Crypt-Argon2-0.030000755001750001750 015004670131 13365 5ustar00leontleont000000000000README100644001750001750 66115004670131 14311 0ustar00leontleont000000000000Crypt-Argon2-0.030This archive contains the distribution Crypt-Argon2, version 0.030: Perl interface to the Argon2 key derivation functions This software is Copyright (c) 2013 by Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, Samuel Neves, Thomas Pornin and Leon Timmermans. This is free software, licensed under: The Apache License, Version 2.0, January 2004 This README file was generated by Dist::Zilla::Plugin::Readme v6.032. Changes100644001750001750 704715004670131 14751 0ustar00leontleont000000000000Crypt-Argon2-0.030Revision history for Crypt-Argon2 0.030 2025-05-01 15:00:07+02:00 Europe/Brussels - Simplify argon2_pass and argon2_raw - Adapt to script files no longer being installed by default 0.029 2024-08-05 23:18:21+02:00 Europe/Brussels - Add runtime CPU checks to compile time checks 0.028 2024-08-05 10:57:59+02:00 Europe/Brussels - Call switched function in ifunc check 0.027 2024-08-04 22:00:44+02:00 Europe/Brussels - Remove debugging code from ifunc test 0.026 2024-08-04 00:47:41+02:00 Europe/Brussels - Add check for ifunc gcc feature 0.025 2024-08-02 09:36:18+02:00 Europe/Brussels - Add explicit include dir for include/ 0.024 2024-08-01 23:03:04+02:00 Europe/Brussels (TRIAL RELEASE) - Depend on installed Dist::Build 0.023 2024-08-01 13:05:09+02:00 Europe/Brussels (TRIAL RELEASE) - Add runtime implementation switching - Switch to using Dist::Build as install tool 0.022 2024-04-12 01:28:41+02:00 Europe/Brussels - allow arch to be configured via environment 0.021 2024-04-03 23:39:28+02:00 Europe/Brussels - Fix documentation of argon2_needs_rehash argument order 0.020 2023-10-29 18:28:53+01:00 Europe/Brussels - Only enable optimization when building in CPAN client 0.019 2023-05-24 02:34:02+02:00 Europe/Amsterdam - Switch to Apache Public License 2.0 0.018 2023-05-15 19:59:20+02:00 Europe/Amsterdam - Fix documentation markup failures 0.017 2023-04-07 16:21:47+02:00 Europe/Amsterdam - Add argon2_pass and argon2_raw - Add argon2_types - Remove argon2_crypt - Add $type_regex 0.016 2023-03-23 03:43:57+01:00 Europe/Amsterdam - Reenable linking to pthread 0.015 2023-03-22 16:21:00+01:00 Europe/Amsterdam - Add optimized implementation - Install argon2-calibrate 0.014 2023-03-20 14:24:00+01:00 Europe/Amsterdam - Add argon2_verify and argon2_crypt 0.013 2023-02-10 16:07:16+01:00 Europe/Amsterdam - Stricten up argon2_needs_rehash 0.012 2022-04-06 13:39:19+02:00 Europe/Amsterdam - Fix compilation on perl < 5.16 0.011 2021-04-30 19:32:11+02:00 Europe/Amsterdam - Added argon2-calibrate script 0.010 2021-03-11 19:42:29+01:00 Europe/Amsterdam - Correctly handle raw numbers as memory cost in argon2_needs_rehash 0.009 2021-03-07 23:01:38+01:00 Europe/Amsterdam - Added argon2d_pass and argon2d_verify - Allow more strictly hashed values in argon2_needs_rehash 0.008 2021-02-19 20:13:53+01:00 Europe/Amsterdam - Add a argon2_needs_rehash function - Enforce byte semantics for passwords and salts 0.007 2020-03-07 16:52:17+01:00 Europe/Amsterdam - Make 256M test an extended test 0.006 2019-08-29 00:54:56+02:00 Europe/Amsterdam - Update argon2 sources to 20190702 - Add -pthread option when compiling 0.005 2018-04-12 00:59:47+02:00 Europe/Amsterdam - Add libpthread for non-threaded perls 0.004 2018-04-09 20:26:23+02:00 Europe/Amsterdam - Export Argon2_id functions 0.003 2018-03-19 19:31:21+01:00 Europe/Amsterdam - Added argon2id support 0.002 2016-09-21 23:24:25+02:00 Europe/Amsterdam - Include an upstream fix to encoded_length - Add attribution to original authors 0.001 2016-09-21 10:36:32+02:00 Europe/Amsterdam Initial release to an unsuspecting world typemap100644001750001750 2515004670131 15005 0ustar00leontleont000000000000Crypt-Argon2-0.030Argon2_type T_PACKED LICENSE100644001750001750 2662715004670131 14510 0ustar00leontleont000000000000Crypt-Argon2-0.030This software is Copyright (c) 2013 by Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, Samuel Neves, Thomas Pornin and Leon Timmermans. This is free software, licensed under: The Apache License, Version 2.0, January 2004 Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS APPENDIX: How to apply the Apache License to your work. To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]" replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the same "printed page" as the copyright notice for easier identification within third-party archives. Copyright 2013 Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, Samuel Neves, Thomas Pornin and Leon Timmermans Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. INSTALL100644001750001750 463215004670131 14504 0ustar00leontleont000000000000Crypt-Argon2-0.030This is the Perl distribution Crypt-Argon2. Installing Crypt-Argon2 is straightforward. ## Installation with cpanm If you have cpanm, you only need one line: % cpanm Crypt::Argon2 If it does not have permission to install modules to the current perl, cpanm will automatically set up and install to a local::lib in your home directory. See the local::lib documentation (https://metacpan.org/pod/local::lib) for details on enabling it in your environment. ## Installing with the CPAN shell Alternatively, if your CPAN shell is set up, you should just be able to do: % cpan Crypt::Argon2 ## Manual installation As a last resort, you can manually install it. If you have not already downloaded the release tarball, you can find the download link on the module's MetaCPAN page: https://metacpan.org/pod/Crypt::Argon2 Untar the tarball, install configure prerequisites (see below), then build it: % perl Build.PL % ./Build && ./Build test Then install it: % ./Build install Or the more portable variation: % perl Build.PL % perl Build % perl Build test % perl Build install If your perl is system-managed, you can create a local::lib in your home directory to install modules to. For details, see the local::lib documentation: https://metacpan.org/pod/local::lib The prerequisites of this distribution will also have to be installed manually. The prerequisites are listed in one of the files: `MYMETA.yml` or `MYMETA.json` generated by running the manual build process described above. ## Configure Prerequisites This distribution requires other modules to be installed before this distribution's installer can be run. They can be found under the "configure_requires" key of META.yml or the "{prereqs}{configure}{requires}" key of META.json. ## Other Prerequisites This distribution may require additional modules to be installed after running Build.PL. Look for prerequisites in the following phases: * to run ./Build, PHASE = build * to use the module code itself, PHASE = runtime * to run tests, PHASE = test They can all be found in the "PHASE_requires" key of MYMETA.yml or the "{prereqs}{PHASE}{requires}" key of MYMETA.json. ## Documentation Crypt-Argon2 documentation is available as POD. You can run `perldoc` from a shell to read the documentation: % perldoc Crypt::Argon2 For more information on installing Perl modules via CPAN, please see: https://www.cpan.org/modules/INSTALL.html dist.ini100644001750001750 132715004670131 15115 0ustar00leontleont000000000000Crypt-Argon2-0.030name = Crypt-Argon2 author = Leon Timmermans license = Apache_2_0 copyright_holder = Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, Samuel Neves, Thomas Pornin and Leon Timmermans copyright_year = 2013 [Git::GatherDir] [PruneCruft] [MetaYAML] [License] [Manifest] [Readme] [ExecDir] dir = script [AutoPrereqs] [MetaJSON] [GitHub::Meta] [Git::NextVersion] [MetaProvides::Package] [MinimumPerl] [DistBuild] version_method = installed auto_plugin_requires = 1 [PodSyntaxTests] [PodCoverageTests] [InstallGuide] [PodWeaver] [PkgVersion] [NextRelease] [CheckChangesHasContent] [Git::Check] [RunExtraTests] [TestRelease] [ConfirmRelease] [UploadToCPAN] [Git::Commit] [Git::Tag] [Git::Push] t000755001750001750 015004670131 13551 5ustar00leontleont000000000000Crypt-Argon2-0.030test.t100644001750001750 711115004670131 15055 0ustar00leontleont000000000000Crypt-Argon2-0.030/t#! perl use strict; use warnings; use Test::More 0.90; use Crypt::Argon2 qw/argon2i_pass argon2i_raw argon2_verify argon2_pass argon2_needs_rehash/; sub hashtest { my ($t_cost, $m_cost, $parallelism, $password, $salt, $hexref, $mcfref) = @_; local $Test::Builder::Level = $Test::Builder::Level + 1; subtest "argon2i($t_cost, $m_cost, $parallelism, $password, $salt)", sub { my $encoded = argon2i_pass($password, $salt, $t_cost, $m_cost, $parallelism, 32); is($encoded, $mcfref, "$t_cost:$m_cost:$parallelism($password, $salt) encodes as expected"); ok(argon2_verify($encoded, $password), "$t_cost:$m_cost:$parallelism($password, $salt) matches as expected"); my $hex = unpack "H*", argon2i_raw($password, $salt, $t_cost, $m_cost, $parallelism, 32); is($hex, $hexref, "$t_cost:$m_cost:$parallelism($password, $salt) verifies as expected"); }; } hashtest(2, '64M', 1, 'password', 'somesalt', 'c1628832147d9720c5bd1cfd61367078729f6dfb6f8fea9ff98158e0d7816ed0', '$argon2i$v=19$m=65536,t=2,p=1$c29tZXNhbHQ$wWKIMhR9lyDFvRz9YTZweHKfbftvj+qf+YFY4NeBbtA'); hashtest(2, '256k', 1, 'password', 'somesalt', '89e9029f4637b295beb027056a7336c414fadd43f6b208645281cb214a56452f', '$argon2i$v=19$m=256,t=2,p=1$c29tZXNhbHQ$iekCn0Y3spW+sCcFanM2xBT63UP2sghkUoHLIUpWRS8'); hashtest(2, '256k', 2, 'password', 'somesalt', '4ff5ce2769a1d7f4c8a491df09d41a9fbe90e5eb02155a13e4c01e20cd4eab61', '$argon2i$v=19$m=256,t=2,p=2$c29tZXNhbHQ$T/XOJ2mh1/TIpJHfCdQan76Q5esCFVoT5MAeIM1Oq2E'); hashtest(1, '64M', 1, 'password', 'somesalt', 'd168075c4d985e13ebeae560cf8b94c3b5d8a16c51916b6f4ac2da3ac11bbecf', '$argon2i$v=19$m=65536,t=1,p=1$c29tZXNhbHQ$0WgHXE2YXhPr6uVgz4uUw7XYoWxRkWtvSsLaOsEbvs8'); hashtest(4, '64M', 1, 'password', 'somesalt', 'aaa953d58af3706ce3df1aefd4a64a84e31d7f54175231f1285259f88174ce5b', '$argon2i$v=19$m=65536,t=4,p=1$c29tZXNhbHQ$qqlT1YrzcGzj3xrv1KZKhOMdf1QXUjHxKFJZ+IF0zls'); hashtest(2, '64M', 1, 'differentpassword', 'somesalt', '14ae8da01afea8700c2358dcef7c5358d9021282bd88663a4562f59fb74d22ee', '$argon2i$v=19$m=65536,t=2,p=1$c29tZXNhbHQ$FK6NoBr+qHAMI1jc73xTWNkCEoK9iGY6RWL1n7dNIu4'); hashtest(2, '64M', 1, 'password', 'diffsalt', 'b0357cccfbef91f3860b0dba447b2348cbefecadaf990abfe9cc40726c521271', '$argon2i$v=19$m=65536,t=2,p=1$ZGlmZnNhbHQ$sDV8zPvvkfOGCw26RHsjSMvv7K2vmQq/6cxAcmxSEnE'); if ($ENV{EXTENDED_TESTING} || $ENV{AUTHOR_TESTING}) { hashtest(2, '256M', 1, 'password', 'somesalt', '296dbae80b807cdceaad44ae741b506f14db0959267b183b118f9b24229bc7cb', '$argon2i$v=19$m=262144,t=2,p=1$c29tZXNhbHQ$KW266AuAfNzqrUSudBtQbxTbCVkmexg7EY+bJCKbx8s'); hashtest(2, '1G', 1, 'password', 'somesalt', 'd1587aca0922c3b5d6a83edab31bee3c4ebaef342ed6127a55d19b2351ad1f41', '$argon2i$v=19$m=1048576,t=2,p=1$c29tZXNhbHQ$0Vh6ygkiw7XWqD7asxvuPE667zQu1hJ6VdGbI1GtH0E'); } subtest 'needs_rehash', sub { my $encoded = argon2_pass('argon2id', 'password', 'saltsalt', 2, '64M', 1, 32); ok(!argon2_needs_rehash($encoded, 'argon2id', 2, '64M', 1, 32, 8), 'No rehash with same parameters'); ok(argon2_needs_rehash($encoded, 'argon2i', 2, '64M', 1, 32, 8), 'Rehash with different argon2 variant'); ok(argon2_needs_rehash($encoded, 'argon2id', 3, '64M', 1, 32, 8), 'Rehash with different time cost'); ok(argon2_needs_rehash($encoded, 'argon2id', 2, '128M', 1, 32, 8), 'Rehash with different memory cost'); ok(argon2_needs_rehash($encoded, 'argon2id', 2, '64M', 2, 32, 8), 'Rehash with different parallelism'); ok(argon2_needs_rehash($encoded, 'argon2id', 2, '64M', 1, 16, 8), 'Rehash with different output length'); ok(argon2_needs_rehash($encoded, 'argon2id', 2, '64M', 1, 32, 16), 'Rehash with different salt length'); }; done_testing(); META.yml100644001750001750 171315004670131 14721 0ustar00leontleont000000000000Crypt-Argon2-0.030--- abstract: 'Perl interface to the Argon2 key derivation functions' author: - 'Leon Timmermans ' build_requires: Test::More: '0.90' perl: '5.006' configure_requires: Dist::Build: '0.020' Dist::Build::Core: '0' Dist::Build::XS: '0' Dist::Build::XS::Conf: '0' perl: '5.006' dynamic_config: 0 generated_by: 'Dist::Zilla version 6.032, CPAN::Meta::Converter version 2.150010' license: apache meta-spec: url: http://module-build.sourceforge.net/META-spec-v1.4.html version: '1.4' name: Crypt-Argon2 provides: Crypt::Argon2: file: lib/Crypt/Argon2.pm version: '0.030' requires: Exporter: '5.57' Time::HiRes: '0' XSLoader: '0' perl: '5.006' strict: '0' warnings: '0' resources: bugtracker: https://github.com/Leont/crypt-argon2/issues repository: git://github.com/Leont/crypt-argon2.git version: '0.030' x_generated_by_perl: v5.40.1 x_serialization_backend: 'YAML::Tiny version 1.76' x_spdx_expression: Apache-2.0 MANIFEST100644001750001750 111215004670131 14572 0ustar00leontleont000000000000Crypt-Argon2-0.030# This file was automatically generated by Dist::Zilla::Plugin::Manifest v6.032. Build.PL Changes INSTALL LICENSE MANIFEST META.json META.yml README dist.ini include/argon2.h lib/Crypt/Argon2.pm lib/Crypt/Argon2.xs planner/script.pl planner/xs.pl script/argon2-calibrate src/argon2.c src/blake2/blake2-impl.h src/blake2/blake2.h src/blake2/blake2b.c src/blake2/blamka-round-opt.h src/blake2/blamka-round-ref.h src/core.c src/core.h src/encoding.c src/encoding.h src/opt.c src/ref.c src/switch.c src/thread.c src/thread.h t/test.t typemap xt/author/pod-coverage.t xt/author/pod-syntax.t Build.PL100644001750001750 26015004670131 14720 0ustar00leontleont000000000000Crypt-Argon2-0.030# This Build.PL for Crypt-Argon2 was generated by Dist::Zilla::Plugin::DistBuild 0.002. use strict; use warnings; use 5.006; use Dist::Build 0.020; Build_PL(\@ARGV, \%ENV); src000755001750001750 015004670131 14075 5ustar00leontleont000000000000Crypt-Argon2-0.030opt.c100644001750001750 2370515004670131 15232 0ustar00leontleont000000000000Crypt-Argon2-0.030/src/* * Argon2 reference source code package - reference C implementations * * Copyright 2015 * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves * * You may use this work under the terms of a Creative Commons CC0 1.0 * License/Waiver or the Apache Public License 2.0, at your option. The terms of * these licenses can be found at: * * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0 * - Apache 2.0 : https://www.apache.org/licenses/LICENSE-2.0 * * You should have received a copy of both of these licenses along with this * software. If not, they may be obtained at the above URLs. */ #include #include #include #include "argon2.h" #include "core.h" #include "blake2/blake2.h" #include "blake2/blamka-round-opt.h" /* * Function fills a new memory block and optionally XORs the old block over the new one. * Memory must be initialized. * @param state Pointer to the just produced block. Content will be updated(!) * @param ref_block Pointer to the reference block * @param next_block Pointer to the block to be XORed over. May coincide with @ref_block * @param with_xor Whether to XOR into the new block (1) or just overwrite (0) * @pre all block pointers must be valid */ #if defined(__AVX512F__) static void fill_block(__m512i *state, const block *ref_block, block *next_block, int with_xor) { __m512i block_XY[ARGON2_512BIT_WORDS_IN_BLOCK]; unsigned int i; if (with_xor) { for (i = 0; i < ARGON2_512BIT_WORDS_IN_BLOCK; i++) { state[i] = _mm512_xor_si512( state[i], _mm512_loadu_si512((const __m512i *)ref_block->v + i)); block_XY[i] = _mm512_xor_si512( state[i], _mm512_loadu_si512((const __m512i *)next_block->v + i)); } } else { for (i = 0; i < ARGON2_512BIT_WORDS_IN_BLOCK; i++) { block_XY[i] = state[i] = _mm512_xor_si512( state[i], _mm512_loadu_si512((const __m512i *)ref_block->v + i)); } } for (i = 0; i < 2; ++i) { BLAKE2_ROUND_1( state[8 * i + 0], state[8 * i + 1], state[8 * i + 2], state[8 * i + 3], state[8 * i + 4], state[8 * i + 5], state[8 * i + 6], state[8 * i + 7]); } for (i = 0; i < 2; ++i) { BLAKE2_ROUND_2( state[2 * 0 + i], state[2 * 1 + i], state[2 * 2 + i], state[2 * 3 + i], state[2 * 4 + i], state[2 * 5 + i], state[2 * 6 + i], state[2 * 7 + i]); } for (i = 0; i < ARGON2_512BIT_WORDS_IN_BLOCK; i++) { state[i] = _mm512_xor_si512(state[i], block_XY[i]); _mm512_storeu_si512((__m512i *)next_block->v + i, state[i]); } } #elif defined(__AVX2__) static void fill_block(__m256i *state, const block *ref_block, block *next_block, int with_xor) { __m256i block_XY[ARGON2_HWORDS_IN_BLOCK]; unsigned int i; if (with_xor) { for (i = 0; i < ARGON2_HWORDS_IN_BLOCK; i++) { state[i] = _mm256_xor_si256( state[i], _mm256_loadu_si256((const __m256i *)ref_block->v + i)); block_XY[i] = _mm256_xor_si256( state[i], _mm256_loadu_si256((const __m256i *)next_block->v + i)); } } else { for (i = 0; i < ARGON2_HWORDS_IN_BLOCK; i++) { block_XY[i] = state[i] = _mm256_xor_si256( state[i], _mm256_loadu_si256((const __m256i *)ref_block->v + i)); } } for (i = 0; i < 4; ++i) { BLAKE2_ROUND_1(state[8 * i + 0], state[8 * i + 4], state[8 * i + 1], state[8 * i + 5], state[8 * i + 2], state[8 * i + 6], state[8 * i + 3], state[8 * i + 7]); } for (i = 0; i < 4; ++i) { BLAKE2_ROUND_2(state[ 0 + i], state[ 4 + i], state[ 8 + i], state[12 + i], state[16 + i], state[20 + i], state[24 + i], state[28 + i]); } for (i = 0; i < ARGON2_HWORDS_IN_BLOCK; i++) { state[i] = _mm256_xor_si256(state[i], block_XY[i]); _mm256_storeu_si256((__m256i *)next_block->v + i, state[i]); } } #else static void fill_block(__m128i *state, const block *ref_block, block *next_block, int with_xor) { __m128i block_XY[ARGON2_OWORDS_IN_BLOCK]; unsigned int i; if (with_xor) { for (i = 0; i < ARGON2_OWORDS_IN_BLOCK; i++) { state[i] = _mm_xor_si128( state[i], _mm_loadu_si128((const __m128i *)ref_block->v + i)); block_XY[i] = _mm_xor_si128( state[i], _mm_loadu_si128((const __m128i *)next_block->v + i)); } } else { for (i = 0; i < ARGON2_OWORDS_IN_BLOCK; i++) { block_XY[i] = state[i] = _mm_xor_si128( state[i], _mm_loadu_si128((const __m128i *)ref_block->v + i)); } } for (i = 0; i < 8; ++i) { BLAKE2_ROUND(state[8 * i + 0], state[8 * i + 1], state[8 * i + 2], state[8 * i + 3], state[8 * i + 4], state[8 * i + 5], state[8 * i + 6], state[8 * i + 7]); } for (i = 0; i < 8; ++i) { BLAKE2_ROUND(state[8 * 0 + i], state[8 * 1 + i], state[8 * 2 + i], state[8 * 3 + i], state[8 * 4 + i], state[8 * 5 + i], state[8 * 6 + i], state[8 * 7 + i]); } for (i = 0; i < ARGON2_OWORDS_IN_BLOCK; i++) { state[i] = _mm_xor_si128(state[i], block_XY[i]); _mm_storeu_si128((__m128i *)next_block->v + i, state[i]); } } #endif static void next_addresses(block *address_block, block *input_block) { /*Temporary zero-initialized blocks*/ #if defined(__AVX512F__) __m512i zero_block[ARGON2_512BIT_WORDS_IN_BLOCK]; __m512i zero2_block[ARGON2_512BIT_WORDS_IN_BLOCK]; #elif defined(__AVX2__) __m256i zero_block[ARGON2_HWORDS_IN_BLOCK]; __m256i zero2_block[ARGON2_HWORDS_IN_BLOCK]; #else __m128i zero_block[ARGON2_OWORDS_IN_BLOCK]; __m128i zero2_block[ARGON2_OWORDS_IN_BLOCK]; #endif memset(zero_block, 0, sizeof(zero_block)); memset(zero2_block, 0, sizeof(zero2_block)); /*Increasing index counter*/ input_block->v[6]++; /*First iteration of G*/ fill_block(zero_block, input_block, address_block, 0); /*Second iteration of G*/ fill_block(zero2_block, address_block, address_block, 0); } void fill_segment(const argon2_instance_t *instance, argon2_position_t position) { block *ref_block = NULL, *curr_block = NULL; block address_block, input_block; uint64_t pseudo_rand, ref_index, ref_lane; uint32_t prev_offset, curr_offset; uint32_t starting_index, i; #if defined(__AVX512F__) __m512i state[ARGON2_512BIT_WORDS_IN_BLOCK]; #elif defined(__AVX2__) __m256i state[ARGON2_HWORDS_IN_BLOCK]; #else __m128i state[ARGON2_OWORDS_IN_BLOCK]; #endif int data_independent_addressing; if (instance == NULL) { return; } data_independent_addressing = (instance->type == Argon2_i) || (instance->type == Argon2_id && (position.pass == 0) && (position.slice < ARGON2_SYNC_POINTS / 2)); if (data_independent_addressing) { init_block_value(&input_block, 0); input_block.v[0] = position.pass; input_block.v[1] = position.lane; input_block.v[2] = position.slice; input_block.v[3] = instance->memory_blocks; input_block.v[4] = instance->passes; input_block.v[5] = instance->type; } starting_index = 0; if ((0 == position.pass) && (0 == position.slice)) { starting_index = 2; /* we have already generated the first two blocks */ /* Don't forget to generate the first block of addresses: */ if (data_independent_addressing) { next_addresses(&address_block, &input_block); } } /* Offset of the current block */ curr_offset = position.lane * instance->lane_length + position.slice * instance->segment_length + starting_index; if (0 == curr_offset % instance->lane_length) { /* Last block in this lane */ prev_offset = curr_offset + instance->lane_length - 1; } else { /* Previous block */ prev_offset = curr_offset - 1; } memcpy(state, ((instance->memory + prev_offset)->v), ARGON2_BLOCK_SIZE); for (i = starting_index; i < instance->segment_length; ++i, ++curr_offset, ++prev_offset) { /*1.1 Rotating prev_offset if needed */ if (curr_offset % instance->lane_length == 1) { prev_offset = curr_offset - 1; } /* 1.2 Computing the index of the reference block */ /* 1.2.1 Taking pseudo-random value from the previous block */ if (data_independent_addressing) { if (i % ARGON2_ADDRESSES_IN_BLOCK == 0) { next_addresses(&address_block, &input_block); } pseudo_rand = address_block.v[i % ARGON2_ADDRESSES_IN_BLOCK]; } else { pseudo_rand = instance->memory[prev_offset].v[0]; } /* 1.2.2 Computing the lane of the reference block */ ref_lane = ((pseudo_rand >> 32)) % instance->lanes; if ((position.pass == 0) && (position.slice == 0)) { /* Can not reference other lanes yet */ ref_lane = position.lane; } /* 1.2.3 Computing the number of possible reference block within the * lane. */ position.index = i; ref_index = index_alpha(instance, &position, pseudo_rand & 0xFFFFFFFF, ref_lane == position.lane); /* 2 Creating a new block */ ref_block = instance->memory + instance->lane_length * ref_lane + ref_index; curr_block = instance->memory + curr_offset; if (ARGON2_VERSION_10 == instance->version) { /* version 1.2.1 and earlier: overwrite, not XOR */ fill_block(state, ref_block, curr_block, 0); } else { if(0 == position.pass) { fill_block(state, ref_block, curr_block, 0); } else { fill_block(state, ref_block, curr_block, 1); } } } } ref.c100644001750001750 1616515004670131 15206 0ustar00leontleont000000000000Crypt-Argon2-0.030/src/* * Argon2 reference source code package - reference C implementations * * Copyright 2015 * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves * * You may use this work under the terms of a Creative Commons CC0 1.0 * License/Waiver or the Apache Public License 2.0, at your option. The terms of * these licenses can be found at: * * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0 * - Apache 2.0 : https://www.apache.org/licenses/LICENSE-2.0 * * You should have received a copy of both of these licenses along with this * software. If not, they may be obtained at the above URLs. */ #include #include #include #include "argon2.h" #include "core.h" #include "blake2/blamka-round-ref.h" #include "blake2/blake2-impl.h" #include "blake2/blake2.h" /* * Function fills a new memory block and optionally XORs the old block over the new one. * @next_block must be initialized. * @param prev_block Pointer to the previous block * @param ref_block Pointer to the reference block * @param next_block Pointer to the block to be constructed * @param with_xor Whether to XOR into the new block (1) or just overwrite (0) * @pre all block pointers must be valid */ static void fill_block(const block *prev_block, const block *ref_block, block *next_block, int with_xor) { block blockR, block_tmp; unsigned i; copy_block(&blockR, ref_block); xor_block(&blockR, prev_block); copy_block(&block_tmp, &blockR); /* Now blockR = ref_block + prev_block and block_tmp = ref_block + prev_block */ if (with_xor) { /* Saving the next block contents for XOR over: */ xor_block(&block_tmp, next_block); /* Now blockR = ref_block + prev_block and block_tmp = ref_block + prev_block + next_block */ } /* Apply Blake2 on columns of 64-bit words: (0,1,...,15) , then (16,17,..31)... finally (112,113,...127) */ for (i = 0; i < 8; ++i) { BLAKE2_ROUND_NOMSG( blockR.v[16 * i], blockR.v[16 * i + 1], blockR.v[16 * i + 2], blockR.v[16 * i + 3], blockR.v[16 * i + 4], blockR.v[16 * i + 5], blockR.v[16 * i + 6], blockR.v[16 * i + 7], blockR.v[16 * i + 8], blockR.v[16 * i + 9], blockR.v[16 * i + 10], blockR.v[16 * i + 11], blockR.v[16 * i + 12], blockR.v[16 * i + 13], blockR.v[16 * i + 14], blockR.v[16 * i + 15]); } /* Apply Blake2 on rows of 64-bit words: (0,1,16,17,...112,113), then (2,3,18,19,...,114,115).. finally (14,15,30,31,...,126,127) */ for (i = 0; i < 8; i++) { BLAKE2_ROUND_NOMSG( blockR.v[2 * i], blockR.v[2 * i + 1], blockR.v[2 * i + 16], blockR.v[2 * i + 17], blockR.v[2 * i + 32], blockR.v[2 * i + 33], blockR.v[2 * i + 48], blockR.v[2 * i + 49], blockR.v[2 * i + 64], blockR.v[2 * i + 65], blockR.v[2 * i + 80], blockR.v[2 * i + 81], blockR.v[2 * i + 96], blockR.v[2 * i + 97], blockR.v[2 * i + 112], blockR.v[2 * i + 113]); } copy_block(next_block, &block_tmp); xor_block(next_block, &blockR); } static void next_addresses(block *address_block, block *input_block, const block *zero_block) { input_block->v[6]++; fill_block(zero_block, input_block, address_block, 0); fill_block(zero_block, address_block, address_block, 0); } void fill_segment(const argon2_instance_t *instance, argon2_position_t position) { block *ref_block = NULL, *curr_block = NULL; block address_block, input_block, zero_block; uint64_t pseudo_rand, ref_index, ref_lane; uint32_t prev_offset, curr_offset; uint32_t starting_index; uint32_t i; int data_independent_addressing; if (instance == NULL) { return; } data_independent_addressing = (instance->type == Argon2_i) || (instance->type == Argon2_id && (position.pass == 0) && (position.slice < ARGON2_SYNC_POINTS / 2)); if (data_independent_addressing) { init_block_value(&zero_block, 0); init_block_value(&input_block, 0); input_block.v[0] = position.pass; input_block.v[1] = position.lane; input_block.v[2] = position.slice; input_block.v[3] = instance->memory_blocks; input_block.v[4] = instance->passes; input_block.v[5] = instance->type; } starting_index = 0; if ((0 == position.pass) && (0 == position.slice)) { starting_index = 2; /* we have already generated the first two blocks */ /* Don't forget to generate the first block of addresses: */ if (data_independent_addressing) { next_addresses(&address_block, &input_block, &zero_block); } } /* Offset of the current block */ curr_offset = position.lane * instance->lane_length + position.slice * instance->segment_length + starting_index; if (0 == curr_offset % instance->lane_length) { /* Last block in this lane */ prev_offset = curr_offset + instance->lane_length - 1; } else { /* Previous block */ prev_offset = curr_offset - 1; } for (i = starting_index; i < instance->segment_length; ++i, ++curr_offset, ++prev_offset) { /*1.1 Rotating prev_offset if needed */ if (curr_offset % instance->lane_length == 1) { prev_offset = curr_offset - 1; } /* 1.2 Computing the index of the reference block */ /* 1.2.1 Taking pseudo-random value from the previous block */ if (data_independent_addressing) { if (i % ARGON2_ADDRESSES_IN_BLOCK == 0) { next_addresses(&address_block, &input_block, &zero_block); } pseudo_rand = address_block.v[i % ARGON2_ADDRESSES_IN_BLOCK]; } else { pseudo_rand = instance->memory[prev_offset].v[0]; } /* 1.2.2 Computing the lane of the reference block */ ref_lane = ((pseudo_rand >> 32)) % instance->lanes; if ((position.pass == 0) && (position.slice == 0)) { /* Can not reference other lanes yet */ ref_lane = position.lane; } /* 1.2.3 Computing the number of possible reference block within the * lane. */ position.index = i; ref_index = index_alpha(instance, &position, pseudo_rand & 0xFFFFFFFF, ref_lane == position.lane); /* 2 Creating a new block */ ref_block = instance->memory + instance->lane_length * ref_lane + ref_index; curr_block = instance->memory + curr_offset; if (ARGON2_VERSION_10 == instance->version) { /* version 1.2.1 and earlier: overwrite, not XOR */ fill_block(instance->memory + prev_offset, ref_block, curr_block, 0); } else { if(0 == position.pass) { fill_block(instance->memory + prev_offset, ref_block, curr_block, 0); } else { fill_block(instance->memory + prev_offset, ref_block, curr_block, 1); } } } } META.json100644001750001750 357415004670131 15100 0ustar00leontleont000000000000Crypt-Argon2-0.030{ "abstract" : "Perl interface to the Argon2 key derivation functions", "author" : [ "Leon Timmermans " ], "dynamic_config" : 0, "generated_by" : "Dist::Zilla version 6.032, CPAN::Meta::Converter version 2.150010", "license" : [ "apache_2_0" ], "meta-spec" : { "url" : "http://search.cpan.org/perldoc?CPAN::Meta::Spec", "version" : 2 }, "name" : "Crypt-Argon2", "prereqs" : { "configure" : { "requires" : { "Dist::Build" : "0.020", "Dist::Build::Core" : "0", "Dist::Build::XS" : "0", "Dist::Build::XS::Conf" : "0", "perl" : "5.006" } }, "develop" : { "requires" : { "Pod::Coverage::TrustPod" : "0", "Test::More" : "0", "Test::Pod" : "1.41", "Test::Pod::Coverage" : "1.08" } }, "runtime" : { "requires" : { "Exporter" : "5.57", "Time::HiRes" : "0", "XSLoader" : "0", "perl" : "5.006", "strict" : "0", "warnings" : "0" } }, "test" : { "requires" : { "Test::More" : "0.90", "perl" : "5.006" } } }, "provides" : { "Crypt::Argon2" : { "file" : "lib/Crypt/Argon2.pm", "version" : "0.030" } }, "release_status" : "stable", "resources" : { "bugtracker" : { "web" : "https://github.com/Leont/crypt-argon2/issues" }, "repository" : { "type" : "git", "url" : "git://github.com/Leont/crypt-argon2.git", "web" : "https://github.com/Leont/crypt-argon2" } }, "version" : "0.030", "x_generated_by_perl" : "v5.40.1", "x_serialization_backend" : "Cpanel::JSON::XS version 4.39", "x_spdx_expression" : "Apache-2.0" } core.c100644001750001750 4656015004670131 15364 0ustar00leontleont000000000000Crypt-Argon2-0.030/src/* * Argon2 reference source code package - reference C implementations * * Copyright 2015 * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves * * You may use this work under the terms of a Creative Commons CC0 1.0 * License/Waiver or the Apache Public License 2.0, at your option. The terms of * these licenses can be found at: * * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0 * - Apache 2.0 : https://www.apache.org/licenses/LICENSE-2.0 * * You should have received a copy of both of these licenses along with this * software. If not, they may be obtained at the above URLs. */ /*For memory wiping*/ #ifdef _WIN32 #include #include /* For SecureZeroMemory */ #endif #if defined __STDC_LIB_EXT1__ #define __STDC_WANT_LIB_EXT1__ 1 #endif #define VC_GE_2005(version) (version >= 1400) /* for explicit_bzero() on glibc */ #define _DEFAULT_SOURCE #include #include #include #include "core.h" #include "thread.h" #include "blake2/blake2.h" #include "blake2/blake2-impl.h" #ifdef GENKAT #include "genkat.h" #endif #if defined(__clang__) #if __has_attribute(optnone) #define NOT_OPTIMIZED __attribute__((optnone)) #endif #elif defined(__GNUC__) #define GCC_VERSION \ (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) #if GCC_VERSION >= 40400 #define NOT_OPTIMIZED __attribute__((optimize("O0"))) #endif #endif #ifndef NOT_OPTIMIZED #define NOT_OPTIMIZED #endif /***************Instance and Position constructors**********/ void init_block_value(block *b, uint8_t in) { memset(b->v, in, sizeof(b->v)); } void copy_block(block *dst, const block *src) { memcpy(dst->v, src->v, sizeof(uint64_t) * ARGON2_QWORDS_IN_BLOCK); } void xor_block(block *dst, const block *src) { int i; for (i = 0; i < ARGON2_QWORDS_IN_BLOCK; ++i) { dst->v[i] ^= src->v[i]; } } static void load_block(block *dst, const void *input) { unsigned i; for (i = 0; i < ARGON2_QWORDS_IN_BLOCK; ++i) { dst->v[i] = load64((const uint8_t *)input + i * sizeof(dst->v[i])); } } static void store_block(void *output, const block *src) { unsigned i; for (i = 0; i < ARGON2_QWORDS_IN_BLOCK; ++i) { store64((uint8_t *)output + i * sizeof(src->v[i]), src->v[i]); } } /***************Memory functions*****************/ int allocate_memory(const argon2_context *context, uint8_t **memory, size_t num, size_t size) { size_t memory_size = num*size; if (memory == NULL) { return ARGON2_MEMORY_ALLOCATION_ERROR; } /* 1. Check for multiplication overflow */ if (size != 0 && memory_size / size != num) { return ARGON2_MEMORY_ALLOCATION_ERROR; } /* 2. Try to allocate with appropriate allocator */ if (context->allocate_cbk) { (context->allocate_cbk)(memory, memory_size); } else { *memory = malloc(memory_size); } if (*memory == NULL) { return ARGON2_MEMORY_ALLOCATION_ERROR; } return ARGON2_OK; } void free_memory(const argon2_context *context, uint8_t *memory, size_t num, size_t size) { size_t memory_size = num*size; clear_internal_memory(memory, memory_size); if (context->free_cbk) { (context->free_cbk)(memory, memory_size); } else { free(memory); } } #if defined(__OpenBSD__) #define HAVE_EXPLICIT_BZERO 1 #elif defined(__GLIBC__) && defined(__GLIBC_PREREQ) #if __GLIBC_PREREQ(2,25) #define HAVE_EXPLICIT_BZERO 1 #endif #endif void NOT_OPTIMIZED secure_wipe_memory(void *v, size_t n) { #if defined(_MSC_VER) && VC_GE_2005(_MSC_VER) || defined(__MINGW32__) SecureZeroMemory(v, n); #elif defined memset_s memset_s(v, n, 0, n); #elif defined(HAVE_EXPLICIT_BZERO) explicit_bzero(v, n); #else static void *(*const volatile memset_sec)(void *, int, size_t) = &memset; memset_sec(v, 0, n); #endif } /* Memory clear flag defaults to true. */ int FLAG_clear_internal_memory = 1; void clear_internal_memory(void *v, size_t n) { if (FLAG_clear_internal_memory && v) { secure_wipe_memory(v, n); } } void finalize(const argon2_context *context, argon2_instance_t *instance) { if (context != NULL && instance != NULL) { block blockhash; uint32_t l; copy_block(&blockhash, instance->memory + instance->lane_length - 1); /* XOR the last blocks */ for (l = 1; l < instance->lanes; ++l) { uint32_t last_block_in_lane = l * instance->lane_length + (instance->lane_length - 1); xor_block(&blockhash, instance->memory + last_block_in_lane); } /* Hash the result */ { uint8_t blockhash_bytes[ARGON2_BLOCK_SIZE]; store_block(blockhash_bytes, &blockhash); blake2b_long(context->out, context->outlen, blockhash_bytes, ARGON2_BLOCK_SIZE); /* clear blockhash and blockhash_bytes */ clear_internal_memory(blockhash.v, ARGON2_BLOCK_SIZE); clear_internal_memory(blockhash_bytes, ARGON2_BLOCK_SIZE); } #ifdef GENKAT print_tag(context->out, context->outlen); #endif free_memory(context, (uint8_t *)instance->memory, instance->memory_blocks, sizeof(block)); } } uint32_t index_alpha(const argon2_instance_t *instance, const argon2_position_t *position, uint32_t pseudo_rand, int same_lane) { /* * Pass 0: * This lane : all already finished segments plus already constructed * blocks in this segment * Other lanes : all already finished segments * Pass 1+: * This lane : (SYNC_POINTS - 1) last segments plus already constructed * blocks in this segment * Other lanes : (SYNC_POINTS - 1) last segments */ uint32_t reference_area_size; uint64_t relative_position; uint32_t start_position, absolute_position; if (0 == position->pass) { /* First pass */ if (0 == position->slice) { /* First slice */ reference_area_size = position->index - 1; /* all but the previous */ } else { if (same_lane) { /* The same lane => add current segment */ reference_area_size = position->slice * instance->segment_length + position->index - 1; } else { reference_area_size = position->slice * instance->segment_length + ((position->index == 0) ? (-1) : 0); } } } else { /* Second pass */ if (same_lane) { reference_area_size = instance->lane_length - instance->segment_length + position->index - 1; } else { reference_area_size = instance->lane_length - instance->segment_length + ((position->index == 0) ? (-1) : 0); } } /* 1.2.4. Mapping pseudo_rand to 0.. and produce * relative position */ relative_position = pseudo_rand; relative_position = relative_position * relative_position >> 32; relative_position = reference_area_size - 1 - (reference_area_size * relative_position >> 32); /* 1.2.5 Computing starting position */ start_position = 0; if (0 != position->pass) { start_position = (position->slice == ARGON2_SYNC_POINTS - 1) ? 0 : (position->slice + 1) * instance->segment_length; } /* 1.2.6. Computing absolute position */ absolute_position = (start_position + relative_position) % instance->lane_length; /* absolute position */ return absolute_position; } /* Single-threaded version for p=1 case */ static int fill_memory_blocks_st(argon2_instance_t *instance) { uint32_t r, s, l; for (r = 0; r < instance->passes; ++r) { for (s = 0; s < ARGON2_SYNC_POINTS; ++s) { for (l = 0; l < instance->lanes; ++l) { argon2_position_t position = {r, l, (uint8_t)s, 0}; fill_segment(instance, position); } } #ifdef GENKAT internal_kat(instance, r); /* Print all memory blocks */ #endif } return ARGON2_OK; } #if !defined(ARGON2_NO_THREADS) #ifdef _WIN32 static unsigned __stdcall fill_segment_thr(void *thread_data) #else static void *fill_segment_thr(void *thread_data) #endif { argon2_thread_data *my_data = thread_data; fill_segment(my_data->instance_ptr, my_data->pos); argon2_thread_exit(); return 0; } /* Multi-threaded version for p > 1 case */ static int fill_memory_blocks_mt(argon2_instance_t *instance) { uint32_t r, s; argon2_thread_handle_t *thread = NULL; argon2_thread_data *thr_data = NULL; int rc = ARGON2_OK; /* 1. Allocating space for threads */ thread = calloc(instance->lanes, sizeof(argon2_thread_handle_t)); if (thread == NULL) { rc = ARGON2_MEMORY_ALLOCATION_ERROR; goto fail; } thr_data = calloc(instance->lanes, sizeof(argon2_thread_data)); if (thr_data == NULL) { rc = ARGON2_MEMORY_ALLOCATION_ERROR; goto fail; } for (r = 0; r < instance->passes; ++r) { for (s = 0; s < ARGON2_SYNC_POINTS; ++s) { uint32_t l, ll; /* 2. Calling threads */ for (l = 0; l < instance->lanes; ++l) { argon2_position_t position; /* 2.1 Join a thread if limit is exceeded */ if (l >= instance->threads) { if (argon2_thread_join(thread[l - instance->threads])) { rc = ARGON2_THREAD_FAIL; goto fail; } } /* 2.2 Create thread */ position.pass = r; position.lane = l; position.slice = (uint8_t)s; position.index = 0; thr_data[l].instance_ptr = instance; /* preparing the thread input */ memcpy(&(thr_data[l].pos), &position, sizeof(argon2_position_t)); if (argon2_thread_create(&thread[l], &fill_segment_thr, (void *)&thr_data[l])) { /* Wait for already running threads */ for (ll = 0; ll < l; ++ll) argon2_thread_join(thread[ll]); rc = ARGON2_THREAD_FAIL; goto fail; } /* fill_segment(instance, position); */ /*Non-thread equivalent of the lines above */ } /* 3. Joining remaining threads */ for (l = instance->lanes - instance->threads; l < instance->lanes; ++l) { if (argon2_thread_join(thread[l])) { rc = ARGON2_THREAD_FAIL; goto fail; } } } #ifdef GENKAT internal_kat(instance, r); /* Print all memory blocks */ #endif } fail: if (thread != NULL) { free(thread); } if (thr_data != NULL) { free(thr_data); } return rc; } #endif /* ARGON2_NO_THREADS */ int fill_memory_blocks(argon2_instance_t *instance) { if (instance == NULL || instance->lanes == 0) { return ARGON2_INCORRECT_PARAMETER; } #if defined(ARGON2_NO_THREADS) return fill_memory_blocks_st(instance); #else return instance->threads == 1 ? fill_memory_blocks_st(instance) : fill_memory_blocks_mt(instance); #endif } int validate_inputs(const argon2_context *context) { if (NULL == context) { return ARGON2_INCORRECT_PARAMETER; } if (NULL == context->out) { return ARGON2_OUTPUT_PTR_NULL; } /* Validate output length */ if (ARGON2_MIN_OUTLEN > context->outlen) { return ARGON2_OUTPUT_TOO_SHORT; } if (ARGON2_MAX_OUTLEN < context->outlen) { return ARGON2_OUTPUT_TOO_LONG; } /* Validate password (required param) */ if (NULL == context->pwd) { if (0 != context->pwdlen) { return ARGON2_PWD_PTR_MISMATCH; } } if (ARGON2_MIN_PWD_LENGTH > context->pwdlen) { return ARGON2_PWD_TOO_SHORT; } if (ARGON2_MAX_PWD_LENGTH < context->pwdlen) { return ARGON2_PWD_TOO_LONG; } /* Validate salt (required param) */ if (NULL == context->salt) { if (0 != context->saltlen) { return ARGON2_SALT_PTR_MISMATCH; } } if (ARGON2_MIN_SALT_LENGTH > context->saltlen) { return ARGON2_SALT_TOO_SHORT; } if (ARGON2_MAX_SALT_LENGTH < context->saltlen) { return ARGON2_SALT_TOO_LONG; } /* Validate secret (optional param) */ if (NULL == context->secret) { if (0 != context->secretlen) { return ARGON2_SECRET_PTR_MISMATCH; } } else { if (ARGON2_MIN_SECRET > context->secretlen) { return ARGON2_SECRET_TOO_SHORT; } if (ARGON2_MAX_SECRET < context->secretlen) { return ARGON2_SECRET_TOO_LONG; } } /* Validate associated data (optional param) */ if (NULL == context->ad) { if (0 != context->adlen) { return ARGON2_AD_PTR_MISMATCH; } } else { if (ARGON2_MIN_AD_LENGTH > context->adlen) { return ARGON2_AD_TOO_SHORT; } if (ARGON2_MAX_AD_LENGTH < context->adlen) { return ARGON2_AD_TOO_LONG; } } /* Validate memory cost */ if (ARGON2_MIN_MEMORY > context->m_cost) { return ARGON2_MEMORY_TOO_LITTLE; } if (ARGON2_MAX_MEMORY < context->m_cost) { return ARGON2_MEMORY_TOO_MUCH; } if (context->m_cost < 8 * context->lanes) { return ARGON2_MEMORY_TOO_LITTLE; } /* Validate time cost */ if (ARGON2_MIN_TIME > context->t_cost) { return ARGON2_TIME_TOO_SMALL; } if (ARGON2_MAX_TIME < context->t_cost) { return ARGON2_TIME_TOO_LARGE; } /* Validate lanes */ if (ARGON2_MIN_LANES > context->lanes) { return ARGON2_LANES_TOO_FEW; } if (ARGON2_MAX_LANES < context->lanes) { return ARGON2_LANES_TOO_MANY; } /* Validate threads */ if (ARGON2_MIN_THREADS > context->threads) { return ARGON2_THREADS_TOO_FEW; } if (ARGON2_MAX_THREADS < context->threads) { return ARGON2_THREADS_TOO_MANY; } if (NULL != context->allocate_cbk && NULL == context->free_cbk) { return ARGON2_FREE_MEMORY_CBK_NULL; } if (NULL == context->allocate_cbk && NULL != context->free_cbk) { return ARGON2_ALLOCATE_MEMORY_CBK_NULL; } return ARGON2_OK; } void fill_first_blocks(uint8_t *blockhash, const argon2_instance_t *instance) { uint32_t l; /* Make the first and second block in each lane as G(H0||0||i) or G(H0||1||i) */ uint8_t blockhash_bytes[ARGON2_BLOCK_SIZE]; for (l = 0; l < instance->lanes; ++l) { store32(blockhash + ARGON2_PREHASH_DIGEST_LENGTH, 0); store32(blockhash + ARGON2_PREHASH_DIGEST_LENGTH + 4, l); blake2b_long(blockhash_bytes, ARGON2_BLOCK_SIZE, blockhash, ARGON2_PREHASH_SEED_LENGTH); load_block(&instance->memory[l * instance->lane_length + 0], blockhash_bytes); store32(blockhash + ARGON2_PREHASH_DIGEST_LENGTH, 1); blake2b_long(blockhash_bytes, ARGON2_BLOCK_SIZE, blockhash, ARGON2_PREHASH_SEED_LENGTH); load_block(&instance->memory[l * instance->lane_length + 1], blockhash_bytes); } clear_internal_memory(blockhash_bytes, ARGON2_BLOCK_SIZE); } void initial_hash(uint8_t *blockhash, argon2_context *context, argon2_type type) { blake2b_state BlakeHash; uint8_t value[sizeof(uint32_t)]; if (NULL == context || NULL == blockhash) { return; } blake2b_init(&BlakeHash, ARGON2_PREHASH_DIGEST_LENGTH); store32(&value, context->lanes); blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); store32(&value, context->outlen); blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); store32(&value, context->m_cost); blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); store32(&value, context->t_cost); blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); store32(&value, context->version); blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); store32(&value, (uint32_t)type); blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); store32(&value, context->pwdlen); blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); if (context->pwd != NULL) { blake2b_update(&BlakeHash, (const uint8_t *)context->pwd, context->pwdlen); if (context->flags & ARGON2_FLAG_CLEAR_PASSWORD) { secure_wipe_memory(context->pwd, context->pwdlen); context->pwdlen = 0; } } store32(&value, context->saltlen); blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); if (context->salt != NULL) { blake2b_update(&BlakeHash, (const uint8_t *)context->salt, context->saltlen); } store32(&value, context->secretlen); blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); if (context->secret != NULL) { blake2b_update(&BlakeHash, (const uint8_t *)context->secret, context->secretlen); if (context->flags & ARGON2_FLAG_CLEAR_SECRET) { secure_wipe_memory(context->secret, context->secretlen); context->secretlen = 0; } } store32(&value, context->adlen); blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); if (context->ad != NULL) { blake2b_update(&BlakeHash, (const uint8_t *)context->ad, context->adlen); } blake2b_final(&BlakeHash, blockhash, ARGON2_PREHASH_DIGEST_LENGTH); } int initialize(argon2_instance_t *instance, argon2_context *context) { uint8_t blockhash[ARGON2_PREHASH_SEED_LENGTH]; int result = ARGON2_OK; if (instance == NULL || context == NULL) return ARGON2_INCORRECT_PARAMETER; instance->context_ptr = context; /* 1. Memory allocation */ result = allocate_memory(context, (uint8_t **)&(instance->memory), instance->memory_blocks, sizeof(block)); if (result != ARGON2_OK) { return result; } /* 2. Initial hashing */ /* H_0 + 8 extra bytes to produce the first blocks */ /* uint8_t blockhash[ARGON2_PREHASH_SEED_LENGTH]; */ /* Hashing all inputs */ initial_hash(blockhash, context, instance->type); /* Zeroing 8 extra bytes */ clear_internal_memory(blockhash + ARGON2_PREHASH_DIGEST_LENGTH, ARGON2_PREHASH_SEED_LENGTH - ARGON2_PREHASH_DIGEST_LENGTH); #ifdef GENKAT initial_kat(blockhash, context, instance->type); #endif /* 3. Creating first blocks, we always have at least two blocks in a slice */ fill_first_blocks(blockhash, instance); /* Clearing the hash */ clear_internal_memory(blockhash, ARGON2_PREHASH_SEED_LENGTH); return ARGON2_OK; } core.h100644001750001750 2040715004670131 15361 0ustar00leontleont000000000000Crypt-Argon2-0.030/src/* * Argon2 reference source code package - reference C implementations * * Copyright 2015 * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves * * You may use this work under the terms of a Creative Commons CC0 1.0 * License/Waiver or the Apache Public License 2.0, at your option. The terms of * these licenses can be found at: * * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0 * - Apache 2.0 : https://www.apache.org/licenses/LICENSE-2.0 * * You should have received a copy of both of these licenses along with this * software. If not, they may be obtained at the above URLs. */ #ifndef ARGON2_CORE_H #define ARGON2_CORE_H #include "argon2.h" #define CONST_CAST(x) (x)(uintptr_t) /**********************Argon2 internal constants*******************************/ enum argon2_core_constants { /* Memory block size in bytes */ ARGON2_BLOCK_SIZE = 1024, ARGON2_QWORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 8, ARGON2_OWORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 16, ARGON2_HWORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 32, ARGON2_512BIT_WORDS_IN_BLOCK = ARGON2_BLOCK_SIZE / 64, /* Number of pseudo-random values generated by one call to Blake in Argon2i to generate reference block positions */ ARGON2_ADDRESSES_IN_BLOCK = 128, /* Pre-hashing digest length and its extension*/ ARGON2_PREHASH_DIGEST_LENGTH = 64, ARGON2_PREHASH_SEED_LENGTH = 72 }; /*************************Argon2 internal data types***********************/ /* * Structure for the (1KB) memory block implemented as 128 64-bit words. * Memory blocks can be copied, XORed. Internal words can be accessed by [] (no * bounds checking). */ typedef struct block_ { uint64_t v[ARGON2_QWORDS_IN_BLOCK]; } block; /*****************Functions that work with the block******************/ /* Initialize each byte of the block with @in */ void init_block_value(block *b, uint8_t in); /* Copy block @src to block @dst */ void copy_block(block *dst, const block *src); /* XOR @src onto @dst bytewise */ void xor_block(block *dst, const block *src); /* * Argon2 instance: memory pointer, number of passes, amount of memory, type, * and derived values. * Used to evaluate the number and location of blocks to construct in each * thread */ typedef struct Argon2_instance_t { block *memory; /* Memory pointer */ uint32_t version; uint32_t passes; /* Number of passes */ uint32_t memory_blocks; /* Number of blocks in memory */ uint32_t segment_length; uint32_t lane_length; uint32_t lanes; uint32_t threads; argon2_type type; int print_internals; /* whether to print the memory blocks */ argon2_context *context_ptr; /* points back to original context */ } argon2_instance_t; /* * Argon2 position: where we construct the block right now. Used to distribute * work between threads. */ typedef struct Argon2_position_t { uint32_t pass; uint32_t lane; uint8_t slice; uint32_t index; } argon2_position_t; /*Struct that holds the inputs for thread handling FillSegment*/ typedef struct Argon2_thread_data { argon2_instance_t *instance_ptr; argon2_position_t pos; } argon2_thread_data; /*************************Argon2 core functions********************************/ /* Allocates memory to the given pointer, uses the appropriate allocator as * specified in the context. Total allocated memory is num*size. * @param context argon2_context which specifies the allocator * @param memory pointer to the pointer to the memory * @param size the size in bytes for each element to be allocated * @param num the number of elements to be allocated * @return ARGON2_OK if @memory is a valid pointer and memory is allocated */ int allocate_memory(const argon2_context *context, uint8_t **memory, size_t num, size_t size); /* * Frees memory at the given pointer, uses the appropriate deallocator as * specified in the context. Also cleans the memory using clear_internal_memory. * @param context argon2_context which specifies the deallocator * @param memory pointer to buffer to be freed * @param size the size in bytes for each element to be deallocated * @param num the number of elements to be deallocated */ void free_memory(const argon2_context *context, uint8_t *memory, size_t num, size_t size); /* Function that securely cleans the memory. This ignores any flags set * regarding clearing memory. Usually one just calls clear_internal_memory. * @param mem Pointer to the memory * @param s Memory size in bytes */ void secure_wipe_memory(void *v, size_t n); /* Function that securely clears the memory if FLAG_clear_internal_memory is * set. If the flag isn't set, this function does nothing. * @param mem Pointer to the memory * @param s Memory size in bytes */ void clear_internal_memory(void *v, size_t n); /* * Computes absolute position of reference block in the lane following a skewed * distribution and using a pseudo-random value as input * @param instance Pointer to the current instance * @param position Pointer to the current position * @param pseudo_rand 32-bit pseudo-random value used to determine the position * @param same_lane Indicates if the block will be taken from the current lane. * If so we can reference the current segment * @pre All pointers must be valid */ uint32_t index_alpha(const argon2_instance_t *instance, const argon2_position_t *position, uint32_t pseudo_rand, int same_lane); /* * Function that validates all inputs against predefined restrictions and return * an error code * @param context Pointer to current Argon2 context * @return ARGON2_OK if everything is all right, otherwise one of error codes * (all defined in */ int validate_inputs(const argon2_context *context); /* * Hashes all the inputs into @a blockhash[PREHASH_DIGEST_LENGTH], clears * password and secret if needed * @param context Pointer to the Argon2 internal structure containing memory * pointer, and parameters for time and space requirements. * @param blockhash Buffer for pre-hashing digest * @param type Argon2 type * @pre @a blockhash must have at least @a PREHASH_DIGEST_LENGTH bytes * allocated */ void initial_hash(uint8_t *blockhash, argon2_context *context, argon2_type type); /* * Function creates first 2 blocks per lane * @param instance Pointer to the current instance * @param blockhash Pointer to the pre-hashing digest * @pre blockhash must point to @a PREHASH_SEED_LENGTH allocated values */ void fill_first_blocks(uint8_t *blockhash, const argon2_instance_t *instance); /* * Function allocates memory, hashes the inputs with Blake, and creates first * two blocks. Returns the pointer to the main memory with 2 blocks per lane * initialized * @param context Pointer to the Argon2 internal structure containing memory * pointer, and parameters for time and space requirements. * @param instance Current Argon2 instance * @return Zero if successful, -1 if memory failed to allocate. @context->state * will be modified if successful. */ int initialize(argon2_instance_t *instance, argon2_context *context); /* * XORing the last block of each lane, hashing it, making the tag. Deallocates * the memory. * @param context Pointer to current Argon2 context (use only the out parameters * from it) * @param instance Pointer to current instance of Argon2 * @pre instance->state must point to necessary amount of memory * @pre context->out must point to outlen bytes of memory * @pre if context->free_cbk is not NULL, it should point to a function that * deallocates memory */ void finalize(const argon2_context *context, argon2_instance_t *instance); /* * Function that fills the segment using previous segments also from other * threads * @param context current context * @param instance Pointer to the current instance * @param position Current position * @pre all block pointers must be valid */ void fill_segment(const argon2_instance_t *instance, argon2_position_t position); /* * Function that fills the entire memory t_cost times based on the first two * blocks in each lane * @param instance Pointer to the current instance * @return ARGON2_OK if successful, @context->state */ int fill_memory_blocks(argon2_instance_t *instance); #endif argon2.c100644001750001750 3421115004670131 15612 0ustar00leontleont000000000000Crypt-Argon2-0.030/src/* * Argon2 reference source code package - reference C implementations * * Copyright 2015 * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves * * You may use this work under the terms of a Creative Commons CC0 1.0 * License/Waiver or the Apache Public License 2.0, at your option. The terms of * these licenses can be found at: * * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0 * - Apache 2.0 : https://www.apache.org/licenses/LICENSE-2.0 * * You should have received a copy of both of these licenses along with this * software. If not, they may be obtained at the above URLs. */ #include #include #include #include "argon2.h" #include "encoding.h" #include "core.h" const char *argon2_type2string(argon2_type type, int uppercase) { switch (type) { case Argon2_d: return uppercase ? "Argon2d" : "argon2d"; case Argon2_i: return uppercase ? "Argon2i" : "argon2i"; case Argon2_id: return uppercase ? "Argon2id" : "argon2id"; } return NULL; } int argon2_ctx(argon2_context *context, argon2_type type) { /* 1. Validate all inputs */ int result = validate_inputs(context); uint32_t memory_blocks, segment_length; argon2_instance_t instance; if (ARGON2_OK != result) { return result; } if (Argon2_d != type && Argon2_i != type && Argon2_id != type) { return ARGON2_INCORRECT_TYPE; } /* 2. Align memory size */ /* Minimum memory_blocks = 8L blocks, where L is the number of lanes */ memory_blocks = context->m_cost; if (memory_blocks < 2 * ARGON2_SYNC_POINTS * context->lanes) { memory_blocks = 2 * ARGON2_SYNC_POINTS * context->lanes; } segment_length = memory_blocks / (context->lanes * ARGON2_SYNC_POINTS); /* Ensure that all segments have equal length */ memory_blocks = segment_length * (context->lanes * ARGON2_SYNC_POINTS); instance.version = context->version; instance.memory = NULL; instance.passes = context->t_cost; instance.memory_blocks = memory_blocks; instance.segment_length = segment_length; instance.lane_length = segment_length * ARGON2_SYNC_POINTS; instance.lanes = context->lanes; instance.threads = context->threads; instance.type = type; if (instance.threads > instance.lanes) { instance.threads = instance.lanes; } /* 3. Initialization: Hashing inputs, allocating memory, filling first * blocks */ result = initialize(&instance, context); if (ARGON2_OK != result) { return result; } /* 4. Filling memory */ result = fill_memory_blocks(&instance); if (ARGON2_OK != result) { return result; } /* 5. Finalization */ finalize(context, &instance); return ARGON2_OK; } int argon2_hash(const uint32_t t_cost, const uint32_t m_cost, const uint32_t parallelism, const void *pwd, const size_t pwdlen, const void *salt, const size_t saltlen, void *hash, const size_t hashlen, char *encoded, const size_t encodedlen, argon2_type type, const uint32_t version){ argon2_context context; int result; uint8_t *out; if (pwdlen > ARGON2_MAX_PWD_LENGTH) { return ARGON2_PWD_TOO_LONG; } if (saltlen > ARGON2_MAX_SALT_LENGTH) { return ARGON2_SALT_TOO_LONG; } if (hashlen > ARGON2_MAX_OUTLEN) { return ARGON2_OUTPUT_TOO_LONG; } if (hashlen < ARGON2_MIN_OUTLEN) { return ARGON2_OUTPUT_TOO_SHORT; } out = malloc(hashlen); if (!out) { return ARGON2_MEMORY_ALLOCATION_ERROR; } context.out = (uint8_t *)out; context.outlen = (uint32_t)hashlen; context.pwd = CONST_CAST(uint8_t *)pwd; context.pwdlen = (uint32_t)pwdlen; context.salt = CONST_CAST(uint8_t *)salt; context.saltlen = (uint32_t)saltlen; context.secret = NULL; context.secretlen = 0; context.ad = NULL; context.adlen = 0; context.t_cost = t_cost; context.m_cost = m_cost; context.lanes = parallelism; context.threads = parallelism; context.allocate_cbk = NULL; context.free_cbk = NULL; context.flags = ARGON2_DEFAULT_FLAGS; context.version = version; result = argon2_ctx(&context, type); if (result != ARGON2_OK) { clear_internal_memory(out, hashlen); free(out); return result; } /* if raw hash requested, write it */ if (hash) { memcpy(hash, out, hashlen); } /* if encoding requested, write it */ if (encoded && encodedlen) { if (encode_string(encoded, encodedlen, &context, type) != ARGON2_OK) { clear_internal_memory(out, hashlen); /* wipe buffers if error */ clear_internal_memory(encoded, encodedlen); free(out); return ARGON2_ENCODING_FAIL; } } clear_internal_memory(out, hashlen); free(out); return ARGON2_OK; } int argon2i_hash_encoded(const uint32_t t_cost, const uint32_t m_cost, const uint32_t parallelism, const void *pwd, const size_t pwdlen, const void *salt, const size_t saltlen, const size_t hashlen, char *encoded, const size_t encodedlen) { return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen, NULL, hashlen, encoded, encodedlen, Argon2_i, ARGON2_VERSION_NUMBER); } int argon2i_hash_raw(const uint32_t t_cost, const uint32_t m_cost, const uint32_t parallelism, const void *pwd, const size_t pwdlen, const void *salt, const size_t saltlen, void *hash, const size_t hashlen) { return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen, hash, hashlen, NULL, 0, Argon2_i, ARGON2_VERSION_NUMBER); } int argon2d_hash_encoded(const uint32_t t_cost, const uint32_t m_cost, const uint32_t parallelism, const void *pwd, const size_t pwdlen, const void *salt, const size_t saltlen, const size_t hashlen, char *encoded, const size_t encodedlen) { return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen, NULL, hashlen, encoded, encodedlen, Argon2_d, ARGON2_VERSION_NUMBER); } int argon2d_hash_raw(const uint32_t t_cost, const uint32_t m_cost, const uint32_t parallelism, const void *pwd, const size_t pwdlen, const void *salt, const size_t saltlen, void *hash, const size_t hashlen) { return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen, hash, hashlen, NULL, 0, Argon2_d, ARGON2_VERSION_NUMBER); } int argon2id_hash_encoded(const uint32_t t_cost, const uint32_t m_cost, const uint32_t parallelism, const void *pwd, const size_t pwdlen, const void *salt, const size_t saltlen, const size_t hashlen, char *encoded, const size_t encodedlen) { return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen, NULL, hashlen, encoded, encodedlen, Argon2_id, ARGON2_VERSION_NUMBER); } int argon2id_hash_raw(const uint32_t t_cost, const uint32_t m_cost, const uint32_t parallelism, const void *pwd, const size_t pwdlen, const void *salt, const size_t saltlen, void *hash, const size_t hashlen) { return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen, hash, hashlen, NULL, 0, Argon2_id, ARGON2_VERSION_NUMBER); } static int argon2_compare(const uint8_t *b1, const uint8_t *b2, size_t len) { size_t i; uint8_t d = 0U; for (i = 0U; i < len; i++) { d |= b1[i] ^ b2[i]; } return (int)((1 & ((d - 1) >> 8)) - 1); } int argon2_verify(const char *encoded, const void *pwd, const size_t pwdlen, argon2_type type) { argon2_context ctx; uint8_t *desired_result = NULL; int ret = ARGON2_OK; size_t encoded_len; uint32_t max_field_len; if (pwdlen > ARGON2_MAX_PWD_LENGTH) { return ARGON2_PWD_TOO_LONG; } if (encoded == NULL) { return ARGON2_DECODING_FAIL; } encoded_len = strlen(encoded); if (encoded_len > UINT32_MAX) { return ARGON2_DECODING_FAIL; } /* No field can be longer than the encoded length */ max_field_len = (uint32_t)encoded_len; ctx.saltlen = max_field_len; ctx.outlen = max_field_len; ctx.salt = malloc(ctx.saltlen); ctx.out = malloc(ctx.outlen); if (!ctx.salt || !ctx.out) { ret = ARGON2_MEMORY_ALLOCATION_ERROR; goto fail; } ctx.pwd = (uint8_t *)pwd; ctx.pwdlen = (uint32_t)pwdlen; ret = decode_string(&ctx, encoded, type); if (ret != ARGON2_OK) { goto fail; } /* Set aside the desired result, and get a new buffer. */ desired_result = ctx.out; ctx.out = malloc(ctx.outlen); if (!ctx.out) { ret = ARGON2_MEMORY_ALLOCATION_ERROR; goto fail; } ret = argon2_verify_ctx(&ctx, (char *)desired_result, type); if (ret != ARGON2_OK) { goto fail; } fail: free(ctx.salt); free(ctx.out); free(desired_result); return ret; } int argon2i_verify(const char *encoded, const void *pwd, const size_t pwdlen) { return argon2_verify(encoded, pwd, pwdlen, Argon2_i); } int argon2d_verify(const char *encoded, const void *pwd, const size_t pwdlen) { return argon2_verify(encoded, pwd, pwdlen, Argon2_d); } int argon2id_verify(const char *encoded, const void *pwd, const size_t pwdlen) { return argon2_verify(encoded, pwd, pwdlen, Argon2_id); } int argon2d_ctx(argon2_context *context) { return argon2_ctx(context, Argon2_d); } int argon2i_ctx(argon2_context *context) { return argon2_ctx(context, Argon2_i); } int argon2id_ctx(argon2_context *context) { return argon2_ctx(context, Argon2_id); } int argon2_verify_ctx(argon2_context *context, const char *hash, argon2_type type) { int ret = argon2_ctx(context, type); if (ret != ARGON2_OK) { return ret; } if (argon2_compare((uint8_t *)hash, context->out, context->outlen)) { return ARGON2_VERIFY_MISMATCH; } return ARGON2_OK; } int argon2d_verify_ctx(argon2_context *context, const char *hash) { return argon2_verify_ctx(context, hash, Argon2_d); } int argon2i_verify_ctx(argon2_context *context, const char *hash) { return argon2_verify_ctx(context, hash, Argon2_i); } int argon2id_verify_ctx(argon2_context *context, const char *hash) { return argon2_verify_ctx(context, hash, Argon2_id); } const char *argon2_error_message(int error_code) { switch (error_code) { case ARGON2_OK: return "OK"; case ARGON2_OUTPUT_PTR_NULL: return "Output pointer is NULL"; case ARGON2_OUTPUT_TOO_SHORT: return "Output is too short"; case ARGON2_OUTPUT_TOO_LONG: return "Output is too long"; case ARGON2_PWD_TOO_SHORT: return "Password is too short"; case ARGON2_PWD_TOO_LONG: return "Password is too long"; case ARGON2_SALT_TOO_SHORT: return "Salt is too short"; case ARGON2_SALT_TOO_LONG: return "Salt is too long"; case ARGON2_AD_TOO_SHORT: return "Associated data is too short"; case ARGON2_AD_TOO_LONG: return "Associated data is too long"; case ARGON2_SECRET_TOO_SHORT: return "Secret is too short"; case ARGON2_SECRET_TOO_LONG: return "Secret is too long"; case ARGON2_TIME_TOO_SMALL: return "Time cost is too small"; case ARGON2_TIME_TOO_LARGE: return "Time cost is too large"; case ARGON2_MEMORY_TOO_LITTLE: return "Memory cost is too small"; case ARGON2_MEMORY_TOO_MUCH: return "Memory cost is too large"; case ARGON2_LANES_TOO_FEW: return "Too few lanes"; case ARGON2_LANES_TOO_MANY: return "Too many lanes"; case ARGON2_PWD_PTR_MISMATCH: return "Password pointer is NULL, but password length is not 0"; case ARGON2_SALT_PTR_MISMATCH: return "Salt pointer is NULL, but salt length is not 0"; case ARGON2_SECRET_PTR_MISMATCH: return "Secret pointer is NULL, but secret length is not 0"; case ARGON2_AD_PTR_MISMATCH: return "Associated data pointer is NULL, but ad length is not 0"; case ARGON2_MEMORY_ALLOCATION_ERROR: return "Memory allocation error"; case ARGON2_FREE_MEMORY_CBK_NULL: return "The free memory callback is NULL"; case ARGON2_ALLOCATE_MEMORY_CBK_NULL: return "The allocate memory callback is NULL"; case ARGON2_INCORRECT_PARAMETER: return "Argon2_Context context is NULL"; case ARGON2_INCORRECT_TYPE: return "There is no such version of Argon2"; case ARGON2_OUT_PTR_MISMATCH: return "Output pointer mismatch"; case ARGON2_THREADS_TOO_FEW: return "Not enough threads"; case ARGON2_THREADS_TOO_MANY: return "Too many threads"; case ARGON2_MISSING_ARGS: return "Missing arguments"; case ARGON2_ENCODING_FAIL: return "Encoding failed"; case ARGON2_DECODING_FAIL: return "Decoding failed"; case ARGON2_THREAD_FAIL: return "Threading failure"; case ARGON2_DECODING_LENGTH_FAIL: return "Some of encoded parameters are too long or too short"; case ARGON2_VERIFY_MISMATCH: return "The password does not match the supplied hash"; default: return "Unknown error code"; } } size_t argon2_encodedlen(uint32_t t_cost, uint32_t m_cost, uint32_t parallelism, uint32_t saltlen, uint32_t hashlen, argon2_type type) { return strlen("$$v=$m=,t=,p=$$") + strlen(argon2_type2string(type, 0)) + numlen(t_cost) + numlen(m_cost) + numlen(parallelism) + b64len(saltlen) + b64len(hashlen) + numlen(ARGON2_VERSION_NUMBER) + 1; } switch.c100644001750001750 277615004670131 15716 0ustar00leontleont000000000000Crypt-Argon2-0.030/src#include "core.h" #include "stdlib.h" #ifdef HAVE_AVX512 void fill_segment_avx512(const argon2_instance_t *instance, argon2_position_t position); #endif #ifdef HAVE_AVX2 void fill_segment_avx2(const argon2_instance_t *instance, argon2_position_t position); #endif #ifdef HAVE_SSE3 void fill_segment_sse3(const argon2_instance_t *instance, argon2_position_t position); #endif void fill_segment_ref(const argon2_instance_t *instance, argon2_position_t position); #ifdef HAVE_IFUNC static void (*resolve_fill_segment(void))(const argon2_instance_t *instance, argon2_position_t position) { __builtin_cpu_init(); #ifdef HAVE_AVX512 if (__builtin_cpu_supports("avx512f")) return fill_segment_avx512; else #endif #ifdef HAVE_AVX2 if (__builtin_cpu_supports("avx2")) return fill_segment_avx2; else #endif #ifdef HAVE_SSE3 if (__builtin_cpu_supports("sse3")) return fill_segment_sse3; else #endif return fill_segment_ref; } void fill_segment(const argon2_instance_t *instance, argon2_position_t position) __attribute__ ((ifunc ("resolve_fill_segment"))); #else void fill_segment(const argon2_instance_t *instance, argon2_position_t position) { #ifdef HAVE_AVX512 if (__builtin_cpu_supports("avx512f")) fill_segment_avx512(instance, position); else #endif #ifdef HAVE_AVX2 if (__builtin_cpu_supports("avx2")) fill_segment_avx2(instance, position); else #endif #ifdef HAVE_SSE3 if (__builtin_cpu_supports("sse3")) fill_segment_sse3(instance, position); else #endif fill_segment_ref(instance, position); } #endif thread.c100644001750001750 302615004670131 15651 0ustar00leontleont000000000000Crypt-Argon2-0.030/src/* * Argon2 reference source code package - reference C implementations * * Copyright 2015 * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves * * You may use this work under the terms of a Creative Commons CC0 1.0 * License/Waiver or the Apache Public License 2.0, at your option. The terms of * these licenses can be found at: * * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0 * - Apache 2.0 : https://www.apache.org/licenses/LICENSE-2.0 * * You should have received a copy of both of these licenses along with this * software. If not, they may be obtained at the above URLs. */ #if !defined(ARGON2_NO_THREADS) #include "thread.h" #if defined(_WIN32) #include #endif int argon2_thread_create(argon2_thread_handle_t *handle, argon2_thread_func_t func, void *args) { if (NULL == handle || func == NULL) { return -1; } #if defined(_WIN32) *handle = _beginthreadex(NULL, 0, func, args, 0, NULL); return *handle != 0 ? 0 : -1; #else return pthread_create(handle, NULL, func, args); #endif } int argon2_thread_join(argon2_thread_handle_t handle) { #if defined(_WIN32) if (WaitForSingleObject((HANDLE)handle, INFINITE) == WAIT_OBJECT_0) { return CloseHandle((HANDLE)handle) != 0 ? 0 : -1; } return -1; #else return pthread_join(handle, NULL); #endif } void argon2_thread_exit(void) { #if defined(_WIN32) _endthreadex(0); #else pthread_exit(NULL); #endif } #endif /* ARGON2_NO_THREADS */ thread.h100644001750001750 451215004670131 15657 0ustar00leontleont000000000000Crypt-Argon2-0.030/src/* * Argon2 reference source code package - reference C implementations * * Copyright 2015 * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves * * You may use this work under the terms of a Creative Commons CC0 1.0 * License/Waiver or the Apache Public License 2.0, at your option. The terms of * these licenses can be found at: * * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0 * - Apache 2.0 : https://www.apache.org/licenses/LICENSE-2.0 * * You should have received a copy of both of these licenses along with this * software. If not, they may be obtained at the above URLs. */ #ifndef ARGON2_THREAD_H #define ARGON2_THREAD_H #if !defined(ARGON2_NO_THREADS) /* Here we implement an abstraction layer for the simpĺe requirements of the Argon2 code. We only require 3 primitives---thread creation, joining, and termination---so full emulation of the pthreads API is unwarranted. Currently we wrap pthreads and Win32 threads. The API defines 2 types: the function pointer type, argon2_thread_func_t, and the type of the thread handle---argon2_thread_handle_t. */ #if defined(_WIN32) #include typedef unsigned(__stdcall *argon2_thread_func_t)(void *); typedef uintptr_t argon2_thread_handle_t; #else #include typedef void *(*argon2_thread_func_t)(void *); typedef pthread_t argon2_thread_handle_t; #endif /* Creates a thread * @param handle pointer to a thread handle, which is the output of this * function. Must not be NULL. * @param func A function pointer for the thread's entry point. Must not be * NULL. * @param args Pointer that is passed as an argument to @func. May be NULL. * @return 0 if @handle and @func are valid pointers and a thread is successfully * created. */ int argon2_thread_create(argon2_thread_handle_t *handle, argon2_thread_func_t func, void *args); /* Waits for a thread to terminate * @param handle Handle to a thread created with argon2_thread_create. * @return 0 if @handle is a valid handle, and joining completed successfully. */ int argon2_thread_join(argon2_thread_handle_t handle); /* Terminate the current thread. Must be run inside a thread created by * argon2_thread_create. */ void argon2_thread_exit(void); #endif /* ARGON2_NO_THREADS */ #endif planner000755001750001750 015004670131 14745 5ustar00leontleont000000000000Crypt-Argon2-0.030xs.pl100644001750001750 400215004670131 16070 0ustar00leontleont000000000000Crypt-Argon2-0.030/planneruse strict; use warnings; load_extension('Dist::Build::XS'); load_extension('Dist::Build::XS::Conf'); my @sources = map { "src/$_.c" } qw{argon2 core encoding thread blake2/blake2b switch}; sub add_source { my ($name, $input_base, @flags) = @_; push @sources, { source => "src/$input_base.c", object => "src/$name.o", flags => \@flags, defines => { fill_segment => "fill_segment_$name" }, }; } sub try_optimized { my ($name, $flag, $code) = @_; my $can_build = try_compile_run(source => $code, define => "HAVE_\U$name", extra_compiler_flags => [ $flag ]); add_source($name, 'opt', $flag) if $can_build; } add_source('ref', 'ref'); my $has_sse3 = try_optimized('sse3', '-msse3', <<'EOF'); #include int main () { __m128i input, output; if (__builtin_cpu_supports("sse3")) output = _mm_loadu_si128(&input); } EOF if ($has_sse3) { try_optimized('avx2', '-march=haswell', <<'EOF'); #include int main () { __m256i input, output; if (__builtin_cpu_supports("avx2")) output = _mm256_loadu_si256(&input); } EOF try_optimized('avx512', '-march=skylake-avx512', <<'EOF'); #include int main () { __m512i input, output; if (__builtin_cpu_supports("avx512f")) output = _mm512_loadu_si512(&input); } EOF try_compile_run(source => <<'EOF', define => 'HAVE_IFUNC'); #include void fill_segment_sse3(const int *instance, size_t position) { } void fill_segment_ref(const int *instance, size_t position) { } static void (*resolve_fill_segment(void))(const int *instance, size_t position) { __builtin_cpu_init(); if (__builtin_cpu_supports("sse3")) return fill_segment_sse3; else return fill_segment_ref; } void fill_segment(const int *instance, size_t position) __attribute__ ((ifunc ("resolve_fill_segment"))); int main() { fill_segment(NULL, 0); return 0; } EOF } if (is_os_type('Unix')) { push_extra_compiler_flags('-pthread'); push_extra_linker_flags('-pthread'); } add_xs( include_dirs => [ 'include' ], extra_sources => \@sources, ); encoding.c100644001750001750 3761515004670131 16223 0ustar00leontleont000000000000Crypt-Argon2-0.030/src/* * Argon2 reference source code package - reference C implementations * * Copyright 2015 * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves * * You may use this work under the terms of a Creative Commons CC0 1.0 * License/Waiver or the Apache Public License 2.0, at your option. The terms of * these licenses can be found at: * * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0 * - Apache 2.0 : https://www.apache.org/licenses/LICENSE-2.0 * * You should have received a copy of both of these licenses along with this * software. If not, they may be obtained at the above URLs. */ #include #include #include #include #include "encoding.h" #include "core.h" /* * Example code for a decoder and encoder of "hash strings", with Argon2 * parameters. * * This code comprises three sections: * * -- The first section contains generic Base64 encoding and decoding * functions. It is conceptually applicable to any hash function * implementation that uses Base64 to encode and decode parameters, * salts and outputs. It could be made into a library, provided that * the relevant functions are made public (non-static) and be given * reasonable names to avoid collisions with other functions. * * -- The second section is specific to Argon2. It encodes and decodes * the parameters, salts and outputs. It does not compute the hash * itself. * * The code was originally written by Thomas Pornin , * to whom comments and remarks may be sent. It is released under what * should amount to Public Domain or its closest equivalent; the * following mantra is supposed to incarnate that fact with all the * proper legal rituals: * * --------------------------------------------------------------------- * This file is provided under the terms of Creative Commons CC0 1.0 * Public Domain Dedication. To the extent possible under law, the * author (Thomas Pornin) has waived all copyright and related or * neighboring rights to this file. This work is published from: Canada. * --------------------------------------------------------------------- * * Copyright (c) 2015 Thomas Pornin */ /* ==================================================================== */ /* * Common code; could be shared between different hash functions. * * Note: the Base64 functions below assume that uppercase letters (resp. * lowercase letters) have consecutive numerical codes, that fit on 8 * bits. All modern systems use ASCII-compatible charsets, where these * properties are true. If you are stuck with a dinosaur of a system * that still defaults to EBCDIC then you already have much bigger * interoperability issues to deal with. */ /* * Some macros for constant-time comparisons. These work over values in * the 0..255 range. Returned value is 0x00 on "false", 0xFF on "true". */ #define EQ(x, y) ((((0U - ((unsigned)(x) ^ (unsigned)(y))) >> 8) & 0xFF) ^ 0xFF) #define GT(x, y) ((((unsigned)(y) - (unsigned)(x)) >> 8) & 0xFF) #define GE(x, y) (GT(y, x) ^ 0xFF) #define LT(x, y) GT(y, x) #define LE(x, y) GE(y, x) /* * Convert value x (0..63) to corresponding Base64 character. */ static int b64_byte_to_char(unsigned x) { return (LT(x, 26) & (x + 'A')) | (GE(x, 26) & LT(x, 52) & (x + ('a' - 26))) | (GE(x, 52) & LT(x, 62) & (x + ('0' - 52))) | (EQ(x, 62) & '+') | (EQ(x, 63) & '/'); } /* * Convert character c to the corresponding 6-bit value. If character c * is not a Base64 character, then 0xFF (255) is returned. */ static unsigned b64_char_to_byte(int c) { unsigned x; x = (GE(c, 'A') & LE(c, 'Z') & (c - 'A')) | (GE(c, 'a') & LE(c, 'z') & (c - ('a' - 26))) | (GE(c, '0') & LE(c, '9') & (c - ('0' - 52))) | (EQ(c, '+') & 62) | (EQ(c, '/') & 63); return x | (EQ(x, 0) & (EQ(c, 'A') ^ 0xFF)); } /* * Convert some bytes to Base64. 'dst_len' is the length (in characters) * of the output buffer 'dst'; if that buffer is not large enough to * receive the result (including the terminating 0), then (size_t)-1 * is returned. Otherwise, the zero-terminated Base64 string is written * in the buffer, and the output length (counted WITHOUT the terminating * zero) is returned. */ static size_t to_base64(char *dst, size_t dst_len, const void *src, size_t src_len) { size_t olen; const unsigned char *buf; unsigned acc, acc_len; olen = (src_len / 3) << 2; switch (src_len % 3) { case 2: olen++; /* fall through */ case 1: olen += 2; break; } if (dst_len <= olen) { return (size_t)-1; } acc = 0; acc_len = 0; buf = (const unsigned char *)src; while (src_len-- > 0) { acc = (acc << 8) + (*buf++); acc_len += 8; while (acc_len >= 6) { acc_len -= 6; *dst++ = (char)b64_byte_to_char((acc >> acc_len) & 0x3F); } } if (acc_len > 0) { *dst++ = (char)b64_byte_to_char((acc << (6 - acc_len)) & 0x3F); } *dst++ = 0; return olen; } /* * Decode Base64 chars into bytes. The '*dst_len' value must initially * contain the length of the output buffer '*dst'; when the decoding * ends, the actual number of decoded bytes is written back in * '*dst_len'. * * Decoding stops when a non-Base64 character is encountered, or when * the output buffer capacity is exceeded. If an error occurred (output * buffer is too small, invalid last characters leading to unprocessed * buffered bits), then NULL is returned; otherwise, the returned value * points to the first non-Base64 character in the source stream, which * may be the terminating zero. */ static const char *from_base64(void *dst, size_t *dst_len, const char *src) { size_t len; unsigned char *buf; unsigned acc, acc_len; buf = (unsigned char *)dst; len = 0; acc = 0; acc_len = 0; for (;;) { unsigned d; d = b64_char_to_byte(*src); if (d == 0xFF) { break; } src++; acc = (acc << 6) + d; acc_len += 6; if (acc_len >= 8) { acc_len -= 8; if ((len++) >= *dst_len) { return NULL; } *buf++ = (acc >> acc_len) & 0xFF; } } /* * If the input length is equal to 1 modulo 4 (which is * invalid), then there will remain 6 unprocessed bits; * otherwise, only 0, 2 or 4 bits are buffered. The buffered * bits must also all be zero. */ if (acc_len > 4 || (acc & (((unsigned)1 << acc_len) - 1)) != 0) { return NULL; } *dst_len = len; return src; } /* * Decode decimal integer from 'str'; the value is written in '*v'. * Returned value is a pointer to the next non-decimal character in the * string. If there is no digit at all, or the value encoding is not * minimal (extra leading zeros), or the value does not fit in an * 'unsigned long', then NULL is returned. */ static const char *decode_decimal(const char *str, unsigned long *v) { const char *orig; unsigned long acc; acc = 0; for (orig = str;; str++) { int c; c = *str; if (c < '0' || c > '9') { break; } c -= '0'; if (acc > (ULONG_MAX / 10)) { return NULL; } acc *= 10; if ((unsigned long)c > (ULONG_MAX - acc)) { return NULL; } acc += (unsigned long)c; } if (str == orig || (*orig == '0' && str != (orig + 1))) { return NULL; } *v = acc; return str; } /* ==================================================================== */ /* * Code specific to Argon2. * * The code below applies the following format: * * $argon2[$v=]$m=,t=,p=$$ * * where is either 'd', 'id', or 'i', is a decimal integer (positive, * fits in an 'unsigned long'), and is Base64-encoded data (no '=' padding * characters, no newline or whitespace). * * The last two binary chunks (encoded in Base64) are, in that order, * the salt and the output. Both are required. The binary salt length and the * output length must be in the allowed ranges defined in argon2.h. * * The ctx struct must contain buffers large enough to hold the salt and pwd * when it is fed into decode_string. */ int decode_string(argon2_context *ctx, const char *str, argon2_type type) { /* check for prefix */ #define CC(prefix) \ do { \ size_t cc_len = strlen(prefix); \ if (strncmp(str, prefix, cc_len) != 0) { \ return ARGON2_DECODING_FAIL; \ } \ str += cc_len; \ } while ((void)0, 0) /* optional prefix checking with supplied code */ #define CC_opt(prefix, code) \ do { \ size_t cc_len = strlen(prefix); \ if (strncmp(str, prefix, cc_len) == 0) { \ str += cc_len; \ { code; } \ } \ } while ((void)0, 0) /* Decoding prefix into decimal */ #define DECIMAL(x) \ do { \ unsigned long dec_x; \ str = decode_decimal(str, &dec_x); \ if (str == NULL) { \ return ARGON2_DECODING_FAIL; \ } \ (x) = dec_x; \ } while ((void)0, 0) /* Decoding prefix into uint32_t decimal */ #define DECIMAL_U32(x) \ do { \ unsigned long dec_x; \ str = decode_decimal(str, &dec_x); \ if (str == NULL || dec_x > UINT32_MAX) { \ return ARGON2_DECODING_FAIL; \ } \ (x) = (uint32_t)dec_x; \ } while ((void)0, 0) /* Decoding base64 into a binary buffer */ #define BIN(buf, max_len, len) \ do { \ size_t bin_len = (max_len); \ str = from_base64(buf, &bin_len, str); \ if (str == NULL || bin_len > UINT32_MAX) { \ return ARGON2_DECODING_FAIL; \ } \ (len) = (uint32_t)bin_len; \ } while ((void)0, 0) size_t maxsaltlen = ctx->saltlen; size_t maxoutlen = ctx->outlen; int validation_result; const char* type_string; /* We should start with the argon2_type we are using */ type_string = argon2_type2string(type, 0); if (!type_string) { return ARGON2_INCORRECT_TYPE; } CC("$"); CC(type_string); /* Reading the version number if the default is suppressed */ ctx->version = ARGON2_VERSION_10; CC_opt("$v=", DECIMAL_U32(ctx->version)); CC("$m="); DECIMAL_U32(ctx->m_cost); CC(",t="); DECIMAL_U32(ctx->t_cost); CC(",p="); DECIMAL_U32(ctx->lanes); ctx->threads = ctx->lanes; CC("$"); BIN(ctx->salt, maxsaltlen, ctx->saltlen); CC("$"); BIN(ctx->out, maxoutlen, ctx->outlen); /* The rest of the fields get the default values */ ctx->secret = NULL; ctx->secretlen = 0; ctx->ad = NULL; ctx->adlen = 0; ctx->allocate_cbk = NULL; ctx->free_cbk = NULL; ctx->flags = ARGON2_DEFAULT_FLAGS; /* On return, must have valid context */ validation_result = validate_inputs(ctx); if (validation_result != ARGON2_OK) { return validation_result; } /* Can't have any additional characters */ if (*str == 0) { return ARGON2_OK; } else { return ARGON2_DECODING_FAIL; } #undef CC #undef CC_opt #undef DECIMAL #undef BIN } int encode_string(char *dst, size_t dst_len, argon2_context *ctx, argon2_type type) { #define SS(str) \ do { \ size_t pp_len = strlen(str); \ if (pp_len >= dst_len) { \ return ARGON2_ENCODING_FAIL; \ } \ memcpy(dst, str, pp_len + 1); \ dst += pp_len; \ dst_len -= pp_len; \ } while ((void)0, 0) #define SX(x) \ do { \ char tmp[30]; \ sprintf(tmp, "%lu", (unsigned long)(x)); \ SS(tmp); \ } while ((void)0, 0) #define SB(buf, len) \ do { \ size_t sb_len = to_base64(dst, dst_len, buf, len); \ if (sb_len == (size_t)-1) { \ return ARGON2_ENCODING_FAIL; \ } \ dst += sb_len; \ dst_len -= sb_len; \ } while ((void)0, 0) const char* type_string = argon2_type2string(type, 0); int validation_result = validate_inputs(ctx); if (!type_string) { return ARGON2_ENCODING_FAIL; } if (validation_result != ARGON2_OK) { return validation_result; } SS("$"); SS(type_string); SS("$v="); SX(ctx->version); SS("$m="); SX(ctx->m_cost); SS(",t="); SX(ctx->t_cost); SS(",p="); SX(ctx->lanes); SS("$"); SB(ctx->salt, ctx->saltlen); SS("$"); SB(ctx->out, ctx->outlen); return ARGON2_OK; #undef SS #undef SX #undef SB } size_t b64len(uint32_t len) { size_t olen = ((size_t)len / 3) << 2; switch (len % 3) { case 2: olen++; /* fall through */ case 1: olen += 2; break; } return olen; } size_t numlen(uint32_t num) { size_t len = 1; while (num >= 10) { ++len; num = num / 10; } return len; } encoding.h100644001750001750 405315004670131 16176 0ustar00leontleont000000000000Crypt-Argon2-0.030/src/* * Argon2 reference source code package - reference C implementations * * Copyright 2015 * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves * * You may use this work under the terms of a Creative Commons CC0 1.0 * License/Waiver or the Apache Public License 2.0, at your option. The terms of * these licenses can be found at: * * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0 * - Apache 2.0 : https://www.apache.org/licenses/LICENSE-2.0 * * You should have received a copy of both of these licenses along with this * software. If not, they may be obtained at the above URLs. */ #ifndef ENCODING_H #define ENCODING_H #include "argon2.h" #define ARGON2_MAX_DECODED_LANES UINT32_C(255) #define ARGON2_MIN_DECODED_SALT_LEN UINT32_C(8) #define ARGON2_MIN_DECODED_OUT_LEN UINT32_C(12) /* * encode an Argon2 hash string into the provided buffer. 'dst_len' * contains the size, in characters, of the 'dst' buffer; if 'dst_len' * is less than the number of required characters (including the * terminating 0), then this function returns ARGON2_ENCODING_ERROR. * * on success, ARGON2_OK is returned. */ int encode_string(char *dst, size_t dst_len, argon2_context *ctx, argon2_type type); /* * Decodes an Argon2 hash string into the provided structure 'ctx'. * The only fields that must be set prior to this call are ctx.saltlen and * ctx.outlen (which must be the maximal salt and out length values that are * allowed), ctx.salt and ctx.out (which must be buffers of the specified * length), and ctx.pwd and ctx.pwdlen which must hold a valid password. * * Invalid input string causes an error. On success, the ctx is valid and all * fields have been initialized. * * Returned value is ARGON2_OK on success, other ARGON2_ codes on error. */ int decode_string(argon2_context *ctx, const char *str, argon2_type type); /* Returns the length of the encoded byte stream with length len */ size_t b64len(uint32_t len); /* Returns the length of the encoded number num */ size_t numlen(uint32_t num); #endif include000755001750001750 015004670131 14731 5ustar00leontleont000000000000Crypt-Argon2-0.030argon2.h100644001750001750 4057715004670131 16467 0ustar00leontleont000000000000Crypt-Argon2-0.030/include/* * Argon2 reference source code package - reference C implementations * * Copyright 2015 * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves * * You may use this work under the terms of a Creative Commons CC0 1.0 * License/Waiver or the Apache Public License 2.0, at your option. The terms of * these licenses can be found at: * * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 * * You should have received a copy of both of these licenses along with this * software. If not, they may be obtained at the above URLs. */ #ifndef ARGON2_H #define ARGON2_H #include #include #include #if defined(__cplusplus) extern "C" { #endif /* Symbols visibility control */ #ifdef A2_VISCTL #define ARGON2_PUBLIC __attribute__((visibility("default"))) #define ARGON2_LOCAL __attribute__ ((visibility ("hidden"))) #elif _MSC_VER #define ARGON2_PUBLIC __declspec(dllexport) #define ARGON2_LOCAL #else #define ARGON2_PUBLIC #define ARGON2_LOCAL #endif /* * Argon2 input parameter restrictions */ /* Minimum and maximum number of lanes (degree of parallelism) */ #define ARGON2_MIN_LANES UINT32_C(1) #define ARGON2_MAX_LANES UINT32_C(0xFFFFFF) /* Minimum and maximum number of threads */ #define ARGON2_MIN_THREADS UINT32_C(1) #define ARGON2_MAX_THREADS UINT32_C(0xFFFFFF) /* Number of synchronization points between lanes per pass */ #define ARGON2_SYNC_POINTS UINT32_C(4) /* Minimum and maximum digest size in bytes */ #define ARGON2_MIN_OUTLEN UINT32_C(4) #define ARGON2_MAX_OUTLEN UINT32_C(0xFFFFFFFF) /* Minimum and maximum number of memory blocks (each of BLOCK_SIZE bytes) */ #define ARGON2_MIN_MEMORY (2 * ARGON2_SYNC_POINTS) /* 2 blocks per slice */ #define ARGON2_MIN(a, b) ((a) < (b) ? (a) : (b)) /* Max memory size is addressing-space/2, topping at 2^32 blocks (4 TB) */ #define ARGON2_MAX_MEMORY_BITS \ ARGON2_MIN(UINT32_C(32), (sizeof(void *) * CHAR_BIT - 10 - 1)) #define ARGON2_MAX_MEMORY \ ARGON2_MIN(UINT32_C(0xFFFFFFFF), UINT64_C(1) << ARGON2_MAX_MEMORY_BITS) /* Minimum and maximum number of passes */ #define ARGON2_MIN_TIME UINT32_C(1) #define ARGON2_MAX_TIME UINT32_C(0xFFFFFFFF) /* Minimum and maximum password length in bytes */ #define ARGON2_MIN_PWD_LENGTH UINT32_C(0) #define ARGON2_MAX_PWD_LENGTH UINT32_C(0xFFFFFFFF) /* Minimum and maximum associated data length in bytes */ #define ARGON2_MIN_AD_LENGTH UINT32_C(0) #define ARGON2_MAX_AD_LENGTH UINT32_C(0xFFFFFFFF) /* Minimum and maximum salt length in bytes */ #define ARGON2_MIN_SALT_LENGTH UINT32_C(8) #define ARGON2_MAX_SALT_LENGTH UINT32_C(0xFFFFFFFF) /* Minimum and maximum key length in bytes */ #define ARGON2_MIN_SECRET UINT32_C(0) #define ARGON2_MAX_SECRET UINT32_C(0xFFFFFFFF) /* Flags to determine which fields are securely wiped (default = no wipe). */ #define ARGON2_DEFAULT_FLAGS UINT32_C(0) #define ARGON2_FLAG_CLEAR_PASSWORD (UINT32_C(1) << 0) #define ARGON2_FLAG_CLEAR_SECRET (UINT32_C(1) << 1) /* Global flag to determine if we are wiping internal memory buffers. This flag * is defined in core.c and deafults to 1 (wipe internal memory). */ extern int FLAG_clear_internal_memory; /* Error codes */ typedef enum Argon2_ErrorCodes { ARGON2_OK = 0, ARGON2_OUTPUT_PTR_NULL = -1, ARGON2_OUTPUT_TOO_SHORT = -2, ARGON2_OUTPUT_TOO_LONG = -3, ARGON2_PWD_TOO_SHORT = -4, ARGON2_PWD_TOO_LONG = -5, ARGON2_SALT_TOO_SHORT = -6, ARGON2_SALT_TOO_LONG = -7, ARGON2_AD_TOO_SHORT = -8, ARGON2_AD_TOO_LONG = -9, ARGON2_SECRET_TOO_SHORT = -10, ARGON2_SECRET_TOO_LONG = -11, ARGON2_TIME_TOO_SMALL = -12, ARGON2_TIME_TOO_LARGE = -13, ARGON2_MEMORY_TOO_LITTLE = -14, ARGON2_MEMORY_TOO_MUCH = -15, ARGON2_LANES_TOO_FEW = -16, ARGON2_LANES_TOO_MANY = -17, ARGON2_PWD_PTR_MISMATCH = -18, /* NULL ptr with non-zero length */ ARGON2_SALT_PTR_MISMATCH = -19, /* NULL ptr with non-zero length */ ARGON2_SECRET_PTR_MISMATCH = -20, /* NULL ptr with non-zero length */ ARGON2_AD_PTR_MISMATCH = -21, /* NULL ptr with non-zero length */ ARGON2_MEMORY_ALLOCATION_ERROR = -22, ARGON2_FREE_MEMORY_CBK_NULL = -23, ARGON2_ALLOCATE_MEMORY_CBK_NULL = -24, ARGON2_INCORRECT_PARAMETER = -25, ARGON2_INCORRECT_TYPE = -26, ARGON2_OUT_PTR_MISMATCH = -27, ARGON2_THREADS_TOO_FEW = -28, ARGON2_THREADS_TOO_MANY = -29, ARGON2_MISSING_ARGS = -30, ARGON2_ENCODING_FAIL = -31, ARGON2_DECODING_FAIL = -32, ARGON2_THREAD_FAIL = -33, ARGON2_DECODING_LENGTH_FAIL = -34, ARGON2_VERIFY_MISMATCH = -35 } argon2_error_codes; /* Memory allocator types --- for external allocation */ typedef int (*allocate_fptr)(uint8_t **memory, size_t bytes_to_allocate); typedef void (*deallocate_fptr)(uint8_t *memory, size_t bytes_to_allocate); /* Argon2 external data structures */ /* ***** * Context: structure to hold Argon2 inputs: * output array and its length, * password and its length, * salt and its length, * secret and its length, * associated data and its length, * number of passes, amount of used memory (in KBytes, can be rounded up a bit) * number of parallel threads that will be run. * All the parameters above affect the output hash value. * Additionally, two function pointers can be provided to allocate and * deallocate the memory (if NULL, memory will be allocated internally). * Also, three flags indicate whether to erase password, secret as soon as they * are pre-hashed (and thus not needed anymore), and the entire memory ***** * Simplest situation: you have output array out[8], password is stored in * pwd[32], salt is stored in salt[16], you do not have keys nor associated * data. You need to spend 1 GB of RAM and you run 5 passes of Argon2d with * 4 parallel lanes. * You want to erase the password, but you're OK with last pass not being * erased. You want to use the default memory allocator. * Then you initialize: Argon2_Context(out,8,pwd,32,salt,16,NULL,0,NULL,0,5,1<<20,4,4,NULL,NULL,true,false,false,false) */ typedef struct Argon2_Context { uint8_t *out; /* output array */ uint32_t outlen; /* digest length */ uint8_t *pwd; /* password array */ uint32_t pwdlen; /* password length */ uint8_t *salt; /* salt array */ uint32_t saltlen; /* salt length */ uint8_t *secret; /* key array */ uint32_t secretlen; /* key length */ uint8_t *ad; /* associated data array */ uint32_t adlen; /* associated data length */ uint32_t t_cost; /* number of passes */ uint32_t m_cost; /* amount of memory requested (KB) */ uint32_t lanes; /* number of lanes */ uint32_t threads; /* maximum number of threads */ uint32_t version; /* version number */ allocate_fptr allocate_cbk; /* pointer to memory allocator */ deallocate_fptr free_cbk; /* pointer to memory deallocator */ uint32_t flags; /* array of bool options */ } argon2_context; /* Argon2 primitive type */ typedef enum Argon2_type { Argon2_d = 0, Argon2_i = 1, Argon2_id = 2 } argon2_type; /* Version of the algorithm */ typedef enum Argon2_version { ARGON2_VERSION_10 = 0x10, ARGON2_VERSION_13 = 0x13, ARGON2_VERSION_NUMBER = ARGON2_VERSION_13 } argon2_version; /* * Function that gives the string representation of an argon2_type. * @param type The argon2_type that we want the string for * @param uppercase Whether the string should have the first letter uppercase * @return NULL if invalid type, otherwise the string representation. */ ARGON2_PUBLIC const char *argon2_type2string(argon2_type type, int uppercase); /* * Function that performs memory-hard hashing with certain degree of parallelism * @param context Pointer to the Argon2 internal structure * @return Error code if smth is wrong, ARGON2_OK otherwise */ ARGON2_PUBLIC int argon2_ctx(argon2_context *context, argon2_type type); /** * Hashes a password with Argon2i, producing an encoded hash * @param t_cost Number of iterations * @param m_cost Sets memory usage to m_cost kibibytes * @param parallelism Number of threads and compute lanes * @param pwd Pointer to password * @param pwdlen Password size in bytes * @param salt Pointer to salt * @param saltlen Salt size in bytes * @param hashlen Desired length of the hash in bytes * @param encoded Buffer where to write the encoded hash * @param encodedlen Size of the buffer (thus max size of the encoded hash) * @pre Different parallelism levels will give different results * @pre Returns ARGON2_OK if successful */ ARGON2_PUBLIC int argon2i_hash_encoded(const uint32_t t_cost, const uint32_t m_cost, const uint32_t parallelism, const void *pwd, const size_t pwdlen, const void *salt, const size_t saltlen, const size_t hashlen, char *encoded, const size_t encodedlen); /** * Hashes a password with Argon2i, producing a raw hash at @hash * @param t_cost Number of iterations * @param m_cost Sets memory usage to m_cost kibibytes * @param parallelism Number of threads and compute lanes * @param pwd Pointer to password * @param pwdlen Password size in bytes * @param salt Pointer to salt * @param saltlen Salt size in bytes * @param hash Buffer where to write the raw hash - updated by the function * @param hashlen Desired length of the hash in bytes * @pre Different parallelism levels will give different results * @pre Returns ARGON2_OK if successful */ ARGON2_PUBLIC int argon2i_hash_raw(const uint32_t t_cost, const uint32_t m_cost, const uint32_t parallelism, const void *pwd, const size_t pwdlen, const void *salt, const size_t saltlen, void *hash, const size_t hashlen); ARGON2_PUBLIC int argon2d_hash_encoded(const uint32_t t_cost, const uint32_t m_cost, const uint32_t parallelism, const void *pwd, const size_t pwdlen, const void *salt, const size_t saltlen, const size_t hashlen, char *encoded, const size_t encodedlen); ARGON2_PUBLIC int argon2d_hash_raw(const uint32_t t_cost, const uint32_t m_cost, const uint32_t parallelism, const void *pwd, const size_t pwdlen, const void *salt, const size_t saltlen, void *hash, const size_t hashlen); ARGON2_PUBLIC int argon2id_hash_encoded(const uint32_t t_cost, const uint32_t m_cost, const uint32_t parallelism, const void *pwd, const size_t pwdlen, const void *salt, const size_t saltlen, const size_t hashlen, char *encoded, const size_t encodedlen); ARGON2_PUBLIC int argon2id_hash_raw(const uint32_t t_cost, const uint32_t m_cost, const uint32_t parallelism, const void *pwd, const size_t pwdlen, const void *salt, const size_t saltlen, void *hash, const size_t hashlen); /* generic function underlying the above ones */ ARGON2_PUBLIC int argon2_hash(const uint32_t t_cost, const uint32_t m_cost, const uint32_t parallelism, const void *pwd, const size_t pwdlen, const void *salt, const size_t saltlen, void *hash, const size_t hashlen, char *encoded, const size_t encodedlen, argon2_type type, const uint32_t version); /** * Verifies a password against an encoded string * Encoded string is restricted as in validate_inputs() * @param encoded String encoding parameters, salt, hash * @param pwd Pointer to password * @pre Returns ARGON2_OK if successful */ ARGON2_PUBLIC int argon2i_verify(const char *encoded, const void *pwd, const size_t pwdlen); ARGON2_PUBLIC int argon2d_verify(const char *encoded, const void *pwd, const size_t pwdlen); ARGON2_PUBLIC int argon2id_verify(const char *encoded, const void *pwd, const size_t pwdlen); /* generic function underlying the above ones */ ARGON2_PUBLIC int argon2_verify(const char *encoded, const void *pwd, const size_t pwdlen, argon2_type type); /** * Argon2d: Version of Argon2 that picks memory blocks depending * on the password and salt. Only for side-channel-free * environment!! ***** * @param context Pointer to current Argon2 context * @return Zero if successful, a non zero error code otherwise */ ARGON2_PUBLIC int argon2d_ctx(argon2_context *context); /** * Argon2i: Version of Argon2 that picks memory blocks * independent on the password and salt. Good for side-channels, * but worse w.r.t. tradeoff attacks if only one pass is used. ***** * @param context Pointer to current Argon2 context * @return Zero if successful, a non zero error code otherwise */ ARGON2_PUBLIC int argon2i_ctx(argon2_context *context); /** * Argon2id: Version of Argon2 where the first half-pass over memory is * password-independent, the rest are password-dependent (on the password and * salt). OK against side channels (they reduce to 1/2-pass Argon2i), and * better with w.r.t. tradeoff attacks (similar to Argon2d). ***** * @param context Pointer to current Argon2 context * @return Zero if successful, a non zero error code otherwise */ ARGON2_PUBLIC int argon2id_ctx(argon2_context *context); /** * Verify if a given password is correct for Argon2d hashing * @param context Pointer to current Argon2 context * @param hash The password hash to verify. The length of the hash is * specified by the context outlen member * @return Zero if successful, a non zero error code otherwise */ ARGON2_PUBLIC int argon2d_verify_ctx(argon2_context *context, const char *hash); /** * Verify if a given password is correct for Argon2i hashing * @param context Pointer to current Argon2 context * @param hash The password hash to verify. The length of the hash is * specified by the context outlen member * @return Zero if successful, a non zero error code otherwise */ ARGON2_PUBLIC int argon2i_verify_ctx(argon2_context *context, const char *hash); /** * Verify if a given password is correct for Argon2id hashing * @param context Pointer to current Argon2 context * @param hash The password hash to verify. The length of the hash is * specified by the context outlen member * @return Zero if successful, a non zero error code otherwise */ ARGON2_PUBLIC int argon2id_verify_ctx(argon2_context *context, const char *hash); /* generic function underlying the above ones */ ARGON2_PUBLIC int argon2_verify_ctx(argon2_context *context, const char *hash, argon2_type type); /** * Get the associated error message for given error code * @return The error message associated with the given error code */ ARGON2_PUBLIC const char *argon2_error_message(int error_code); /** * Returns the encoded hash length for the given input parameters * @param t_cost Number of iterations * @param m_cost Memory usage in kibibytes * @param parallelism Number of threads; used to compute lanes * @param saltlen Salt size in bytes * @param hashlen Hash size in bytes * @param type The argon2_type that we want the encoded length for * @return The encoded hash length in bytes */ ARGON2_PUBLIC size_t argon2_encodedlen(uint32_t t_cost, uint32_t m_cost, uint32_t parallelism, uint32_t saltlen, uint32_t hashlen, argon2_type type); #if defined(__cplusplus) } #endif #endif script.pl100644001750001750 7315004670131 16706 0ustar00leontleont000000000000Crypt-Argon2-0.030/plannerload_extension('Dist::Build::Core'); script_dir('script'); Crypt000755001750001750 015004670131 15155 5ustar00leontleont000000000000Crypt-Argon2-0.030/libArgon2.pm100644001750001750 1523415004670131 17030 0ustar00leontleont000000000000Crypt-Argon2-0.030/lib/Cryptpackage Crypt::Argon2; $Crypt::Argon2::VERSION = '0.030'; use strict; use warnings; use Exporter 5.57 'import'; our @EXPORT_OK = qw/ argon2_raw argon2_pass argon2_verify argon2id_raw argon2id_pass argon2id_verify argon2i_raw argon2i_pass argon2i_verify argon2d_raw argon2_pass argon2_verify argon2_needs_rehash argon2_types/; use XSLoader; XSLoader::load(__PACKAGE__, __PACKAGE__->VERSION || 0); our $type_regex = qr/argon2(?:i|d|id)/; my %multiplier = ( k => 1, M => 1024, G => 1024 * 1024, ); my $regex = qr/ ^ \$ (argon2(?:i|d|id)) \$ v=(\d+) \$ m=(\d+), t=(\d+), p=(\d+) \$ ([^\$]+) \$ (.*) $ /x; sub argon2_needs_rehash { my ($encoded, $type, $t_cost, $m_cost, $parallelism, $output_length, $salt_length) = @_; $m_cost =~ s/ \A (\d+) ([kMG]) \z / $1 * $multiplier{$2} * 1024 /xmse; $m_cost /= 1024; my ($name, $version, $m_got, $t_got, $parallel_got, $salt, $hash) = $encoded =~ $regex or return 1; return 1 if $name ne $type or $version != 19 or $t_got != $t_cost or $m_got != $m_cost or $parallel_got != $parallelism; return 1 if int(3 / 4 * length $salt) != $salt_length or int(3 / 4 * length $hash) != $output_length; return 0; } sub argon2_types { return qw/argon2id argon2i argon2d/; } 1; # ABSTRACT: Perl interface to the Argon2 key derivation functions __END__ =pod =encoding UTF-8 =head1 NAME Crypt::Argon2 - Perl interface to the Argon2 key derivation functions =head1 VERSION version 0.030 =head1 SYNOPSIS use Crypt::Argon2 qw/argon2id_pass argon2_verify/; sub add_pass { my ($user, $password) = @_; my $salt = get_random(16); my $encoded = argon2id_pass($password, $salt, 3, '32M', 1, 16); store_password($user, $encoded); } sub check_password { my ($user, $password) = @_; my $encoded = fetch_encoded($user); return argon2_verify($encoded, $password); } =head1 DESCRIPTION This module implements the Argon2 key derivation function, which is suitable to convert any password into a cryptographic key. This is most often used to for secure storage of passwords but can also be used to derive a encryption key from a password. It offers variable time and memory costs as well as output size. To find appropriate parameters, the bundled program C can be used. =head1 FUNCTIONS =head2 argon2_pass($type, $password, $salt, $t_cost, $m_factor, $parallelism, $tag_size) This function processes the C<$password> with the given C<$salt> and parameters. It encodes the resulting tag and the parameters as a password string (e.g. C<$argon2id$v=19$m=65536,t=2,p=1$c29tZXNhbHQ$wWKIMhR9lyDFvRz9YTZweHKfbftvj+qf+YFY4NeBbtA>). =over 4 =item * C<$type> The argon2 type that is used. This must be one of C<'argon2id'>, C<'argon2i'> or C<'argon2d'>. =item * C<$password> This is the password that is to be turned into a cryptographic key. =item * C<$salt> This is the salt that is used. It must be long enough to be unique. =item * C<$t_cost> This is the time-cost factor, typically a small integer that can be derived as explained above. =item * C<$m_factor> This is the memory costs factor. This must be given as a integer followed by an order of magnitude (C, C or C for kilobytes, megabytes or gigabytes respectively), e.g. C<'64M'>. =item * C<$parallelism> This is the number of threads that are used in computing it. =item * C<$tag_size> This is the size of the raw result in bytes. Typical values are 16 or 32. =back =head2 argon2_verify($encoded, $password) This verifies that the C<$password> matches C<$encoded>. All parameters and the tag value are extracted from C<$encoded>, so no further arguments are necessary. =head2 argon2_raw($type, $password, $salt, $t_cost, $m_factor, $parallelism, $tag_size) This function processes the C<$password> with the given C<$salt> and parameters much like C, but returns the binary tag instead of a formatted string. =head2 argon2id_pass($password, $salt, $t_cost, $m_factor, $parallelism, $tag_size) =head2 argon2i_pass($password, $salt, $t_cost, $m_factor, $parallelism, $tag_size) =head2 argon2d_pass($password, $salt, $t_cost, $m_factor, $parallelism, $tag_size) This function processes the C<$password> much like C does, but the C<$type> argument is set like the function name. =head2 argon2id_verify($encoded, $password) =head2 argon2i_verify($encoded, $password) =head2 argon2d_verify($encoded, $password) This verifies that the C<$password> matches C<$encoded> and the given type. All parameters and the tag value are extracted from C<$encoded>, so no further arguments are necessary. =head2 argon2id_raw($password, $salt, $t_cost, $m_factor, $parallelism, $tag_size) =head2 argon2i_raw($password, $salt, $t_cost, $m_factor, $parallelism, $tag_size) =head2 argon2d_raw($password, $salt, $t_cost, $m_factor, $parallelism, $tag_size) This function processes the C<$password> much like C does, but the C<$type> argument is set like the function name. =head2 argon2_needs_rehash($encoded, $type, $t_cost, $m_cost, $parallelism, $output_length, $salt_length) This function checks if a password-encoded string needs a rehash. It will return true if the C<$type> (valid values are C, C or C), C<$t_cost>, C<$m_cost>, C<$parallelism>, C<$output_length> or C<$salt_length> arguments mismatches any of the parameters of the password-encoded hash. =head2 argon2_types This returns all supported argon2 subtypes. Currently that's C<'argon2id'>, C<'argon2i'> and C<'argon2d'>. =head2 ACKNOWLEDGEMENTS This module is based on the reference implementation as can be found at L. =head2 SEE ALSO You will also need a good source of randomness to generate good salts. Some possible solutions include: =over 4 =item * L Its RAND_bytes function is OpenSSL's pseudo-randomness source. =item * L A minimalistic abstraction around OS-provided non-blocking (pseudo-)randomness. =item * C / C A Linux/BSD specific pseudo-file that will allow you to read random bytes. =back Implementations of other similar algorithms include: =over 4 =item * L An implementation of bcrypt, a battle-tested algorithm that tries to be CPU but not particularly memory intensive. =item * L An implementation of scrypt, a older scheme that also tries to be memory hard. =back =head1 AUTHOR Leon Timmermans =head1 COPYRIGHT AND LICENSE This software is Copyright (c) 2013 by Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, Samuel Neves, Thomas Pornin and Leon Timmermans. This is free software, licensed under: The Apache License, Version 2.0, January 2004 =cut Argon2.xs100644001750001750 1272015004670131 17043 0ustar00leontleont000000000000Crypt-Argon2-0.030/lib/Crypt#define PERL_NO_GET_CONTEXT #include #include #include #include static size_t S_parse_size(pTHX_ SV* value, int type) { STRLEN len; const char* string = SvPVbyte(value, len); char* end = NULL; int base = strtoul(string, &end, 0); if (end == string) Perl_croak(aTHX_ "Couldn't compute %s tag: memory cost doesn't contain anything numeric", argon2_type2string(type, 0)); switch(*end) { case '\0': if (base > 1024) return base / 1024; else Perl_croak(aTHX_ "Couldn't compute %s tag: Memory size much be at least a kilobyte", argon2_type2string(type, 0)); case 'k': return base; case 'M': return base * 1024; case 'G': return base * 1024 * 1024; default: Perl_croak(aTHX_ "Couldn't compute %s tag: Can't parse '%c' as an order of magnitude", argon2_type2string(type, 0), *end); } } #define parse_size(value, type) S_parse_size(aTHX_ value, type) typedef enum Argon2_type Argon2_type; static Argon2_type S_find_argon2_type(pTHX_ const char* name, size_t name_len) { if (name_len == 8 && strnEQ(name, "argon2id", 8)) return Argon2_id; else if (name_len == 7 && strnEQ(name, "argon2i", 7)) return Argon2_i; else if (name_len == 7 && strnEQ(name, "argon2d", 7)) return Argon2_d; Perl_croak(aTHX_ "No such argon2 type %s", name); } #define find_argon2_type(name, len) S_find_argon2_type(aTHX_ name, len) static Argon2_type S_XS_unpack_Argon2_type(pTHX_ SV* name_sv) { STRLEN name_len; const char* name = SvPV(name_sv, name_len); return find_argon2_type(name, name_len); } #define XS_unpack_Argon2_type(name) S_XS_unpack_Argon2_type(aTHX_ name) static SV* S_argon2_pass(pTHX_ Argon2_type type, const char* password, size_t password_len, const char* salt, size_t salt_len, int t_cost, SV* m_factor, int parallelism, size_t output_length) { int m_cost = parse_size(m_factor, type); size_t encoded_length = argon2_encodedlen(t_cost, m_cost, parallelism, salt_len, output_length, type); SV* result = newSV(encoded_length - 1); SvPOK_only(result); int rc = argon2_hash(t_cost, m_cost, parallelism, password, password_len, salt, salt_len, NULL, output_length, SvPVX(result), encoded_length, type, ARGON2_VERSION_NUMBER ); if (rc != ARGON2_OK) { SvREFCNT_dec(result); Perl_croak(aTHX_ "Couldn't compute %s tag: %s", argon2_type2string(type, FALSE), argon2_error_message(rc)); } SvCUR(result) = encoded_length - 1; return result; } #define argon2_pass(...) S_argon2_pass(aTHX_ __VA_ARGS__) #define argon2d_pass(...) S_argon2_pass(aTHX_ Argon2_d, __VA_ARGS__) #define argon2i_pass(...) S_argon2_pass(aTHX_ Argon2_i, __VA_ARGS__) #define argon2id_pass(...) S_argon2_pass(aTHX_ Argon2_id, __VA_ARGS__) static SV* S_argon2_raw(pTHX_ Argon2_type type, SV* password, SV* salt, int t_cost, SV* m_factor, int parallelism, size_t output_length) { int m_cost = parse_size(m_factor, type); STRLEN password_len, salt_len; const char* password_raw = SvPVbyte(password, password_len); const char* salt_raw = SvPVbyte(salt, salt_len); SV* result = newSV(output_length); SvPOK_only(result); int rc = argon2_hash(t_cost, m_cost, parallelism, password_raw, password_len, salt_raw, salt_len, SvPVX(result), output_length, NULL, 0, type, ARGON2_VERSION_NUMBER ); if (rc != ARGON2_OK) { SvREFCNT_dec(result); Perl_croak(aTHX_ "Couldn't compute %s tag: %s", argon2_type2string(type, FALSE), argon2_error_message(rc)); } SvCUR(result) = output_length; return result; } #define argon2_raw(...) S_argon2_raw(aTHX_ __VA_ARGS__) MODULE = Crypt::Argon2 PACKAGE = Crypt::Argon2 SV* argon2_pass(Argon2_type type, const char* password, size_t length(password), const char* salt, size_t length(salt), int t_cost, SV* m_factor, int parallelism, size_t output_length) SV* argon2d_pass(const char* password, size_t length(password), const char* salt, size_t length(salt), int t_cost, SV* m_factor, int parallelism, size_t output_length) SV* argon2i_pass(const char* password, size_t length(password), const char* salt, size_t length(salt), int t_cost, SV* m_factor, int parallelism, size_t output_length) SV* argon2id_pass(const char* password, size_t length(password), const char* salt, size_t length(salt), int t_cost, SV* m_factor, int parallelism, size_t output_length) SV* argon2_raw(Argon2_type type, SV* password, SV* salt, int t_cost, SV* m_factor, int parallelism, size_t output_length) SV* argon2id_raw(SV* password, SV* salt, int t_cost, SV* m_factor, int parallelism, size_t output_length) ALIAS: argon2d_raw = Argon2_d argon2i_raw = Argon2_i argon2id_raw = Argon2_id CODE: RETVAL = argon2_raw(ix, password, salt, t_cost, m_factor, parallelism, output_length); OUTPUT: RETVAL bool argon2d_verify(SV* encoded, SV* password) ALIAS: argon2d_verify = Argon2_d argon2i_verify = Argon2_i argon2id_verify = Argon2_id argon2_verify = 4 PREINIT: const char* password_raw, *encoded_raw; STRLEN password_len, encoded_len; int status; CODE: encoded_raw = SvPVbyte(encoded, encoded_len); if (ix == 4) { const char* second_dollar = memchr(encoded_raw + 1, '$', encoded_len - 1); ix = find_argon2_type(encoded_raw + 1, second_dollar - encoded_raw - 1); } password_raw = SvPVbyte(password, password_len); status = argon2_verify(SvPVbyte_nolen(encoded), password_raw, password_len, ix); switch(status) { case ARGON2_OK: RETVAL = TRUE; break; case ARGON2_VERIFY_MISMATCH: RETVAL = FALSE; break; default: Perl_croak(aTHX_ "Could not verify %s tag: %s", argon2_type2string(ix, FALSE), argon2_error_message(status)); } OUTPUT: RETVAL blake2000755001750001750 015004670131 15235 5ustar00leontleont000000000000Crypt-Argon2-0.030/srcblake2.h100644001750001750 546315004670131 16716 0ustar00leontleont000000000000Crypt-Argon2-0.030/src/blake2/* * Argon2 reference source code package - reference C implementations * * Copyright 2015 * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves * * You may use this work under the terms of a Creative Commons CC0 1.0 * License/Waiver or the Apache Public License 2.0, at your option. The terms of * these licenses can be found at: * * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0 * - Apache 2.0 : https://www.apache.org/licenses/LICENSE-2.0 * * You should have received a copy of both of these licenses along with this * software. If not, they may be obtained at the above URLs. */ #ifndef PORTABLE_BLAKE2_H #define PORTABLE_BLAKE2_H #include #if defined(__cplusplus) extern "C" { #endif enum blake2b_constant { BLAKE2B_BLOCKBYTES = 128, BLAKE2B_OUTBYTES = 64, BLAKE2B_KEYBYTES = 64, BLAKE2B_SALTBYTES = 16, BLAKE2B_PERSONALBYTES = 16 }; #pragma pack(push, 1) typedef struct __blake2b_param { uint8_t digest_length; /* 1 */ uint8_t key_length; /* 2 */ uint8_t fanout; /* 3 */ uint8_t depth; /* 4 */ uint32_t leaf_length; /* 8 */ uint64_t node_offset; /* 16 */ uint8_t node_depth; /* 17 */ uint8_t inner_length; /* 18 */ uint8_t reserved[14]; /* 32 */ uint8_t salt[BLAKE2B_SALTBYTES]; /* 48 */ uint8_t personal[BLAKE2B_PERSONALBYTES]; /* 64 */ } blake2b_param; #pragma pack(pop) typedef struct __blake2b_state { uint64_t h[8]; uint64_t t[2]; uint64_t f[2]; uint8_t buf[BLAKE2B_BLOCKBYTES]; unsigned buflen; unsigned outlen; uint8_t last_node; } blake2b_state; /* Ensure param structs have not been wrongly padded */ /* Poor man's static_assert */ enum { blake2_size_check_0 = 1 / !!(CHAR_BIT == 8), blake2_size_check_2 = 1 / !!(sizeof(blake2b_param) == sizeof(uint64_t) * CHAR_BIT) }; /* Streaming API */ ARGON2_LOCAL int blake2b_init(blake2b_state *S, size_t outlen); ARGON2_LOCAL int blake2b_init_key(blake2b_state *S, size_t outlen, const void *key, size_t keylen); ARGON2_LOCAL int blake2b_init_param(blake2b_state *S, const blake2b_param *P); ARGON2_LOCAL int blake2b_update(blake2b_state *S, const void *in, size_t inlen); ARGON2_LOCAL int blake2b_final(blake2b_state *S, void *out, size_t outlen); /* Simple API */ ARGON2_LOCAL int blake2b(void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen); /* Argon2 Team - Begin Code */ ARGON2_LOCAL int blake2b_long(void *out, size_t outlen, const void *in, size_t inlen); /* Argon2 Team - End Code */ #if defined(__cplusplus) } #endif #endif blake2b.c100644001750001750 3034015004670131 17063 0ustar00leontleont000000000000Crypt-Argon2-0.030/src/blake2/* * Argon2 reference source code package - reference C implementations * * Copyright 2015 * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves * * You may use this work under the terms of a Creative Commons CC0 1.0 * License/Waiver or the Apache Public License 2.0, at your option. The terms of * these licenses can be found at: * * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0 * - Apache 2.0 : https://www.apache.org/licenses/LICENSE-2.0 * * You should have received a copy of both of these licenses along with this * software. If not, they may be obtained at the above URLs. */ #include #include #include #include "blake2.h" #include "blake2-impl.h" static const uint64_t blake2b_IV[8] = { UINT64_C(0x6a09e667f3bcc908), UINT64_C(0xbb67ae8584caa73b), UINT64_C(0x3c6ef372fe94f82b), UINT64_C(0xa54ff53a5f1d36f1), UINT64_C(0x510e527fade682d1), UINT64_C(0x9b05688c2b3e6c1f), UINT64_C(0x1f83d9abfb41bd6b), UINT64_C(0x5be0cd19137e2179)}; static const unsigned int blake2b_sigma[12][16] = { {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}, {14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3}, {11, 8, 12, 0, 5, 2, 15, 13, 10, 14, 3, 6, 7, 1, 9, 4}, {7, 9, 3, 1, 13, 12, 11, 14, 2, 6, 5, 10, 4, 0, 15, 8}, {9, 0, 5, 7, 2, 4, 10, 15, 14, 1, 11, 12, 6, 8, 3, 13}, {2, 12, 6, 10, 0, 11, 8, 3, 4, 13, 7, 5, 15, 14, 1, 9}, {12, 5, 1, 15, 14, 13, 4, 10, 0, 7, 6, 3, 9, 2, 8, 11}, {13, 11, 7, 14, 12, 1, 3, 9, 5, 0, 15, 4, 8, 6, 2, 10}, {6, 15, 14, 9, 11, 3, 0, 8, 12, 2, 13, 7, 1, 4, 10, 5}, {10, 2, 8, 4, 7, 6, 1, 5, 15, 11, 9, 14, 3, 12, 13, 0}, {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}, {14, 10, 4, 8, 9, 15, 13, 6, 1, 12, 0, 2, 11, 7, 5, 3}, }; static BLAKE2_INLINE void blake2b_set_lastnode(blake2b_state *S) { S->f[1] = (uint64_t)-1; } static BLAKE2_INLINE void blake2b_set_lastblock(blake2b_state *S) { if (S->last_node) { blake2b_set_lastnode(S); } S->f[0] = (uint64_t)-1; } static BLAKE2_INLINE void blake2b_increment_counter(blake2b_state *S, uint64_t inc) { S->t[0] += inc; S->t[1] += (S->t[0] < inc); } static BLAKE2_INLINE void blake2b_invalidate_state(blake2b_state *S) { clear_internal_memory(S, sizeof(*S)); /* wipe */ blake2b_set_lastblock(S); /* invalidate for further use */ } static BLAKE2_INLINE void blake2b_init0(blake2b_state *S) { memset(S, 0, sizeof(*S)); memcpy(S->h, blake2b_IV, sizeof(S->h)); } int blake2b_init_param(blake2b_state *S, const blake2b_param *P) { const unsigned char *p = (const unsigned char *)P; unsigned int i; if (NULL == P || NULL == S) { return -1; } blake2b_init0(S); /* IV XOR Parameter Block */ for (i = 0; i < 8; ++i) { S->h[i] ^= load64(&p[i * sizeof(S->h[i])]); } S->outlen = P->digest_length; return 0; } /* Sequential blake2b initialization */ int blake2b_init(blake2b_state *S, size_t outlen) { blake2b_param P; if (S == NULL) { return -1; } if ((outlen == 0) || (outlen > BLAKE2B_OUTBYTES)) { blake2b_invalidate_state(S); return -1; } /* Setup Parameter Block for unkeyed BLAKE2 */ P.digest_length = (uint8_t)outlen; P.key_length = 0; P.fanout = 1; P.depth = 1; P.leaf_length = 0; P.node_offset = 0; P.node_depth = 0; P.inner_length = 0; memset(P.reserved, 0, sizeof(P.reserved)); memset(P.salt, 0, sizeof(P.salt)); memset(P.personal, 0, sizeof(P.personal)); return blake2b_init_param(S, &P); } int blake2b_init_key(blake2b_state *S, size_t outlen, const void *key, size_t keylen) { blake2b_param P; if (S == NULL) { return -1; } if ((outlen == 0) || (outlen > BLAKE2B_OUTBYTES)) { blake2b_invalidate_state(S); return -1; } if ((key == 0) || (keylen == 0) || (keylen > BLAKE2B_KEYBYTES)) { blake2b_invalidate_state(S); return -1; } /* Setup Parameter Block for keyed BLAKE2 */ P.digest_length = (uint8_t)outlen; P.key_length = (uint8_t)keylen; P.fanout = 1; P.depth = 1; P.leaf_length = 0; P.node_offset = 0; P.node_depth = 0; P.inner_length = 0; memset(P.reserved, 0, sizeof(P.reserved)); memset(P.salt, 0, sizeof(P.salt)); memset(P.personal, 0, sizeof(P.personal)); if (blake2b_init_param(S, &P) < 0) { blake2b_invalidate_state(S); return -1; } { uint8_t block[BLAKE2B_BLOCKBYTES]; memset(block, 0, BLAKE2B_BLOCKBYTES); memcpy(block, key, keylen); blake2b_update(S, block, BLAKE2B_BLOCKBYTES); /* Burn the key from stack */ clear_internal_memory(block, BLAKE2B_BLOCKBYTES); } return 0; } static void blake2b_compress(blake2b_state *S, const uint8_t *block) { uint64_t m[16]; uint64_t v[16]; unsigned int i, r; for (i = 0; i < 16; ++i) { m[i] = load64(block + i * sizeof(m[i])); } for (i = 0; i < 8; ++i) { v[i] = S->h[i]; } v[8] = blake2b_IV[0]; v[9] = blake2b_IV[1]; v[10] = blake2b_IV[2]; v[11] = blake2b_IV[3]; v[12] = blake2b_IV[4] ^ S->t[0]; v[13] = blake2b_IV[5] ^ S->t[1]; v[14] = blake2b_IV[6] ^ S->f[0]; v[15] = blake2b_IV[7] ^ S->f[1]; #define G(r, i, a, b, c, d) \ do { \ a = a + b + m[blake2b_sigma[r][2 * i + 0]]; \ d = rotr64(d ^ a, 32); \ c = c + d; \ b = rotr64(b ^ c, 24); \ a = a + b + m[blake2b_sigma[r][2 * i + 1]]; \ d = rotr64(d ^ a, 16); \ c = c + d; \ b = rotr64(b ^ c, 63); \ } while ((void)0, 0) #define ROUND(r) \ do { \ G(r, 0, v[0], v[4], v[8], v[12]); \ G(r, 1, v[1], v[5], v[9], v[13]); \ G(r, 2, v[2], v[6], v[10], v[14]); \ G(r, 3, v[3], v[7], v[11], v[15]); \ G(r, 4, v[0], v[5], v[10], v[15]); \ G(r, 5, v[1], v[6], v[11], v[12]); \ G(r, 6, v[2], v[7], v[8], v[13]); \ G(r, 7, v[3], v[4], v[9], v[14]); \ } while ((void)0, 0) for (r = 0; r < 12; ++r) { ROUND(r); } for (i = 0; i < 8; ++i) { S->h[i] = S->h[i] ^ v[i] ^ v[i + 8]; } #undef G #undef ROUND } int blake2b_update(blake2b_state *S, const void *in, size_t inlen) { const uint8_t *pin = (const uint8_t *)in; if (inlen == 0) { return 0; } /* Sanity check */ if (S == NULL || in == NULL) { return -1; } /* Is this a reused state? */ if (S->f[0] != 0) { return -1; } if (S->buflen + inlen > BLAKE2B_BLOCKBYTES) { /* Complete current block */ size_t left = S->buflen; size_t fill = BLAKE2B_BLOCKBYTES - left; memcpy(&S->buf[left], pin, fill); blake2b_increment_counter(S, BLAKE2B_BLOCKBYTES); blake2b_compress(S, S->buf); S->buflen = 0; inlen -= fill; pin += fill; /* Avoid buffer copies when possible */ while (inlen > BLAKE2B_BLOCKBYTES) { blake2b_increment_counter(S, BLAKE2B_BLOCKBYTES); blake2b_compress(S, pin); inlen -= BLAKE2B_BLOCKBYTES; pin += BLAKE2B_BLOCKBYTES; } } memcpy(&S->buf[S->buflen], pin, inlen); S->buflen += (unsigned int)inlen; return 0; } int blake2b_final(blake2b_state *S, void *out, size_t outlen) { uint8_t buffer[BLAKE2B_OUTBYTES] = {0}; unsigned int i; /* Sanity checks */ if (S == NULL || out == NULL || outlen < S->outlen) { return -1; } /* Is this a reused state? */ if (S->f[0] != 0) { return -1; } blake2b_increment_counter(S, S->buflen); blake2b_set_lastblock(S); memset(&S->buf[S->buflen], 0, BLAKE2B_BLOCKBYTES - S->buflen); /* Padding */ blake2b_compress(S, S->buf); for (i = 0; i < 8; ++i) { /* Output full hash to temp buffer */ store64(buffer + sizeof(S->h[i]) * i, S->h[i]); } memcpy(out, buffer, S->outlen); clear_internal_memory(buffer, sizeof(buffer)); clear_internal_memory(S->buf, sizeof(S->buf)); clear_internal_memory(S->h, sizeof(S->h)); return 0; } int blake2b(void *out, size_t outlen, const void *in, size_t inlen, const void *key, size_t keylen) { blake2b_state S; int ret = -1; /* Verify parameters */ if (NULL == in && inlen > 0) { goto fail; } if (NULL == out || outlen == 0 || outlen > BLAKE2B_OUTBYTES) { goto fail; } if ((NULL == key && keylen > 0) || keylen > BLAKE2B_KEYBYTES) { goto fail; } if (keylen > 0) { if (blake2b_init_key(&S, outlen, key, keylen) < 0) { goto fail; } } else { if (blake2b_init(&S, outlen) < 0) { goto fail; } } if (blake2b_update(&S, in, inlen) < 0) { goto fail; } ret = blake2b_final(&S, out, outlen); fail: clear_internal_memory(&S, sizeof(S)); return ret; } /* Argon2 Team - Begin Code */ int blake2b_long(void *pout, size_t outlen, const void *in, size_t inlen) { uint8_t *out = (uint8_t *)pout; blake2b_state blake_state; uint8_t outlen_bytes[sizeof(uint32_t)] = {0}; int ret = -1; if (outlen > UINT32_MAX) { goto fail; } /* Ensure little-endian byte order! */ store32(outlen_bytes, (uint32_t)outlen); #define TRY(statement) \ do { \ ret = statement; \ if (ret < 0) { \ goto fail; \ } \ } while ((void)0, 0) if (outlen <= BLAKE2B_OUTBYTES) { TRY(blake2b_init(&blake_state, outlen)); TRY(blake2b_update(&blake_state, outlen_bytes, sizeof(outlen_bytes))); TRY(blake2b_update(&blake_state, in, inlen)); TRY(blake2b_final(&blake_state, out, outlen)); } else { uint32_t toproduce; uint8_t out_buffer[BLAKE2B_OUTBYTES]; uint8_t in_buffer[BLAKE2B_OUTBYTES]; TRY(blake2b_init(&blake_state, BLAKE2B_OUTBYTES)); TRY(blake2b_update(&blake_state, outlen_bytes, sizeof(outlen_bytes))); TRY(blake2b_update(&blake_state, in, inlen)); TRY(blake2b_final(&blake_state, out_buffer, BLAKE2B_OUTBYTES)); memcpy(out, out_buffer, BLAKE2B_OUTBYTES / 2); out += BLAKE2B_OUTBYTES / 2; toproduce = (uint32_t)outlen - BLAKE2B_OUTBYTES / 2; while (toproduce > BLAKE2B_OUTBYTES) { memcpy(in_buffer, out_buffer, BLAKE2B_OUTBYTES); TRY(blake2b(out_buffer, BLAKE2B_OUTBYTES, in_buffer, BLAKE2B_OUTBYTES, NULL, 0)); memcpy(out, out_buffer, BLAKE2B_OUTBYTES / 2); out += BLAKE2B_OUTBYTES / 2; toproduce -= BLAKE2B_OUTBYTES / 2; } memcpy(in_buffer, out_buffer, BLAKE2B_OUTBYTES); TRY(blake2b(out_buffer, toproduce, in_buffer, BLAKE2B_OUTBYTES, NULL, 0)); memcpy(out, out_buffer, toproduce); } fail: clear_internal_memory(&blake_state, sizeof(blake_state)); return ret; #undef TRY } /* Argon2 Team - End Code */ author000755001750001750 015004670131 15243 5ustar00leontleont000000000000Crypt-Argon2-0.030/xtpod-syntax.t100644001750001750 25215004670131 17655 0ustar00leontleont000000000000Crypt-Argon2-0.030/xt/author#!perl # This file was automatically generated by Dist::Zilla::Plugin::PodSyntaxTests. use strict; use warnings; use Test::More; use Test::Pod 1.41; all_pod_files_ok(); script000755001750001750 015004670131 14612 5ustar00leontleont000000000000Crypt-Argon2-0.030argon2-calibrate100644001750001750 622115004670131 20012 0ustar00leontleont000000000000Crypt-Argon2-0.030/script#!perl use strict; use warnings; use Time::HiRes 'time'; use Crypt::Argon2; sub prompt { my ($mess, $def) = @_; my $dispdef = defined $def ? ("[$def] " ) : ''; local $| = 1; print "$mess ", $dispdef; my $ans = ; chomp $ans; if (not defined $ans or not length $ans) { $ans = defined $def ? $def : ''; } return $ans; } my %encoder = ( argon2id => \&Crypt::Argon2::argon2id_raw, argon2i => \&Crypt::Argon2::argon2i_raw, argon2d => \&Crypt::Argon2::argon2d_raw, ); my $type = prompt('What type of hash?', 'argon2id'); my $encoder = $encoder{$type} or die "Invalid type $type"; my $threads = prompt('How many threads may it use', 1); die "Invalid number '$threads'" unless $threads > 0; my $mem_cost = prompt('How much memory may it use (e.g. 32M)'); die "Invalid memory usage '$mem_cost'" unless $mem_cost =~ / ^ \d+ [hMG] $ /x; my $max_time = prompt('How much time may argon2 take? (in milliseconds)'); die 'No time given' unless $max_time > 0; my $begin = time; $encoder->("correct horse battery staple", scalar("\x00" x 16), 100, $mem_cost, $threads, 16); my $end = time; my $time_per_round = ($end - $begin) * 10; my $time_cost = int($max_time / $time_per_round); die "Can't compute a hash in the given time (took $time_per_round milliseconds)" if $time_cost == 0; die "Unsafe parameters were computed" if $type eq 'argon2i' && $time_cost < 3; print <<"END"; type = $type threads = $threads mem_cost = $mem_cost time_cost = $time_cost END # PODNAME: argon2-calibrate # ABSTRACT: a script to find the appropriate argon2 parameters __END__ =pod =encoding UTF-8 =head1 NAME argon2-calibrate - a script to find the appropriate argon2 parameters =head1 VERSION version 0.030 =head1 DESCRIPTION This program implements the following procedure, as recommended by the argon2 authors: =over 4 =item 1. Select the type C. If you do not know the difference between them, choose Argon2id. =item 2. Figure out the maximum number of threads C that can be initiated by each call to Argon2. This is the C argument. =item 3. Figure out the maximum amount of memory C that each call can a afford. =item 4. Figure out the maximum amount C of time (in seconds) that each call can a afford. =item 5. Select the salt length. 16 bytes is suffient for all applications, but can be reduced to 8 bytes in the case of space constraints. =item 6. Select the tag (output) size. 16 bytes is suffient for most applications, including key derivation. =item 7. Run the scheme of type C, memory C and C lanes and threads, using different number of passes C. Figure out the maximum C such that the running time does not exceed C. If it exceeds C even for C, reduce C accordingly. If using Argon2i, t must be at least 3. =item 8. Hash all the passwords with the just determined values C, C, and C. =back =head1 AUTHOR Leon Timmermans =head1 COPYRIGHT AND LICENSE This software is Copyright (c) 2013 by Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, Samuel Neves, Thomas Pornin and Leon Timmermans. This is free software, licensed under: The Apache License, Version 2.0, January 2004 =cut blake2-impl.h100644001750001750 776215004670131 17661 0ustar00leontleont000000000000Crypt-Argon2-0.030/src/blake2/* * Argon2 reference source code package - reference C implementations * * Copyright 2015 * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves * * You may use this work under the terms of a Creative Commons CC0 1.0 * License/Waiver or the Apache Public License 2.0, at your option. The terms of * these licenses can be found at: * * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0 * - Apache 2.0 : https://www.apache.org/licenses/LICENSE-2.0 * * You should have received a copy of both of these licenses along with this * software. If not, they may be obtained at the above URLs. */ #ifndef PORTABLE_BLAKE2_IMPL_H #define PORTABLE_BLAKE2_IMPL_H #include #include #ifdef _WIN32 #define BLAKE2_INLINE __inline #elif defined(__GNUC__) || defined(__clang__) #define BLAKE2_INLINE __inline__ #else #define BLAKE2_INLINE #endif /* Argon2 Team - Begin Code */ /* Not an exhaustive list, but should cover the majority of modern platforms Additionally, the code will always be correct---this is only a performance tweak. */ #if (defined(__BYTE_ORDER__) && \ (__BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__)) || \ defined(__LITTLE_ENDIAN__) || defined(__ARMEL__) || defined(__MIPSEL__) || \ defined(__AARCH64EL__) || defined(__amd64__) || defined(__i386__) || \ defined(_M_IX86) || defined(_M_X64) || defined(_M_AMD64) || \ defined(_M_ARM) #define NATIVE_LITTLE_ENDIAN #endif /* Argon2 Team - End Code */ static BLAKE2_INLINE uint32_t load32(const void *src) { #if defined(NATIVE_LITTLE_ENDIAN) uint32_t w; memcpy(&w, src, sizeof w); return w; #else const uint8_t *p = (const uint8_t *)src; uint32_t w = *p++; w |= (uint32_t)(*p++) << 8; w |= (uint32_t)(*p++) << 16; w |= (uint32_t)(*p++) << 24; return w; #endif } static BLAKE2_INLINE uint64_t load64(const void *src) { #if defined(NATIVE_LITTLE_ENDIAN) uint64_t w; memcpy(&w, src, sizeof w); return w; #else const uint8_t *p = (const uint8_t *)src; uint64_t w = *p++; w |= (uint64_t)(*p++) << 8; w |= (uint64_t)(*p++) << 16; w |= (uint64_t)(*p++) << 24; w |= (uint64_t)(*p++) << 32; w |= (uint64_t)(*p++) << 40; w |= (uint64_t)(*p++) << 48; w |= (uint64_t)(*p++) << 56; return w; #endif } static BLAKE2_INLINE void store32(void *dst, uint32_t w) { #if defined(NATIVE_LITTLE_ENDIAN) memcpy(dst, &w, sizeof w); #else uint8_t *p = (uint8_t *)dst; *p++ = (uint8_t)w; w >>= 8; *p++ = (uint8_t)w; w >>= 8; *p++ = (uint8_t)w; w >>= 8; *p++ = (uint8_t)w; #endif } static BLAKE2_INLINE void store64(void *dst, uint64_t w) { #if defined(NATIVE_LITTLE_ENDIAN) memcpy(dst, &w, sizeof w); #else uint8_t *p = (uint8_t *)dst; *p++ = (uint8_t)w; w >>= 8; *p++ = (uint8_t)w; w >>= 8; *p++ = (uint8_t)w; w >>= 8; *p++ = (uint8_t)w; w >>= 8; *p++ = (uint8_t)w; w >>= 8; *p++ = (uint8_t)w; w >>= 8; *p++ = (uint8_t)w; w >>= 8; *p++ = (uint8_t)w; #endif } static BLAKE2_INLINE uint64_t load48(const void *src) { const uint8_t *p = (const uint8_t *)src; uint64_t w = *p++; w |= (uint64_t)(*p++) << 8; w |= (uint64_t)(*p++) << 16; w |= (uint64_t)(*p++) << 24; w |= (uint64_t)(*p++) << 32; w |= (uint64_t)(*p++) << 40; return w; } static BLAKE2_INLINE void store48(void *dst, uint64_t w) { uint8_t *p = (uint8_t *)dst; *p++ = (uint8_t)w; w >>= 8; *p++ = (uint8_t)w; w >>= 8; *p++ = (uint8_t)w; w >>= 8; *p++ = (uint8_t)w; w >>= 8; *p++ = (uint8_t)w; w >>= 8; *p++ = (uint8_t)w; } static BLAKE2_INLINE uint32_t rotr32(const uint32_t w, const unsigned c) { return (w >> c) | (w << (32 - c)); } static BLAKE2_INLINE uint64_t rotr64(const uint64_t w, const unsigned c) { return (w >> c) | (w << (64 - c)); } void clear_internal_memory(void *v, size_t n); #endif pod-coverage.t100644001750001750 36515004670131 20127 0ustar00leontleont000000000000Crypt-Argon2-0.030/xt/author#!perl # This file was automatically generated by Dist::Zilla::Plugin::PodCoverageTests. use strict; use warnings; use Test::Pod::Coverage 1.08; use Pod::Coverage::TrustPod; all_pod_coverage_ok({ coverage_class => 'Pod::Coverage::TrustPod' }); blamka-round-opt.h100644001750001750 5156315004670131 20754 0ustar00leontleont000000000000Crypt-Argon2-0.030/src/blake2/* * Argon2 reference source code package - reference C implementations * * Copyright 2015 * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves * * You may use this work under the terms of a Creative Commons CC0 1.0 * License/Waiver or the Apache Public License 2.0, at your option. The terms of * these licenses can be found at: * * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0 * - Apache 2.0 : https://www.apache.org/licenses/LICENSE-2.0 * * You should have received a copy of both of these licenses along with this * software. If not, they may be obtained at the above URLs. */ #ifndef BLAKE_ROUND_MKA_OPT_H #define BLAKE_ROUND_MKA_OPT_H #include "blake2-impl.h" #include #if defined(__SSSE3__) #include /* for _mm_shuffle_epi8 and _mm_alignr_epi8 */ #endif #if defined(__XOP__) && (defined(__GNUC__) || defined(__clang__)) #include #endif #if !defined(__AVX512F__) #if !defined(__AVX2__) #if !defined(__XOP__) #if defined(__SSSE3__) #define r16 \ (_mm_setr_epi8(2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9)) #define r24 \ (_mm_setr_epi8(3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10)) #define _mm_roti_epi64(x, c) \ (-(c) == 32) \ ? _mm_shuffle_epi32((x), _MM_SHUFFLE(2, 3, 0, 1)) \ : (-(c) == 24) \ ? _mm_shuffle_epi8((x), r24) \ : (-(c) == 16) \ ? _mm_shuffle_epi8((x), r16) \ : (-(c) == 63) \ ? _mm_xor_si128(_mm_srli_epi64((x), -(c)), \ _mm_add_epi64((x), (x))) \ : _mm_xor_si128(_mm_srli_epi64((x), -(c)), \ _mm_slli_epi64((x), 64 - (-(c)))) #else /* defined(__SSE2__) */ #define _mm_roti_epi64(r, c) \ _mm_xor_si128(_mm_srli_epi64((r), -(c)), _mm_slli_epi64((r), 64 - (-(c)))) #endif #else #endif static BLAKE2_INLINE __m128i fBlaMka(__m128i x, __m128i y) { const __m128i z = _mm_mul_epu32(x, y); return _mm_add_epi64(_mm_add_epi64(x, y), _mm_add_epi64(z, z)); } #define G1(A0, B0, C0, D0, A1, B1, C1, D1) \ do { \ A0 = fBlaMka(A0, B0); \ A1 = fBlaMka(A1, B1); \ \ D0 = _mm_xor_si128(D0, A0); \ D1 = _mm_xor_si128(D1, A1); \ \ D0 = _mm_roti_epi64(D0, -32); \ D1 = _mm_roti_epi64(D1, -32); \ \ C0 = fBlaMka(C0, D0); \ C1 = fBlaMka(C1, D1); \ \ B0 = _mm_xor_si128(B0, C0); \ B1 = _mm_xor_si128(B1, C1); \ \ B0 = _mm_roti_epi64(B0, -24); \ B1 = _mm_roti_epi64(B1, -24); \ } while ((void)0, 0) #define G2(A0, B0, C0, D0, A1, B1, C1, D1) \ do { \ A0 = fBlaMka(A0, B0); \ A1 = fBlaMka(A1, B1); \ \ D0 = _mm_xor_si128(D0, A0); \ D1 = _mm_xor_si128(D1, A1); \ \ D0 = _mm_roti_epi64(D0, -16); \ D1 = _mm_roti_epi64(D1, -16); \ \ C0 = fBlaMka(C0, D0); \ C1 = fBlaMka(C1, D1); \ \ B0 = _mm_xor_si128(B0, C0); \ B1 = _mm_xor_si128(B1, C1); \ \ B0 = _mm_roti_epi64(B0, -63); \ B1 = _mm_roti_epi64(B1, -63); \ } while ((void)0, 0) #if defined(__SSSE3__) #define DIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1) \ do { \ __m128i t0 = _mm_alignr_epi8(B1, B0, 8); \ __m128i t1 = _mm_alignr_epi8(B0, B1, 8); \ B0 = t0; \ B1 = t1; \ \ t0 = C0; \ C0 = C1; \ C1 = t0; \ \ t0 = _mm_alignr_epi8(D1, D0, 8); \ t1 = _mm_alignr_epi8(D0, D1, 8); \ D0 = t1; \ D1 = t0; \ } while ((void)0, 0) #define UNDIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1) \ do { \ __m128i t0 = _mm_alignr_epi8(B0, B1, 8); \ __m128i t1 = _mm_alignr_epi8(B1, B0, 8); \ B0 = t0; \ B1 = t1; \ \ t0 = C0; \ C0 = C1; \ C1 = t0; \ \ t0 = _mm_alignr_epi8(D0, D1, 8); \ t1 = _mm_alignr_epi8(D1, D0, 8); \ D0 = t1; \ D1 = t0; \ } while ((void)0, 0) #else /* SSE2 */ #define DIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1) \ do { \ __m128i t0 = D0; \ __m128i t1 = B0; \ D0 = C0; \ C0 = C1; \ C1 = D0; \ D0 = _mm_unpackhi_epi64(D1, _mm_unpacklo_epi64(t0, t0)); \ D1 = _mm_unpackhi_epi64(t0, _mm_unpacklo_epi64(D1, D1)); \ B0 = _mm_unpackhi_epi64(B0, _mm_unpacklo_epi64(B1, B1)); \ B1 = _mm_unpackhi_epi64(B1, _mm_unpacklo_epi64(t1, t1)); \ } while ((void)0, 0) #define UNDIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1) \ do { \ __m128i t0, t1; \ t0 = C0; \ C0 = C1; \ C1 = t0; \ t0 = B0; \ t1 = D0; \ B0 = _mm_unpackhi_epi64(B1, _mm_unpacklo_epi64(B0, B0)); \ B1 = _mm_unpackhi_epi64(t0, _mm_unpacklo_epi64(B1, B1)); \ D0 = _mm_unpackhi_epi64(D0, _mm_unpacklo_epi64(D1, D1)); \ D1 = _mm_unpackhi_epi64(D1, _mm_unpacklo_epi64(t1, t1)); \ } while ((void)0, 0) #endif #define BLAKE2_ROUND(A0, A1, B0, B1, C0, C1, D0, D1) \ do { \ G1(A0, B0, C0, D0, A1, B1, C1, D1); \ G2(A0, B0, C0, D0, A1, B1, C1, D1); \ \ DIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1); \ \ G1(A0, B0, C0, D0, A1, B1, C1, D1); \ G2(A0, B0, C0, D0, A1, B1, C1, D1); \ \ UNDIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1); \ } while ((void)0, 0) #else /* __AVX2__ */ #include #define rotr32(x) _mm256_shuffle_epi32(x, _MM_SHUFFLE(2, 3, 0, 1)) #define rotr24(x) _mm256_shuffle_epi8(x, _mm256_setr_epi8(3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10, 3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10)) #define rotr16(x) _mm256_shuffle_epi8(x, _mm256_setr_epi8(2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9, 2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9)) #define rotr63(x) _mm256_xor_si256(_mm256_srli_epi64((x), 63), _mm256_add_epi64((x), (x))) #define G1_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ do { \ __m256i ml = _mm256_mul_epu32(A0, B0); \ ml = _mm256_add_epi64(ml, ml); \ A0 = _mm256_add_epi64(A0, _mm256_add_epi64(B0, ml)); \ D0 = _mm256_xor_si256(D0, A0); \ D0 = rotr32(D0); \ \ ml = _mm256_mul_epu32(C0, D0); \ ml = _mm256_add_epi64(ml, ml); \ C0 = _mm256_add_epi64(C0, _mm256_add_epi64(D0, ml)); \ \ B0 = _mm256_xor_si256(B0, C0); \ B0 = rotr24(B0); \ \ ml = _mm256_mul_epu32(A1, B1); \ ml = _mm256_add_epi64(ml, ml); \ A1 = _mm256_add_epi64(A1, _mm256_add_epi64(B1, ml)); \ D1 = _mm256_xor_si256(D1, A1); \ D1 = rotr32(D1); \ \ ml = _mm256_mul_epu32(C1, D1); \ ml = _mm256_add_epi64(ml, ml); \ C1 = _mm256_add_epi64(C1, _mm256_add_epi64(D1, ml)); \ \ B1 = _mm256_xor_si256(B1, C1); \ B1 = rotr24(B1); \ } while((void)0, 0); #define G2_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ do { \ __m256i ml = _mm256_mul_epu32(A0, B0); \ ml = _mm256_add_epi64(ml, ml); \ A0 = _mm256_add_epi64(A0, _mm256_add_epi64(B0, ml)); \ D0 = _mm256_xor_si256(D0, A0); \ D0 = rotr16(D0); \ \ ml = _mm256_mul_epu32(C0, D0); \ ml = _mm256_add_epi64(ml, ml); \ C0 = _mm256_add_epi64(C0, _mm256_add_epi64(D0, ml)); \ B0 = _mm256_xor_si256(B0, C0); \ B0 = rotr63(B0); \ \ ml = _mm256_mul_epu32(A1, B1); \ ml = _mm256_add_epi64(ml, ml); \ A1 = _mm256_add_epi64(A1, _mm256_add_epi64(B1, ml)); \ D1 = _mm256_xor_si256(D1, A1); \ D1 = rotr16(D1); \ \ ml = _mm256_mul_epu32(C1, D1); \ ml = _mm256_add_epi64(ml, ml); \ C1 = _mm256_add_epi64(C1, _mm256_add_epi64(D1, ml)); \ B1 = _mm256_xor_si256(B1, C1); \ B1 = rotr63(B1); \ } while((void)0, 0); #define DIAGONALIZE_1(A0, B0, C0, D0, A1, B1, C1, D1) \ do { \ B0 = _mm256_permute4x64_epi64(B0, _MM_SHUFFLE(0, 3, 2, 1)); \ C0 = _mm256_permute4x64_epi64(C0, _MM_SHUFFLE(1, 0, 3, 2)); \ D0 = _mm256_permute4x64_epi64(D0, _MM_SHUFFLE(2, 1, 0, 3)); \ \ B1 = _mm256_permute4x64_epi64(B1, _MM_SHUFFLE(0, 3, 2, 1)); \ C1 = _mm256_permute4x64_epi64(C1, _MM_SHUFFLE(1, 0, 3, 2)); \ D1 = _mm256_permute4x64_epi64(D1, _MM_SHUFFLE(2, 1, 0, 3)); \ } while((void)0, 0); #define DIAGONALIZE_2(A0, A1, B0, B1, C0, C1, D0, D1) \ do { \ __m256i tmp1 = _mm256_blend_epi32(B0, B1, 0xCC); \ __m256i tmp2 = _mm256_blend_epi32(B0, B1, 0x33); \ B1 = _mm256_permute4x64_epi64(tmp1, _MM_SHUFFLE(2,3,0,1)); \ B0 = _mm256_permute4x64_epi64(tmp2, _MM_SHUFFLE(2,3,0,1)); \ \ tmp1 = C0; \ C0 = C1; \ C1 = tmp1; \ \ tmp1 = _mm256_blend_epi32(D0, D1, 0xCC); \ tmp2 = _mm256_blend_epi32(D0, D1, 0x33); \ D0 = _mm256_permute4x64_epi64(tmp1, _MM_SHUFFLE(2,3,0,1)); \ D1 = _mm256_permute4x64_epi64(tmp2, _MM_SHUFFLE(2,3,0,1)); \ } while(0); #define UNDIAGONALIZE_1(A0, B0, C0, D0, A1, B1, C1, D1) \ do { \ B0 = _mm256_permute4x64_epi64(B0, _MM_SHUFFLE(2, 1, 0, 3)); \ C0 = _mm256_permute4x64_epi64(C0, _MM_SHUFFLE(1, 0, 3, 2)); \ D0 = _mm256_permute4x64_epi64(D0, _MM_SHUFFLE(0, 3, 2, 1)); \ \ B1 = _mm256_permute4x64_epi64(B1, _MM_SHUFFLE(2, 1, 0, 3)); \ C1 = _mm256_permute4x64_epi64(C1, _MM_SHUFFLE(1, 0, 3, 2)); \ D1 = _mm256_permute4x64_epi64(D1, _MM_SHUFFLE(0, 3, 2, 1)); \ } while((void)0, 0); #define UNDIAGONALIZE_2(A0, A1, B0, B1, C0, C1, D0, D1) \ do { \ __m256i tmp1 = _mm256_blend_epi32(B0, B1, 0xCC); \ __m256i tmp2 = _mm256_blend_epi32(B0, B1, 0x33); \ B0 = _mm256_permute4x64_epi64(tmp1, _MM_SHUFFLE(2,3,0,1)); \ B1 = _mm256_permute4x64_epi64(tmp2, _MM_SHUFFLE(2,3,0,1)); \ \ tmp1 = C0; \ C0 = C1; \ C1 = tmp1; \ \ tmp1 = _mm256_blend_epi32(D0, D1, 0x33); \ tmp2 = _mm256_blend_epi32(D0, D1, 0xCC); \ D0 = _mm256_permute4x64_epi64(tmp1, _MM_SHUFFLE(2,3,0,1)); \ D1 = _mm256_permute4x64_epi64(tmp2, _MM_SHUFFLE(2,3,0,1)); \ } while((void)0, 0); #define BLAKE2_ROUND_1(A0, A1, B0, B1, C0, C1, D0, D1) \ do{ \ G1_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ G2_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ \ DIAGONALIZE_1(A0, B0, C0, D0, A1, B1, C1, D1) \ \ G1_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ G2_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ \ UNDIAGONALIZE_1(A0, B0, C0, D0, A1, B1, C1, D1) \ } while((void)0, 0); #define BLAKE2_ROUND_2(A0, A1, B0, B1, C0, C1, D0, D1) \ do{ \ G1_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ G2_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ \ DIAGONALIZE_2(A0, A1, B0, B1, C0, C1, D0, D1) \ \ G1_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ G2_AVX2(A0, A1, B0, B1, C0, C1, D0, D1) \ \ UNDIAGONALIZE_2(A0, A1, B0, B1, C0, C1, D0, D1) \ } while((void)0, 0); #endif /* __AVX2__ */ #else /* __AVX512F__ */ #include #define ror64(x, n) _mm512_ror_epi64((x), (n)) static __m512i muladd(__m512i x, __m512i y) { __m512i z = _mm512_mul_epu32(x, y); return _mm512_add_epi64(_mm512_add_epi64(x, y), _mm512_add_epi64(z, z)); } #define G1(A0, B0, C0, D0, A1, B1, C1, D1) \ do { \ A0 = muladd(A0, B0); \ A1 = muladd(A1, B1); \ \ D0 = _mm512_xor_si512(D0, A0); \ D1 = _mm512_xor_si512(D1, A1); \ \ D0 = ror64(D0, 32); \ D1 = ror64(D1, 32); \ \ C0 = muladd(C0, D0); \ C1 = muladd(C1, D1); \ \ B0 = _mm512_xor_si512(B0, C0); \ B1 = _mm512_xor_si512(B1, C1); \ \ B0 = ror64(B0, 24); \ B1 = ror64(B1, 24); \ } while ((void)0, 0) #define G2(A0, B0, C0, D0, A1, B1, C1, D1) \ do { \ A0 = muladd(A0, B0); \ A1 = muladd(A1, B1); \ \ D0 = _mm512_xor_si512(D0, A0); \ D1 = _mm512_xor_si512(D1, A1); \ \ D0 = ror64(D0, 16); \ D1 = ror64(D1, 16); \ \ C0 = muladd(C0, D0); \ C1 = muladd(C1, D1); \ \ B0 = _mm512_xor_si512(B0, C0); \ B1 = _mm512_xor_si512(B1, C1); \ \ B0 = ror64(B0, 63); \ B1 = ror64(B1, 63); \ } while ((void)0, 0) #define DIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1) \ do { \ B0 = _mm512_permutex_epi64(B0, _MM_SHUFFLE(0, 3, 2, 1)); \ B1 = _mm512_permutex_epi64(B1, _MM_SHUFFLE(0, 3, 2, 1)); \ \ C0 = _mm512_permutex_epi64(C0, _MM_SHUFFLE(1, 0, 3, 2)); \ C1 = _mm512_permutex_epi64(C1, _MM_SHUFFLE(1, 0, 3, 2)); \ \ D0 = _mm512_permutex_epi64(D0, _MM_SHUFFLE(2, 1, 0, 3)); \ D1 = _mm512_permutex_epi64(D1, _MM_SHUFFLE(2, 1, 0, 3)); \ } while ((void)0, 0) #define UNDIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1) \ do { \ B0 = _mm512_permutex_epi64(B0, _MM_SHUFFLE(2, 1, 0, 3)); \ B1 = _mm512_permutex_epi64(B1, _MM_SHUFFLE(2, 1, 0, 3)); \ \ C0 = _mm512_permutex_epi64(C0, _MM_SHUFFLE(1, 0, 3, 2)); \ C1 = _mm512_permutex_epi64(C1, _MM_SHUFFLE(1, 0, 3, 2)); \ \ D0 = _mm512_permutex_epi64(D0, _MM_SHUFFLE(0, 3, 2, 1)); \ D1 = _mm512_permutex_epi64(D1, _MM_SHUFFLE(0, 3, 2, 1)); \ } while ((void)0, 0) #define BLAKE2_ROUND(A0, B0, C0, D0, A1, B1, C1, D1) \ do { \ G1(A0, B0, C0, D0, A1, B1, C1, D1); \ G2(A0, B0, C0, D0, A1, B1, C1, D1); \ \ DIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1); \ \ G1(A0, B0, C0, D0, A1, B1, C1, D1); \ G2(A0, B0, C0, D0, A1, B1, C1, D1); \ \ UNDIAGONALIZE(A0, B0, C0, D0, A1, B1, C1, D1); \ } while ((void)0, 0) #define SWAP_HALVES(A0, A1) \ do { \ __m512i t0, t1; \ t0 = _mm512_shuffle_i64x2(A0, A1, _MM_SHUFFLE(1, 0, 1, 0)); \ t1 = _mm512_shuffle_i64x2(A0, A1, _MM_SHUFFLE(3, 2, 3, 2)); \ A0 = t0; \ A1 = t1; \ } while((void)0, 0) #define SWAP_QUARTERS(A0, A1) \ do { \ SWAP_HALVES(A0, A1); \ A0 = _mm512_permutexvar_epi64(_mm512_setr_epi64(0, 1, 4, 5, 2, 3, 6, 7), A0); \ A1 = _mm512_permutexvar_epi64(_mm512_setr_epi64(0, 1, 4, 5, 2, 3, 6, 7), A1); \ } while((void)0, 0) #define UNSWAP_QUARTERS(A0, A1) \ do { \ A0 = _mm512_permutexvar_epi64(_mm512_setr_epi64(0, 1, 4, 5, 2, 3, 6, 7), A0); \ A1 = _mm512_permutexvar_epi64(_mm512_setr_epi64(0, 1, 4, 5, 2, 3, 6, 7), A1); \ SWAP_HALVES(A0, A1); \ } while((void)0, 0) #define BLAKE2_ROUND_1(A0, C0, B0, D0, A1, C1, B1, D1) \ do { \ SWAP_HALVES(A0, B0); \ SWAP_HALVES(C0, D0); \ SWAP_HALVES(A1, B1); \ SWAP_HALVES(C1, D1); \ BLAKE2_ROUND(A0, B0, C0, D0, A1, B1, C1, D1); \ SWAP_HALVES(A0, B0); \ SWAP_HALVES(C0, D0); \ SWAP_HALVES(A1, B1); \ SWAP_HALVES(C1, D1); \ } while ((void)0, 0) #define BLAKE2_ROUND_2(A0, A1, B0, B1, C0, C1, D0, D1) \ do { \ SWAP_QUARTERS(A0, A1); \ SWAP_QUARTERS(B0, B1); \ SWAP_QUARTERS(C0, C1); \ SWAP_QUARTERS(D0, D1); \ BLAKE2_ROUND(A0, B0, C0, D0, A1, B1, C1, D1); \ UNSWAP_QUARTERS(A0, A1); \ UNSWAP_QUARTERS(B0, B1); \ UNSWAP_QUARTERS(C0, C1); \ UNSWAP_QUARTERS(D0, D1); \ } while ((void)0, 0) #endif /* __AVX512F__ */ #endif /* BLAKE_ROUND_MKA_OPT_H */ blamka-round-ref.h100644001750001750 525415004670131 20702 0ustar00leontleont000000000000Crypt-Argon2-0.030/src/blake2/* * Argon2 reference source code package - reference C implementations * * Copyright 2015 * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves * * You may use this work under the terms of a Creative Commons CC0 1.0 * License/Waiver or the Apache Public License 2.0, at your option. The terms of * these licenses can be found at: * * - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0 * - Apache 2.0 : https://www.apache.org/licenses/LICENSE-2.0 * * You should have received a copy of both of these licenses along with this * software. If not, they may be obtained at the above URLs. */ #ifndef BLAKE_ROUND_MKA_H #define BLAKE_ROUND_MKA_H #include "blake2.h" #include "blake2-impl.h" /* designed by the Lyra PHC team */ static BLAKE2_INLINE uint64_t fBlaMka(uint64_t x, uint64_t y) { const uint64_t m = UINT64_C(0xFFFFFFFF); const uint64_t xy = (x & m) * (y & m); return x + y + 2 * xy; } #define G(a, b, c, d) \ do { \ a = fBlaMka(a, b); \ d = rotr64(d ^ a, 32); \ c = fBlaMka(c, d); \ b = rotr64(b ^ c, 24); \ a = fBlaMka(a, b); \ d = rotr64(d ^ a, 16); \ c = fBlaMka(c, d); \ b = rotr64(b ^ c, 63); \ } while ((void)0, 0) #define BLAKE2_ROUND_NOMSG(v0, v1, v2, v3, v4, v5, v6, v7, v8, v9, v10, v11, \ v12, v13, v14, v15) \ do { \ G(v0, v4, v8, v12); \ G(v1, v5, v9, v13); \ G(v2, v6, v10, v14); \ G(v3, v7, v11, v15); \ G(v0, v5, v10, v15); \ G(v1, v6, v11, v12); \ G(v2, v7, v8, v13); \ G(v3, v4, v9, v14); \ } while ((void)0, 0) #endif