RubyGems - rbnacl-libsodium - Versions diffs - 1.0.13 → 1.0.15 - Mend

rbnacl-libsodium 1.0.13 → 1.0.15

Files changed (201) hide show

data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2-encoding.c CHANGED

@@ -1,5 +1,6 @@
 #include "argon2-encoding.h"
 #include "argon2-core.h"
+#include "utils.h"
 #include <limits.h>
 #include <stdio.h>
 #include <stdlib.h>
@@ -9,19 +10,6 @@
  * Example code for a decoder and encoder of "hash strings", with Argon2
  * parameters.
  *
- * This code comprises three sections:
- *
- *   -- The first section contains generic Base64 encoding and decoding
- *   functions. It is conceptually applicable to any hash function
- *   implementation that uses Base64 to encode and decode parameters,
- *   salts and outputs. It could be made into a library, provided that
- *   the relevant functions are made public (non-static) and be given
- *   reasonable names to avoid collisions with other functions.
- *
- *   -- The second section is specific to Argon2. It encodes and decodes
- *   the parameters, salts and outputs. It does not compute the hash
- *   itself.
- *
  * The code was originally written by Thomas Pornin <pornin@bolet.org>,
  * to whom comments and remarks may be sent. It is released under what
  * should amount to Public Domain or its closest equivalent; the
@@ -39,156 +27,6 @@
  */
 /* ==================================================================== */
-/*
- * Common code; could be shared between different hash functions.
- *
- * Note: the Base64 functions below assume that uppercase letters (resp.
- * lowercase letters) have consecutive numerical codes, that fit on 8
- * bits. All modern systems use ASCII-compatible charsets, where these
- * properties are true. If you are stuck with a dinosaur of a system
- * that still defaults to EBCDIC then you already have much bigger
- * interoperability issues to deal with.
- */
-/*
- * Some macros for constant-time comparisons. These work over values in
- * the 0..255 range. Returned value is 0x00 on "false", 0xFF on "true".
- */
-#define EQ(x, y) \
-    ((((0U - ((unsigned) (x) ^ (unsigned) (y))) >> 8) & 0xFF) ^ 0xFF)
-#define GT(x, y) ((((unsigned) (y) - (unsigned) (x)) >> 8) & 0xFF)
-#define GE(x, y) (GT(y, x) ^ 0xFF)
-#define LT(x, y) GT(y, x)
-#define LE(x, y) GE(y, x)
-/*
- * Convert value x (0..63) to corresponding Base64 character.
- */
-static int
-b64_byte_to_char(unsigned x)
-{
-    return (LT(x, 26) & (x + 'A')) |
-           (GE(x, 26) & LT(x, 52) & (x + ('a' - 26))) |
-           (GE(x, 52) & LT(x, 62) & (x + ('0' - 52))) | (EQ(x, 62) & '+') |
-           (EQ(x, 63) & '/');
-}
-/*
- * Convert character c to the corresponding 6-bit value. If character c
- * is not a Base64 character, then 0xFF (255) is returned.
- */
-static unsigned
-b64_char_to_byte(int c)
-{
-    unsigned x;
-    x = (GE(c, 'A') & LE(c, 'Z') & (c - 'A')) |
-        (GE(c, 'a') & LE(c, 'z') & (c - ('a' - 26))) |
-        (GE(c, '0') & LE(c, '9') & (c - ('0' - 52))) | (EQ(c, '+') & 62) |
-        (EQ(c, '/') & 63);
-    return x | (EQ(x, 0) & (EQ(c, 'A') ^ 0xFF));
-}
-/*
- * Convert some bytes to Base64. 'dst_len' is the length (in characters)
- * of the output buffer 'dst'; if that buffer is not large enough to
- * receive the result (including the terminating 0), then (size_t)-1
- * is returned. Otherwise, the zero-terminated Base64 string is written
- * in the buffer, and the output length (counted WITHOUT the terminating
- * zero) is returned.
- */
-static size_t
-to_base64(char *dst, size_t dst_len, const void *src, size_t src_len)
-{
-    size_t               olen;
-    const unsigned char *buf;
-    unsigned             acc, acc_len;
-    olen = (src_len / 3) << 2;
-    switch (src_len % 3) {
-    case 2:
-        olen++;
-    /* fall through */
-    case 1:
-        olen += 2;
-        break;
-    }
-    if (dst_len <= olen) {
-        return (size_t) -1;
-    }
-    acc     = 0;
-    acc_len = 0;
-    buf     = (const unsigned char *) src;
-    while (src_len-- > 0) {
-        acc = (acc << 8) + (*buf++);
-        acc_len += 8;
-        while (acc_len >= 6) {
-            acc_len -= 6;
-            *dst++ = (char) b64_byte_to_char((acc >> acc_len) & 0x3F);
-        }
-    }
-    if (acc_len > 0) {
-        *dst++ = (char) b64_byte_to_char((acc << (6 - acc_len)) & 0x3F);
-    }
-    *dst++ = 0;
-    return olen;
-}
-/*
- * Decode Base64 chars into bytes. The '*dst_len' value must initially
- * contain the length of the output buffer '*dst'; when the decoding
- * ends, the actual number of decoded bytes is written back in
- * '*dst_len'.
- *
- * Decoding stops when a non-Base64 character is encountered, or when
- * the output buffer capacity is exceeded. If an error occurred (output
- * buffer is too small, invalid last characters leading to unprocessed
- * buffered bits), then NULL is returned; otherwise, the returned value
- * points to the first non-Base64 character in the source stream, which
- * may be the terminating zero.
- */
-static const char *
-from_base64(void *dst, size_t *dst_len, const char *src)
-{
-    size_t         len;
-    unsigned char *buf;
-    unsigned       acc, acc_len;
-    buf     = (unsigned char *) dst;
-    len     = 0;
-    acc     = 0;
-    acc_len = 0;
-    for (;;) {
-        unsigned d;
-        d = b64_char_to_byte(*src);
-        if (d == 0xFF) {
-            break;
-        }
-        src++;
-        acc = (acc << 6) + d;
-        acc_len += 6;
-        if (acc_len >= 8) {
-            acc_len -= 8;
-            if ((len++) >= *dst_len) {
-                return NULL;
-            }
-            *buf++ = (acc >> acc_len) & 0xFF;
-        }
-    }
-    /*
-     * If the input length is equal to 1 modulo 4 (which is
-     * invalid), then there will remain 6 unprocessed bits;
-     * otherwise, only 0, 2 or 4 bits are buffered. The buffered
-     * bits must also all be zero.
-     */
-    if (acc_len > 4 || (acc & ((1U << acc_len) - 1)) != 0) {
-        return NULL;
-    }
-    *dst_len = len;
-    return src;
-}
 /*
  * Decode decimal integer from 'str'; the value is written in '*v'.
@@ -300,14 +138,18 @@ decode_string(argon2_context *ctx, const char *str, argon2_type type)
     } while ((void)0, 0)
 /* Decoding base64 into a binary buffer */
-#define BIN(buf, max_len, len)                            \
-    do {                                                  \
-        size_t bin_len = (max_len);                       \
-        str            = from_base64(buf, &bin_len, str); \
-        if (str == NULL || bin_len > UINT32_MAX) {        \
-            return ARGON2_DECODING_FAIL;                  \
-        }                                                 \
-        (len) = (uint32_t) bin_len;                       \
+#define BIN(buf, max_len, len)                                                   \
+    do {                                                                         \
+        size_t bin_len = (max_len);                                              \
+        const char *str_end;                                                     \
+        if (sodium_base642bin((buf), (max_len), str, strlen(str), NULL,          \
+                              &bin_len, &str_end,                                \
+                              sodium_base64_VARIANT_ORIGINAL_NO_PADDING) != 0 || \
+            bin_len > UINT32_MAX) {                                              \
+            return ARGON2_DECODING_FAIL;                                         \
+        }                                                                        \
+        (len) = (uint32_t) bin_len;                                              \
+        str = str_end;                                                           \
     } while ((void) 0, 0)
     size_t        maxsaltlen = ctx->saltlen;
@@ -416,14 +258,16 @@ encode_string(char *dst, size_t dst_len, argon2_context *ctx, argon2_type type)
         SS(tmp);                   \
     } while ((void) 0, 0)
-#define SB(buf, len)                                       \
-    do {                                                   \
-        size_t sb_len = to_base64(dst, dst_len, buf, len); \
-        if (sb_len == (size_t) -1) {                       \
-            return ARGON2_ENCODING_FAIL;                   \
-        }                                                  \
-        dst += sb_len;                                     \
-        dst_len -= sb_len;                                 \
+#define SB(buf, len)                                                                \
+    do {                                                                            \
+        size_t sb_len;                                                              \
+        if (sodium_bin2base64(dst, dst_len, (buf), (len),                           \
+                              sodium_base64_VARIANT_ORIGINAL_NO_PADDING) == NULL) { \
+            return ARGON2_ENCODING_FAIL;                                            \
+        }                                                                           \
+        sb_len = strlen(dst);                                                       \
+        dst += sb_len;                                                              \
+        dst_len -= sb_len;                                                          \
     } while ((void) 0, 0)
     int validation_result;

data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2-fill-block-avx2.c CHANGED

@@ -140,7 +140,7 @@ generate_addresses(const argon2_instance_t *instance,
     }
 }
-int
+void
 fill_segment_avx2(const argon2_instance_t *instance,
                   argon2_position_t        position)
 {
@@ -148,14 +148,14 @@ fill_segment_avx2(const argon2_instance_t *instance,
     uint64_t  pseudo_rand, ref_index, ref_lane;
     uint32_t  prev_offset, curr_offset;
     uint32_t  starting_index, i;
-    __m256i   state[32];
+    __m256i   state[ARGON2_HWORDS_IN_BLOCK];
     int       data_independent_addressing = 1;
     /* Pseudo-random values that determine the reference block position */
     uint64_t *pseudo_rands = NULL;
     if (instance == NULL) {
-        return ARGON2_OK;
+        return;
     }
     if (instance->type == Argon2_id &&
@@ -163,11 +163,7 @@ fill_segment_avx2(const argon2_instance_t *instance,
         data_independent_addressing = 0;
     }
-    pseudo_rands =
-        (uint64_t *) malloc(sizeof(uint64_t) * instance->segment_length);
-    if (pseudo_rands == NULL) {
-        return ARGON2_MEMORY_ALLOCATION_ERROR;
-    }
+    pseudo_rands = instance->pseudo_rands;
     if (data_independent_addressing) {
         generate_addresses(instance, &position, pseudo_rands);
@@ -239,9 +235,5 @@ fill_segment_avx2(const argon2_instance_t *instance,
                        (uint8_t *) curr_block->v);
         }
     }
-    free(pseudo_rands);
-    return ARGON2_OK;
 }
 #endif

data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2-fill-block-avx512f.c ADDED

@@ -0,0 +1,244 @@
+/*
+ * Argon2 source code package
+ *
+ * Written by Daniel Dinu and Dmitry Khovratovich, 2015
+ *
+ * This work is licensed under a Creative Commons CC0 1.0 License/Waiver.
+ *
+ * You should have received a copy of the CC0 Public Domain Dedication along
+ * with
+ * this software. If not, see
+ * <http://creativecommons.org/publicdomain/zero/1.0/>.
+ */
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include "argon2-core.h"
+#include "argon2.h"
+#include "private/common.h"
+#include "private/sse2_64_32.h"
+#if defined(HAVE_AVX512FINTRIN_H) && defined(HAVE_AVX2INTRIN_H) && \
+    defined(HAVE_EMMINTRIN_H) &&  defined(HAVE_TMMINTRIN_H) && defined(HAVE_SMMINTRIN_H)
+# ifdef __GNUC__
+#  pragma GCC target("sse2")
+#  pragma GCC target("ssse3")
+#  pragma GCC target("sse4.1")
+#  pragma GCC target("avx2")
+#  pragma GCC target("avx512f")
+# endif
+# ifdef _MSC_VER
+#  include <intrin.h> /* for _mm_set_epi64x */
+# endif
+#include <emmintrin.h>
+#include <immintrin.h>
+#include <smmintrin.h>
+#include <tmmintrin.h>
+# include "blamka-round-avx512f.h"
+static void
+fill_block(__m512i *state, const uint8_t *ref_block, uint8_t *next_block)
+{
+    __m512i  block_XY[ARGON2_512BIT_WORDS_IN_BLOCK];
+    uint32_t i;
+    for (i = 0; i < ARGON2_512BIT_WORDS_IN_BLOCK; i++) {
+        block_XY[i] = state[i] = _mm512_xor_si512(
+            state[i], _mm512_loadu_si512((__m512i const *) (&ref_block[64 * i])));
+    }
+    for (i = 0; i < 2; ++i) {
+        BLAKE2_ROUND_1(
+            state[8 * i + 0], state[8 * i + 1], state[8 * i + 2], state[8 * i + 3],
+            state[8 * i + 4], state[8 * i + 5], state[8 * i + 6], state[8 * i + 7]);
+    }
+    for (i = 0; i < 2; ++i) {
+        BLAKE2_ROUND_2(
+            state[2 * 0 + i], state[2 * 1 + i], state[2 * 2 + i], state[2 * 3 + i],
+            state[2 * 4 + i], state[2 * 5 + i], state[2 * 6 + i], state[2 * 7 + i]);
+    }
+    for (i = 0; i < ARGON2_512BIT_WORDS_IN_BLOCK; i++) {
+        state[i] = _mm512_xor_si512(state[i], block_XY[i]);
+        _mm512_storeu_si512((__m512i *) (&next_block[64 * i]), state[i]);
+    }
+}
+static void
+fill_block_with_xor(__m512i *state, const uint8_t *ref_block,
+                    uint8_t *next_block)
+{
+    __m512i  block_XY[ARGON2_512BIT_WORDS_IN_BLOCK];
+    uint32_t i;
+    for (i = 0; i < ARGON2_512BIT_WORDS_IN_BLOCK; i++) {
+        state[i] = _mm512_xor_si512(
+            state[i], _mm512_loadu_si512((__m512i const *) (&ref_block[64 * i])));
+        block_XY[i] = _mm512_xor_si512(
+            state[i], _mm512_loadu_si512((__m512i const *) (&next_block[64 * i])));
+    }
+    for (i = 0; i < 2; ++i) {
+        BLAKE2_ROUND_1(
+            state[8 * i + 0], state[8 * i + 1], state[8 * i + 2], state[8 * i + 3],
+            state[8 * i + 4], state[8 * i + 5], state[8 * i + 6], state[8 * i + 7]);
+    }
+    for (i = 0; i < 2; ++i) {
+        BLAKE2_ROUND_2(
+            state[2 * 0 + i], state[2 * 1 + i], state[2 * 2 + i], state[2 * 3 + i],
+            state[2 * 4 + i], state[2 * 5 + i], state[2 * 6 + i], state[2 * 7 + i]);
+    }
+    for (i = 0; i < ARGON2_512BIT_WORDS_IN_BLOCK; i++) {
+        state[i] = _mm512_xor_si512(state[i], block_XY[i]);
+        _mm512_storeu_si512((__m512i *) (&next_block[64 * i]), state[i]);
+    }
+}
+static void
+generate_addresses(const argon2_instance_t *instance,
+                   const argon2_position_t *position, uint64_t *pseudo_rands)
+{
+    block    address_block, input_block, tmp_block;
+    uint32_t i;
+    init_block_value(&address_block, 0);
+    init_block_value(&input_block, 0);
+    if (instance != NULL && position != NULL) {
+        input_block.v[0] = position->pass;
+        input_block.v[1] = position->lane;
+        input_block.v[2] = position->slice;
+        input_block.v[3] = instance->memory_blocks;
+        input_block.v[4] = instance->passes;
+        input_block.v[5] = instance->type;
+        for (i = 0; i < instance->segment_length; ++i) {
+            if (i % ARGON2_ADDRESSES_IN_BLOCK == 0) {
+                /* Temporary zero-initialized blocks */
+                __m512i zero_block[ARGON2_512BIT_WORDS_IN_BLOCK];
+                __m512i zero2_block[ARGON2_512BIT_WORDS_IN_BLOCK];
+                memset(zero_block, 0, sizeof(zero_block));
+                memset(zero2_block, 0, sizeof(zero2_block));
+                init_block_value(&address_block, 0);
+                init_block_value(&tmp_block, 0);
+                /* Increasing index counter */
+                input_block.v[6]++;
+                /* First iteration of G */
+                fill_block_with_xor(zero_block, (uint8_t *) &input_block.v,
+                                    (uint8_t *) &tmp_block.v);
+                /* Second iteration of G */
+                fill_block_with_xor(zero2_block, (uint8_t *) &tmp_block.v,
+                                    (uint8_t *) &address_block.v);
+            }
+            pseudo_rands[i] = address_block.v[i % ARGON2_ADDRESSES_IN_BLOCK];
+        }
+    }
+}
+void
+fill_segment_avx512f(const argon2_instance_t *instance,
+                     argon2_position_t        position)
+{
+    block    *ref_block = NULL, *curr_block = NULL;
+    uint64_t  pseudo_rand, ref_index, ref_lane;
+    uint32_t  prev_offset, curr_offset;
+    uint32_t  starting_index, i;
+    __m512i   state[ARGON2_512BIT_WORDS_IN_BLOCK];
+    int       data_independent_addressing = 1;
+    /* Pseudo-random values that determine the reference block position */
+    uint64_t *pseudo_rands = NULL;
+    if (instance == NULL) {
+        return;
+    }
+    if (instance->type == Argon2_id &&
+        (position.pass != 0 || position.slice >= ARGON2_SYNC_POINTS / 2)) {
+        data_independent_addressing = 0;
+    }
+    pseudo_rands = instance->pseudo_rands;
+    if (data_independent_addressing) {
+        generate_addresses(instance, &position, pseudo_rands);
+    }
+    starting_index = 0;
+    if ((0 == position.pass) && (0 == position.slice)) {
+        starting_index = 2; /* we have already generated the first two blocks */
+    }
+    /* Offset of the current block */
+    curr_offset = position.lane * instance->lane_length +
+                  position.slice * instance->segment_length + starting_index;
+    if (0 == curr_offset % instance->lane_length) {
+        /* Last block in this lane */
+        prev_offset = curr_offset + instance->lane_length - 1;
+    } else {
+        /* Previous block */
+        prev_offset = curr_offset - 1;
+    }
+    memcpy(state, ((instance->region->memory + prev_offset)->v),
+           ARGON2_BLOCK_SIZE);
+    for (i = starting_index; i < instance->segment_length;
+         ++i, ++curr_offset, ++prev_offset) {
+        /*1.1 Rotating prev_offset if needed */
+        if (curr_offset % instance->lane_length == 1) {
+            prev_offset = curr_offset - 1;
+        }
+        /* 1.2 Computing the index of the reference block */
+        /* 1.2.1 Taking pseudo-random value from the previous block */
+        if (data_independent_addressing) {
+#pragma warning(push)
+#pragma warning(disable : 6385)
+            pseudo_rand = pseudo_rands[i];
+#pragma warning(pop)
+        } else {
+            pseudo_rand = instance->region->memory[prev_offset].v[0];
+        }
+        /* 1.2.2 Computing the lane of the reference block */
+        ref_lane = ((pseudo_rand >> 32)) % instance->lanes;
+        if ((position.pass == 0) && (position.slice == 0)) {
+            /* Can not reference other lanes yet */
+            ref_lane = position.lane;
+        }
+        /* 1.2.3 Computing the number of possible reference block within the
+         * lane.
+         */
+        position.index = i;
+        ref_index = index_alpha(instance, &position, pseudo_rand & 0xFFFFFFFF,
+                                ref_lane == position.lane);
+        /* 2 Creating a new block */
+        ref_block = instance->region->memory +
+                    instance->lane_length * ref_lane + ref_index;
+        curr_block = instance->region->memory + curr_offset;
+        if (position.pass != 0) {
+            fill_block_with_xor(state, (uint8_t *) ref_block->v,
+                                (uint8_t *) curr_block->v);
+        } else {
+            fill_block(state, (uint8_t *) ref_block->v,
+                       (uint8_t *) curr_block->v);
+        }
+    }
+}
+#endif