argon2 2.3.0 → 2.3.1

data/ext/phc-winner-argon2/src/core.h

@@ -1,228 +0,0 @@
-/*
- * Argon2 reference source code package - reference C implementations
- *
- * Copyright 2015
- * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
- *
- * You may use this work under the terms of a Creative Commons CC0 1.0
- * License/Waiver or the Apache Public License 2.0, at your option. The terms of
- * these licenses can be found at:
- *
- * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
- * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
- *
- * You should have received a copy of both of these licenses along with this
- * software. If not, they may be obtained at the above URLs.
- */
-
-#ifndef ARGON2_CORE_H
-#define ARGON2_CORE_H
-
-#include "argon2.h"
-
-#define CONST_CAST(x) (x)(uintptr_t)
-
-/**********************Argon2 internal constants*******************************/
-
-enum argon2_core_constants {
-    /* Memory block size in bytes */
-    ARGON2_BLOCK_SIZE = 1024,
-    ARGON2_QWORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 8,
-    ARGON2_OWORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 16,
-    ARGON2_HWORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 32,
-    ARGON2_512BIT_WORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 64,
-
-    /* Number of pseudo-random values generated by one call to Blake in Argon2i
-       to
-       generate reference block positions */
-    ARGON2_ADDRESSES_IN_BLOCK = 128,
-
-    /* Pre-hashing digest length and its extension*/
-    ARGON2_PREHASH_DIGEST_LENGTH = 64,
-    ARGON2_PREHASH_SEED_LENGTH = 72
-};
-
-/*************************Argon2 internal data types***********************/
-
-/*
- * Structure for the (1KB) memory block implemented as 128 64-bit words.
- * Memory blocks can be copied, XORed. Internal words can be accessed by [] (no
- * bounds checking).
- */
-typedef struct block_ { uint64_t v[ARGON2_QWORDS_IN_BLOCK]; } block;
-
-/*****************Functions that work with the block******************/
-
-/* Initialize each byte of the block with @in */
-void init_block_value(block *b, uint8_t in);
-
-/* Copy block @src to block @dst */
-void copy_block(block *dst, const block *src);
-
-/* XOR @src onto @dst bytewise */
-void xor_block(block *dst, const block *src);
-
-/*
- * Argon2 instance: memory pointer, number of passes, amount of memory, type,
- * and derived values.
- * Used to evaluate the number and location of blocks to construct in each
- * thread
- */
-typedef struct Argon2_instance_t {
-    block *memory;          /* Memory pointer */
-    uint32_t version;
-    uint32_t passes;        /* Number of passes */
-    uint32_t memory_blocks; /* Number of blocks in memory */
-    uint32_t segment_length;
-    uint32_t lane_length;
-    uint32_t lanes;
-    uint32_t threads;
-    argon2_type type;
-    int print_internals; /* whether to print the memory blocks */
-    argon2_context *context_ptr; /* points back to original context */
-} argon2_instance_t;
-
-/*
- * Argon2 position: where we construct the block right now. Used to distribute
- * work between threads.
- */
-typedef struct Argon2_position_t {
-    uint32_t pass;
-    uint32_t lane;
-    uint8_t slice;
-    uint32_t index;
-} argon2_position_t;
-
-/*Struct that holds the inputs for thread handling FillSegment*/
-typedef struct Argon2_thread_data {
-    argon2_instance_t *instance_ptr;
-    argon2_position_t pos;
-} argon2_thread_data;
-
-/*************************Argon2 core functions********************************/
-
-/* Allocates memory to the given pointer, uses the appropriate allocator as
- * specified in the context. Total allocated memory is num*size.
- * @param context argon2_context which specifies the allocator
- * @param memory pointer to the pointer to the memory
- * @param size the size in bytes for each element to be allocated
- * @param num the number of elements to be allocated
- * @return ARGON2_OK if @memory is a valid pointer and memory is allocated
- */
-int allocate_memory(const argon2_context *context, uint8_t **memory,
-                    size_t num, size_t size);
-
-/*
- * Frees memory at the given pointer, uses the appropriate deallocator as
- * specified in the context. Also cleans the memory using clear_internal_memory.
- * @param context argon2_context which specifies the deallocator
- * @param memory pointer to buffer to be freed
- * @param size the size in bytes for each element to be deallocated
- * @param num the number of elements to be deallocated
- */
-void free_memory(const argon2_context *context, uint8_t *memory,
-                 size_t num, size_t size);
-
-/* Function that securely cleans the memory. This ignores any flags set
- * regarding clearing memory. Usually one just calls clear_internal_memory.
- * @param mem Pointer to the memory
- * @param s Memory size in bytes
- */
-void secure_wipe_memory(void *v, size_t n);
-
-/* Function that securely clears the memory if FLAG_clear_internal_memory is
- * set. If the flag isn't set, this function does nothing.
- * @param mem Pointer to the memory
- * @param s Memory size in bytes
- */
-void clear_internal_memory(void *v, size_t n);
-
-/*
- * Computes absolute position of reference block in the lane following a skewed
- * distribution and using a pseudo-random value as input
- * @param instance Pointer to the current instance
- * @param position Pointer to the current position
- * @param pseudo_rand 32-bit pseudo-random value used to determine the position
- * @param same_lane Indicates if the block will be taken from the current lane.
- * If so we can reference the current segment
- * @pre All pointers must be valid
- */
-uint32_t index_alpha(const argon2_instance_t *instance,
-                     const argon2_position_t *position, uint32_t pseudo_rand,
-                     int same_lane);
-
-/*
- * Function that validates all inputs against predefined restrictions and return
- * an error code
- * @param context Pointer to current Argon2 context
- * @return ARGON2_OK if everything is all right, otherwise one of error codes
- * (all defined in <argon2.h>
- */
-int validate_inputs(const argon2_context *context);
-
-/*
- * Hashes all the inputs into @a blockhash[PREHASH_DIGEST_LENGTH], clears
- * password and secret if needed
- * @param  context  Pointer to the Argon2 internal structure containing memory
- * pointer, and parameters for time and space requirements.
- * @param  blockhash Buffer for pre-hashing digest
- * @param  type Argon2 type
- * @pre    @a blockhash must have at least @a PREHASH_DIGEST_LENGTH bytes
- * allocated
- */
-void initial_hash(uint8_t *blockhash, argon2_context *context,
-                  argon2_type type);
-
-/*
- * Function creates first 2 blocks per lane
- * @param instance Pointer to the current instance
- * @param blockhash Pointer to the pre-hashing digest
- * @pre blockhash must point to @a PREHASH_SEED_LENGTH allocated values
- */
-void fill_first_blocks(uint8_t *blockhash, const argon2_instance_t *instance);
-
-/*
- * Function allocates memory, hashes the inputs with Blake,  and creates first
- * two blocks. Returns the pointer to the main memory with 2 blocks per lane
- * initialized
- * @param  context  Pointer to the Argon2 internal structure containing memory
- * pointer, and parameters for time and space requirements.
- * @param  instance Current Argon2 instance
- * @return Zero if successful, -1 if memory failed to allocate. @context->state
- * will be modified if successful.
- */
-int initialize(argon2_instance_t *instance, argon2_context *context);
-
-/*
- * XORing the last block of each lane, hashing it, making the tag. Deallocates
- * the memory.
- * @param context Pointer to current Argon2 context (use only the out parameters
- * from it)
- * @param instance Pointer to current instance of Argon2
- * @pre instance->state must point to necessary amount of memory
- * @pre context->out must point to outlen bytes of memory
- * @pre if context->free_cbk is not NULL, it should point to a function that
- * deallocates memory
- */
-void finalize(const argon2_context *context, argon2_instance_t *instance);
-
-/*
- * Function that fills the segment using previous segments also from other
- * threads
- * @param context current context
- * @param instance Pointer to the current instance
- * @param position Current position
- * @pre all block pointers must be valid
- */
-void fill_segment(const argon2_instance_t *instance,
-                  argon2_position_t position);
-
-/*
- * Function that fills the entire memory t_cost times based on the first two
- * blocks in each lane
- * @param instance Pointer to the current instance
- * @return ARGON2_OK if successful, @context->state
- */
-int fill_memory_blocks(argon2_instance_t *instance);
-
-#endif

data/ext/phc-winner-argon2/src/encoding.c

@@ -1,463 +0,0 @@
-/*
- * Argon2 reference source code package - reference C implementations
- *
- * Copyright 2015
- * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
- *
- * You may use this work under the terms of a Creative Commons CC0 1.0
- * License/Waiver or the Apache Public License 2.0, at your option. The terms of
- * these licenses can be found at:
- *
- * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
- * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
- *
- * You should have received a copy of both of these licenses along with this
- * software. If not, they may be obtained at the above URLs.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <limits.h>
-#include "encoding.h"
-#include "core.h"
-
-/*
- * Example code for a decoder and encoder of "hash strings", with Argon2
- * parameters.
- *
- * This code comprises three sections:
- *
- *   -- The first section contains generic Base64 encoding and decoding
- *   functions. It is conceptually applicable to any hash function
- *   implementation that uses Base64 to encode and decode parameters,
- *   salts and outputs. It could be made into a library, provided that
- *   the relevant functions are made public (non-static) and be given
- *   reasonable names to avoid collisions with other functions.
- *
- *   -- The second section is specific to Argon2. It encodes and decodes
- *   the parameters, salts and outputs. It does not compute the hash
- *   itself.
- *
- * The code was originally written by Thomas Pornin <pornin@bolet.org>,
- * to whom comments and remarks may be sent. It is released under what
- * should amount to Public Domain or its closest equivalent; the
- * following mantra is supposed to incarnate that fact with all the
- * proper legal rituals:
- *
- * ---------------------------------------------------------------------
- * This file is provided under the terms of Creative Commons CC0 1.0
- * Public Domain Dedication. To the extent possible under law, the
- * author (Thomas Pornin) has waived all copyright and related or
- * neighboring rights to this file. This work is published from: Canada.
- * ---------------------------------------------------------------------
- *
- * Copyright (c) 2015 Thomas Pornin
- */
-
-/* ==================================================================== */
-/*
- * Common code; could be shared between different hash functions.
- *
- * Note: the Base64 functions below assume that uppercase letters (resp.
- * lowercase letters) have consecutive numerical codes, that fit on 8
- * bits. All modern systems use ASCII-compatible charsets, where these
- * properties are true. If you are stuck with a dinosaur of a system
- * that still defaults to EBCDIC then you already have much bigger
- * interoperability issues to deal with.
- */
-
-/*
- * Some macros for constant-time comparisons. These work over values in
- * the 0..255 range. Returned value is 0x00 on "false", 0xFF on "true".
- */
-#define EQ(x, y) ((((0U - ((unsigned)(x) ^ (unsigned)(y))) >> 8) & 0xFF) ^ 0xFF)
-#define GT(x, y) ((((unsigned)(y) - (unsigned)(x)) >> 8) & 0xFF)
-#define GE(x, y) (GT(y, x) ^ 0xFF)
-#define LT(x, y) GT(y, x)
-#define LE(x, y) GE(y, x)
-
-/*
- * Convert value x (0..63) to corresponding Base64 character.
- */
-static int b64_byte_to_char(unsigned x) {
-    return (LT(x, 26) & (x + 'A')) |
-           (GE(x, 26) & LT(x, 52) & (x + ('a' - 26))) |
-           (GE(x, 52) & LT(x, 62) & (x + ('0' - 52))) | (EQ(x, 62) & '+') |
-           (EQ(x, 63) & '/');
-}
-
-/*
- * Convert character c to the corresponding 6-bit value. If character c
- * is not a Base64 character, then 0xFF (255) is returned.
- */
-static unsigned b64_char_to_byte(int c) {
-    unsigned x;
-
-    x = (GE(c, 'A') & LE(c, 'Z') & (c - 'A')) |
-        (GE(c, 'a') & LE(c, 'z') & (c - ('a' - 26))) |
-        (GE(c, '0') & LE(c, '9') & (c - ('0' - 52))) | (EQ(c, '+') & 62) |
-        (EQ(c, '/') & 63);
-    return x | (EQ(x, 0) & (EQ(c, 'A') ^ 0xFF));
-}
-
-/*
- * Convert some bytes to Base64. 'dst_len' is the length (in characters)
- * of the output buffer 'dst'; if that buffer is not large enough to
- * receive the result (including the terminating 0), then (size_t)-1
- * is returned. Otherwise, the zero-terminated Base64 string is written
- * in the buffer, and the output length (counted WITHOUT the terminating
- * zero) is returned.
- */
-static size_t to_base64(char *dst, size_t dst_len, const void *src,
-                        size_t src_len) {
-    size_t olen;
-    const unsigned char *buf;
-    unsigned acc, acc_len;
-
-    olen = (src_len / 3) << 2;
-    switch (src_len % 3) {
-    case 2:
-        olen++;
-    /* fall through */
-    case 1:
-        olen += 2;
-        break;
-    }
-    if (dst_len <= olen) {
-        return (size_t)-1;
-    }
-    acc = 0;
-    acc_len = 0;
-    buf = (const unsigned char *)src;
-    while (src_len-- > 0) {
-        acc = (acc << 8) + (*buf++);
-        acc_len += 8;
-        while (acc_len >= 6) {
-            acc_len -= 6;
-            *dst++ = (char)b64_byte_to_char((acc >> acc_len) & 0x3F);
-        }
-    }
-    if (acc_len > 0) {
-        *dst++ = (char)b64_byte_to_char((acc << (6 - acc_len)) & 0x3F);
-    }
-    *dst++ = 0;
-    return olen;
-}
-
-/*
- * Decode Base64 chars into bytes. The '*dst_len' value must initially
- * contain the length of the output buffer '*dst'; when the decoding
- * ends, the actual number of decoded bytes is written back in
- * '*dst_len'.
- *
- * Decoding stops when a non-Base64 character is encountered, or when
- * the output buffer capacity is exceeded. If an error occurred (output
- * buffer is too small, invalid last characters leading to unprocessed
- * buffered bits), then NULL is returned; otherwise, the returned value
- * points to the first non-Base64 character in the source stream, which
- * may be the terminating zero.
- */
-static const char *from_base64(void *dst, size_t *dst_len, const char *src) {
-    size_t len;
-    unsigned char *buf;
-    unsigned acc, acc_len;
-
-    buf = (unsigned char *)dst;
-    len = 0;
-    acc = 0;
-    acc_len = 0;
-    for (;;) {
-        unsigned d;
-
-        d = b64_char_to_byte(*src);
-        if (d == 0xFF) {
-            break;
-        }
-        src++;
-        acc = (acc << 6) + d;
-        acc_len += 6;
-        if (acc_len >= 8) {
-            acc_len -= 8;
-            if ((len++) >= *dst_len) {
-                return NULL;
-            }
-            *buf++ = (acc >> acc_len) & 0xFF;
-        }
-    }
-
-    /*
-     * If the input length is equal to 1 modulo 4 (which is
-     * invalid), then there will remain 6 unprocessed bits;
-     * otherwise, only 0, 2 or 4 bits are buffered. The buffered
-     * bits must also all be zero.
-     */
-    if (acc_len > 4 || (acc & (((unsigned)1 << acc_len) - 1)) != 0) {
-        return NULL;
-    }
-    *dst_len = len;
-    return src;
-}
-
-/*
- * Decode decimal integer from 'str'; the value is written in '*v'.
- * Returned value is a pointer to the next non-decimal character in the
- * string. If there is no digit at all, or the value encoding is not
- * minimal (extra leading zeros), or the value does not fit in an
- * 'unsigned long', then NULL is returned.
- */
-static const char *decode_decimal(const char *str, unsigned long *v) {
-    const char *orig;
-    unsigned long acc;
-
-    acc = 0;
-    for (orig = str;; str++) {
-        int c;
-
-        c = *str;
-        if (c < '0' || c > '9') {
-            break;
-        }
-        c -= '0';
-        if (acc > (ULONG_MAX / 10)) {
-            return NULL;
-        }
-        acc *= 10;
-        if ((unsigned long)c > (ULONG_MAX - acc)) {
-            return NULL;
-        }
-        acc += (unsigned long)c;
-    }
-    if (str == orig || (*orig == '0' && str != (orig + 1))) {
-        return NULL;
-    }
-    *v = acc;
-    return str;
-}
-
-/* ==================================================================== */
-/*
- * Code specific to Argon2.
- *
- * The code below applies the following format:
- *
- *  $argon2<T>[$v=<num>]$m=<num>,t=<num>,p=<num>$<bin>$<bin>
- *
- * where <T> is either 'd', 'id', or 'i', <num> is a decimal integer (positive,
- * fits in an 'unsigned long'), and <bin> is Base64-encoded data (no '=' padding
- * characters, no newline or whitespace).
- *
- * The last two binary chunks (encoded in Base64) are, in that order,
- * the salt and the output. Both are required. The binary salt length and the
- * output length must be in the allowed ranges defined in argon2.h.
- *
- * The ctx struct must contain buffers large enough to hold the salt and pwd
- * when it is fed into decode_string.
- */
-
-int decode_string(argon2_context *ctx, const char *str, argon2_type type) {
-
-/* check for prefix */
-#define CC(prefix)                                                             \
-    do {                                                                       \
-        size_t cc_len = strlen(prefix);                                        \
-        if (strncmp(str, prefix, cc_len) != 0) {                               \
-            return ARGON2_DECODING_FAIL;                                       \
-        }                                                                      \
-        str += cc_len;                                                         \
-    } while ((void)0, 0)
-
-/* optional prefix checking with supplied code */
-#define CC_opt(prefix, code)                                                   \
-    do {                                                                       \
-        size_t cc_len = strlen(prefix);                                        \
-        if (strncmp(str, prefix, cc_len) == 0) {                               \
-            str += cc_len;                                                     \
-            { code; }                                                          \
-        }                                                                      \
-    } while ((void)0, 0)
-
-/* Decoding prefix into decimal */
-#define DECIMAL(x)                                                             \
-    do {                                                                       \
-        unsigned long dec_x;                                                   \
-        str = decode_decimal(str, &dec_x);                                     \
-        if (str == NULL) {                                                     \
-            return ARGON2_DECODING_FAIL;                                       \
-        }                                                                      \
-        (x) = dec_x;                                                           \
-    } while ((void)0, 0)
-
-
-/* Decoding prefix into uint32_t decimal */
-#define DECIMAL_U32(x)                                                         \
-    do {                                                                       \
-        unsigned long dec_x;                                                   \
-        str = decode_decimal(str, &dec_x);                                     \
-        if (str == NULL || dec_x > UINT32_MAX) {                               \
-            return ARGON2_DECODING_FAIL;                                       \
-        }                                                                      \
-        (x) = (uint32_t)dec_x;                                                 \
-    } while ((void)0, 0)
-
-
-/* Decoding base64 into a binary buffer */
-#define BIN(buf, max_len, len)                                                 \
-    do {                                                                       \
-        size_t bin_len = (max_len);                                            \
-        str = from_base64(buf, &bin_len, str);                                 \
-        if (str == NULL || bin_len > UINT32_MAX) {                             \
-            return ARGON2_DECODING_FAIL;                                       \
-        }                                                                      \
-        (len) = (uint32_t)bin_len;                                             \
-    } while ((void)0, 0)
-
-    size_t maxsaltlen = ctx->saltlen;
-    size_t maxoutlen = ctx->outlen;
-    int validation_result;
-    const char* type_string;
-
-    /* We should start with the argon2_type we are using */
-    type_string = argon2_type2string(type, 0);
-    if (!type_string) {
-        return ARGON2_INCORRECT_TYPE;
-    }
-
-    CC("$");
-    CC(type_string);
-
-    /* Reading the version number if the default is suppressed */
-    ctx->version = ARGON2_VERSION_10;
-    CC_opt("$v=", DECIMAL_U32(ctx->version));
-
-    CC("$m=");
-    DECIMAL_U32(ctx->m_cost);
-    CC(",t=");
-    DECIMAL_U32(ctx->t_cost);
-    CC(",p=");
-    DECIMAL_U32(ctx->lanes);
-    ctx->threads = ctx->lanes;
-
-    CC("$");
-    BIN(ctx->salt, maxsaltlen, ctx->saltlen);
-    CC("$");
-    BIN(ctx->out, maxoutlen, ctx->outlen);
-
-    /* The rest of the fields get the default values */
-    ctx->secret = NULL;
-    ctx->secretlen = 0;
-    ctx->ad = NULL;
-    ctx->adlen = 0;
-    ctx->allocate_cbk = NULL;
-    ctx->free_cbk = NULL;
-    ctx->flags = ARGON2_DEFAULT_FLAGS;
-
-    /* On return, must have valid context */
-    validation_result = validate_inputs(ctx);
-    if (validation_result != ARGON2_OK) {
-        return validation_result;
-    }
-
-    /* Can't have any additional characters */
-    if (*str == 0) {
-        return ARGON2_OK;
-    } else {
-        return ARGON2_DECODING_FAIL;
-    }
-#undef CC
-#undef CC_opt
-#undef DECIMAL
-#undef BIN
-}
-
-int encode_string(char *dst, size_t dst_len, argon2_context *ctx,
-                  argon2_type type) {
-#define SS(str)                                                                \
-    do {                                                                       \
-        size_t pp_len = strlen(str);                                           \
-        if (pp_len >= dst_len) {                                               \
-            return ARGON2_ENCODING_FAIL;                                       \
-        }                                                                      \
-        memcpy(dst, str, pp_len + 1);                                          \
-        dst += pp_len;                                                         \
-        dst_len -= pp_len;                                                     \
-    } while ((void)0, 0)
-
-#define SX(x)                                                                  \
-    do {                                                                       \
-        char tmp[30];                                                          \
-        sprintf(tmp, "%lu", (unsigned long)(x));                               \
-        SS(tmp);                                                               \
-    } while ((void)0, 0)
-
-#define SB(buf, len)                                                           \
-    do {                                                                       \
-        size_t sb_len = to_base64(dst, dst_len, buf, len);                     \
-        if (sb_len == (size_t)-1) {                                            \
-            return ARGON2_ENCODING_FAIL;                                       \
-        }                                                                      \
-        dst += sb_len;                                                         \
-        dst_len -= sb_len;                                                     \
-    } while ((void)0, 0)
-
-    const char* type_string = argon2_type2string(type, 0);
-    int validation_result = validate_inputs(ctx);
-
-    if (!type_string) {
-      return ARGON2_ENCODING_FAIL;
-    }
-
-    if (validation_result != ARGON2_OK) {
-      return validation_result;
-    }
-
-
-    SS("$");
-    SS(type_string);
-
-    SS("$v=");
-    SX(ctx->version);
-
-    SS("$m=");
-    SX(ctx->m_cost);
-    SS(",t=");
-    SX(ctx->t_cost);
-    SS(",p=");
-    SX(ctx->lanes);
-
-    SS("$");
-    SB(ctx->salt, ctx->saltlen);
-
-    SS("$");
-    SB(ctx->out, ctx->outlen);
-    return ARGON2_OK;
-
-#undef SS
-#undef SX
-#undef SB
-}
-
-size_t b64len(uint32_t len) {
-    size_t olen = ((size_t)len / 3) << 2;
-
-    switch (len % 3) {
-    case 2:
-        olen++;
-    /* fall through */
-    case 1:
-        olen += 2;
-        break;
-    }
-
-    return olen;
-}
-
-size_t numlen(uint32_t num) {
-    size_t len = 1;
-    while (num >= 10) {
-        ++len;
-        num = num / 10;
-    }
-    return len;
-}
-