/* * Argon2 reference source code package - reference C implementations * * Copyright 2015 * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves * * You may use this work under the terms of a Creative Commons CC0 1.0 * License/Waiver or the Apache Public License 2.0, at your option. The terms of * these licenses can be found at: * * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 * * You should have received a copy of both of these licenses along with this * software. If not, they may be obtained at the above URLs. */ #include #include #include #include "argon2.h" #include "core.h" const char *argon2_type2string(argon2_type type, int uppercase) { switch (type) { case Argon2_d: return uppercase ? "Argon2d" : "argon2d"; case Argon2_i: return uppercase ? "Argon2i" : "argon2i"; case Argon2_id: return uppercase ? "Argon2id" : "argon2id"; } return NULL; } int argon2_ctx(argon2_context *context, argon2_type type) { /* 1. Validate all inputs */ int result = validate_inputs(context); uint32_t memory_blocks, segment_length; argon2_instance_t instance; if (ARGON2_OK != result) { return result; } if (Argon2_d != type && Argon2_i != type && Argon2_id != type) { return ARGON2_INCORRECT_TYPE; } /* 2. Align memory size */ /* Minimum memory_blocks = 8L blocks, where L is the number of lanes */ memory_blocks = context->m_cost; if (memory_blocks < 2 * ARGON2_SYNC_POINTS * context->lanes) { memory_blocks = 2 * ARGON2_SYNC_POINTS * context->lanes; } segment_length = memory_blocks / (context->lanes * ARGON2_SYNC_POINTS); /* Ensure that all segments have equal length */ memory_blocks = segment_length * (context->lanes * ARGON2_SYNC_POINTS); instance.version = context->version; instance.memory = NULL; instance.passes = context->t_cost; instance.memory_blocks = memory_blocks; instance.segment_length = segment_length; instance.lane_length = segment_length * ARGON2_SYNC_POINTS; instance.lanes = context->lanes; instance.threads = context->threads; instance.type = type; if (instance.threads > instance.lanes) { instance.threads = instance.lanes; } /* 3. Initialization: Hashing inputs, allocating memory, filling first * blocks */ result = initialize(&instance, context); if (ARGON2_OK != result) { return result; } /* 4. Filling memory */ result = fill_memory_blocks(&instance); if (ARGON2_OK != result) { return result; } /* 5. Finalization */ finalize(context, &instance); return ARGON2_OK; } int _argon2_hash(const uint32_t t_cost, const uint32_t m_cost, const uint32_t parallelism, const void *pwd, const size_t pwdlen, const void *salt, const size_t saltlen, void *hash, const size_t hashlen, argon2_type type, const uint32_t version, const uint32_t flags){ argon2_context context; int result; uint8_t *out; if (pwdlen > ARGON2_MAX_PWD_LENGTH) { return ARGON2_PWD_TOO_LONG; } if (saltlen > ARGON2_MAX_SALT_LENGTH) { return ARGON2_SALT_TOO_LONG; } if (hashlen > ARGON2_MAX_OUTLEN) { return ARGON2_OUTPUT_TOO_LONG; } if (hashlen < ARGON2_MIN_OUTLEN) { return ARGON2_OUTPUT_TOO_SHORT; } out = malloc(hashlen); if (!out) { return ARGON2_MEMORY_ALLOCATION_ERROR; } context.out = (uint8_t *)out; context.outlen = (uint32_t)hashlen; context.pwd = CONST_CAST(uint8_t *)pwd; context.pwdlen = (uint32_t)pwdlen; context.salt = CONST_CAST(uint8_t *)salt; context.saltlen = (uint32_t)saltlen; context.secret = NULL; context.secretlen = 0; context.ad = NULL; context.adlen = 0; context.t_cost = t_cost; context.m_cost = m_cost; context.lanes = parallelism; context.threads = parallelism; context.allocate_cbk = NULL; context.free_cbk = NULL; context.flags = flags; context.version = version; result = argon2_ctx(&context, type); if (result != ARGON2_OK) { if (!(context.flags & ARGON2_FLAG_NO_WIPE)) { clear_internal_memory(out, hashlen); } free(out); return result; } /* if raw hash requested, write it */ if (hash) { memcpy(hash, out, hashlen); } if (!(context.flags & ARGON2_FLAG_NO_WIPE)) { clear_internal_memory(out, hashlen); } free(out); return ARGON2_OK; } int argon2_hash(const uint32_t t_cost, const uint32_t m_cost, const uint32_t parallelism, const void *pwd, const size_t pwdlen, const void *salt, const size_t saltlen, void *hash, const size_t hashlen, argon2_type type, const uint32_t version){ return _argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen, hash, hashlen, type, version, ARGON2_DEFAULT_FLAGS); } int argon2i_hash_raw(const uint32_t t_cost, const uint32_t m_cost, const uint32_t parallelism, const void *pwd, const size_t pwdlen, const void *salt, const size_t saltlen, void *hash, const size_t hashlen) { return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen, hash, hashlen, Argon2_i, ARGON2_VERSION_NUMBER); } int argon2d_hash_raw(const uint32_t t_cost, const uint32_t m_cost, const uint32_t parallelism, const void *pwd, const size_t pwdlen, const void *salt, const size_t saltlen, void *hash, const size_t hashlen) { return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen, hash, hashlen, Argon2_d, ARGON2_VERSION_NUMBER); } int argon2d_hash_raw_flags(const uint32_t t_cost, const uint32_t m_cost, const uint32_t parallelism, const void *pwd, const size_t pwdlen, const void *salt, const size_t saltlen, void *hash, const size_t hashlen, const uint32_t flags) { return _argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen, hash, hashlen, Argon2_d, ARGON2_VERSION_NUMBER, flags); } int argon2id_hash_raw(const uint32_t t_cost, const uint32_t m_cost, const uint32_t parallelism, const void *pwd, const size_t pwdlen, const void *salt, const size_t saltlen, void *hash, const size_t hashlen) { return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen, hash, hashlen, Argon2_id, ARGON2_VERSION_NUMBER); } static int argon2_compare(const uint8_t *b1, const uint8_t *b2, size_t len) { size_t i; uint8_t d = 0U; for (i = 0U; i < len; i++) { d |= b1[i] ^ b2[i]; } return (int)((1 & ((d - 1) >> 8)) - 1); } int argon2d_ctx(argon2_context *context) { return argon2_ctx(context, Argon2_d); } int argon2i_ctx(argon2_context *context) { return argon2_ctx(context, Argon2_i); } int argon2id_ctx(argon2_context *context) { return argon2_ctx(context, Argon2_id); } int argon2_verify_ctx(argon2_context *context, const char *hash, argon2_type type) { int ret = argon2_ctx(context, type); if (ret != ARGON2_OK) { return ret; } if (argon2_compare((uint8_t *)hash, context->out, context->outlen)) { return ARGON2_VERIFY_MISMATCH; } return ARGON2_OK; } int argon2d_verify_ctx(argon2_context *context, const char *hash) { return argon2_verify_ctx(context, hash, Argon2_d); } int argon2i_verify_ctx(argon2_context *context, const char *hash) { return argon2_verify_ctx(context, hash, Argon2_i); } int argon2id_verify_ctx(argon2_context *context, const char *hash) { return argon2_verify_ctx(context, hash, Argon2_id); } const char *argon2_error_message(int error_code) { switch (error_code) { case ARGON2_OK: return "OK"; case ARGON2_OUTPUT_PTR_NULL: return "Output pointer is NULL"; case ARGON2_OUTPUT_TOO_SHORT: return "Output is too short"; case ARGON2_OUTPUT_TOO_LONG: return "Output is too long"; case ARGON2_PWD_TOO_SHORT: return "Password is too short"; case ARGON2_PWD_TOO_LONG: return "Password is too long"; case ARGON2_SALT_TOO_SHORT: return "Salt is too short"; case ARGON2_SALT_TOO_LONG: return "Salt is too long"; case ARGON2_AD_TOO_SHORT: return "Associated data is too short"; case ARGON2_AD_TOO_LONG: return "Associated data is too long"; case ARGON2_SECRET_TOO_SHORT: return "Secret is too short"; case ARGON2_SECRET_TOO_LONG: return "Secret is too long"; case ARGON2_TIME_TOO_SMALL: return "Time cost is too small"; case ARGON2_TIME_TOO_LARGE: return "Time cost is too large"; case ARGON2_MEMORY_TOO_LITTLE: return "Memory cost is too small"; case ARGON2_MEMORY_TOO_MUCH: return "Memory cost is too large"; case ARGON2_LANES_TOO_FEW: return "Too few lanes"; case ARGON2_LANES_TOO_MANY: return "Too many lanes"; case ARGON2_PWD_PTR_MISMATCH: return "Password pointer is NULL, but password length is not 0"; case ARGON2_SALT_PTR_MISMATCH: return "Salt pointer is NULL, but salt length is not 0"; case ARGON2_SECRET_PTR_MISMATCH: return "Secret pointer is NULL, but secret length is not 0"; case ARGON2_AD_PTR_MISMATCH: return "Associated data pointer is NULL, but ad length is not 0"; case ARGON2_MEMORY_ALLOCATION_ERROR: return "Memory allocation error"; case ARGON2_FREE_MEMORY_CBK_NULL: return "The free memory callback is NULL"; case ARGON2_ALLOCATE_MEMORY_CBK_NULL: return "The allocate memory callback is NULL"; case ARGON2_INCORRECT_PARAMETER: return "Argon2_Context context is NULL"; case ARGON2_INCORRECT_TYPE: return "There is no such version of Argon2"; case ARGON2_OUT_PTR_MISMATCH: return "Output pointer mismatch"; case ARGON2_THREADS_TOO_FEW: return "Not enough threads"; case ARGON2_THREADS_TOO_MANY: return "Too many threads"; case ARGON2_MISSING_ARGS: return "Missing arguments"; case ARGON2_THREAD_FAIL: return "Threading failure"; case ARGON2_VERIFY_MISMATCH: return "The password does not match the supplied hash"; default: return "Unknown error code"; } }