argon2 2.3.1 → 2.3.3

data/ext/phc-winner-argon2/src/ref.c

@@ -0,0 +1,194 @@
+/*
+ * Argon2 reference source code package - reference C implementations
+ *
+ * Copyright 2015
+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
+ *
+ * You may use this work under the terms of a Creative Commons CC0 1.0
+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of
+ * these licenses can be found at:
+ *
+ * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * You should have received a copy of both of these licenses along with this
+ * software. If not, they may be obtained at the above URLs.
+ */
+
+#include <stdint.h>
+#include <string.h>
+#include <stdlib.h>
+
+#include "argon2.h"
+#include "core.h"
+
+#include "blake2/blamka-round-ref.h"
+#include "blake2/blake2-impl.h"
+#include "blake2/blake2.h"
+
+
+/*
+ * Function fills a new memory block and optionally XORs the old block over the new one.
+ * @next_block must be initialized.
+ * @param prev_block Pointer to the previous block
+ * @param ref_block Pointer to the reference block
+ * @param next_block Pointer to the block to be constructed
+ * @param with_xor Whether to XOR into the new block (1) or just overwrite (0)
+ * @pre all block pointers must be valid
+ */
+static void fill_block(const block *prev_block, const block *ref_block,
+                       block *next_block, int with_xor) {
+    block blockR, block_tmp;
+    unsigned i;
+
+    copy_block(&blockR, ref_block);
+    xor_block(&blockR, prev_block);
+    copy_block(&block_tmp, &blockR);
+    /* Now blockR = ref_block + prev_block and block_tmp = ref_block + prev_block */
+    if (with_xor) {
+        /* Saving the next block contents for XOR over: */
+        xor_block(&block_tmp, next_block);
+        /* Now blockR = ref_block + prev_block and
+           block_tmp = ref_block + prev_block + next_block */
+    }
+
+    /* Apply Blake2 on columns of 64-bit words: (0,1,...,15) , then
+       (16,17,..31)... finally (112,113,...127) */
+    for (i = 0; i < 8; ++i) {
+        BLAKE2_ROUND_NOMSG(
+            blockR.v[16 * i], blockR.v[16 * i + 1], blockR.v[16 * i + 2],
+            blockR.v[16 * i + 3], blockR.v[16 * i + 4], blockR.v[16 * i + 5],
+            blockR.v[16 * i + 6], blockR.v[16 * i + 7], blockR.v[16 * i + 8],
+            blockR.v[16 * i + 9], blockR.v[16 * i + 10], blockR.v[16 * i + 11],
+            blockR.v[16 * i + 12], blockR.v[16 * i + 13], blockR.v[16 * i + 14],
+            blockR.v[16 * i + 15]);
+    }
+
+    /* Apply Blake2 on rows of 64-bit words: (0,1,16,17,...112,113), then
+       (2,3,18,19,...,114,115).. finally (14,15,30,31,...,126,127) */
+    for (i = 0; i < 8; i++) {
+        BLAKE2_ROUND_NOMSG(
+            blockR.v[2 * i], blockR.v[2 * i + 1], blockR.v[2 * i + 16],
+            blockR.v[2 * i + 17], blockR.v[2 * i + 32], blockR.v[2 * i + 33],
+            blockR.v[2 * i + 48], blockR.v[2 * i + 49], blockR.v[2 * i + 64],
+            blockR.v[2 * i + 65], blockR.v[2 * i + 80], blockR.v[2 * i + 81],
+            blockR.v[2 * i + 96], blockR.v[2 * i + 97], blockR.v[2 * i + 112],
+            blockR.v[2 * i + 113]);
+    }
+
+    copy_block(next_block, &block_tmp);
+    xor_block(next_block, &blockR);
+}
+
+static void next_addresses(block *address_block, block *input_block,
+                           const block *zero_block) {
+    input_block->v[6]++;
+    fill_block(zero_block, input_block, address_block, 0);
+    fill_block(zero_block, address_block, address_block, 0);
+}
+
+void fill_segment(const argon2_instance_t *instance,
+                  argon2_position_t position) {
+    block *ref_block = NULL, *curr_block = NULL;
+    block address_block, input_block, zero_block;
+    uint64_t pseudo_rand, ref_index, ref_lane;
+    uint32_t prev_offset, curr_offset;
+    uint32_t starting_index;
+    uint32_t i;
+    int data_independent_addressing;
+
+    if (instance == NULL) {
+        return;
+    }
+
+    data_independent_addressing =
+        (instance->type == Argon2_i) ||
+        (instance->type == Argon2_id && (position.pass == 0) &&
+         (position.slice < ARGON2_SYNC_POINTS / 2));
+
+    if (data_independent_addressing) {
+        init_block_value(&zero_block, 0);
+        init_block_value(&input_block, 0);
+
+        input_block.v[0] = position.pass;
+        input_block.v[1] = position.lane;
+        input_block.v[2] = position.slice;
+        input_block.v[3] = instance->memory_blocks;
+        input_block.v[4] = instance->passes;
+        input_block.v[5] = instance->type;
+    }
+
+    starting_index = 0;
+
+    if ((0 == position.pass) && (0 == position.slice)) {
+        starting_index = 2; /* we have already generated the first two blocks */
+
+        /* Don't forget to generate the first block of addresses: */
+        if (data_independent_addressing) {
+            next_addresses(&address_block, &input_block, &zero_block);
+        }
+    }
+
+    /* Offset of the current block */
+    curr_offset = position.lane * instance->lane_length +
+                  position.slice * instance->segment_length + starting_index;
+
+    if (0 == curr_offset % instance->lane_length) {
+        /* Last block in this lane */
+        prev_offset = curr_offset + instance->lane_length - 1;
+    } else {
+        /* Previous block */
+        prev_offset = curr_offset - 1;
+    }
+
+    for (i = starting_index; i < instance->segment_length;
+         ++i, ++curr_offset, ++prev_offset) {
+        /*1.1 Rotating prev_offset if needed */
+        if (curr_offset % instance->lane_length == 1) {
+            prev_offset = curr_offset - 1;
+        }
+
+        /* 1.2 Computing the index of the reference block */
+        /* 1.2.1 Taking pseudo-random value from the previous block */
+        if (data_independent_addressing) {
+            if (i % ARGON2_ADDRESSES_IN_BLOCK == 0) {
+                next_addresses(&address_block, &input_block, &zero_block);
+            }
+            pseudo_rand = address_block.v[i % ARGON2_ADDRESSES_IN_BLOCK];
+        } else {
+            pseudo_rand = instance->memory[prev_offset].v[0];
+        }
+
+        /* 1.2.2 Computing the lane of the reference block */
+        ref_lane = ((pseudo_rand >> 32)) % instance->lanes;
+
+        if ((position.pass == 0) && (position.slice == 0)) {
+            /* Can not reference other lanes yet */
+            ref_lane = position.lane;
+        }
+
+        /* 1.2.3 Computing the number of possible reference block within the
+         * lane.
+         */
+        position.index = i;
+        ref_index = index_alpha(instance, &position, pseudo_rand & 0xFFFFFFFF,
+                                ref_lane == position.lane);
+
+        /* 2 Creating a new block */
+        ref_block =
+            instance->memory + instance->lane_length * ref_lane + ref_index;
+        curr_block = instance->memory + curr_offset;
+        if (ARGON2_VERSION_10 == instance->version) {
+            /* version 1.2.1 and earlier: overwrite, not XOR */
+            fill_block(instance->memory + prev_offset, ref_block, curr_block, 0);
+        } else {
+            if(0 == position.pass) {
+                fill_block(instance->memory + prev_offset, ref_block,
+                           curr_block, 0);
+            } else {
+                fill_block(instance->memory + prev_offset, ref_block,
+                           curr_block, 1);
+            }
+        }
+    }
+}

data/ext/phc-winner-argon2/src/run.c

@@ -0,0 +1,337 @@
+/*
+ * Argon2 reference source code package - reference C implementations
+ *
+ * Copyright 2015
+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
+ *
+ * You may use this work under the terms of a Creative Commons CC0 1.0
+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of
+ * these licenses can be found at:
+ *
+ * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0
+ * - Apache 2.0        : https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * You should have received a copy of both of these licenses along with this
+ * software. If not, they may be obtained at the above URLs.
+ */
+
+#define _GNU_SOURCE 1
+
+#include <stdint.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+
+#include "argon2.h"
+#include "core.h"
+
+#define T_COST_DEF 3
+#define LOG_M_COST_DEF 12 /* 2^12 = 4 MiB */
+#define LANES_DEF 1
+#define THREADS_DEF 1
+#define OUTLEN_DEF 32
+#define MAX_PASS_LEN 128
+
+#define UNUSED_PARAMETER(x) (void)(x)
+
+static void usage(const char *cmd) {
+    printf("Usage:  %s [-h] salt [-i|-d|-id] [-t iterations] "
+           "[-m log2(memory in KiB) | -k memory in KiB] [-p parallelism] "
+           "[-l hash length] [-e|-r] [-v (10|13)]\n",
+           cmd);
+    printf("\tPassword is read from stdin\n");
+    printf("Parameters:\n");
+    printf("\tsalt\t\tThe salt to use, at least 8 characters\n");
+    printf("\t-i\t\tUse Argon2i (this is the default)\n");
+    printf("\t-d\t\tUse Argon2d instead of Argon2i\n");
+    printf("\t-id\t\tUse Argon2id instead of Argon2i\n");
+    printf("\t-t N\t\tSets the number of iterations to N (default = %d)\n",
+           T_COST_DEF);
+    printf("\t-m N\t\tSets the memory usage of 2^N KiB (default %d)\n",
+           LOG_M_COST_DEF);
+    printf("\t-k N\t\tSets the memory usage of N KiB (default %d)\n",
+           1 << LOG_M_COST_DEF);
+    printf("\t-p N\t\tSets parallelism to N threads (default %d)\n",
+           THREADS_DEF);
+    printf("\t-l N\t\tSets hash output length to N bytes (default %d)\n",
+           OUTLEN_DEF);
+    printf("\t-e\t\tOutput only encoded hash\n");
+    printf("\t-r\t\tOutput only the raw bytes of the hash\n");
+    printf("\t-v (10|13)\tArgon2 version (defaults to the most recent version, currently %x)\n",
+            ARGON2_VERSION_NUMBER);
+    printf("\t-h\t\tPrint %s usage\n", cmd);
+}
+
+static void fatal(const char *error) {
+    fprintf(stderr, "Error: %s\n", error);
+    exit(1);
+}
+
+static void print_hex(uint8_t *bytes, size_t bytes_len) {
+    size_t i;
+    for (i = 0; i < bytes_len; ++i) {
+        printf("%02x", bytes[i]);
+    }
+    printf("\n");
+}
+
+/*
+Runs Argon2 with certain inputs and parameters, inputs not cleared. Prints the
+Base64-encoded hash string
+@out output array with at least 32 bytes allocated
+@pwd NULL-terminated string, presumably from argv[]
+@salt salt array
+@t_cost number of iterations
+@m_cost amount of requested memory in KB
+@lanes amount of requested parallelism
+@threads actual parallelism
+@type Argon2 type we want to run
+@encoded_only display only the encoded hash
+@raw_only display only the hexadecimal of the hash
+@version Argon2 version
+*/
+static void run(uint32_t outlen, char *pwd, size_t pwdlen, char *salt, uint32_t t_cost,
+                uint32_t m_cost, uint32_t lanes, uint32_t threads,
+                argon2_type type, int encoded_only, int raw_only, uint32_t version) {
+    clock_t start_time, stop_time;
+    size_t saltlen, encodedlen;
+    int result;
+    unsigned char * out = NULL;
+    char * encoded = NULL;
+
+    start_time = clock();
+
+    if (!pwd) {
+        fatal("password missing");
+    }
+
+    if (!salt) {
+        clear_internal_memory(pwd, pwdlen);
+        fatal("salt missing");
+    }
+
+    saltlen = strlen(salt);
+    if(UINT32_MAX < saltlen) {
+        fatal("salt is too long");
+    }
+
+    UNUSED_PARAMETER(lanes);
+
+    out = malloc(outlen + 1);
+    if (!out) {
+        clear_internal_memory(pwd, pwdlen);
+        fatal("could not allocate memory for output");
+    }
+
+    encodedlen = argon2_encodedlen(t_cost, m_cost, lanes, (uint32_t)saltlen, outlen, type);
+    encoded = malloc(encodedlen + 1);
+    if (!encoded) {
+        clear_internal_memory(pwd, pwdlen);
+        fatal("could not allocate memory for hash");
+    }
+
+    result = argon2_hash(t_cost, m_cost, threads, pwd, pwdlen, salt, saltlen,
+                         out, outlen, encoded, encodedlen, type,
+                         version);
+    if (result != ARGON2_OK)
+        fatal(argon2_error_message(result));
+
+    stop_time = clock();
+
+    if (encoded_only)
+        puts(encoded);
+
+    if (raw_only)
+        print_hex(out, outlen);
+
+    if (encoded_only || raw_only) {
+        free(out);
+        free(encoded);
+        return;
+    }
+
+    printf("Hash:\t\t");
+    print_hex(out, outlen);
+    free(out);
+
+    printf("Encoded:\t%s\n", encoded);
+
+    printf("%2.3f seconds\n",
+           ((double)stop_time - start_time) / (CLOCKS_PER_SEC));
+
+    result = argon2_verify(encoded, pwd, pwdlen, type);
+    if (result != ARGON2_OK)
+        fatal(argon2_error_message(result));
+    printf("Verification ok\n");
+    free(encoded);
+}
+
+int main(int argc, char *argv[]) {
+    uint32_t outlen = OUTLEN_DEF;
+    uint32_t m_cost = 1 << LOG_M_COST_DEF;
+    uint32_t t_cost = T_COST_DEF;
+    uint32_t lanes = LANES_DEF;
+    uint32_t threads = THREADS_DEF;
+    argon2_type type = Argon2_i; /* Argon2i is the default type */
+    int types_specified = 0;
+    int m_cost_specified = 0;
+    int encoded_only = 0;
+    int raw_only = 0;
+    uint32_t version = ARGON2_VERSION_NUMBER;
+    int i;
+    size_t pwdlen;
+    char pwd[MAX_PASS_LEN], *salt;
+
+    if (argc < 2) {
+        usage(argv[0]);
+        return ARGON2_MISSING_ARGS;
+    } else if (argc >= 2 && strcmp(argv[1], "-h") == 0) {
+        usage(argv[0]);
+        return 1;
+    }
+
+    /* get password from stdin */
+    pwdlen = fread(pwd, 1, sizeof pwd, stdin);
+    if(pwdlen < 1) {
+        fatal("no password read");
+    }
+    if(pwdlen == MAX_PASS_LEN) {
+        fatal("Provided password longer than supported in command line utility");
+    }
+
+    salt = argv[1];
+
+    /* parse options */
+    for (i = 2; i < argc; i++) {
+        const char *a = argv[i];
+        unsigned long input = 0;
+        if (!strcmp(a, "-h")) {
+            usage(argv[0]);
+            return 1;
+        } else if (!strcmp(a, "-m")) {
+            if (m_cost_specified) {
+                fatal("-m or -k can only be used once");
+            }
+            m_cost_specified = 1;
+            if (i < argc - 1) {
+                i++;
+                input = strtoul(argv[i], NULL, 10);
+                if (input == 0 || input == ULONG_MAX ||
+                    input > ARGON2_MAX_MEMORY_BITS) {
+                    fatal("bad numeric input for -m");
+                }
+                m_cost = ARGON2_MIN(UINT64_C(1) << input, UINT32_C(0xFFFFFFFF));
+                if (m_cost > ARGON2_MAX_MEMORY) {
+                    fatal("m_cost overflow");
+                }
+                continue;
+            } else {
+                fatal("missing -m argument");
+            }
+        } else if (!strcmp(a, "-k")) {
+            if (m_cost_specified) {
+                fatal("-m or -k can only be used once");
+            }
+            m_cost_specified = 1;
+            if (i < argc - 1) {
+                i++;
+                input = strtoul(argv[i], NULL, 10);
+                if (input == 0 || input == ULONG_MAX) {
+                    fatal("bad numeric input for -k");
+                }
+                m_cost = ARGON2_MIN(input, UINT32_C(0xFFFFFFFF));
+                if (m_cost > ARGON2_MAX_MEMORY) {
+                    fatal("m_cost overflow");
+                }
+                continue;
+            } else {
+                fatal("missing -k argument");
+            }
+        } else if (!strcmp(a, "-t")) {
+            if (i < argc - 1) {
+                i++;
+                input = strtoul(argv[i], NULL, 10);
+                if (input == 0 || input == ULONG_MAX ||
+                    input > ARGON2_MAX_TIME) {
+                    fatal("bad numeric input for -t");
+                }
+                t_cost = input;
+                continue;
+            } else {
+                fatal("missing -t argument");
+            }
+        } else if (!strcmp(a, "-p")) {
+            if (i < argc - 1) {
+                i++;
+                input = strtoul(argv[i], NULL, 10);
+                if (input == 0 || input == ULONG_MAX ||
+                    input > ARGON2_MAX_THREADS || input > ARGON2_MAX_LANES) {
+                    fatal("bad numeric input for -p");
+                }
+                threads = input;
+                lanes = threads;
+                continue;
+            } else {
+                fatal("missing -p argument");
+            }
+        } else if (!strcmp(a, "-l")) {
+            if (i < argc - 1) {
+                i++;
+                input = strtoul(argv[i], NULL, 10);
+                outlen = input;
+                continue;
+            } else {
+                fatal("missing -l argument");
+            }
+        } else if (!strcmp(a, "-i")) {
+            type = Argon2_i;
+            ++types_specified;
+        } else if (!strcmp(a, "-d")) {
+            type = Argon2_d;
+            ++types_specified;
+        } else if (!strcmp(a, "-id")) {
+            type = Argon2_id;
+            ++types_specified;
+        } else if (!strcmp(a, "-e")) {
+            encoded_only = 1;
+        } else if (!strcmp(a, "-r")) {
+            raw_only = 1;
+        } else if (!strcmp(a, "-v")) {
+            if (i < argc - 1) {
+                i++;
+                if (!strcmp(argv[i], "10")) {
+                    version = ARGON2_VERSION_10;
+                } else if (!strcmp(argv[i], "13")) {
+                    version = ARGON2_VERSION_13;
+                } else {
+                    fatal("invalid Argon2 version");
+                }
+            } else {
+                fatal("missing -v argument");
+            }
+        } else {
+            fatal("unknown argument");
+        }
+    }
+
+    if (types_specified > 1) {
+        fatal("cannot specify multiple Argon2 types");
+    }
+
+    if(encoded_only && raw_only)
+        fatal("cannot provide both -e and -r");
+
+    if(!encoded_only && !raw_only) {
+        printf("Type:\t\t%s\n", argon2_type2string(type, 1));
+        printf("Iterations:\t%u\n", t_cost);
+        printf("Memory:\t\t%u KiB\n", m_cost);
+        printf("Parallelism:\t%u\n", lanes);
+    }
+
+    run(outlen, pwd, pwdlen, salt, t_cost, m_cost, lanes, threads, type,
+       encoded_only, raw_only, version);
+
+    return ARGON2_OK;
+}
+