argon2 1.1.1 → 1.1.2

data/ext/phc-winner-argon2/Makefile

@@ -1,16 +1,27 @@
 #
-# Argon2 source code package
-# 
-# This work is licensed under a Creative Commons CC0 1.0 License/Waiver.
-# 
-# You should have received a copy of the CC0 Public Domain Dedication along with
-# this software. If not, see <http://creativecommons.org/publicdomain/zero/1.0/>.
+# Argon2 reference source code package - reference C implementations
+#
+# Copyright 2015
+# Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
+#
+# You may use this work under the terms of a Creative Commons CC0 1.0
+# License/Waiver or the Apache Public License 2.0, at your option. The terms of
+# these licenses can be found at:
+#
+# - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+# - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+#
+# You should have received a copy of both of these licenses along with this
+# software. If not, they may be obtained at the above URLs.
 #
 
 RUN = argon2
 BENCH = bench
 GENKAT = genkat
 
+# Increment on an ABI breaking change
+ABI_VERSION = 0
+
 DIST = phc-winner-argon2
 
 SRC = src/argon2.c src/core.c src/blake2/blake2b.c src/thread.c src/encoding.c
@@ -19,17 +30,27 @@ SRC_BENCH = src/bench.c
 SRC_GENKAT = src/genkat.c
 OBJ = $(SRC:.c=.o)
 
-CFLAGS += -std=c89 -pthread -O3 -Wall -g -Iinclude -Isrc
+CFLAGS += -std=c89 -O3 -Wall -g -Iinclude -Isrc
+
+ifeq ($(NO_THREADS), 1)
+CFLAGS += -DARGON2_NO_THREADS
+else
+CFLAGS += -pthread
+endif
+
 CI_CFLAGS := $(CFLAGS) -Werror=declaration-after-statement -D_FORTIFY_SOURCE=2 \
 				-Wextra -Wno-type-limits -Werror -coverage -DTEST_LARGE_RAM
 
-OPTTEST := $(shell $(CC) -Iinclude -Isrc -march=native src/opt.c -c \
+OPTTARGET ?= native
+OPTTEST := $(shell $(CC) -Iinclude -Isrc -march=$(OPTTARGET) src/opt.c -c \
 			-o /dev/null 2>/dev/null; echo $$?)
 # Detect compatible platform
 ifneq ($(OPTTEST), 0)
+$(info Building without optimizations)
 	SRC += src/ref.c
 else
-	CFLAGS += -march=native
+$(info Building with optimizations for $(OPTTARGET))
+	CFLAGS += -march=$(OPTTARGET)
 	SRC += src/opt.c
 endif
 
@@ -38,17 +59,23 @@ KERNEL_NAME := $(shell uname -s)
 
 LIB_NAME=argon2
 ifeq ($(KERNEL_NAME), Linux)
-	LIB_EXT := so
+	LIB_EXT := so.$(ABI_VERSION)
 	LIB_CFLAGS := -shared -fPIC -fvisibility=hidden -DA2_VISCTL=1
-	SO_LDFLAGS := -Wl,-soname,libargon2.so.0
+	SO_LDFLAGS := -Wl,-soname,lib$(LIB_NAME).$(LIB_EXT)
+	LINKED_LIB_EXT := so
 endif
-ifeq ($(KERNEL_NAME), NetBSD)
+ifeq ($(KERNEL_NAME), $(filter $(KERNEL_NAME),FreeBSD NetBSD OpenBSD))
 	LIB_EXT := so
 	LIB_CFLAGS := -shared -fPIC
 endif
 ifeq ($(KERNEL_NAME), Darwin)
-	LIB_EXT := dylib
+	LIB_EXT := $(ABI_VERSION).dylib
 	LIB_CFLAGS := -dynamiclib -install_name @rpath/lib$(LIB_NAME).$(LIB_EXT)
+	LINKED_LIB_EXT := dylib
+endif
+ifeq ($(findstring CYGWIN, $(KERNEL_NAME)), CYGWIN)
+	LIB_EXT := dll
+	LIB_CFLAGS := -shared -Wl,--out-implib,lib$(LIB_NAME).$(LIB_EXT).a
 endif
 ifeq ($(findstring MINGW, $(KERNEL_NAME)), MINGW)
 	LIB_EXT := dll
@@ -58,7 +85,9 @@ ifeq ($(findstring MSYS, $(KERNEL_NAME)), MSYS)
 	LIB_EXT := dll
 	LIB_CFLAGS := -shared -Wl,--out-implib,lib$(LIB_NAME).$(LIB_EXT).a
 endif
-ifeq ($(KERNEL_NAME), $(filter $(KERNEL_NAME),OpenBSD FreeBSD))
+ifeq ($(KERNEL_NAME), SunOS)
+	CC := gcc
+	CFLAGS += -D_REENTRANT
 	LIB_EXT := so
 	LIB_CFLAGS := -shared -fPIC
 endif
@@ -72,10 +101,30 @@ endif
 LIB_SH := lib$(LIB_NAME).$(LIB_EXT)
 LIB_ST := lib$(LIB_NAME).a
 
-.PHONY: clean dist format $(GENKAT)
+ifdef LINKED_LIB_EXT
+LINKED_LIB_SH := lib$(LIB_NAME).$(LINKED_LIB_EXT)
+endif
+
+
+LIBRARIES = $(LIB_SH) $(LIB_ST)
+HEADERS = include/argon2.h
+
+INSTALL = install
+
+DESTDIR =
+PREFIX = /usr
+INCLUDE_REL = include
+LIBRARY_REL = lib
+BINARY_REL = bin
 
-all: clean $(RUN) libs 
-libs: $(LIB_SH) $(LIB_ST)
+INST_INCLUDE = $(DESTDIR)$(PREFIX)/$(INCLUDE_REL)
+INST_LIBRARY = $(DESTDIR)$(PREFIX)/$(LIBRARY_REL)
+INST_BINARY = $(DESTDIR)$(PREFIX)/$(BINARY_REL)
+
+.PHONY: clean dist format $(GENKAT) all install
+
+all: clean $(RUN) libs
+libs: $(LIBRARIES)
 
 $(RUN):	        $(SRC) $(SRC_RUN)
 		$(CC) $(CFLAGS) $(LDFLAGS) $^ -o $@
@@ -94,7 +143,7 @@ $(LIB_ST): 	$(OBJ)
 
 clean:
 		rm -f $(RUN) $(BENCH) $(GENKAT)
-		rm -f $(LIB_SH) $(LIB_ST) kat-argon2* 
+		rm -f $(LIB_SH) $(LIB_ST) kat-argon2*
 		rm -f testcase
 		rm -rf *.dSYM
 		cd src/ && rm -f *.o
@@ -105,12 +154,12 @@ dist:
 		cd ..; \
 		tar -c --exclude='.??*' -z -f $(DIST)-`date "+%Y%m%d"`.tgz $(DIST)/*
 
-test:   $(SRC) src/test.c
+test:           $(SRC) src/test.c
 		$(CC) $(CFLAGS)  -Wextra -Wno-type-limits $^ -o testcase
 		@sh kats/test.sh
 		./testcase
 
-testci:   $(SRC) src/test.c
+testci:         $(SRC) src/test.c
 		$(CC) $(CI_CFLAGS) $^ -o testcase
 		@sh kats/test.sh
 		./testcase
@@ -120,3 +169,19 @@ testci:   $(SRC) src/test.c
 format:
 		clang-format -style="{BasedOnStyle: llvm, IndentWidth: 4}" \
 			-i include/*.h src/*.c src/*.h src/blake2/*.c src/blake2/*.h
+
+install: $(RUN) libs
+	$(INSTALL) -d $(INST_INCLUDE)
+	$(INSTALL) -m 0644 $(HEADERS) $(INST_INCLUDE)
+	$(INSTALL) -d $(INST_LIBRARY)
+	$(INSTALL) $(LIBRARIES) $(INST_LIBRARY)
+ifdef LINKED_LIB_SH
+	cd $(INST_LIBRARY) && ln -s $(notdir $(LIB_SH) $(LINKED_LIB_SH))
+endif
+	$(INSTALL) -d $(INST_BINARY)
+	$(INSTALL) $(RUN) $(INST_BINARY)
+
+uninstall:
+	cd $(INST_INCLUDE) && rm -f $(notdir $(HEADERS))
+	cd $(INST_LIBRARY) && rm -f $(notdir $(LIBRARIES) $(LINKED_LIB_SH))
+	cd $(INST_BINARY) && rm -f $(notdir $(RUN))

data/ext/phc-winner-argon2/README.md

@@ -17,15 +17,19 @@ effective use of multiple computing units, while still providing defense
 against tradeoff attacks (by exploiting the cache and memory organization
 of the recent processors).
 
-Argon2 has two variants: Argon2d and Argon2i. Argon2d is faster and
-uses data-depending memory access, which makes it highly resistant
+Argon2 has three variants: Argon2i, Argon2d, and Argon2id. Argon2d is faster
+and uses data-depending memory access, which makes it highly resistant
 against GPU cracking attacks and suitable for applications with no threats
 from side-channel timing attacks (eg. cryptocurrencies). Argon2i instead
 uses data-independent memory access, which is preferred for password
 hashing and password-based key derivation, but it is slower as it makes
-more passes over the memory to protect from tradeoff attacks.
+more passes over the memory to protect from tradeoff attacks. Argon2id is a
+hybrid of Argon2i and Argon2d, using a combination of data-depending and
+data-independent memory accesses, which gives some of Argon2i's resistance to
+side-channel cache timing attacks and much of Argon2d's resistance to GPU
+cracking attacks.
 
-Argon2i and Argon2d are parametrized by:
+Argon2i, Argon2d, and Argon2id are parametrized by:
 
 * A **time** cost, which defines the amount of computation realized and
   therefore the execution time, given in number of iterations
@@ -42,31 +46,35 @@ Please report bugs as issues on this repository.
 `make` builds the executable `argon2`, the static library `libargon2.a`,
 and the shared library `libargon2.so` (or `libargon2.dylib` on OSX).
 Make sure to run `make test` to verify that your build produces valid
-results.
+results. `make install PREFIX=/usr` installs it to your system.
 
 ### Command-line utility
 
 `argon2` is a command-line utility to test specific Argon2 instances
 on your system. To show usage instructions, run
-`./argon2` without arguments as
+`./argon2 -h` as
 ```
-Usage:  ./argon2 salt [-d] [-t iterations] [-m memory] [-p parallelism] [-h hash length] [-e|-r]
+Usage:  ./argon2 [-h] salt [-i|-d|-id] [-t iterations] [-m memory] [-p parallelism] [-l hash length] [-e|-r] [-v (10|13)]
         Password is read from stdin
 Parameters:
-        salt            The salt to use, at least 8 characters 
-        -d              Use Argon2d instead of Argon2i (which is the default)
+        salt            The salt to use, at least 8 characters
+        -i              Use Argon2i (this is the default)
+        -d              Use Argon2d instead of Argon2i
+        -id             Use Argon2id instead of Argon2i
         -t N            Sets the number of iterations to N (default = 3)
         -m N            Sets the memory usage of 2^N KiB (default 12)
         -p N            Sets parallelism to N threads (default 1)
-        -h N            Sets hash output length to N bytes (default 32)
+        -l N            Sets hash output length to N bytes (default 32)
         -e              Output only encoded hash
         -r              Output only the raw bytes of the hash
+        -v (10|13)      Argon2 version (defaults to the most recent version, currently 13)
+        -h              Print argon2 usage
 ```
 For example, to hash "password" using "somesalt" as a salt and doing 2
 iterations, consuming 64 MiB, using four parallel threads and an output hash
 of 24 bytes
 ```
-$ echo -n "password" | ./argon2 somesalt -t 2 -m 16 -p 4 -h 24
+$ echo -n "password" | ./argon2 somesalt -t 2 -m 16 -p 4 -l 24
 Type:           Argon2i
 Iterations:     2
 Memory:         65536 KiB
@@ -84,10 +92,33 @@ for using Argon2.
 
 The example program below hashes the string "password" with Argon2i
 using the high-level API and then using the low-level API. While the
-high-level API only takes input/output buffers and the two cost
-parameters, the low-level API additionally takes parallelism parameters
-and several others, as defined in [`include/argon2.h`](include/argon2.h).
-
+high-level API takes the three cost parameters (time, memory, and
+parallelism), the password input buffer, the salt input buffer, and the
+output buffers, the low-level API takes in these and additional parameters
+, as defined in [`include/argon2.h`](include/argon2.h).
+
+There are many additional parameters, but we will highlight three of them here.
+
+1. The `secret` parameter, which is used for [keyed hashing](
+   https://en.wikipedia.org/wiki/Hash-based_message_authentication_code).
+   This allows a secret key to be input at hashing time (from some external
+   location) and be folded into the value of the hash. This means that even if
+   your salts and hashes are compromized, an attacker cannot brute-force to find
+   the password without the key.
+
+2. The `ad` parameter, which is used to fold any additional data into the hash
+   value. Functionally, this behaves almost exactly like the `secret` or `salt`
+   parameters; the `ad` parameter is folding into the value of the hash.
+   However, this parameter is used for different data. The `salt` should be a
+   random string stored alongside your password. The `secret` should be a random
+   key only usable at hashing time. The `ad` is for any other data.
+
+3. The `flags` parameter, which determines which memory should be securely
+   erased. This is useful if you want to securly delete the `pwd` or `secret`
+   fields right after they are used. To do this set `flags` to either
+   `ARGON2_FLAG_CLEAR_PASSWORD` or `ARGON2_FLAG_CLEAR_SECRET`. To change how
+   internal memory is cleared, change the global flag
+   `FLAG_clear_internal_memory` (defaults to clearing internal memory).
 
 Here the time cost `t_cost` is set to 2 iterations, the
 memory cost `m_cost` is set to 2<sup>16</sup> kibibytes (64 mebibytes),
@@ -137,7 +168,8 @@ int main(void)
         t_cost, m_cost, parallelism, parallelism,
         ARGON2_VERSION_13, /* algorithm version */
         NULL, NULL, /* custom memory allocation / deallocation functions */
-        ARGON2_DEFAULT_FLAGS /* by default the password is zeroed on exit */
+        /* by default only internal memory is cleared (pwd is not wiped) */
+        ARGON2_DEFAULT_FLAGS
     };
 
     int rc = argon2i_ctx( &context );
@@ -161,10 +193,12 @@ int main(void)
 
 To use Argon2d instead of Argon2i call `argon2d_hash` instead of
 `argon2i_hash` using the high-level API, and `argon2d` instead of
-`argon2i` using the low-level API.
+`argon2i` using the low-level API. Similarly for Argon2id, call `argond2id_hash`
+and `argon2id`.
 
 To produce the crypt-like encoding rather than the raw hash, call
-`argon2i_hash_encoded` for Argon2i and `argon2d_hash_encoded` for Argon2d.
+`argon2i_hash_encoded` for Argon2i, `argon2d_hash_encoded` for Argon2d, and
+`argon2id_hash_encoded` for Argon2id
 
 See [`include/argon2.h`](include/argon2.h) for API details.
 
@@ -209,19 +243,26 @@ Argon2i 1 iterations  4096 MiB 4 threads:  2.72 cpb 11124.86 Mcycles
 Bindings are available for the following languages (make sure to read
 their documentation):
 
+* [Elixir](https://github.com/riverrun/argon2_elixir) by [@riverrun](https://github.com/riverrun)
 * [Go](https://github.com/tvdburgt/go-argon2) by [@tvdburgt](https://github.com/tvdburgt)
 * [Haskell](https://hackage.haskell.org/package/argon2-1.0.0/docs/Crypto-Argon2.html) by [@ocharles](https://github.com/ocharles)
-* [JavaScript](https://github.com/ranisalt/node-argon2), by [@ranisalt](https://github.com/ranisalt)
-* [JavaScript](https://github.com/cjlarose/argon2-ffi), by [@cjlarose](https://github.com/cjlarose)
+* [JavaScript (native)](https://github.com/ranisalt/node-argon2), by [@ranisalt](https://github.com/ranisalt)
+* [JavaScript (native)](https://github.com/jdconley/argon2themax), by [@jdconley](https://github.com/jdconley)
+* [JavaScript (ffi)](https://github.com/cjlarose/argon2-ffi), by [@cjlarose](https://github.com/cjlarose)
+* [JavaScript (browser)](https://github.com/antelle/argon2-browser), by [@antelle](https://github.com/antelle)
 * [JVM](https://github.com/phxql/argon2-jvm) by [@phXql](https://github.com/phxql)
-* [Lua](https://github.com/thibaultCha/lua-argon2) by [@thibaultCha](https://github.com/thibaultCha)
+* [Lua (native)](https://github.com/thibaultCha/lua-argon2) by [@thibaultCha](https://github.com/thibaultCha)
+* [Lua (ffi)](https://github.com/thibaultCha/lua-argon2-ffi) by [@thibaultCha](https://github.com/thibaultCha)
 * [OCaml](https://github.com/Khady/ocaml-argon2) by [@Khady](https://github.com/Khady)
-* [Python](https://pypi.python.org/pypi/argon2), by [@flamewow](https://github.com/flamewow)
-* [Python](https://pypi.python.org/pypi/argon2_cffi), by [@hynek](https://github.com/hynek)
+* [Python (native)](https://pypi.python.org/pypi/argon2), by [@flamewow](https://github.com/flamewow)
+* [Python (ffi)](https://pypi.python.org/pypi/argon2_cffi), by [@hynek](https://github.com/hynek)
 * [Ruby](https://github.com/technion/ruby-argon2) by [@technion](https://github.com/technion)
 * [Rust](https://github.com/quininer/argon2-rs) by [@quininer](https://github.com/quininer)
+* [C#/.NET CoreCLR](https://github.com/kmaragon/Konscious.Security.Cryptography) by [@kmaragon](https://github.com/kmaragon)
+* [Perl](https://github.com/Leont/crypt-argon2) by [@leont](https://github.com/Leont)
+
 
-## Test Suite
+## Test suite
 
 There are two sets of test suites. One is a low level test for the hash
 function, the other tests the higher level API. Both of these are built and
@@ -233,15 +274,17 @@ executed by running:
 
 Except for the components listed below, the Argon2 code in this
 repository is copyright (c) 2015 Daniel Dinu, Dmitry Khovratovich (main
-authors), Jean-Philippe Aumasson and Samuel Neves, and under
-[CC0 license](https://creativecommons.org/about/cc0).
+authors), Jean-Philippe Aumasson and Samuel Neves, and dual licensed under the
+[CC0 License](https://creativecommons.org/about/cc0) and the
+[Apache 2.0 License](http://www.apache.org/licenses/LICENSE-2.0). For more info
+see the LICENSE file.
 
 The string encoding routines in [`src/encoding.c`](src/encoding.c) are
-copyright (c) 2015 Thomas Pornin, and under [CC0
-license](https://creativecommons.org/about/cc0).
+copyright (c) 2015 Thomas Pornin, and under
+[CC0 License](https://creativecommons.org/about/cc0).
 
 The BLAKE2 code in [`src/blake2/`](src/blake2) is copyright (c) Samuel
-Neves, 2013-2015, and under [CC0
-license](https://creativecommons.org/about/cc0).
+Neves, 2013-2015, and under
+[CC0 License](https://creativecommons.org/about/cc0).
 
 All licenses are therefore GPL-compatible.

data/ext/phc-winner-argon2/include/argon2.h

@@ -1,13 +1,18 @@
 /*
- * Argon2 source code package
+ * Argon2 reference source code package - reference C implementations
  *
- * Written by Daniel Dinu and Dmitry Khovratovich, 2015
+ * Copyright 2015
+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
  *
- * This work is licensed under a Creative Commons CC0 1.0 License/Waiver.
+ * You may use this work under the terms of a Creative Commons CC0 1.0 
+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of
+ * these licenses can be found at:
  *
- * You should have received a copy of the CC0 Public Domain Dedication
- * along with this software. If not, see
- * <http://creativecommons.org/publicdomain/zero/1.0/>.
+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * You should have received a copy of both of these licenses along with this
+ * software. If not, they may be obtained at the above URLs.
  */
 
 #ifndef ARGON2_H
@@ -24,6 +29,8 @@ extern "C" {
 /* Symbols visibility control */
 #ifdef A2_VISCTL
 #define ARGON2_PUBLIC __attribute__((visibility("default")))
+#elif _MSC_VER
+#define ARGON2_PUBLIC __declspec(dllexport)
 #else
 #define ARGON2_PUBLIC
 #endif
@@ -77,10 +84,14 @@ extern "C" {
 #define ARGON2_MIN_SECRET UINT32_C(0)
 #define ARGON2_MAX_SECRET UINT32_C(0xFFFFFFFF)
 
+/* Flags to determine which fields are securely wiped (default = no wipe). */
+#define ARGON2_DEFAULT_FLAGS UINT32_C(0)
 #define ARGON2_FLAG_CLEAR_PASSWORD (UINT32_C(1) << 0)
 #define ARGON2_FLAG_CLEAR_SECRET (UINT32_C(1) << 1)
-#define ARGON2_FLAG_CLEAR_MEMORY (UINT32_C(1) << 2)
-#define ARGON2_DEFAULT_FLAGS (ARGON2_FLAG_CLEAR_MEMORY)
+
+/* Global flag to determine if we are wiping internal memory buffers. This flag
+ * is defined in core.c and deafults to 1 (wipe internal memory). */
+extern int FLAG_clear_internal_memory;
 
 /* Error codes */
 typedef enum Argon2_ErrorCodes {
@@ -204,7 +215,11 @@ typedef struct Argon2_Context {
 } argon2_context;
 
 /* Argon2 primitive type */
-typedef enum Argon2_type { Argon2_d = 0, Argon2_i = 1 } argon2_type;
+typedef enum Argon2_type {
+  Argon2_d = 0,
+  Argon2_i = 1,
+  Argon2_id = 2
+} argon2_type;
 
 /* Version of the algorithm */
 typedef enum Argon2_version {
@@ -213,6 +228,14 @@ typedef enum Argon2_version {
     ARGON2_VERSION_NUMBER = ARGON2_VERSION_13
 } argon2_version;
 
+/*
+ * Function that gives the string representation of an argon2_type.
+ * @param type The argon2_type that we want the string for
+ * @param uppercase Whether the string should have the first letter uppercase
+ * @return NULL if invalid type, otherwise the string representation.
+ */
+ARGON2_PUBLIC const char *argon2_type2string(argon2_type type, int uppercase);
+
 /*
  * Function that performs memory-hard hashing with certain degree of parallelism
  * @param  context  Pointer to the Argon2 internal structure
@@ -278,6 +301,21 @@ ARGON2_PUBLIC int argon2d_hash_raw(const uint32_t t_cost, const uint32_t m_cost,
                                    const size_t saltlen, void *hash,
                                    const size_t hashlen);
 
+ARGON2_PUBLIC int argon2id_hash_encoded(const uint32_t t_cost,
+                                        const uint32_t m_cost,
+                                        const uint32_t parallelism,
+                                        const void *pwd, const size_t pwdlen,
+                                        const void *salt, const size_t saltlen,
+                                        const size_t hashlen, char *encoded,
+                                        const size_t encodedlen);
+
+ARGON2_PUBLIC int argon2id_hash_raw(const uint32_t t_cost,
+                                    const uint32_t m_cost,
+                                    const uint32_t parallelism, const void *pwd,
+                                    const size_t pwdlen, const void *salt,
+                                    const size_t saltlen, void *hash,
+                                    const size_t hashlen);
+
 /* generic function underlying the above ones */
 ARGON2_PUBLIC int argon2_hash(const uint32_t t_cost, const uint32_t m_cost,
                               const uint32_t parallelism, const void *pwd,
@@ -300,6 +338,9 @@ ARGON2_PUBLIC int argon2i_verify(const char *encoded, const void *pwd,
 ARGON2_PUBLIC int argon2d_verify(const char *encoded, const void *pwd,
                                  const size_t pwdlen);
 
+ARGON2_PUBLIC int argon2id_verify(const char *encoded, const void *pwd,
+                                  const size_t pwdlen);
+
 /* generic function underlying the above ones */
 ARGON2_PUBLIC int argon2_verify(const char *encoded, const void *pwd,
                                 const size_t pwdlen, argon2_type type);
@@ -324,6 +365,17 @@ ARGON2_PUBLIC int argon2d_ctx(argon2_context *context);
  */
 ARGON2_PUBLIC int argon2i_ctx(argon2_context *context);
 
+/**
+ * Argon2id: Version of Argon2 where the first half-pass over memory is
+ * password-independent, the rest are password-dependent (on the password and
+ * salt). OK against side channels (they reduce to 1/2-pass Argon2i), and
+ * better with w.r.t. tradeoff attacks (similar to Argon2d).
+ *****
+ * @param  context  Pointer to current Argon2 context
+ * @return  Zero if successful, a non zero error code otherwise
+ */
+ARGON2_PUBLIC int argon2id_ctx(argon2_context *context);
+
 /**
  * Verify if a given password is correct for Argon2d hashing
  * @param  context  Pointer to current Argon2 context
@@ -342,6 +394,16 @@ ARGON2_PUBLIC int argon2d_verify_ctx(argon2_context *context, const char *hash);
  */
 ARGON2_PUBLIC int argon2i_verify_ctx(argon2_context *context, const char *hash);
 
+/**
+ * Verify if a given password is correct for Argon2id hashing
+ * @param  context  Pointer to current Argon2 context
+ * @param  hash  The password hash to verify. The length of the hash is
+ * specified by the context outlen member
+ * @return  Zero if successful, a non zero error code otherwise
+ */
+ARGON2_PUBLIC int argon2id_verify_ctx(argon2_context *context,
+                                      const char *hash);
+
 /* generic function underlying the above ones */
 ARGON2_PUBLIC int argon2_verify_ctx(argon2_context *context, const char *hash,
                                     argon2_type type);
@@ -359,11 +421,12 @@ ARGON2_PUBLIC const char *argon2_error_message(int error_code);
  * @param parallelism  Number of threads; used to compute lanes
  * @param saltlen  Salt size in bytes
  * @param hashlen  Hash size in bytes
+ * @param type The argon2_type that we want the encoded length for
  * @return  The encoded hash length in bytes
  */
 ARGON2_PUBLIC size_t argon2_encodedlen(uint32_t t_cost, uint32_t m_cost,
                                        uint32_t parallelism, uint32_t saltlen,
-                                       uint32_t hashlen);
+                                       uint32_t hashlen, argon2_type type);
 
 #if defined(__cplusplus)
 }