else if (!strcmp(type_str, "id")) {
+        type = Argon2_id;
+    } else {
+        fatal("wrong Argon2 type");
+    }
+
+    /* Get and check Argon2 version number */
+    if (argc > 2) {
         version = strtoul(argv[2], NULL, 10);
     }
+    if (ARGON2_VERSION_10 != version && ARGON2_VERSION_NUMBER != version) {
+        fatal("wrong Argon2 version number");
+    }
 
     generate_testvectors(type, version);
     return ARGON2_OK;