argon2 1.1.1 → 1.1.2

data/ext/phc-winner-argon2/libargon2.pc

@@ -0,0 +1,16 @@
+# libargon2 info for pkg-config
+## Template for downstream installers:
+## - replace @HOST_MULTIARCH@ with target arch, eg 'x86_64-linux-gnu'
+## - replace @UPSTREAM_VER@ with current version, eg '20160406'
+
+prefix=/usr
+exec_prefix=${prefix}
+libdir=${prefix}/lib/@HOST_MULTIARCH@
+includedir=${prefix}/include
+
+Name: libargon2
+Description: Development libraries for libargon2
+Version: @UPSTREAM_VER@
+Libs: -L${libdir} -largon2 -lrt -ldl
+Cflags:
+URL: https://github.com/P-H-C/phc-winner-argon2

data/ext/phc-winner-argon2/man/argon2.1

@@ -19,9 +19,15 @@ hashing and password-based key derivation.
 
 .SH OPTIONS
 .TP
+.B \-h
+Display tool usage
+.TP
 .B \-d
 Use Argon2d instead of Argon2i (Argon2i is the default)
 .TP
+.B \-id
+Use Argon2id instead of Argon2i (Argon2i is the default)
+.TP
 .BI \-t " N"
 Sets the number of iterations to N (default = 3)
 .TP
@@ -31,7 +37,7 @@ Sets the memory usage of 2^N KiB (default = 12)
 .BI \-p " N"
 Sets parallelism to N threads (default = 1)
 .TP
-.BI \-h " N"
+.BI \-l " N"
 Sets hash output length to N bytes (default = 32)
 .TP
 .B \-e
@@ -39,9 +45,13 @@ Output only encoded hash
 .TP
 .B \-r
 Output only the raw bytes of the hash
+.TP
+.B \-v (10|13)
+Argon2 version (defaults to the most recent version, currently 13)
 
 .SH COPYRIGHT
 This manpage was written by \fBDaniel Kahn Gillmor\fR for the Debian
 distribution (but may be used by others).  It is released, like the
-rest of this Argon2 implementation, under the terms of Creative
-Commons 0 (CC0)
+rest of this Argon2 implementation, under a dual license. You may use this work
+under the terms of a Creative Commons CC0 1.0 License/Waiver or the Apache
+Public License 2.0, at your option.

data/ext/phc-winner-argon2/src/argon2.c

@@ -1,14 +1,18 @@
 /*
- * Argon2 source code package
+ * Argon2 reference source code package - reference C implementations
  *
- * Written by Daniel Dinu and Dmitry Khovratovich, 2015
+ * Copyright 2015
+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
  *
- * This work is licensed under a Creative Commons CC0 1.0 License/Waiver.
+ * You may use this work under the terms of a Creative Commons CC0 1.0 
+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of
+ * these licenses can be found at:
  *
- * You should have received a copy of the CC0 Public Domain Dedication along
- * with
- * this software. If not, see
- * <http://creativecommons.org/publicdomain/zero/1.0/>.
+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * You should have received a copy of both of these licenses along with this
+ * software. If not, they may be obtained at the above URLs.
  */
 
 #include <string.h>
@@ -19,6 +23,18 @@
 #include "encoding.h"
 #include "core.h"
 
+const char *argon2_type2string(argon2_type type, int uppercase) {
+    switch (type) {
+        case Argon2_d:
+            return uppercase ? "Argon2d" : "argon2d";
+        case Argon2_i:
+            return uppercase ? "Argon2i" : "argon2i";
+        case Argon2_id:
+            return uppercase ? "Argon2id" : "argon2id";
+    }
+
+    return NULL;
+}
 
 int argon2_ctx(argon2_context *context, argon2_type type) {
     /* 1. Validate all inputs */
@@ -30,7 +46,7 @@ int argon2_ctx(argon2_context *context, argon2_type type) {
         return result;
     }
 
-    if (Argon2_d != type && Argon2_i != type) {
+    if (Argon2_d != type && Argon2_i != type && Argon2_id != type) {
         return ARGON2_INCORRECT_TYPE;
     }
 
@@ -81,7 +97,7 @@ int argon2_hash(const uint32_t t_cost, const uint32_t m_cost,
                 const uint32_t parallelism, const void *pwd,
                 const size_t pwdlen, const void *salt, const size_t saltlen,
                 void *hash, const size_t hashlen, char *encoded,
-                const size_t encodedlen, argon2_type type, 
+                const size_t encodedlen, argon2_type type,
                 const uint32_t version){
 
     argon2_context context;
@@ -123,7 +139,7 @@ int argon2_hash(const uint32_t t_cost, const uint32_t m_cost,
     result = argon2_ctx(&context, type);
 
     if (result != ARGON2_OK) {
-        secure_wipe_memory(out, hashlen);
+        clear_internal_memory(out, hashlen);
         free(out);
         return result;
     }
@@ -136,13 +152,13 @@ int argon2_hash(const uint32_t t_cost, const uint32_t m_cost,
     /* if encoding requested, write it */
     if (encoded && encodedlen) {
         if (encode_string(encoded, encodedlen, &context, type) != ARGON2_OK) {
-            secure_wipe_memory(out, hashlen); /* wipe buffers if error */
-            secure_wipe_memory(encoded, encodedlen);
+            clear_internal_memory(out, hashlen); /* wipe buffers if error */
+            clear_internal_memory(encoded, encodedlen);
             free(out);
             return ARGON2_ENCODING_FAIL;
         }
     }
-    secure_wipe_memory(out, hashlen);
+    clear_internal_memory(out, hashlen);
     free(out);
 
     return ARGON2_OK;
@@ -188,6 +204,26 @@ int argon2d_hash_raw(const uint32_t t_cost, const uint32_t m_cost,
                        hash, hashlen, NULL, 0, Argon2_d, ARGON2_VERSION_NUMBER);
 }
 
+int argon2id_hash_encoded(const uint32_t t_cost, const uint32_t m_cost,
+                          const uint32_t parallelism, const void *pwd,
+                          const size_t pwdlen, const void *salt,
+                          const size_t saltlen, const size_t hashlen,
+                          char *encoded, const size_t encodedlen) {
+
+    return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen,
+                       NULL, hashlen, encoded, encodedlen, Argon2_id,
+                       ARGON2_VERSION_NUMBER);
+}
+
+int argon2id_hash_raw(const uint32_t t_cost, const uint32_t m_cost,
+                      const uint32_t parallelism, const void *pwd,
+                      const size_t pwdlen, const void *salt,
+                      const size_t saltlen, void *hash, const size_t hashlen) {
+    return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen,
+                       hash, hashlen, NULL, 0, Argon2_id,
+                       ARGON2_VERSION_NUMBER);
+}
+
 static int argon2_compare(const uint8_t *b1, const uint8_t *b2, size_t len) {
     size_t i;
     uint8_t d = 0U;
@@ -202,63 +238,60 @@ int argon2_verify(const char *encoded, const void *pwd, const size_t pwdlen,
                   argon2_type type) {
 
     argon2_context ctx;
-    uint8_t *out;
-    int ret;
-    int decode_result;
-    uint32_t encoded_len;
+    uint8_t *desired_result = NULL;
+
+    int ret = ARGON2_OK;
 
-    if(encoded == NULL) {
+    size_t encoded_len;
+    uint32_t max_field_len;
+
+    if (encoded == NULL) {
         return ARGON2_DECODING_FAIL;
     }
 
-    /* max values, to be updated in decode_string */
     encoded_len = strlen(encoded);
-    ctx.adlen = encoded_len;
-    ctx.saltlen = encoded_len;
-    ctx.outlen = encoded_len;
-    ctx.allocate_cbk = NULL;
-    ctx.free_cbk = NULL;
-    ctx.secret = NULL;
-    ctx.secretlen = 0;
-    ctx.pwdlen = 0;
-    ctx.pwd = NULL;
-    ctx.ad = malloc(ctx.adlen);
+    if (encoded_len > UINT32_MAX) {
+        return ARGON2_DECODING_FAIL;
+    }
+
+    /* No field can be longer than the encoded length */
+    max_field_len = (uint32_t)encoded_len;
+
+    ctx.saltlen = max_field_len;
+    ctx.outlen = max_field_len;
+
     ctx.salt = malloc(ctx.saltlen);
     ctx.out = malloc(ctx.outlen);
-    if (!ctx.out || !ctx.salt || !ctx.ad) {
-        free(ctx.ad);
-        free(ctx.salt);
-        free(ctx.out);
-        return ARGON2_MEMORY_ALLOCATION_ERROR;
+    if (!ctx.salt || !ctx.out) {
+        ret = ARGON2_MEMORY_ALLOCATION_ERROR;
+        goto fail;
     }
-    out = malloc(ctx.outlen);
-    if (!out) {
-        free(ctx.ad);
-        free(ctx.salt);
-        free(ctx.out);
-        return ARGON2_MEMORY_ALLOCATION_ERROR;
+
+    ctx.pwd = (uint8_t *)pwd;
+    ctx.pwdlen = pwdlen;
+
+    ret = decode_string(&ctx, encoded, type);
+    if (ret != ARGON2_OK) {
+        goto fail;
     }
-    decode_result = decode_string(&ctx, encoded, type);
-    if (decode_result != ARGON2_OK) {
-        free(ctx.ad);
-        free(ctx.salt);
-        free(ctx.out);
-        free(out);
-        return decode_result;
+
+    /* Set aside the desired result, and get a new buffer. */
+    desired_result = ctx.out;
+    ctx.out = malloc(ctx.outlen);
+    if (!ctx.out) {
+        ret = ARGON2_MEMORY_ALLOCATION_ERROR;
+        goto fail;
     }
 
-    ret = argon2_hash(ctx.t_cost, ctx.m_cost, ctx.threads, pwd, pwdlen,
-                      ctx.salt, ctx.saltlen, out, ctx.outlen, NULL, 0, type,
-                      ctx.version);
+    ret = argon2_verify_ctx(&ctx, (char *)desired_result, type);
+    if (ret != ARGON2_OK) {
+        goto fail;
+    }
 
-    free(ctx.ad);
+fail:
     free(ctx.salt);
-
-    if (ret == ARGON2_OK && argon2_compare(out, ctx.out, ctx.outlen)) {
-        ret = ARGON2_VERIFY_MISMATCH;
-    }
-    free(out);
     free(ctx.out);
+    free(desired_result);
 
     return ret;
 }
@@ -273,6 +306,11 @@ int argon2d_verify(const char *encoded, const void *pwd, const size_t pwdlen) {
     return argon2_verify(encoded, pwd, pwdlen, Argon2_d);
 }
 
+int argon2id_verify(const char *encoded, const void *pwd, const size_t pwdlen) {
+
+    return argon2_verify(encoded, pwd, pwdlen, Argon2_id);
+}
+
 int argon2d_ctx(argon2_context *context) {
     return argon2_ctx(context, Argon2_d);
 }
@@ -281,20 +319,22 @@ int argon2i_ctx(argon2_context *context) {
     return argon2_ctx(context, Argon2_i);
 }
 
+int argon2id_ctx(argon2_context *context) {
+    return argon2_ctx(context, Argon2_id);
+}
+
 int argon2_verify_ctx(argon2_context *context, const char *hash,
                       argon2_type type) {
-    int result;
-    if (0 == context->outlen || NULL == hash) {
-        return ARGON2_OUT_PTR_MISMATCH;
+    int ret = argon2_ctx(context, type);
+    if (ret != ARGON2_OK) {
+        return ret;
     }
 
-    result = argon2_ctx(context, type);
-
-    if (ARGON2_OK != result) {
-        return result;
+    if (argon2_compare((uint8_t *)hash, context->out, context->outlen)) {
+        return ARGON2_VERIFY_MISMATCH;
     }
 
-    return 0 == memcmp(hash, context->out, context->outlen);
+    return ARGON2_OK;
 }
 
 int argon2d_verify_ctx(argon2_context *context, const char *hash) {
@@ -305,6 +345,10 @@ int argon2i_verify_ctx(argon2_context *context, const char *hash) {
     return argon2_verify_ctx(context, hash, Argon2_i);
 }
 
+int argon2id_verify_ctx(argon2_context *context, const char *hash) {
+    return argon2_verify_ctx(context, hash, Argon2_id);
+}
+
 const char *argon2_error_message(int error_code) {
     switch (error_code) {
     case ARGON2_OK:
@@ -385,8 +429,8 @@ const char *argon2_error_message(int error_code) {
 }
 
 size_t argon2_encodedlen(uint32_t t_cost, uint32_t m_cost, uint32_t parallelism,
-                         uint32_t saltlen, uint32_t hashlen) {
-    return strlen("$argon2x$v=$m=,t=,p=$$") + numlen(t_cost) + numlen(m_cost)
-        + numlen(parallelism) + b64len(saltlen) + b64len(hashlen)
-        + numlen(ARGON2_VERSION_NUMBER);
+                         uint32_t saltlen, uint32_t hashlen, argon2_type type) {
+  return strlen("$$v=$m=,t=,p=$$") + strlen(argon2_type2string(type, 0)) +
+         numlen(t_cost) + numlen(m_cost) + numlen(parallelism) +
+         b64len(saltlen) + b64len(hashlen) + numlen(ARGON2_VERSION_NUMBER) + 1;
 }

data/ext/phc-winner-argon2/src/bench.c

@@ -1,3 +1,20 @@
+/*
+ * Argon2 reference source code package - reference C implementations
+ *
+ * Copyright 2015
+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
+ *
+ * You may use this work under the terms of a Creative Commons CC0 1.0 
+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of
+ * these licenses can be found at:
+ *
+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * You should have received a copy of both of these licenses along with this
+ * software. If not, they may be obtained at the above URLs.
+ */
+
 #include <stdio.h>
 #include <stdint.h>
 #include <stdlib.h>
@@ -45,6 +62,7 @@ static void benchmark() {
     uint32_t t_cost = 3;
     uint32_t m_cost;
     uint32_t thread_test[4] = {1, 2, 4,  8};
+    argon2_type types[3] = {Argon2_i, Argon2_d, Argon2_id};
 
     memset(pwd_array, 0, inlen);
     memset(salt_array, 1, inlen);
@@ -52,37 +70,36 @@ static void benchmark() {
     for (m_cost = (uint32_t)1 << 10; m_cost <= (uint32_t)1 << 22; m_cost *= 2) {
         unsigned i;
         for (i = 0; i < 4; ++i) {
+            double run_time = 0;
             uint32_t thread_n = thread_test[i];
-            uint64_t stop_cycles, stop_cycles_i;
-            clock_t stop_time;
-            uint64_t delta_d, delta_i;
-            double mcycles_d, mcycles_i, run_time;
 
-            clock_t start_time = clock();
-            uint64_t start_cycles = rdtsc();
-            
-            argon2d_hash_raw(t_cost, m_cost, thread_n, pwd_array, inlen,
-                             salt_array, inlen, out, outlen);
-            stop_cycles = rdtsc();
-            argon2i_hash_raw(t_cost, m_cost, thread_n, pwd_array, inlen,
-                             salt_array, inlen, out, outlen);
-            stop_cycles_i = rdtsc();
-            stop_time = clock();
+            unsigned j;
+            for (j = 0; j < 3; ++j) {
+                clock_t start_time, stop_time;
+                uint64_t start_cycles, stop_cycles;
+                uint64_t delta;
+                double mcycles;
+
+                argon2_type type = types[j];
+                start_time = clock();
+                start_cycles = rdtsc();
+
+                argon2_hash(t_cost, m_cost, thread_n, pwd_array, inlen,
+                            salt_array, inlen, out, outlen, NULL, 0, type,
+                            ARGON2_VERSION_NUMBER);
+
+                stop_cycles = rdtsc();
+                stop_time = clock();
+
+                delta = (stop_cycles - start_cycles) / (m_cost);
+                mcycles = (double)(stop_cycles - start_cycles) / (1UL << 20);
+                run_time += ((double)stop_time - start_time) / (CLOCKS_PER_SEC);
 
-            delta_d = (stop_cycles - start_cycles) / (m_cost);
-            delta_i = (stop_cycles_i - stop_cycles) / (m_cost);
-            mcycles_d = (double)(stop_cycles - start_cycles) / (1UL << 20);
-            mcycles_i = (double)(stop_cycles_i - stop_cycles) / (1UL << 20);
-            printf("Argon2d %d iterations  %d MiB %d threads:  %2.2f cpb %2.2f "
-                   "Mcycles \n",
-                   t_cost, m_cost >> 10, thread_n, (float)delta_d / 1024,
-                   mcycles_d);
-            printf("Argon2i %d iterations  %d MiB %d threads:  %2.2f cpb %2.2f "
-                   "Mcycles \n",
-                   t_cost, m_cost >> 10, thread_n, (float)delta_i / 1024,
-                   mcycles_i);
+                printf("%s %d iterations  %d MiB %d threads:  %2.2f cpb %2.2f "
+                       "Mcycles \n", argon2_type2string(type, 1), t_cost,
+                       m_cost >> 10, thread_n, (float)delta / 1024, mcycles);
+            }
 
-            run_time = ((double)stop_time - start_time) / (CLOCKS_PER_SEC);
             printf("%2.4f seconds\n\n", run_time);
         }
     }

data/ext/phc-winner-argon2/src/blake2/blake2-impl.h

@@ -1,3 +1,20 @@
+/*
+ * Argon2 reference source code package - reference C implementations
+ *
+ * Copyright 2015
+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
+ *
+ * You may use this work under the terms of a Creative Commons CC0 1.0 
+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of
+ * these licenses can be found at:
+ *
+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * You should have received a copy of both of these licenses along with this
+ * software. If not, they may be obtained at the above URLs.
+ */
+
 #ifndef PORTABLE_BLAKE2_IMPL_H
 #define PORTABLE_BLAKE2_IMPL_H
 
@@ -134,10 +151,6 @@ static BLAKE2_INLINE uint64_t rotr64(const uint64_t w, const unsigned c) {
     return (w >> c) | (w << (64 - c));
 }
 
-/* prevents compiler optimizing out memset() */
-static BLAKE2_INLINE void burn(void *v, size_t n) {
-    static void *(*const volatile memset_v)(void *, int, size_t) = &memset;
-    memset_v(v, 0, n);
-}
+void clear_internal_memory(void *v, size_t n);
 
 #endif