argon2id 0.8.0.rc1-x86-linux-gnu

Sign up to get free protection for your applications and to get access to all the features.
@@ -0,0 +1,437 @@
1
+ /*
2
+ * Argon2 reference source code package - reference C implementations
3
+ *
4
+ * Copyright 2015
5
+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
6
+ *
7
+ * You may use this work under the terms of a Creative Commons CC0 1.0
8
+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of
9
+ * these licenses can be found at:
10
+ *
11
+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
12
+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0
13
+ *
14
+ * You should have received a copy of both of these licenses along with this
15
+ * software. If not, they may be obtained at the above URLs.
16
+ */
17
+
18
+ #ifndef ARGON2_H
19
+ #define ARGON2_H
20
+
21
+ #include <stdint.h>
22
+ #include <stddef.h>
23
+ #include <limits.h>
24
+
25
+ #if defined(__cplusplus)
26
+ extern "C" {
27
+ #endif
28
+
29
+ /* Symbols visibility control */
30
+ #ifdef A2_VISCTL
31
+ #define ARGON2_PUBLIC __attribute__((visibility("default")))
32
+ #define ARGON2_LOCAL __attribute__ ((visibility ("hidden")))
33
+ #elif _MSC_VER
34
+ #define ARGON2_PUBLIC __declspec(dllexport)
35
+ #define ARGON2_LOCAL
36
+ #else
37
+ #define ARGON2_PUBLIC
38
+ #define ARGON2_LOCAL
39
+ #endif
40
+
41
+ /*
42
+ * Argon2 input parameter restrictions
43
+ */
44
+
45
+ /* Minimum and maximum number of lanes (degree of parallelism) */
46
+ #define ARGON2_MIN_LANES UINT32_C(1)
47
+ #define ARGON2_MAX_LANES UINT32_C(0xFFFFFF)
48
+
49
+ /* Minimum and maximum number of threads */
50
+ #define ARGON2_MIN_THREADS UINT32_C(1)
51
+ #define ARGON2_MAX_THREADS UINT32_C(0xFFFFFF)
52
+
53
+ /* Number of synchronization points between lanes per pass */
54
+ #define ARGON2_SYNC_POINTS UINT32_C(4)
55
+
56
+ /* Minimum and maximum digest size in bytes */
57
+ #define ARGON2_MIN_OUTLEN UINT32_C(4)
58
+ #define ARGON2_MAX_OUTLEN UINT32_C(0xFFFFFFFF)
59
+
60
+ /* Minimum and maximum number of memory blocks (each of BLOCK_SIZE bytes) */
61
+ #define ARGON2_MIN_MEMORY (2 * ARGON2_SYNC_POINTS) /* 2 blocks per slice */
62
+
63
+ #define ARGON2_MIN(a, b) ((a) < (b) ? (a) : (b))
64
+ /* Max memory size is addressing-space/2, topping at 2^32 blocks (4 TB) */
65
+ #define ARGON2_MAX_MEMORY_BITS \
66
+ ARGON2_MIN(UINT32_C(32), (sizeof(void *) * CHAR_BIT - 10 - 1))
67
+ #define ARGON2_MAX_MEMORY \
68
+ ARGON2_MIN(UINT32_C(0xFFFFFFFF), UINT64_C(1) << ARGON2_MAX_MEMORY_BITS)
69
+
70
+ /* Minimum and maximum number of passes */
71
+ #define ARGON2_MIN_TIME UINT32_C(1)
72
+ #define ARGON2_MAX_TIME UINT32_C(0xFFFFFFFF)
73
+
74
+ /* Minimum and maximum password length in bytes */
75
+ #define ARGON2_MIN_PWD_LENGTH UINT32_C(0)
76
+ #define ARGON2_MAX_PWD_LENGTH UINT32_C(0xFFFFFFFF)
77
+
78
+ /* Minimum and maximum associated data length in bytes */
79
+ #define ARGON2_MIN_AD_LENGTH UINT32_C(0)
80
+ #define ARGON2_MAX_AD_LENGTH UINT32_C(0xFFFFFFFF)
81
+
82
+ /* Minimum and maximum salt length in bytes */
83
+ #define ARGON2_MIN_SALT_LENGTH UINT32_C(8)
84
+ #define ARGON2_MAX_SALT_LENGTH UINT32_C(0xFFFFFFFF)
85
+
86
+ /* Minimum and maximum key length in bytes */
87
+ #define ARGON2_MIN_SECRET UINT32_C(0)
88
+ #define ARGON2_MAX_SECRET UINT32_C(0xFFFFFFFF)
89
+
90
+ /* Flags to determine which fields are securely wiped (default = no wipe). */
91
+ #define ARGON2_DEFAULT_FLAGS UINT32_C(0)
92
+ #define ARGON2_FLAG_CLEAR_PASSWORD (UINT32_C(1) << 0)
93
+ #define ARGON2_FLAG_CLEAR_SECRET (UINT32_C(1) << 1)
94
+
95
+ /* Global flag to determine if we are wiping internal memory buffers. This flag
96
+ * is defined in core.c and defaults to 1 (wipe internal memory). */
97
+ extern int FLAG_clear_internal_memory;
98
+
99
+ /* Error codes */
100
+ typedef enum Argon2_ErrorCodes {
101
+ ARGON2_OK = 0,
102
+
103
+ ARGON2_OUTPUT_PTR_NULL = -1,
104
+
105
+ ARGON2_OUTPUT_TOO_SHORT = -2,
106
+ ARGON2_OUTPUT_TOO_LONG = -3,
107
+
108
+ ARGON2_PWD_TOO_SHORT = -4,
109
+ ARGON2_PWD_TOO_LONG = -5,
110
+
111
+ ARGON2_SALT_TOO_SHORT = -6,
112
+ ARGON2_SALT_TOO_LONG = -7,
113
+
114
+ ARGON2_AD_TOO_SHORT = -8,
115
+ ARGON2_AD_TOO_LONG = -9,
116
+
117
+ ARGON2_SECRET_TOO_SHORT = -10,
118
+ ARGON2_SECRET_TOO_LONG = -11,
119
+
120
+ ARGON2_TIME_TOO_SMALL = -12,
121
+ ARGON2_TIME_TOO_LARGE = -13,
122
+
123
+ ARGON2_MEMORY_TOO_LITTLE = -14,
124
+ ARGON2_MEMORY_TOO_MUCH = -15,
125
+
126
+ ARGON2_LANES_TOO_FEW = -16,
127
+ ARGON2_LANES_TOO_MANY = -17,
128
+
129
+ ARGON2_PWD_PTR_MISMATCH = -18, /* NULL ptr with non-zero length */
130
+ ARGON2_SALT_PTR_MISMATCH = -19, /* NULL ptr with non-zero length */
131
+ ARGON2_SECRET_PTR_MISMATCH = -20, /* NULL ptr with non-zero length */
132
+ ARGON2_AD_PTR_MISMATCH = -21, /* NULL ptr with non-zero length */
133
+
134
+ ARGON2_MEMORY_ALLOCATION_ERROR = -22,
135
+
136
+ ARGON2_FREE_MEMORY_CBK_NULL = -23,
137
+ ARGON2_ALLOCATE_MEMORY_CBK_NULL = -24,
138
+
139
+ ARGON2_INCORRECT_PARAMETER = -25,
140
+ ARGON2_INCORRECT_TYPE = -26,
141
+
142
+ ARGON2_OUT_PTR_MISMATCH = -27,
143
+
144
+ ARGON2_THREADS_TOO_FEW = -28,
145
+ ARGON2_THREADS_TOO_MANY = -29,
146
+
147
+ ARGON2_MISSING_ARGS = -30,
148
+
149
+ ARGON2_ENCODING_FAIL = -31,
150
+
151
+ ARGON2_DECODING_FAIL = -32,
152
+
153
+ ARGON2_THREAD_FAIL = -33,
154
+
155
+ ARGON2_DECODING_LENGTH_FAIL = -34,
156
+
157
+ ARGON2_VERIFY_MISMATCH = -35
158
+ } argon2_error_codes;
159
+
160
+ /* Memory allocator types --- for external allocation */
161
+ typedef int (*allocate_fptr)(uint8_t **memory, size_t bytes_to_allocate);
162
+ typedef void (*deallocate_fptr)(uint8_t *memory, size_t bytes_to_allocate);
163
+
164
+ /* Argon2 external data structures */
165
+
166
+ /*
167
+ *****
168
+ * Context: structure to hold Argon2 inputs:
169
+ * output array and its length,
170
+ * password and its length,
171
+ * salt and its length,
172
+ * secret and its length,
173
+ * associated data and its length,
174
+ * number of passes, amount of used memory (in KBytes, can be rounded up a bit)
175
+ * number of parallel threads that will be run.
176
+ * All the parameters above affect the output hash value.
177
+ * Additionally, two function pointers can be provided to allocate and
178
+ * deallocate the memory (if NULL, memory will be allocated internally).
179
+ * Also, three flags indicate whether to erase password, secret as soon as they
180
+ * are pre-hashed (and thus not needed anymore), and the entire memory
181
+ *****
182
+ * Simplest situation: you have output array out[8], password is stored in
183
+ * pwd[32], salt is stored in salt[16], you do not have keys nor associated
184
+ * data. You need to spend 1 GB of RAM and you run 5 passes of Argon2d with
185
+ * 4 parallel lanes.
186
+ * You want to erase the password, but you're OK with last pass not being
187
+ * erased. You want to use the default memory allocator.
188
+ * Then you initialize:
189
+ Argon2_Context(out,8,pwd,32,salt,16,NULL,0,NULL,0,5,1<<20,4,4,NULL,NULL,true,false,false,false)
190
+ */
191
+ typedef struct Argon2_Context {
192
+ uint8_t *out; /* output array */
193
+ uint32_t outlen; /* digest length */
194
+
195
+ uint8_t *pwd; /* password array */
196
+ uint32_t pwdlen; /* password length */
197
+
198
+ uint8_t *salt; /* salt array */
199
+ uint32_t saltlen; /* salt length */
200
+
201
+ uint8_t *secret; /* key array */
202
+ uint32_t secretlen; /* key length */
203
+
204
+ uint8_t *ad; /* associated data array */
205
+ uint32_t adlen; /* associated data length */
206
+
207
+ uint32_t t_cost; /* number of passes */
208
+ uint32_t m_cost; /* amount of memory requested (KB) */
209
+ uint32_t lanes; /* number of lanes */
210
+ uint32_t threads; /* maximum number of threads */
211
+
212
+ uint32_t version; /* version number */
213
+
214
+ allocate_fptr allocate_cbk; /* pointer to memory allocator */
215
+ deallocate_fptr free_cbk; /* pointer to memory deallocator */
216
+
217
+ uint32_t flags; /* array of bool options */
218
+ } argon2_context;
219
+
220
+ /* Argon2 primitive type */
221
+ typedef enum Argon2_type {
222
+ Argon2_d = 0,
223
+ Argon2_i = 1,
224
+ Argon2_id = 2
225
+ } argon2_type;
226
+
227
+ /* Version of the algorithm */
228
+ typedef enum Argon2_version {
229
+ ARGON2_VERSION_10 = 0x10,
230
+ ARGON2_VERSION_13 = 0x13,
231
+ ARGON2_VERSION_NUMBER = ARGON2_VERSION_13
232
+ } argon2_version;
233
+
234
+ /*
235
+ * Function that gives the string representation of an argon2_type.
236
+ * @param type The argon2_type that we want the string for
237
+ * @param uppercase Whether the string should have the first letter uppercase
238
+ * @return NULL if invalid type, otherwise the string representation.
239
+ */
240
+ ARGON2_PUBLIC const char *argon2_type2string(argon2_type type, int uppercase);
241
+
242
+ /*
243
+ * Function that performs memory-hard hashing with certain degree of parallelism
244
+ * @param context Pointer to the Argon2 internal structure
245
+ * @return Error code if smth is wrong, ARGON2_OK otherwise
246
+ */
247
+ ARGON2_PUBLIC int argon2_ctx(argon2_context *context, argon2_type type);
248
+
249
+ /**
250
+ * Hashes a password with Argon2i, producing an encoded hash
251
+ * @param t_cost Number of iterations
252
+ * @param m_cost Sets memory usage to m_cost kibibytes
253
+ * @param parallelism Number of threads and compute lanes
254
+ * @param pwd Pointer to password
255
+ * @param pwdlen Password size in bytes
256
+ * @param salt Pointer to salt
257
+ * @param saltlen Salt size in bytes
258
+ * @param hashlen Desired length of the hash in bytes
259
+ * @param encoded Buffer where to write the encoded hash
260
+ * @param encodedlen Size of the buffer (thus max size of the encoded hash)
261
+ * @pre Different parallelism levels will give different results
262
+ * @pre Returns ARGON2_OK if successful
263
+ */
264
+ ARGON2_PUBLIC int argon2i_hash_encoded(const uint32_t t_cost,
265
+ const uint32_t m_cost,
266
+ const uint32_t parallelism,
267
+ const void *pwd, const size_t pwdlen,
268
+ const void *salt, const size_t saltlen,
269
+ const size_t hashlen, char *encoded,
270
+ const size_t encodedlen);
271
+
272
+ /**
273
+ * Hashes a password with Argon2i, producing a raw hash at @hash
274
+ * @param t_cost Number of iterations
275
+ * @param m_cost Sets memory usage to m_cost kibibytes
276
+ * @param parallelism Number of threads and compute lanes
277
+ * @param pwd Pointer to password
278
+ * @param pwdlen Password size in bytes
279
+ * @param salt Pointer to salt
280
+ * @param saltlen Salt size in bytes
281
+ * @param hash Buffer where to write the raw hash - updated by the function
282
+ * @param hashlen Desired length of the hash in bytes
283
+ * @pre Different parallelism levels will give different results
284
+ * @pre Returns ARGON2_OK if successful
285
+ */
286
+ ARGON2_PUBLIC int argon2i_hash_raw(const uint32_t t_cost, const uint32_t m_cost,
287
+ const uint32_t parallelism, const void *pwd,
288
+ const size_t pwdlen, const void *salt,
289
+ const size_t saltlen, void *hash,
290
+ const size_t hashlen);
291
+
292
+ ARGON2_PUBLIC int argon2d_hash_encoded(const uint32_t t_cost,
293
+ const uint32_t m_cost,
294
+ const uint32_t parallelism,
295
+ const void *pwd, const size_t pwdlen,
296
+ const void *salt, const size_t saltlen,
297
+ const size_t hashlen, char *encoded,
298
+ const size_t encodedlen);
299
+
300
+ ARGON2_PUBLIC int argon2d_hash_raw(const uint32_t t_cost, const uint32_t m_cost,
301
+ const uint32_t parallelism, const void *pwd,
302
+ const size_t pwdlen, const void *salt,
303
+ const size_t saltlen, void *hash,
304
+ const size_t hashlen);
305
+
306
+ ARGON2_PUBLIC int argon2id_hash_encoded(const uint32_t t_cost,
307
+ const uint32_t m_cost,
308
+ const uint32_t parallelism,
309
+ const void *pwd, const size_t pwdlen,
310
+ const void *salt, const size_t saltlen,
311
+ const size_t hashlen, char *encoded,
312
+ const size_t encodedlen);
313
+
314
+ ARGON2_PUBLIC int argon2id_hash_raw(const uint32_t t_cost,
315
+ const uint32_t m_cost,
316
+ const uint32_t parallelism, const void *pwd,
317
+ const size_t pwdlen, const void *salt,
318
+ const size_t saltlen, void *hash,
319
+ const size_t hashlen);
320
+
321
+ /* generic function underlying the above ones */
322
+ ARGON2_PUBLIC int argon2_hash(const uint32_t t_cost, const uint32_t m_cost,
323
+ const uint32_t parallelism, const void *pwd,
324
+ const size_t pwdlen, const void *salt,
325
+ const size_t saltlen, void *hash,
326
+ const size_t hashlen, char *encoded,
327
+ const size_t encodedlen, argon2_type type,
328
+ const uint32_t version);
329
+
330
+ /**
331
+ * Verifies a password against an encoded string
332
+ * Encoded string is restricted as in validate_inputs()
333
+ * @param encoded String encoding parameters, salt, hash
334
+ * @param pwd Pointer to password
335
+ * @pre Returns ARGON2_OK if successful
336
+ */
337
+ ARGON2_PUBLIC int argon2i_verify(const char *encoded, const void *pwd,
338
+ const size_t pwdlen);
339
+
340
+ ARGON2_PUBLIC int argon2d_verify(const char *encoded, const void *pwd,
341
+ const size_t pwdlen);
342
+
343
+ ARGON2_PUBLIC int argon2id_verify(const char *encoded, const void *pwd,
344
+ const size_t pwdlen);
345
+
346
+ /* generic function underlying the above ones */
347
+ ARGON2_PUBLIC int argon2_verify(const char *encoded, const void *pwd,
348
+ const size_t pwdlen, argon2_type type);
349
+
350
+ /**
351
+ * Argon2d: Version of Argon2 that picks memory blocks depending
352
+ * on the password and salt. Only for side-channel-free
353
+ * environment!!
354
+ *****
355
+ * @param context Pointer to current Argon2 context
356
+ * @return Zero if successful, a non zero error code otherwise
357
+ */
358
+ ARGON2_PUBLIC int argon2d_ctx(argon2_context *context);
359
+
360
+ /**
361
+ * Argon2i: Version of Argon2 that picks memory blocks
362
+ * independent on the password and salt. Good for side-channels,
363
+ * but worse w.r.t. tradeoff attacks if only one pass is used.
364
+ *****
365
+ * @param context Pointer to current Argon2 context
366
+ * @return Zero if successful, a non zero error code otherwise
367
+ */
368
+ ARGON2_PUBLIC int argon2i_ctx(argon2_context *context);
369
+
370
+ /**
371
+ * Argon2id: Version of Argon2 where the first half-pass over memory is
372
+ * password-independent, the rest are password-dependent (on the password and
373
+ * salt). OK against side channels (they reduce to 1/2-pass Argon2i), and
374
+ * better with w.r.t. tradeoff attacks (similar to Argon2d).
375
+ *****
376
+ * @param context Pointer to current Argon2 context
377
+ * @return Zero if successful, a non zero error code otherwise
378
+ */
379
+ ARGON2_PUBLIC int argon2id_ctx(argon2_context *context);
380
+
381
+ /**
382
+ * Verify if a given password is correct for Argon2d hashing
383
+ * @param context Pointer to current Argon2 context
384
+ * @param hash The password hash to verify. The length of the hash is
385
+ * specified by the context outlen member
386
+ * @return Zero if successful, a non zero error code otherwise
387
+ */
388
+ ARGON2_PUBLIC int argon2d_verify_ctx(argon2_context *context, const char *hash);
389
+
390
+ /**
391
+ * Verify if a given password is correct for Argon2i hashing
392
+ * @param context Pointer to current Argon2 context
393
+ * @param hash The password hash to verify. The length of the hash is
394
+ * specified by the context outlen member
395
+ * @return Zero if successful, a non zero error code otherwise
396
+ */
397
+ ARGON2_PUBLIC int argon2i_verify_ctx(argon2_context *context, const char *hash);
398
+
399
+ /**
400
+ * Verify if a given password is correct for Argon2id hashing
401
+ * @param context Pointer to current Argon2 context
402
+ * @param hash The password hash to verify. The length of the hash is
403
+ * specified by the context outlen member
404
+ * @return Zero if successful, a non zero error code otherwise
405
+ */
406
+ ARGON2_PUBLIC int argon2id_verify_ctx(argon2_context *context,
407
+ const char *hash);
408
+
409
+ /* generic function underlying the above ones */
410
+ ARGON2_PUBLIC int argon2_verify_ctx(argon2_context *context, const char *hash,
411
+ argon2_type type);
412
+
413
+ /**
414
+ * Get the associated error message for given error code
415
+ * @return The error message associated with the given error code
416
+ */
417
+ ARGON2_PUBLIC const char *argon2_error_message(int error_code);
418
+
419
+ /**
420
+ * Returns the encoded hash length for the given input parameters
421
+ * @param t_cost Number of iterations
422
+ * @param m_cost Memory usage in kibibytes
423
+ * @param parallelism Number of threads; used to compute lanes
424
+ * @param saltlen Salt size in bytes
425
+ * @param hashlen Hash size in bytes
426
+ * @param type The argon2_type that we want the encoded length for
427
+ * @return The encoded hash length in bytes
428
+ */
429
+ ARGON2_PUBLIC size_t argon2_encodedlen(uint32_t t_cost, uint32_t m_cost,
430
+ uint32_t parallelism, uint32_t saltlen,
431
+ uint32_t hashlen, argon2_type type);
432
+
433
+ #if defined(__cplusplus)
434
+ }
435
+ #endif
436
+
437
+ #endif
@@ -0,0 +1,156 @@
1
+ /*
2
+ * Argon2 reference source code package - reference C implementations
3
+ *
4
+ * Copyright 2015
5
+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
6
+ *
7
+ * You may use this work under the terms of a Creative Commons CC0 1.0
8
+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of
9
+ * these licenses can be found at:
10
+ *
11
+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
12
+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0
13
+ *
14
+ * You should have received a copy of both of these licenses along with this
15
+ * software. If not, they may be obtained at the above URLs.
16
+ */
17
+
18
+ #ifndef PORTABLE_BLAKE2_IMPL_H
19
+ #define PORTABLE_BLAKE2_IMPL_H
20
+
21
+ #include <stdint.h>
22
+ #include <string.h>
23
+
24
+ #if defined(_MSC_VER)
25
+ #define BLAKE2_INLINE __inline
26
+ #elif defined(__GNUC__) || defined(__clang__)
27
+ #define BLAKE2_INLINE __inline__
28
+ #else
29
+ #define BLAKE2_INLINE
30
+ #endif
31
+
32
+ /* Argon2 Team - Begin Code */
33
+ /*
34
+ Not an exhaustive list, but should cover the majority of modern platforms
35
+ Additionally, the code will always be correct---this is only a performance
36
+ tweak.
37
+ */
38
+ #if (defined(__BYTE_ORDER__) && \
39
+ (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__)) || \
40
+ defined(__LITTLE_ENDIAN__) || defined(__ARMEL__) || defined(__MIPSEL__) || \
41
+ defined(__AARCH64EL__) || defined(__amd64__) || defined(__i386__) || \
42
+ defined(_M_IX86) || defined(_M_X64) || defined(_M_AMD64) || \
43
+ defined(_M_ARM)
44
+ #define NATIVE_LITTLE_ENDIAN
45
+ #endif
46
+ /* Argon2 Team - End Code */
47
+
48
+ static BLAKE2_INLINE uint32_t load32(const void *src) {
49
+ #if defined(NATIVE_LITTLE_ENDIAN)
50
+ uint32_t w;
51
+ memcpy(&w, src, sizeof w);
52
+ return w;
53
+ #else
54
+ const uint8_t *p = (const uint8_t *)src;
55
+ uint32_t w = *p++;
56
+ w |= (uint32_t)(*p++) << 8;
57
+ w |= (uint32_t)(*p++) << 16;
58
+ w |= (uint32_t)(*p++) << 24;
59
+ return w;
60
+ #endif
61
+ }
62
+
63
+ static BLAKE2_INLINE uint64_t load64(const void *src) {
64
+ #if defined(NATIVE_LITTLE_ENDIAN)
65
+ uint64_t w;
66
+ memcpy(&w, src, sizeof w);
67
+ return w;
68
+ #else
69
+ const uint8_t *p = (const uint8_t *)src;
70
+ uint64_t w = *p++;
71
+ w |= (uint64_t)(*p++) << 8;
72
+ w |= (uint64_t)(*p++) << 16;
73
+ w |= (uint64_t)(*p++) << 24;
74
+ w |= (uint64_t)(*p++) << 32;
75
+ w |= (uint64_t)(*p++) << 40;
76
+ w |= (uint64_t)(*p++) << 48;
77
+ w |= (uint64_t)(*p++) << 56;
78
+ return w;
79
+ #endif
80
+ }
81
+
82
+ static BLAKE2_INLINE void store32(void *dst, uint32_t w) {
83
+ #if defined(NATIVE_LITTLE_ENDIAN)
84
+ memcpy(dst, &w, sizeof w);
85
+ #else
86
+ uint8_t *p = (uint8_t *)dst;
87
+ *p++ = (uint8_t)w;
88
+ w >>= 8;
89
+ *p++ = (uint8_t)w;
90
+ w >>= 8;
91
+ *p++ = (uint8_t)w;
92
+ w >>= 8;
93
+ *p++ = (uint8_t)w;
94
+ #endif
95
+ }
96
+
97
+ static BLAKE2_INLINE void store64(void *dst, uint64_t w) {
98
+ #if defined(NATIVE_LITTLE_ENDIAN)
99
+ memcpy(dst, &w, sizeof w);
100
+ #else
101
+ uint8_t *p = (uint8_t *)dst;
102
+ *p++ = (uint8_t)w;
103
+ w >>= 8;
104
+ *p++ = (uint8_t)w;
105
+ w >>= 8;
106
+ *p++ = (uint8_t)w;
107
+ w >>= 8;
108
+ *p++ = (uint8_t)w;
109
+ w >>= 8;
110
+ *p++ = (uint8_t)w;
111
+ w >>= 8;
112
+ *p++ = (uint8_t)w;
113
+ w >>= 8;
114
+ *p++ = (uint8_t)w;
115
+ w >>= 8;
116
+ *p++ = (uint8_t)w;
117
+ #endif
118
+ }
119
+
120
+ static BLAKE2_INLINE uint64_t load48(const void *src) {
121
+ const uint8_t *p = (const uint8_t *)src;
122
+ uint64_t w = *p++;
123
+ w |= (uint64_t)(*p++) << 8;
124
+ w |= (uint64_t)(*p++) << 16;
125
+ w |= (uint64_t)(*p++) << 24;
126
+ w |= (uint64_t)(*p++) << 32;
127
+ w |= (uint64_t)(*p++) << 40;
128
+ return w;
129
+ }
130
+
131
+ static BLAKE2_INLINE void store48(void *dst, uint64_t w) {
132
+ uint8_t *p = (uint8_t *)dst;
133
+ *p++ = (uint8_t)w;
134
+ w >>= 8;
135
+ *p++ = (uint8_t)w;
136
+ w >>= 8;
137
+ *p++ = (uint8_t)w;
138
+ w >>= 8;
139
+ *p++ = (uint8_t)w;
140
+ w >>= 8;
141
+ *p++ = (uint8_t)w;
142
+ w >>= 8;
143
+ *p++ = (uint8_t)w;
144
+ }
145
+
146
+ static BLAKE2_INLINE uint32_t rotr32(const uint32_t w, const unsigned c) {
147
+ return (w >> c) | (w << (32 - c));
148
+ }
149
+
150
+ static BLAKE2_INLINE uint64_t rotr64(const uint64_t w, const unsigned c) {
151
+ return (w >> c) | (w << (64 - c));
152
+ }
153
+
154
+ void clear_internal_memory(void *v, size_t n);
155
+
156
+ #endif
@@ -0,0 +1,89 @@
1
+ /*
2
+ * Argon2 reference source code package - reference C implementations
3
+ *
4
+ * Copyright 2015
5
+ * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
6
+ *
7
+ * You may use this work under the terms of a Creative Commons CC0 1.0
8
+ * License/Waiver or the Apache Public License 2.0, at your option. The terms of
9
+ * these licenses can be found at:
10
+ *
11
+ * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
12
+ * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0
13
+ *
14
+ * You should have received a copy of both of these licenses along with this
15
+ * software. If not, they may be obtained at the above URLs.
16
+ */
17
+
18
+ #ifndef PORTABLE_BLAKE2_H
19
+ #define PORTABLE_BLAKE2_H
20
+
21
+ #include <argon2.h>
22
+
23
+ #if defined(__cplusplus)
24
+ extern "C" {
25
+ #endif
26
+
27
+ enum blake2b_constant {
28
+ BLAKE2B_BLOCKBYTES = 128,
29
+ BLAKE2B_OUTBYTES = 64,
30
+ BLAKE2B_KEYBYTES = 64,
31
+ BLAKE2B_SALTBYTES = 16,
32
+ BLAKE2B_PERSONALBYTES = 16
33
+ };
34
+
35
+ #pragma pack(push, 1)
36
+ typedef struct __blake2b_param {
37
+ uint8_t digest_length; /* 1 */
38
+ uint8_t key_length; /* 2 */
39
+ uint8_t fanout; /* 3 */
40
+ uint8_t depth; /* 4 */
41
+ uint32_t leaf_length; /* 8 */
42
+ uint64_t node_offset; /* 16 */
43
+ uint8_t node_depth; /* 17 */
44
+ uint8_t inner_length; /* 18 */
45
+ uint8_t reserved[14]; /* 32 */
46
+ uint8_t salt[BLAKE2B_SALTBYTES]; /* 48 */
47
+ uint8_t personal[BLAKE2B_PERSONALBYTES]; /* 64 */
48
+ } blake2b_param;
49
+ #pragma pack(pop)
50
+
51
+ typedef struct __blake2b_state {
52
+ uint64_t h[8];
53
+ uint64_t t[2];
54
+ uint64_t f[2];
55
+ uint8_t buf[BLAKE2B_BLOCKBYTES];
56
+ unsigned buflen;
57
+ unsigned outlen;
58
+ uint8_t last_node;
59
+ } blake2b_state;
60
+
61
+ /* Ensure param structs have not been wrongly padded */
62
+ /* Poor man's static_assert */
63
+ enum {
64
+ blake2_size_check_0 = 1 / !!(CHAR_BIT == 8),
65
+ blake2_size_check_2 =
66
+ 1 / !!(sizeof(blake2b_param) == sizeof(uint64_t) * CHAR_BIT)
67
+ };
68
+
69
+ /* Streaming API */
70
+ ARGON2_LOCAL int blake2b_init(blake2b_state *S, size_t outlen);
71
+ ARGON2_LOCAL int blake2b_init_key(blake2b_state *S, size_t outlen, const void *key,
72
+ size_t keylen);
73
+ ARGON2_LOCAL int blake2b_init_param(blake2b_state *S, const blake2b_param *P);
74
+ ARGON2_LOCAL int blake2b_update(blake2b_state *S, const void *in, size_t inlen);
75
+ ARGON2_LOCAL int blake2b_final(blake2b_state *S, void *out, size_t outlen);
76
+
77
+ /* Simple API */
78
+ ARGON2_LOCAL int blake2b(void *out, size_t outlen, const void *in, size_t inlen,
79
+ const void *key, size_t keylen);
80
+
81
+ /* Argon2 Team - Begin Code */
82
+ ARGON2_LOCAL int blake2b_long(void *out, size_t outlen, const void *in, size_t inlen);
83
+ /* Argon2 Team - End Code */
84
+
85
+ #if defined(__cplusplus)
86
+ }
87
+ #endif
88
+
89
+ #endif