rbnacl-libsodium 1.0.8 → 1.0.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +23 -0
- data/CHANGES.md +5 -0
- data/Gemfile +5 -2
- data/Rakefile +5 -0
- data/ext/rbnacl/extconf.rb +2 -1
- data/lib/rbnacl/libsodium.rb +8 -2
- data/lib/rbnacl/libsodium/version.rb +1 -1
- data/vendor/libsodium/AUTHORS +14 -0
- data/vendor/libsodium/ChangeLog +26 -0
- data/vendor/libsodium/LICENSE +1 -1
- data/vendor/libsodium/Makefile.am +1 -0
- data/vendor/libsodium/Makefile.in +9 -0
- data/vendor/libsodium/README.markdown +7 -0
- data/vendor/libsodium/aclocal.m4 +1 -0
- data/vendor/libsodium/appveyor.yml +25 -0
- data/vendor/libsodium/autom4te.cache/output.1 +640 -126
- data/vendor/libsodium/autom4te.cache/output.6 +19049 -0
- data/vendor/libsodium/autom4te.cache/requests +1151 -914
- data/vendor/libsodium/autom4te.cache/traces.1 +472 -426
- data/vendor/libsodium/autom4te.cache/traces.6 +3193 -0
- data/vendor/libsodium/builds/msvc/version.h +2 -2
- data/vendor/libsodium/builds/msvc/vs2010/libsodium.sln +50 -79
- data/vendor/libsodium/builds/msvc/vs2010/libsodium/libsodium.vcxproj +20 -8
- data/vendor/libsodium/builds/msvc/vs2010/libsodium/libsodium.vcxproj.filters +208 -166
- data/vendor/libsodium/builds/msvc/vs2012/libsodium.sln +50 -79
- data/vendor/libsodium/builds/msvc/vs2012/libsodium/libsodium.vcxproj +20 -8
- data/vendor/libsodium/builds/msvc/vs2012/libsodium/libsodium.vcxproj.filters +206 -164
- data/vendor/libsodium/builds/msvc/vs2013/libsodium.sln +52 -81
- data/vendor/libsodium/builds/msvc/vs2013/libsodium/libsodium.vcxproj +20 -8
- data/vendor/libsodium/builds/msvc/vs2013/libsodium/libsodium.vcxproj.filters +206 -164
- data/vendor/libsodium/builds/msvc/vs2015/libsodium.sln +52 -81
- data/vendor/libsodium/builds/msvc/vs2015/libsodium/libsodium.vcxproj +20 -8
- data/vendor/libsodium/builds/msvc/vs2015/libsodium/libsodium.vcxproj.filters +206 -164
- data/vendor/libsodium/configure +639 -125
- data/vendor/libsodium/configure.ac +94 -16
- data/vendor/libsodium/dist-build/Makefile.in +9 -0
- data/vendor/libsodium/dist-build/emscripten-symbols.def +370 -0
- data/vendor/libsodium/dist-build/emscripten.sh +9 -3
- data/vendor/libsodium/dist-build/generate-emscripten-symbols.sh +43 -0
- data/vendor/libsodium/libsodium-uninstalled.pc.in +1 -1
- data/vendor/libsodium/libsodium.pc.in +1 -1
- data/vendor/libsodium/libsodium.vcxproj +70 -66
- data/vendor/libsodium/libsodium.vcxproj.filters +204 -192
- data/vendor/libsodium/m4/ax_valgrind_check.m4 +190 -0
- data/vendor/libsodium/msvc-scripts/Makefile.in +9 -0
- data/vendor/libsodium/msvc-scripts/process.bat +2 -2
- data/vendor/libsodium/src/Makefile.in +9 -0
- data/vendor/libsodium/src/libsodium/Makefile.am +31 -6
- data/vendor/libsodium/src/libsodium/Makefile.in +238 -42
- data/vendor/libsodium/src/libsodium/crypto_aead/aes256gcm/aesni/aead_aes256gcm_aesni.c +234 -38
- data/vendor/libsodium/src/libsodium/crypto_aead/chacha20poly1305/sodium/aead_chacha20poly1305.c +208 -118
- data/vendor/libsodium/src/libsodium/crypto_box/crypto_box_seal.c +2 -2
- data/vendor/libsodium/src/libsodium/crypto_box/curve25519xsalsa20poly1305/ref/before_curve25519xsalsa20poly1305.c +1 -4
- data/vendor/libsodium/src/libsodium/crypto_core/curve25519/ref10/curve25519_ref10.c +1799 -1790
- data/vendor/libsodium/src/libsodium/crypto_core/curve25519/ref10/curve25519_ref10.h +39 -39
- data/vendor/libsodium/src/libsodium/crypto_core/hchacha20/core_hchacha20.c +86 -0
- data/vendor/libsodium/src/libsodium/crypto_core/hchacha20/core_hchacha20.h +28 -0
- data/vendor/libsodium/src/libsodium/crypto_core/hsalsa20/ref2/core_hsalsa20.c +38 -46
- data/vendor/libsodium/src/libsodium/crypto_core/salsa20/ref/core_salsa20.c +47 -55
- data/vendor/libsodium/src/libsodium/crypto_core/salsa2012/ref/core_salsa2012.c +47 -55
- data/vendor/libsodium/src/libsodium/crypto_core/salsa208/ref/core_salsa208.c +47 -55
- data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/generichash_blake2_api.c +7 -0
- data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/blake2-impl.h +0 -89
- data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/blake2.h +50 -141
- data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/blake2b-compress-avx2.c +45 -0
- data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/blake2b-compress-avx2.h +123 -0
- data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/blake2b-compress-ref.c +3 -2
- data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/blake2b-compress-sse41.c +2 -2
- data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/{blake2b-round.h → blake2b-compress-sse41.h} +2 -28
- data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/blake2b-compress-ssse3.c +2 -4
- data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/blake2b-compress-ssse3.h +97 -0
- data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/blake2b-load-avx2.h +339 -0
- data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/blake2b-load-sse2.h +0 -2
- data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/blake2b-load-sse41.h +0 -2
- data/vendor/libsodium/src/libsodium/crypto_generichash/blake2/ref/blake2b-ref.c +29 -18
- data/vendor/libsodium/src/libsodium/crypto_hash/sha256/cp/hash_sha256.c +4 -43
- data/vendor/libsodium/src/libsodium/crypto_hash/sha512/cp/hash_sha512.c +3 -32
- data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna.h +1 -20
- data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna32.h +22 -41
- data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/donna/poly1305_donna64.h +12 -39
- data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.c +2 -4
- data/vendor/libsodium/src/libsodium/crypto_onetimeauth/poly1305/sse2/poly1305_sse2.h +1 -20
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2-core.c +570 -0
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2-core.h +198 -0
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2-encoding.c +444 -0
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2-encoding.h +32 -0
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2-fill-block-ref.c +229 -0
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2-fill-block-ssse3.c +222 -0
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2-impl.h +40 -0
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2.c +238 -0
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/argon2.h +251 -0
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/blake2b-long.c +80 -0
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/blake2b-long.h +8 -0
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/blamka-round-ref.h +38 -0
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/blamka-round-ssse3.h +117 -0
- data/vendor/libsodium/src/libsodium/crypto_pwhash/argon2/pwhash_argon2i.c +164 -0
- data/vendor/libsodium/src/libsodium/crypto_pwhash/crypto_pwhash.c +106 -0
- data/vendor/libsodium/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt-common.c +1 -1
- data/vendor/libsodium/src/libsodium/crypto_pwhash/scryptsalsa208sha256/crypto_scrypt.h +4 -4
- data/vendor/libsodium/src/libsodium/crypto_pwhash/scryptsalsa208sha256/nosse/pwhash_scryptsalsa208sha256_nosse.c +186 -186
- data/vendor/libsodium/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pbkdf2-sha256.c +2 -2
- data/vendor/libsodium/src/libsodium/crypto_pwhash/scryptsalsa208sha256/pwhash_scryptsalsa208sha256.c +3 -2
- data/vendor/libsodium/src/libsodium/crypto_pwhash/scryptsalsa208sha256/scrypt_platform.c +33 -33
- data/vendor/libsodium/src/libsodium/crypto_pwhash/scryptsalsa208sha256/sse/pwhash_scryptsalsa208sha256_sse.c +253 -254
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/donna_c64/curve25519_donna_c64.c +16 -17
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/donna_c64/curve25519_donna_c64.h +1 -0
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.c +11 -11
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/ref10/x25519_ref10.h +1 -0
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/consts_namespace.h +1 -1
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe.h +3 -2
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51.h +5 -3
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_invert.c +41 -41
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_mul.S +10 -2
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_namespace.h +1 -1
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_nsquare.S +4 -0
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe51_pack.S +4 -0
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/fe_frombytes_sandy2x.c +31 -32
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder.S +4 -0
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder.h +1 -1
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_base.S +4 -0
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_base.h +1 -1
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_base_namespace.h +1 -1
- data/vendor/libsodium/src/libsodium/crypto_scalarmult/curve25519/sandy2x/ladder_namespace.h +1 -1
- data/vendor/libsodium/src/libsodium/crypto_secretbox/crypto_secretbox_easy.c +2 -6
- data/vendor/libsodium/src/libsodium/crypto_shorthash/siphash24/ref/shorthash_siphash24.c +8 -28
- data/vendor/libsodium/src/libsodium/crypto_sign/ed25519/ref10/open.c +75 -0
- data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/afternm_aes128ctr.c +6 -6
- data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/common.h +1 -18
- data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/int128_aes128ctr.c +20 -20
- data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/types.h +4 -4
- data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/xor_afternm_aes128ctr.c +6 -6
- data/vendor/libsodium/src/libsodium/crypto_stream/chacha20/ref/stream_chacha20_ref.c +56 -77
- data/vendor/libsodium/src/libsodium/crypto_stream/chacha20/ref/stream_chacha20_ref.h +1 -0
- data/vendor/libsodium/src/libsodium/crypto_stream/chacha20/vec/stream_chacha20_vec.h +1 -0
- data/vendor/libsodium/src/libsodium/crypto_stream/salsa20/ref/stream_salsa20_ref.c +2 -8
- data/vendor/libsodium/src/libsodium/crypto_stream/salsa20/ref/xor_salsa20_ref.c +2 -8
- data/vendor/libsodium/src/libsodium/crypto_stream/salsa2012/ref/stream_salsa2012.c +2 -8
- data/vendor/libsodium/src/libsodium/crypto_stream/salsa2012/ref/xor_salsa2012.c +2 -8
- data/vendor/libsodium/src/libsodium/crypto_stream/salsa208/ref/stream_salsa208.c +2 -8
- data/vendor/libsodium/src/libsodium/crypto_stream/salsa208/ref/xor_salsa208.c +2 -8
- data/vendor/libsodium/src/libsodium/crypto_stream/xsalsa20/ref/stream_xsalsa20.c +1 -5
- data/vendor/libsodium/src/libsodium/crypto_stream/xsalsa20/ref/xor_xsalsa20.c +1 -5
- data/vendor/libsodium/src/libsodium/include/Makefile.am +3 -0
- data/vendor/libsodium/src/libsodium/include/Makefile.in +19 -8
- data/vendor/libsodium/src/libsodium/include/sodium.h +3 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_aead_aes256gcm.h +50 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_aead_chacha20poly1305.h +94 -22
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_box_curve25519xsalsa20poly1305.h +6 -6
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_core_hchacha20.h +35 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_generichash_blake2b.h +3 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_pwhash.h +89 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_pwhash_argon2i.h +86 -0
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_secretbox_xsalsa20poly1305.h +6 -6
- data/vendor/libsodium/src/libsodium/include/sodium/crypto_sign_edwards25519sha512batch.h +0 -11
- data/vendor/libsodium/src/libsodium/include/sodium/runtime.h +3 -0
- data/vendor/libsodium/src/libsodium/randombytes/randombytes.c +3 -0
- data/vendor/libsodium/src/libsodium/randombytes/salsa20/randombytes_salsa20_random.c +5 -1
- data/vendor/libsodium/src/libsodium/sodium/common.h +150 -0
- data/vendor/libsodium/src/libsodium/sodium/core.c +3 -1
- data/vendor/libsodium/src/libsodium/sodium/runtime.c +37 -19
- data/vendor/libsodium/src/libsodium/sodium/utils.c +18 -9
- data/vendor/libsodium/test/Makefile.in +9 -0
- data/vendor/libsodium/test/default/Makefile.am +10 -0
- data/vendor/libsodium/test/default/Makefile.in +53 -20
- data/vendor/libsodium/test/default/aead_aes256gcm.c +43 -17
- data/vendor/libsodium/test/default/aead_chacha20poly1305.c +179 -86
- data/vendor/libsodium/test/default/auth7.c +5 -5
- data/vendor/libsodium/test/default/box.c +4 -4
- data/vendor/libsodium/test/default/box2.c +1 -1
- data/vendor/libsodium/test/default/core6.c +1 -1
- data/vendor/libsodium/test/default/generichash.c +12 -1
- data/vendor/libsodium/test/default/generichash2.c +2 -2
- data/vendor/libsodium/test/default/generichash3.c +21 -0
- data/vendor/libsodium/test/default/pwhash.c +186 -168
- data/vendor/libsodium/test/default/pwhash.exp +11 -30
- data/vendor/libsodium/test/default/pwhash_scrypt.c +349 -0
- data/vendor/libsodium/test/default/pwhash_scrypt.exp +31 -0
- data/vendor/libsodium/test/default/secretbox.c +1 -1
- data/vendor/libsodium/test/default/secretbox2.c +1 -1
- data/vendor/libsodium/test/default/sign.c +15 -0
- data/vendor/libsodium/test/default/sodium_utils2.c +8 -3
- data/vendor/libsodium/test/default/sodium_utils3.c +4 -2
- data/vendor/libsodium/test/default/verify1.c +0 -4
- data/vendor/libsodium/test/quirks/quirks.h +3 -0
- metadata +37 -22
- data/vendor/libsodium/builds/msvc/vs2010/test/test.props +0 -43
- data/vendor/libsodium/builds/msvc/vs2010/test/test.runner.bat +0 -78
- data/vendor/libsodium/builds/msvc/vs2010/test/test.vcxproj +0 -244
- data/vendor/libsodium/builds/msvc/vs2010/test/test.vcxproj.filters +0 -192
- data/vendor/libsodium/builds/msvc/vs2012/test/test.props +0 -43
- data/vendor/libsodium/builds/msvc/vs2012/test/test.runner.bat +0 -78
- data/vendor/libsodium/builds/msvc/vs2012/test/test.vcxproj +0 -244
- data/vendor/libsodium/builds/msvc/vs2012/test/test.vcxproj.filters +0 -192
- data/vendor/libsodium/builds/msvc/vs2013/test/test.props +0 -43
- data/vendor/libsodium/builds/msvc/vs2013/test/test.runner.bat +0 -78
- data/vendor/libsodium/builds/msvc/vs2013/test/test.vcxproj +0 -244
- data/vendor/libsodium/builds/msvc/vs2013/test/test.vcxproj.filters +0 -192
- data/vendor/libsodium/builds/msvc/vs2015/test/test.props +0 -43
- data/vendor/libsodium/builds/msvc/vs2015/test/test.runner.bat +0 -78
- data/vendor/libsodium/builds/msvc/vs2015/test/test.vcxproj +0 -244
- data/vendor/libsodium/builds/msvc/vs2015/test/test.vcxproj.filters +0 -192
- data/vendor/libsodium/src/libsodium/crypto_pwhash/scryptsalsa208sha256/sysendian.h +0 -146
- data/vendor/libsodium/src/libsodium/crypto_stream/aes128ctr/portable/common_aes128ctr.c +0 -64
@@ -88,9 +88,8 @@ poly1305_init_ext(poly1305_state_internal_t *st,
|
|
88
88
|
const unsigned char key[32], unsigned long long bytes)
|
89
89
|
{
|
90
90
|
uint32_t *R;
|
91
|
-
uint128_t d[3]
|
91
|
+
uint128_t d[3];
|
92
92
|
uint64_t r0,r1,r2;
|
93
|
-
uint32_t rp0,rp1,rp2,rp3,rp4;
|
94
93
|
uint64_t rt0,rt1,rt2,st2,c;
|
95
94
|
uint64_t t0,t1;
|
96
95
|
unsigned long long i;
|
@@ -170,7 +169,7 @@ poly1305_blocks(poly1305_state_internal_t *st, const unsigned char *m,
|
|
170
169
|
xmmi H0,H1,H2,H3,H4;
|
171
170
|
xmmi T0,T1,T2,T3,T4,T5,T6,T7,T8;
|
172
171
|
xmmi M0,M1,M2,M3,M4;
|
173
|
-
xmmi M5,M6,M7,M8
|
172
|
+
xmmi M5,M6,M7,M8;
|
174
173
|
xmmi C1,C2;
|
175
174
|
xmmi R20,R21,R22,R23,R24,S21,S22,S23,S24;
|
176
175
|
xmmi R40,R41,R42,R43,R44,S41,S42,S43,S44;
|
@@ -569,7 +568,6 @@ poly1305_finish_ext(poly1305_state_internal_t *st, const unsigned char *m,
|
|
569
568
|
unsigned long long leftover, unsigned char mac[16])
|
570
569
|
{
|
571
570
|
uint64_t h0,h1,h2;
|
572
|
-
uint64_t t0,t1,c;
|
573
571
|
|
574
572
|
if (leftover) {
|
575
573
|
CRYPTO_ALIGN(16) unsigned char final[32] = {0};
|
@@ -4,28 +4,9 @@
|
|
4
4
|
#include <stddef.h>
|
5
5
|
|
6
6
|
#include "crypto_onetimeauth_poly1305.h"
|
7
|
+
#include "../onetimeauth_poly1305.h"
|
7
8
|
|
8
9
|
extern struct crypto_onetimeauth_poly1305_implementation
|
9
10
|
crypto_onetimeauth_poly1305_sse2_implementation;
|
10
11
|
|
11
|
-
static int crypto_onetimeauth_poly1305_sse2(unsigned char *out,
|
12
|
-
const unsigned char *in,
|
13
|
-
unsigned long long inlen,
|
14
|
-
const unsigned char *k);
|
15
|
-
|
16
|
-
static int crypto_onetimeauth_poly1305_sse2_verify(const unsigned char *h,
|
17
|
-
const unsigned char *in,
|
18
|
-
unsigned long long inlen,
|
19
|
-
const unsigned char *k);
|
20
|
-
|
21
|
-
static int crypto_onetimeauth_poly1305_sse2_init(crypto_onetimeauth_poly1305_state *state,
|
22
|
-
const unsigned char *key);
|
23
|
-
|
24
|
-
static int crypto_onetimeauth_poly1305_sse2_update(crypto_onetimeauth_poly1305_state *state,
|
25
|
-
const unsigned char *in,
|
26
|
-
unsigned long long inlen);
|
27
|
-
|
28
|
-
static int crypto_onetimeauth_poly1305_sse2_final(crypto_onetimeauth_poly1305_state *state,
|
29
|
-
unsigned char *out);
|
30
|
-
|
31
12
|
#endif /* poly1305_sse2_H */
|
@@ -0,0 +1,570 @@
|
|
1
|
+
/*
|
2
|
+
* Argon2 source code package
|
3
|
+
*
|
4
|
+
* Written by Daniel Dinu and Dmitry Khovratovich, 2015
|
5
|
+
*
|
6
|
+
* This work is licensed under a Creative Commons CC0 1.0 License/Waiver.
|
7
|
+
*
|
8
|
+
* You should have received a copy of the CC0 Public Domain Dedication along
|
9
|
+
* with
|
10
|
+
* this software. If not, see
|
11
|
+
* <http://creativecommons.org/publicdomain/zero/1.0/>.
|
12
|
+
*/
|
13
|
+
|
14
|
+
#ifdef HAVE_SYS_MMAN_H
|
15
|
+
# include <sys/mman.h>
|
16
|
+
#endif
|
17
|
+
#include <errno.h>
|
18
|
+
#include <stdint.h>
|
19
|
+
#include <stdio.h>
|
20
|
+
#include <stdlib.h>
|
21
|
+
#include <string.h>
|
22
|
+
|
23
|
+
#include "crypto_generichash_blake2b.h"
|
24
|
+
#include "runtime.h"
|
25
|
+
#include "utils.h"
|
26
|
+
#include "../../sodium/common.h"
|
27
|
+
|
28
|
+
#include "argon2-core.h"
|
29
|
+
#include "argon2-impl.h"
|
30
|
+
#include "blake2b-long.h"
|
31
|
+
|
32
|
+
#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
|
33
|
+
# define MAP_ANON MAP_ANONYMOUS
|
34
|
+
#endif
|
35
|
+
|
36
|
+
static fill_segment_fn fill_segment = fill_segment_ref;
|
37
|
+
|
38
|
+
/***************Instance and Position constructors**********/
|
39
|
+
void init_block_value(block *b, uint8_t in) {
|
40
|
+
memset(b->v, in, sizeof(b->v));
|
41
|
+
}
|
42
|
+
|
43
|
+
void copy_block(block *dst, const block *src) {
|
44
|
+
memcpy(dst->v, src->v, sizeof(uint64_t) * ARGON2_QWORDS_IN_BLOCK);
|
45
|
+
}
|
46
|
+
|
47
|
+
void xor_block(block *dst, const block *src) {
|
48
|
+
int i;
|
49
|
+
for (i = 0; i < ARGON2_QWORDS_IN_BLOCK; ++i) {
|
50
|
+
dst->v[i] ^= src->v[i];
|
51
|
+
}
|
52
|
+
}
|
53
|
+
|
54
|
+
static void load_block(block *dst, const void *input) {
|
55
|
+
unsigned i;
|
56
|
+
for (i = 0; i < ARGON2_QWORDS_IN_BLOCK; ++i) {
|
57
|
+
dst->v[i] = LOAD64_LE((const uint8_t *)input + i * sizeof(dst->v[i]));
|
58
|
+
}
|
59
|
+
}
|
60
|
+
|
61
|
+
static void store_block(void *output, const block *src) {
|
62
|
+
unsigned i;
|
63
|
+
for (i = 0; i < ARGON2_QWORDS_IN_BLOCK; ++i) {
|
64
|
+
STORE64_LE((uint8_t *)output + i * sizeof(src->v[i]), src->v[i]);
|
65
|
+
}
|
66
|
+
}
|
67
|
+
|
68
|
+
/***************Memory allocators*****************/
|
69
|
+
/* Allocates memory to the given pointer
|
70
|
+
* @param memory pointer to the pointer to the memory
|
71
|
+
* @param m_cost number of blocks to allocate in the memory
|
72
|
+
* @return ARGON2_OK if @memory is a valid pointer and memory is allocated
|
73
|
+
*/
|
74
|
+
static int allocate_memory(block_region **memory, uint32_t m_cost);
|
75
|
+
|
76
|
+
static int allocate_memory(block_region **region, uint32_t m_cost) {
|
77
|
+
void *base;
|
78
|
+
block *memory;
|
79
|
+
size_t memory_size;
|
80
|
+
|
81
|
+
if (region == NULL) {
|
82
|
+
return ARGON2_MEMORY_ALLOCATION_ERROR; /* LCOV_EXCL_LINE */
|
83
|
+
}
|
84
|
+
memory_size = sizeof(block) * m_cost;
|
85
|
+
if (m_cost == 0 ||
|
86
|
+
memory_size / m_cost != sizeof(block)) { /*1. Check for multiplication overflow*/
|
87
|
+
return ARGON2_MEMORY_ALLOCATION_ERROR; /* LCOV_EXCL_LINE */
|
88
|
+
}
|
89
|
+
*region = (block_region *)malloc(sizeof(block_region)); /*2. Try to allocate region*/
|
90
|
+
if (!*region) {
|
91
|
+
return ARGON2_MEMORY_ALLOCATION_ERROR; /* LCOV_EXCL_LINE */
|
92
|
+
}
|
93
|
+
|
94
|
+
#if defined(MAP_ANON) && defined(HAVE_MMAP)
|
95
|
+
if ((base = mmap(NULL, memory_size, PROT_READ | PROT_WRITE,
|
96
|
+
# ifdef MAP_NOCORE
|
97
|
+
MAP_ANON | MAP_PRIVATE | MAP_NOCORE,
|
98
|
+
# else
|
99
|
+
MAP_ANON | MAP_PRIVATE,
|
100
|
+
# endif
|
101
|
+
-1, 0)) == MAP_FAILED) {
|
102
|
+
base = NULL; /* LCOV_EXCL_LINE */
|
103
|
+
} /* LCOV_EXCL_LINE */
|
104
|
+
memcpy(&memory, &base, sizeof memory);
|
105
|
+
#elif defined(HAVE_POSIX_MEMALIGN)
|
106
|
+
if ((errno = posix_memalign((void **) &base, 64, memory_size)) != 0) {
|
107
|
+
base = NULL;
|
108
|
+
}
|
109
|
+
memcpy(&memory, &base, sizeof memory);
|
110
|
+
#else
|
111
|
+
memory = NULL;
|
112
|
+
if (memory_size + 63 < memory_size) {
|
113
|
+
base = NULL;
|
114
|
+
errno = ENOMEM;
|
115
|
+
} else if ((base = malloc(memory_size + 63)) != NULL) {
|
116
|
+
uint8_t *aligned = ((uint8_t *) base) + 63;
|
117
|
+
aligned -= (uintptr_t) aligned & 63;
|
118
|
+
memcpy(&memory, &aligned, sizeof memory);
|
119
|
+
}
|
120
|
+
#endif
|
121
|
+
if (base == NULL) {
|
122
|
+
return ARGON2_MEMORY_ALLOCATION_ERROR; /* LCOV_EXCL_LINE */
|
123
|
+
}
|
124
|
+
(*region)->base = base;
|
125
|
+
(*region)->memory = memory;
|
126
|
+
(*region)->size = memory_size;
|
127
|
+
|
128
|
+
return ARGON2_OK;
|
129
|
+
}
|
130
|
+
|
131
|
+
/*********Memory functions*/
|
132
|
+
|
133
|
+
/* Clears memory
|
134
|
+
* @param instance pointer to the current instance
|
135
|
+
* @param clear_memory indicates if we clear the memory with zeros.
|
136
|
+
*/
|
137
|
+
static void clear_memory(argon2_instance_t *instance, int clear);
|
138
|
+
|
139
|
+
static void clear_memory(argon2_instance_t *instance, int clear) {
|
140
|
+
if (instance->region != NULL && clear) {
|
141
|
+
/* LCOV_EXCL_START */
|
142
|
+
sodium_memzero(instance->region->memory,
|
143
|
+
sizeof(block) * instance->memory_blocks);
|
144
|
+
/* LCOV_EXCL_STOP */
|
145
|
+
}
|
146
|
+
}
|
147
|
+
|
148
|
+
/* Deallocates memory
|
149
|
+
* @param memory pointer to the blocks
|
150
|
+
*/
|
151
|
+
static void free_memory(block_region *memory);
|
152
|
+
|
153
|
+
static void free_memory(block_region *region) {
|
154
|
+
if (region->base) {
|
155
|
+
#if defined(MAP_ANON) && defined(HAVE_MMAP)
|
156
|
+
if (munmap(region->base, region->size)) {
|
157
|
+
return; /* LCOV_EXCL_LINE */
|
158
|
+
}
|
159
|
+
#else
|
160
|
+
free(region->base);
|
161
|
+
#endif
|
162
|
+
}
|
163
|
+
free(region);
|
164
|
+
}
|
165
|
+
|
166
|
+
void finalize(const argon2_context *context, argon2_instance_t *instance) {
|
167
|
+
if (context != NULL && instance != NULL) {
|
168
|
+
block blockhash;
|
169
|
+
uint32_t l;
|
170
|
+
|
171
|
+
copy_block(&blockhash, instance->region->memory + instance->lane_length - 1);
|
172
|
+
|
173
|
+
/* XOR the last blocks */
|
174
|
+
for (l = 1; l < instance->lanes; ++l) {
|
175
|
+
uint32_t last_block_in_lane =
|
176
|
+
l * instance->lane_length + (instance->lane_length - 1);
|
177
|
+
xor_block(&blockhash, instance->region->memory + last_block_in_lane);
|
178
|
+
}
|
179
|
+
|
180
|
+
/* Hash the result */
|
181
|
+
{
|
182
|
+
uint8_t blockhash_bytes[ARGON2_BLOCK_SIZE];
|
183
|
+
store_block(blockhash_bytes, &blockhash);
|
184
|
+
blake2b_long(context->out, context->outlen, blockhash_bytes,
|
185
|
+
ARGON2_BLOCK_SIZE);
|
186
|
+
sodium_memzero(blockhash.v,
|
187
|
+
ARGON2_BLOCK_SIZE); /* clear blockhash */
|
188
|
+
sodium_memzero(blockhash_bytes,
|
189
|
+
ARGON2_BLOCK_SIZE); /* clear blockhash_bytes */
|
190
|
+
}
|
191
|
+
|
192
|
+
/* Clear memory */
|
193
|
+
clear_memory(instance, context->flags & ARGON2_FLAG_CLEAR_PASSWORD);
|
194
|
+
|
195
|
+
/* Deallocate the memory */
|
196
|
+
free_memory(instance->region);
|
197
|
+
}
|
198
|
+
}
|
199
|
+
|
200
|
+
uint32_t index_alpha(const argon2_instance_t *instance,
|
201
|
+
const argon2_position_t *position, uint32_t pseudo_rand,
|
202
|
+
int same_lane) {
|
203
|
+
/*
|
204
|
+
* Pass 0:
|
205
|
+
* This lane : all already finished segments plus already constructed
|
206
|
+
* blocks in this segment
|
207
|
+
* Other lanes : all already finished segments
|
208
|
+
* Pass 1+:
|
209
|
+
* This lane : (SYNC_POINTS - 1) last segments plus already constructed
|
210
|
+
* blocks in this segment
|
211
|
+
* Other lanes : (SYNC_POINTS - 1) last segments
|
212
|
+
*/
|
213
|
+
uint32_t reference_area_size;
|
214
|
+
uint64_t relative_position;
|
215
|
+
uint32_t start_position, absolute_position;
|
216
|
+
|
217
|
+
if (position->pass == 0) {
|
218
|
+
/* First pass */
|
219
|
+
if (position->slice == 0) {
|
220
|
+
/* First slice */
|
221
|
+
reference_area_size =
|
222
|
+
position->index - 1; /* all but the previous */
|
223
|
+
} else {
|
224
|
+
if (same_lane) {
|
225
|
+
/* The same lane => add current segment */
|
226
|
+
reference_area_size =
|
227
|
+
position->slice * instance->segment_length +
|
228
|
+
position->index - 1;
|
229
|
+
} else {
|
230
|
+
reference_area_size =
|
231
|
+
position->slice * instance->segment_length +
|
232
|
+
((position->index == 0) ? (-1) : 0);
|
233
|
+
}
|
234
|
+
}
|
235
|
+
} else {
|
236
|
+
/* Second pass */
|
237
|
+
if (same_lane) {
|
238
|
+
reference_area_size = instance->lane_length -
|
239
|
+
instance->segment_length + position->index -
|
240
|
+
1;
|
241
|
+
} else {
|
242
|
+
reference_area_size = instance->lane_length -
|
243
|
+
instance->segment_length +
|
244
|
+
((position->index == 0) ? (-1) : 0);
|
245
|
+
}
|
246
|
+
}
|
247
|
+
|
248
|
+
/* 1.2.4. Mapping pseudo_rand to 0..<reference_area_size-1> and produce
|
249
|
+
* relative position */
|
250
|
+
relative_position = pseudo_rand;
|
251
|
+
relative_position = relative_position * relative_position >> 32;
|
252
|
+
relative_position = reference_area_size - 1 -
|
253
|
+
(reference_area_size * relative_position >> 32);
|
254
|
+
|
255
|
+
/* 1.2.5 Computing starting position */
|
256
|
+
start_position = 0;
|
257
|
+
|
258
|
+
if (position->pass != 0) {
|
259
|
+
start_position = (position->slice == ARGON2_SYNC_POINTS - 1)
|
260
|
+
? 0
|
261
|
+
: (position->slice + 1) * instance->segment_length;
|
262
|
+
}
|
263
|
+
|
264
|
+
/* 1.2.6. Computing absolute position */
|
265
|
+
absolute_position = (start_position + relative_position) %
|
266
|
+
instance->lane_length; /* absolute position */
|
267
|
+
return absolute_position;
|
268
|
+
}
|
269
|
+
|
270
|
+
int fill_memory_blocks(argon2_instance_t *instance) {
|
271
|
+
int result;
|
272
|
+
uint32_t r, s;
|
273
|
+
|
274
|
+
if (instance == NULL || instance->lanes == 0) {
|
275
|
+
return ARGON2_OK; /* LCOV_EXCL_LINE */
|
276
|
+
}
|
277
|
+
|
278
|
+
for (r = 0; r < instance->passes; ++r) {
|
279
|
+
for (s = 0; s < ARGON2_SYNC_POINTS; ++s) {
|
280
|
+
uint32_t l;
|
281
|
+
|
282
|
+
for (l = 0; l < instance->lanes; ++l) {
|
283
|
+
argon2_position_t position;
|
284
|
+
|
285
|
+
position.pass = r;
|
286
|
+
position.lane = l;
|
287
|
+
position.slice = (uint8_t)s;
|
288
|
+
position.index = 0;
|
289
|
+
result = fill_segment(instance, position);
|
290
|
+
if (ARGON2_OK != result) {
|
291
|
+
return result; /* LCOV_EXCL_LINE */
|
292
|
+
}
|
293
|
+
}
|
294
|
+
}
|
295
|
+
}
|
296
|
+
return ARGON2_OK;
|
297
|
+
}
|
298
|
+
|
299
|
+
int validate_inputs(const argon2_context *context) {
|
300
|
+
/* LCOV_EXCL_START */
|
301
|
+
if (NULL == context) {
|
302
|
+
return ARGON2_INCORRECT_PARAMETER;
|
303
|
+
}
|
304
|
+
|
305
|
+
if (NULL == context->out) {
|
306
|
+
return ARGON2_OUTPUT_PTR_NULL;
|
307
|
+
}
|
308
|
+
|
309
|
+
/* Validate output length */
|
310
|
+
if (ARGON2_MIN_OUTLEN > context->outlen) {
|
311
|
+
return ARGON2_OUTPUT_TOO_SHORT;
|
312
|
+
}
|
313
|
+
|
314
|
+
if (ARGON2_MAX_OUTLEN < context->outlen) {
|
315
|
+
return ARGON2_OUTPUT_TOO_LONG;
|
316
|
+
}
|
317
|
+
|
318
|
+
/* Validate password length */
|
319
|
+
if (NULL == context->pwd) {
|
320
|
+
if (0 != context->pwdlen) {
|
321
|
+
return ARGON2_PWD_PTR_MISMATCH;
|
322
|
+
}
|
323
|
+
} else {
|
324
|
+
if (ARGON2_MIN_PWD_LENGTH > context->pwdlen) {
|
325
|
+
return ARGON2_PWD_TOO_SHORT;
|
326
|
+
}
|
327
|
+
|
328
|
+
if (ARGON2_MAX_PWD_LENGTH < context->pwdlen) {
|
329
|
+
return ARGON2_PWD_TOO_LONG;
|
330
|
+
}
|
331
|
+
}
|
332
|
+
|
333
|
+
/* Validate salt length */
|
334
|
+
if (NULL == context->salt) {
|
335
|
+
if (0 != context->saltlen) {
|
336
|
+
return ARGON2_SALT_PTR_MISMATCH;
|
337
|
+
}
|
338
|
+
} else {
|
339
|
+
if (ARGON2_MIN_SALT_LENGTH > context->saltlen) {
|
340
|
+
return ARGON2_SALT_TOO_SHORT;
|
341
|
+
}
|
342
|
+
|
343
|
+
if (ARGON2_MAX_SALT_LENGTH < context->saltlen) {
|
344
|
+
return ARGON2_SALT_TOO_LONG;
|
345
|
+
}
|
346
|
+
}
|
347
|
+
|
348
|
+
/* Validate secret length */
|
349
|
+
if (NULL == context->secret) {
|
350
|
+
if (0 != context->secretlen) {
|
351
|
+
return ARGON2_SECRET_PTR_MISMATCH;
|
352
|
+
}
|
353
|
+
} else {
|
354
|
+
if (ARGON2_MIN_SECRET > context->secretlen) {
|
355
|
+
return ARGON2_SECRET_TOO_SHORT;
|
356
|
+
}
|
357
|
+
|
358
|
+
if (ARGON2_MAX_SECRET < context->secretlen) {
|
359
|
+
return ARGON2_SECRET_TOO_LONG;
|
360
|
+
}
|
361
|
+
}
|
362
|
+
|
363
|
+
/* Validate associated data */
|
364
|
+
if (NULL == context->ad) {
|
365
|
+
if (0 != context->adlen) {
|
366
|
+
return ARGON2_AD_PTR_MISMATCH;
|
367
|
+
}
|
368
|
+
} else {
|
369
|
+
if (ARGON2_MIN_AD_LENGTH > context->adlen) {
|
370
|
+
return ARGON2_AD_TOO_SHORT;
|
371
|
+
}
|
372
|
+
|
373
|
+
if (ARGON2_MAX_AD_LENGTH < context->adlen) {
|
374
|
+
return ARGON2_AD_TOO_LONG;
|
375
|
+
}
|
376
|
+
}
|
377
|
+
|
378
|
+
/* Validate memory cost */
|
379
|
+
if (ARGON2_MIN_MEMORY > context->m_cost) {
|
380
|
+
return ARGON2_MEMORY_TOO_LITTLE;
|
381
|
+
}
|
382
|
+
|
383
|
+
if (ARGON2_MAX_MEMORY < context->m_cost) {
|
384
|
+
return ARGON2_MEMORY_TOO_MUCH;
|
385
|
+
}
|
386
|
+
|
387
|
+
if (context->m_cost < 8 * context->lanes) {
|
388
|
+
return ARGON2_MEMORY_TOO_LITTLE;
|
389
|
+
}
|
390
|
+
|
391
|
+
/* Validate time cost */
|
392
|
+
if (ARGON2_MIN_TIME > context->t_cost) {
|
393
|
+
return ARGON2_TIME_TOO_SMALL;
|
394
|
+
}
|
395
|
+
|
396
|
+
if (ARGON2_MAX_TIME < context->t_cost) {
|
397
|
+
return ARGON2_TIME_TOO_LARGE;
|
398
|
+
}
|
399
|
+
|
400
|
+
/* Validate lanes */
|
401
|
+
if (ARGON2_MIN_LANES > context->lanes) {
|
402
|
+
return ARGON2_LANES_TOO_FEW;
|
403
|
+
}
|
404
|
+
|
405
|
+
if (ARGON2_MAX_LANES < context->lanes) {
|
406
|
+
return ARGON2_LANES_TOO_MANY;
|
407
|
+
}
|
408
|
+
|
409
|
+
/* Validate threads */
|
410
|
+
if (ARGON2_MIN_THREADS > context->threads) {
|
411
|
+
return ARGON2_THREADS_TOO_FEW;
|
412
|
+
}
|
413
|
+
|
414
|
+
if (ARGON2_MAX_THREADS < context->threads) {
|
415
|
+
return ARGON2_THREADS_TOO_MANY;
|
416
|
+
}
|
417
|
+
/* LCOV_EXCL_STOP */
|
418
|
+
|
419
|
+
return ARGON2_OK;
|
420
|
+
}
|
421
|
+
|
422
|
+
void fill_first_blocks(uint8_t *blockhash, const argon2_instance_t *instance) {
|
423
|
+
uint32_t l;
|
424
|
+
/* Make the first and second block in each lane as G(H0||i||0) or
|
425
|
+
G(H0||i||1) */
|
426
|
+
uint8_t blockhash_bytes[ARGON2_BLOCK_SIZE];
|
427
|
+
for (l = 0; l < instance->lanes; ++l) {
|
428
|
+
|
429
|
+
STORE32_LE(blockhash + ARGON2_PREHASH_DIGEST_LENGTH, 0);
|
430
|
+
STORE32_LE(blockhash + ARGON2_PREHASH_DIGEST_LENGTH + 4, l);
|
431
|
+
blake2b_long(blockhash_bytes, ARGON2_BLOCK_SIZE, blockhash,
|
432
|
+
ARGON2_PREHASH_SEED_LENGTH);
|
433
|
+
load_block(&instance->region->memory[l * instance->lane_length + 0],
|
434
|
+
blockhash_bytes);
|
435
|
+
|
436
|
+
STORE32_LE(blockhash + ARGON2_PREHASH_DIGEST_LENGTH, 1);
|
437
|
+
blake2b_long(blockhash_bytes, ARGON2_BLOCK_SIZE, blockhash,
|
438
|
+
ARGON2_PREHASH_SEED_LENGTH);
|
439
|
+
load_block(&instance->region->memory[l * instance->lane_length + 1],
|
440
|
+
blockhash_bytes);
|
441
|
+
}
|
442
|
+
sodium_memzero(blockhash_bytes, ARGON2_BLOCK_SIZE);
|
443
|
+
}
|
444
|
+
|
445
|
+
void initial_hash(uint8_t *blockhash, argon2_context *context,
|
446
|
+
argon2_type type) {
|
447
|
+
crypto_generichash_blake2b_state BlakeHash;
|
448
|
+
uint8_t value[4U /* sizeof(uint32_t) */];
|
449
|
+
|
450
|
+
if (NULL == context || NULL == blockhash) {
|
451
|
+
return; /* LCOV_EXCL_LINE */
|
452
|
+
}
|
453
|
+
|
454
|
+
crypto_generichash_blake2b_init(&BlakeHash, NULL, 0U,
|
455
|
+
ARGON2_PREHASH_DIGEST_LENGTH);
|
456
|
+
|
457
|
+
STORE32_LE(value, context->lanes);
|
458
|
+
crypto_generichash_blake2b_update(&BlakeHash, value, sizeof(value));
|
459
|
+
|
460
|
+
STORE32_LE(value, context->outlen);
|
461
|
+
crypto_generichash_blake2b_update(&BlakeHash, value, sizeof(value));
|
462
|
+
|
463
|
+
STORE32_LE(value, context->m_cost);
|
464
|
+
crypto_generichash_blake2b_update(&BlakeHash, value, sizeof(value));
|
465
|
+
|
466
|
+
STORE32_LE(value, context->t_cost);
|
467
|
+
crypto_generichash_blake2b_update(&BlakeHash, value, sizeof(value));
|
468
|
+
|
469
|
+
STORE32_LE(value, ARGON2_VERSION_NUMBER);
|
470
|
+
crypto_generichash_blake2b_update(&BlakeHash, value, sizeof(value));
|
471
|
+
|
472
|
+
STORE32_LE(value, (uint32_t)type);
|
473
|
+
crypto_generichash_blake2b_update(&BlakeHash, value, sizeof(value));
|
474
|
+
|
475
|
+
STORE32_LE(value, context->pwdlen);
|
476
|
+
crypto_generichash_blake2b_update(&BlakeHash, value, sizeof(value));
|
477
|
+
|
478
|
+
if (context->pwd != NULL) {
|
479
|
+
crypto_generichash_blake2b_update(&BlakeHash, (const uint8_t *)context->pwd,
|
480
|
+
context->pwdlen);
|
481
|
+
|
482
|
+
if (context->flags & ARGON2_FLAG_CLEAR_PASSWORD) {
|
483
|
+
sodium_memzero(context->pwd, context->pwdlen); /* LCOV_EXCL_LINE */
|
484
|
+
context->pwdlen = 0; /* LCOV_EXCL_LINE */
|
485
|
+
}
|
486
|
+
}
|
487
|
+
|
488
|
+
STORE32_LE(value, context->saltlen);
|
489
|
+
crypto_generichash_blake2b_update(&BlakeHash, value, sizeof(value));
|
490
|
+
|
491
|
+
if (context->salt != NULL) {
|
492
|
+
crypto_generichash_blake2b_update(&BlakeHash, (const uint8_t *)context->salt,
|
493
|
+
context->saltlen);
|
494
|
+
}
|
495
|
+
|
496
|
+
STORE32_LE(value, context->secretlen);
|
497
|
+
crypto_generichash_blake2b_update(&BlakeHash, value, sizeof(value));
|
498
|
+
|
499
|
+
if (context->secret != NULL) {
|
500
|
+
/* LCOV_EXCL_START */
|
501
|
+
crypto_generichash_blake2b_update(&BlakeHash, (const uint8_t *)context->secret,
|
502
|
+
context->secretlen);
|
503
|
+
|
504
|
+
if (context->flags & ARGON2_FLAG_CLEAR_SECRET) {
|
505
|
+
sodium_memzero(context->secret, context->secretlen);
|
506
|
+
context->secretlen = 0;
|
507
|
+
}
|
508
|
+
/* LCOV_EXCL_STOP */
|
509
|
+
}
|
510
|
+
|
511
|
+
STORE32_LE(value, context->adlen);
|
512
|
+
crypto_generichash_blake2b_update(&BlakeHash, value, sizeof(value));
|
513
|
+
|
514
|
+
if (context->ad != NULL) {
|
515
|
+
/* LCOV_EXCL_START */
|
516
|
+
crypto_generichash_blake2b_update(&BlakeHash, (const uint8_t *)context->ad,
|
517
|
+
context->adlen);
|
518
|
+
/* LCOV_EXCL_STOP */
|
519
|
+
}
|
520
|
+
|
521
|
+
crypto_generichash_blake2b_final(&BlakeHash, blockhash, ARGON2_PREHASH_DIGEST_LENGTH);
|
522
|
+
}
|
523
|
+
|
524
|
+
int initialize(argon2_instance_t *instance, argon2_context *context) {
|
525
|
+
uint8_t blockhash[ARGON2_PREHASH_SEED_LENGTH];
|
526
|
+
int result = ARGON2_OK;
|
527
|
+
|
528
|
+
if (instance == NULL || context == NULL)
|
529
|
+
return ARGON2_INCORRECT_PARAMETER;
|
530
|
+
|
531
|
+
/* 1. Memory allocation */
|
532
|
+
|
533
|
+
result = allocate_memory(&(instance->region), instance->memory_blocks);
|
534
|
+
if (ARGON2_OK != result) {
|
535
|
+
return result;
|
536
|
+
}
|
537
|
+
|
538
|
+
/* 2. Initial hashing */
|
539
|
+
/* H_0 + 8 extra bytes to produce the first blocks */
|
540
|
+
/* uint8_t blockhash[ARGON2_PREHASH_SEED_LENGTH]; */
|
541
|
+
/* Hashing all inputs */
|
542
|
+
initial_hash(blockhash, context, instance->type);
|
543
|
+
/* Zeroing 8 extra bytes */
|
544
|
+
sodium_memzero(blockhash + ARGON2_PREHASH_DIGEST_LENGTH,
|
545
|
+
ARGON2_PREHASH_SEED_LENGTH - ARGON2_PREHASH_DIGEST_LENGTH);
|
546
|
+
|
547
|
+
/* 3. Creating first blocks, we always have at least two blocks in a slice
|
548
|
+
*/
|
549
|
+
fill_first_blocks(blockhash, instance);
|
550
|
+
/* Clearing the hash */
|
551
|
+
sodium_memzero(blockhash, ARGON2_PREHASH_SEED_LENGTH);
|
552
|
+
|
553
|
+
return ARGON2_OK;
|
554
|
+
}
|
555
|
+
|
556
|
+
int argon2_pick_best_implementation(void)
|
557
|
+
{
|
558
|
+
/* LCOV_EXCL_START */
|
559
|
+
#if (defined(HAVE_EMMINTRIN_H) && defined(HAVE_TMMINTRIN_H)) || \
|
560
|
+
(defined(_MSC_VER) && (defined(_M_X64) || defined(_M_AMD64) || defined(_M_IX86)))
|
561
|
+
if (sodium_runtime_has_ssse3()) {
|
562
|
+
fill_segment = fill_segment_ssse3;
|
563
|
+
return 0;
|
564
|
+
}
|
565
|
+
#endif
|
566
|
+
fill_segment = fill_segment_ref;
|
567
|
+
|
568
|
+
return 0;
|
569
|
+
/* LCOV_EXCL_STOP */
|
570
|
+
}
|