line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
/* |
2
|
|
|
|
|
|
|
* Argon2 reference source code package - reference C implementations |
3
|
|
|
|
|
|
|
* |
4
|
|
|
|
|
|
|
* Copyright 2015 |
5
|
|
|
|
|
|
|
* Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves |
6
|
|
|
|
|
|
|
* |
7
|
|
|
|
|
|
|
* You may use this work under the terms of a Creative Commons CC0 1.0 |
8
|
|
|
|
|
|
|
* License/Waiver or the Apache Public License 2.0, at your option. The terms of |
9
|
|
|
|
|
|
|
* these licenses can be found at: |
10
|
|
|
|
|
|
|
* |
11
|
|
|
|
|
|
|
* - CC0 1.0 Universal : https://creativecommons.org/publicdomain/zero/1.0 |
12
|
|
|
|
|
|
|
* - Apache 2.0 : https://www.apache.org/licenses/LICENSE-2.0 |
13
|
|
|
|
|
|
|
* |
14
|
|
|
|
|
|
|
* You should have received a copy of both of these licenses along with this |
15
|
|
|
|
|
|
|
* software. If not, they may be obtained at the above URLs. |
16
|
|
|
|
|
|
|
*/ |
17
|
|
|
|
|
|
|
|
18
|
|
|
|
|
|
|
/*For memory wiping*/ |
19
|
|
|
|
|
|
|
#ifdef _WIN32 |
20
|
|
|
|
|
|
|
#include |
21
|
|
|
|
|
|
|
#include /* For SecureZeroMemory */ |
22
|
|
|
|
|
|
|
#endif |
23
|
|
|
|
|
|
|
#if defined __STDC_LIB_EXT1__ |
24
|
|
|
|
|
|
|
#define __STDC_WANT_LIB_EXT1__ 1 |
25
|
|
|
|
|
|
|
#endif |
26
|
|
|
|
|
|
|
#define VC_GE_2005(version) (version >= 1400) |
27
|
|
|
|
|
|
|
|
28
|
|
|
|
|
|
|
/* for explicit_bzero() on glibc */ |
29
|
|
|
|
|
|
|
#define _DEFAULT_SOURCE |
30
|
|
|
|
|
|
|
|
31
|
|
|
|
|
|
|
#include |
32
|
|
|
|
|
|
|
#include |
33
|
|
|
|
|
|
|
#include |
34
|
|
|
|
|
|
|
|
35
|
|
|
|
|
|
|
#include "core.h" |
36
|
|
|
|
|
|
|
#include "thread.h" |
37
|
|
|
|
|
|
|
#include "blake2/blake2.h" |
38
|
|
|
|
|
|
|
#include "blake2/blake2-impl.h" |
39
|
|
|
|
|
|
|
|
40
|
|
|
|
|
|
|
#ifdef GENKAT |
41
|
|
|
|
|
|
|
#include "genkat.h" |
42
|
|
|
|
|
|
|
#endif |
43
|
|
|
|
|
|
|
|
44
|
|
|
|
|
|
|
#if defined(__clang__) |
45
|
|
|
|
|
|
|
#if __has_attribute(optnone) |
46
|
|
|
|
|
|
|
#define NOT_OPTIMIZED __attribute__((optnone)) |
47
|
|
|
|
|
|
|
#endif |
48
|
|
|
|
|
|
|
#elif defined(__GNUC__) |
49
|
|
|
|
|
|
|
#define GCC_VERSION \ |
50
|
|
|
|
|
|
|
(__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) |
51
|
|
|
|
|
|
|
#if GCC_VERSION >= 40400 |
52
|
|
|
|
|
|
|
#define NOT_OPTIMIZED __attribute__((optimize("O0"))) |
53
|
|
|
|
|
|
|
#endif |
54
|
|
|
|
|
|
|
#endif |
55
|
|
|
|
|
|
|
#ifndef NOT_OPTIMIZED |
56
|
|
|
|
|
|
|
#define NOT_OPTIMIZED |
57
|
|
|
|
|
|
|
#endif |
58
|
|
|
|
|
|
|
|
59
|
|
|
|
|
|
|
/***************Instance and Position constructors**********/ |
60
|
254
|
|
|
|
|
|
void init_block_value(block *b, uint8_t in) { memset(b->v, in, sizeof(b->v)); } |
61
|
|
|
|
|
|
|
|
62
|
28
|
|
|
|
|
|
void copy_block(block *dst, const block *src) { |
63
|
28
|
|
|
|
|
|
memcpy(dst->v, src->v, sizeof(uint64_t) * ARGON2_QWORDS_IN_BLOCK); |
64
|
28
|
|
|
|
|
|
} |
65
|
|
|
|
|
|
|
|
66
|
3
|
|
|
|
|
|
void xor_block(block *dst, const block *src) { |
67
|
|
|
|
|
|
|
int i; |
68
|
387
|
100
|
|
|
|
|
for (i = 0; i < ARGON2_QWORDS_IN_BLOCK; ++i) { |
69
|
384
|
|
|
|
|
|
dst->v[i] ^= src->v[i]; |
70
|
|
|
|
|
|
|
} |
71
|
3
|
|
|
|
|
|
} |
72
|
|
|
|
|
|
|
|
73
|
|
|
|
|
|
|
static void load_block(block *dst, const void *input) { |
74
|
|
|
|
|
|
|
unsigned i; |
75
|
7998
|
100
|
|
|
|
|
for (i = 0; i < ARGON2_QWORDS_IN_BLOCK; ++i) { |
|
|
100
|
|
|
|
|
|
76
|
7936
|
|
|
|
|
|
dst->v[i] = load64((const uint8_t *)input + i * sizeof(dst->v[i])); |
77
|
|
|
|
|
|
|
} |
78
|
|
|
|
|
|
|
} |
79
|
|
|
|
|
|
|
|
80
|
28
|
|
|
|
|
|
static void store_block(void *output, const block *src) { |
81
|
|
|
|
|
|
|
unsigned i; |
82
|
3612
|
100
|
|
|
|
|
for (i = 0; i < ARGON2_QWORDS_IN_BLOCK; ++i) { |
83
|
3584
|
|
|
|
|
|
store64((uint8_t *)output + i * sizeof(src->v[i]), src->v[i]); |
84
|
|
|
|
|
|
|
} |
85
|
28
|
|
|
|
|
|
} |
86
|
|
|
|
|
|
|
|
87
|
|
|
|
|
|
|
/***************Memory functions*****************/ |
88
|
|
|
|
|
|
|
|
89
|
28
|
|
|
|
|
|
int allocate_memory(const argon2_context *context, uint8_t **memory, |
90
|
|
|
|
|
|
|
size_t num, size_t size) { |
91
|
28
|
|
|
|
|
|
size_t memory_size = num*size; |
92
|
28
|
50
|
|
|
|
|
if (memory == NULL) { |
93
|
|
|
|
|
|
|
return ARGON2_MEMORY_ALLOCATION_ERROR; |
94
|
|
|
|
|
|
|
} |
95
|
|
|
|
|
|
|
|
96
|
|
|
|
|
|
|
/* 1. Check for multiplication overflow */ |
97
|
28
|
50
|
|
|
|
|
if (size != 0 && memory_size / size != num) { |
|
|
50
|
|
|
|
|
|
98
|
|
|
|
|
|
|
return ARGON2_MEMORY_ALLOCATION_ERROR; |
99
|
|
|
|
|
|
|
} |
100
|
|
|
|
|
|
|
|
101
|
|
|
|
|
|
|
/* 2. Try to allocate with appropriate allocator */ |
102
|
28
|
50
|
|
|
|
|
if (context->allocate_cbk) { |
103
|
0
|
|
|
|
|
|
(context->allocate_cbk)(memory, memory_size); |
104
|
|
|
|
|
|
|
} else { |
105
|
28
|
|
|
|
|
|
*memory = malloc(memory_size); |
106
|
|
|
|
|
|
|
} |
107
|
|
|
|
|
|
|
|
108
|
28
|
50
|
|
|
|
|
if (*memory == NULL) { |
109
|
|
|
|
|
|
|
return ARGON2_MEMORY_ALLOCATION_ERROR; |
110
|
|
|
|
|
|
|
} |
111
|
|
|
|
|
|
|
|
112
|
28
|
|
|
|
|
|
return ARGON2_OK; |
113
|
|
|
|
|
|
|
} |
114
|
|
|
|
|
|
|
|
115
|
28
|
|
|
|
|
|
void free_memory(const argon2_context *context, uint8_t *memory, |
116
|
|
|
|
|
|
|
size_t num, size_t size) { |
117
|
28
|
|
|
|
|
|
size_t memory_size = num*size; |
118
|
28
|
|
|
|
|
|
clear_internal_memory(memory, memory_size); |
119
|
28
|
50
|
|
|
|
|
if (context->free_cbk) { |
120
|
0
|
|
|
|
|
|
(context->free_cbk)(memory, memory_size); |
121
|
|
|
|
|
|
|
} else { |
122
|
28
|
|
|
|
|
|
free(memory); |
123
|
|
|
|
|
|
|
} |
124
|
28
|
|
|
|
|
|
} |
125
|
|
|
|
|
|
|
|
126
|
|
|
|
|
|
|
#if defined(__OpenBSD__) |
127
|
|
|
|
|
|
|
#define HAVE_EXPLICIT_BZERO 1 |
128
|
|
|
|
|
|
|
#elif defined(__GLIBC__) && defined(__GLIBC_PREREQ) |
129
|
|
|
|
|
|
|
#if __GLIBC_PREREQ(2,25) |
130
|
|
|
|
|
|
|
#define HAVE_EXPLICIT_BZERO 1 |
131
|
|
|
|
|
|
|
#endif |
132
|
|
|
|
|
|
|
#endif |
133
|
|
|
|
|
|
|
|
134
|
8071
|
|
|
|
|
|
void NOT_OPTIMIZED secure_wipe_memory(void *v, size_t n) { |
135
|
|
|
|
|
|
|
#if defined(_MSC_VER) && VC_GE_2005(_MSC_VER) || defined(__MINGW32__) |
136
|
|
|
|
|
|
|
SecureZeroMemory(v, n); |
137
|
|
|
|
|
|
|
#elif defined memset_s |
138
|
|
|
|
|
|
|
memset_s(v, n, 0, n); |
139
|
|
|
|
|
|
|
#elif defined(HAVE_EXPLICIT_BZERO) |
140
|
|
|
|
|
|
|
explicit_bzero(v, n); |
141
|
|
|
|
|
|
|
#else |
142
|
|
|
|
|
|
|
static void *(*const volatile memset_sec)(void *, int, size_t) = &memset; |
143
|
8071
|
|
|
|
|
|
memset_sec(v, 0, n); |
144
|
|
|
|
|
|
|
#endif |
145
|
8071
|
|
|
|
|
|
} |
146
|
|
|
|
|
|
|
|
147
|
|
|
|
|
|
|
/* Memory clear flag defaults to true. */ |
148
|
|
|
|
|
|
|
int FLAG_clear_internal_memory = 1; |
149
|
8071
|
|
|
|
|
|
void clear_internal_memory(void *v, size_t n) { |
150
|
8071
|
50
|
|
|
|
|
if (FLAG_clear_internal_memory && v) { |
|
|
50
|
|
|
|
|
|
151
|
8071
|
|
|
|
|
|
secure_wipe_memory(v, n); |
152
|
|
|
|
|
|
|
} |
153
|
8071
|
|
|
|
|
|
} |
154
|
|
|
|
|
|
|
|
155
|
28
|
|
|
|
|
|
void finalize(const argon2_context *context, argon2_instance_t *instance) { |
156
|
28
|
50
|
|
|
|
|
if (context != NULL && instance != NULL) { |
157
|
|
|
|
|
|
|
block blockhash; |
158
|
|
|
|
|
|
|
uint32_t l; |
159
|
|
|
|
|
|
|
|
160
|
28
|
|
|
|
|
|
copy_block(&blockhash, instance->memory + instance->lane_length - 1); |
161
|
|
|
|
|
|
|
|
162
|
|
|
|
|
|
|
/* XOR the last blocks */ |
163
|
31
|
100
|
|
|
|
|
for (l = 1; l < instance->lanes; ++l) { |
164
|
3
|
|
|
|
|
|
uint32_t last_block_in_lane = |
165
|
3
|
|
|
|
|
|
l * instance->lane_length + (instance->lane_length - 1); |
166
|
3
|
|
|
|
|
|
xor_block(&blockhash, instance->memory + last_block_in_lane); |
167
|
|
|
|
|
|
|
} |
168
|
|
|
|
|
|
|
|
169
|
|
|
|
|
|
|
/* Hash the result */ |
170
|
|
|
|
|
|
|
{ |
171
|
|
|
|
|
|
|
uint8_t blockhash_bytes[ARGON2_BLOCK_SIZE]; |
172
|
28
|
|
|
|
|
|
store_block(blockhash_bytes, &blockhash); |
173
|
28
|
|
|
|
|
|
blake2b_long(context->out, context->outlen, blockhash_bytes, |
174
|
|
|
|
|
|
|
ARGON2_BLOCK_SIZE); |
175
|
|
|
|
|
|
|
/* clear blockhash and blockhash_bytes */ |
176
|
28
|
|
|
|
|
|
clear_internal_memory(blockhash.v, ARGON2_BLOCK_SIZE); |
177
|
28
|
|
|
|
|
|
clear_internal_memory(blockhash_bytes, ARGON2_BLOCK_SIZE); |
178
|
|
|
|
|
|
|
} |
179
|
|
|
|
|
|
|
|
180
|
|
|
|
|
|
|
#ifdef GENKAT |
181
|
|
|
|
|
|
|
print_tag(context->out, context->outlen); |
182
|
|
|
|
|
|
|
#endif |
183
|
|
|
|
|
|
|
|
184
|
28
|
|
|
|
|
|
free_memory(context, (uint8_t *)instance->memory, |
185
|
28
|
|
|
|
|
|
instance->memory_blocks, sizeof(block)); |
186
|
|
|
|
|
|
|
} |
187
|
28
|
|
|
|
|
|
} |
188
|
|
|
|
|
|
|
|
189
|
10161090
|
|
|
|
|
|
uint32_t index_alpha(const argon2_instance_t *instance, |
190
|
|
|
|
|
|
|
const argon2_position_t *position, uint32_t pseudo_rand, |
191
|
|
|
|
|
|
|
int same_lane) { |
192
|
|
|
|
|
|
|
/* |
193
|
|
|
|
|
|
|
* Pass 0: |
194
|
|
|
|
|
|
|
* This lane : all already finished segments plus already constructed |
195
|
|
|
|
|
|
|
* blocks in this segment |
196
|
|
|
|
|
|
|
* Other lanes : all already finished segments |
197
|
|
|
|
|
|
|
* Pass 1+: |
198
|
|
|
|
|
|
|
* This lane : (SYNC_POINTS - 1) last segments plus already constructed |
199
|
|
|
|
|
|
|
* blocks in this segment |
200
|
|
|
|
|
|
|
* Other lanes : (SYNC_POINTS - 1) last segments |
201
|
|
|
|
|
|
|
*/ |
202
|
|
|
|
|
|
|
uint32_t reference_area_size; |
203
|
|
|
|
|
|
|
uint64_t relative_position; |
204
|
|
|
|
|
|
|
uint32_t start_position, absolute_position; |
205
|
|
|
|
|
|
|
|
206
|
10161090
|
100
|
|
|
|
|
if (0 == position->pass) { |
207
|
|
|
|
|
|
|
/* First pass */ |
208
|
4982210
|
100
|
|
|
|
|
if (0 == position->slice) { |
209
|
|
|
|
|
|
|
/* First slice */ |
210
|
1245506
|
|
|
|
|
|
reference_area_size = |
211
|
1245506
|
|
|
|
|
|
position->index - 1; /* all but the previous */ |
212
|
|
|
|
|
|
|
} else { |
213
|
3736704
|
100
|
|
|
|
|
if (same_lane) { |
214
|
|
|
|
|
|
|
/* The same lane => add current segment */ |
215
|
3736440
|
|
|
|
|
|
reference_area_size = |
216
|
7472880
|
|
|
|
|
|
position->slice * instance->segment_length + |
217
|
3736440
|
|
|
|
|
|
position->index - 1; |
218
|
|
|
|
|
|
|
} else { |
219
|
264
|
|
|
|
|
|
reference_area_size = |
220
|
264
|
100
|
|
|
|
|
position->slice * instance->segment_length + |
221
|
264
|
|
|
|
|
|
((position->index == 0) ? (-1) : 0); |
222
|
|
|
|
|
|
|
} |
223
|
|
|
|
|
|
|
} |
224
|
|
|
|
|
|
|
} else { |
225
|
|
|
|
|
|
|
/* Second pass */ |
226
|
5178880
|
100
|
|
|
|
|
if (same_lane) { |
227
|
5178502
|
|
|
|
|
|
reference_area_size = instance->lane_length - |
228
|
10357004
|
|
|
|
|
|
instance->segment_length + position->index - |
229
|
|
|
|
|
|
|
1; |
230
|
|
|
|
|
|
|
} else { |
231
|
378
|
|
|
|
|
|
reference_area_size = instance->lane_length - |
232
|
378
|
100
|
|
|
|
|
instance->segment_length + |
233
|
378
|
|
|
|
|
|
((position->index == 0) ? (-1) : 0); |
234
|
|
|
|
|
|
|
} |
235
|
|
|
|
|
|
|
} |
236
|
|
|
|
|
|
|
|
237
|
|
|
|
|
|
|
/* 1.2.4. Mapping pseudo_rand to 0.. and produce |
238
|
|
|
|
|
|
|
* relative position */ |
239
|
10161090
|
|
|
|
|
|
relative_position = pseudo_rand; |
240
|
10161090
|
|
|
|
|
|
relative_position = relative_position * relative_position >> 32; |
241
|
20322180
|
|
|
|
|
|
relative_position = reference_area_size - 1 - |
242
|
10161090
|
|
|
|
|
|
(reference_area_size * relative_position >> 32); |
243
|
|
|
|
|
|
|
|
244
|
|
|
|
|
|
|
/* 1.2.5 Computing starting position */ |
245
|
|
|
|
|
|
|
start_position = 0; |
246
|
|
|
|
|
|
|
|
247
|
10161090
|
100
|
|
|
|
|
if (0 != position->pass) { |
248
|
5178879
|
|
|
|
|
|
start_position = (position->slice == ARGON2_SYNC_POINTS - 1) |
249
|
|
|
|
|
|
|
? 0 |
250
|
5178879
|
100
|
|
|
|
|
: (position->slice + 1) * instance->segment_length; |
251
|
|
|
|
|
|
|
} |
252
|
|
|
|
|
|
|
|
253
|
|
|
|
|
|
|
/* 1.2.6. Computing absolute position */ |
254
|
20322180
|
|
|
|
|
|
absolute_position = (start_position + relative_position) % |
255
|
10161090
|
|
|
|
|
|
instance->lane_length; /* absolute position */ |
256
|
10161090
|
|
|
|
|
|
return absolute_position; |
257
|
|
|
|
|
|
|
} |
258
|
|
|
|
|
|
|
|
259
|
|
|
|
|
|
|
/* Single-threaded version for p=1 case */ |
260
|
25
|
|
|
|
|
|
static int fill_memory_blocks_st(argon2_instance_t *instance) { |
261
|
|
|
|
|
|
|
uint32_t r, s, l; |
262
|
|
|
|
|
|
|
|
263
|
78
|
100
|
|
|
|
|
for (r = 0; r < instance->passes; ++r) { |
264
|
265
|
100
|
|
|
|
|
for (s = 0; s < ARGON2_SYNC_POINTS; ++s) { |
265
|
424
|
100
|
|
|
|
|
for (l = 0; l < instance->lanes; ++l) { |
266
|
212
|
|
|
|
|
|
argon2_position_t position = {r, l, (uint8_t)s, 0}; |
267
|
212
|
|
|
|
|
|
fill_segment(instance, position); |
268
|
|
|
|
|
|
|
} |
269
|
|
|
|
|
|
|
} |
270
|
|
|
|
|
|
|
#ifdef GENKAT |
271
|
|
|
|
|
|
|
internal_kat(instance, r); /* Print all memory blocks */ |
272
|
|
|
|
|
|
|
#endif |
273
|
|
|
|
|
|
|
} |
274
|
25
|
|
|
|
|
|
return ARGON2_OK; |
275
|
|
|
|
|
|
|
} |
276
|
|
|
|
|
|
|
|
277
|
|
|
|
|
|
|
#if !defined(ARGON2_NO_THREADS) |
278
|
|
|
|
|
|
|
|
279
|
|
|
|
|
|
|
#ifdef _WIN32 |
280
|
|
|
|
|
|
|
static unsigned __stdcall fill_segment_thr(void *thread_data) |
281
|
|
|
|
|
|
|
#else |
282
|
48
|
|
|
|
|
|
static void *fill_segment_thr(void *thread_data) |
283
|
|
|
|
|
|
|
#endif |
284
|
|
|
|
|
|
|
{ |
285
|
|
|
|
|
|
|
argon2_thread_data *my_data = thread_data; |
286
|
48
|
|
|
|
|
|
fill_segment(my_data->instance_ptr, my_data->pos); |
287
|
48
|
|
|
|
|
|
argon2_thread_exit(); |
288
|
0
|
|
|
|
|
|
return 0; |
289
|
|
|
|
|
|
|
} |
290
|
|
|
|
|
|
|
|
291
|
|
|
|
|
|
|
/* Multi-threaded version for p > 1 case */ |
292
|
3
|
|
|
|
|
|
static int fill_memory_blocks_mt(argon2_instance_t *instance) { |
293
|
|
|
|
|
|
|
uint32_t r, s; |
294
|
|
|
|
|
|
|
argon2_thread_handle_t *thread = NULL; |
295
|
|
|
|
|
|
|
argon2_thread_data *thr_data = NULL; |
296
|
|
|
|
|
|
|
int rc = ARGON2_OK; |
297
|
|
|
|
|
|
|
|
298
|
|
|
|
|
|
|
/* 1. Allocating space for threads */ |
299
|
3
|
|
|
|
|
|
thread = calloc(instance->lanes, sizeof(argon2_thread_handle_t)); |
300
|
3
|
50
|
|
|
|
|
if (thread == NULL) { |
301
|
|
|
|
|
|
|
rc = ARGON2_MEMORY_ALLOCATION_ERROR; |
302
|
|
|
|
|
|
|
goto fail; |
303
|
|
|
|
|
|
|
} |
304
|
|
|
|
|
|
|
|
305
|
3
|
|
|
|
|
|
thr_data = calloc(instance->lanes, sizeof(argon2_thread_data)); |
306
|
3
|
50
|
|
|
|
|
if (thr_data == NULL) { |
307
|
|
|
|
|
|
|
rc = ARGON2_MEMORY_ALLOCATION_ERROR; |
308
|
|
|
|
|
|
|
goto fail; |
309
|
|
|
|
|
|
|
} |
310
|
|
|
|
|
|
|
|
311
|
9
|
100
|
|
|
|
|
for (r = 0; r < instance->passes; ++r) { |
312
|
30
|
100
|
|
|
|
|
for (s = 0; s < ARGON2_SYNC_POINTS; ++s) { |
313
|
|
|
|
|
|
|
uint32_t l, ll; |
314
|
|
|
|
|
|
|
|
315
|
|
|
|
|
|
|
/* 2. Calling threads */ |
316
|
72
|
100
|
|
|
|
|
for (l = 0; l < instance->lanes; ++l) { |
317
|
|
|
|
|
|
|
argon2_position_t position; |
318
|
|
|
|
|
|
|
|
319
|
|
|
|
|
|
|
/* 2.1 Join a thread if limit is exceeded */ |
320
|
48
|
50
|
|
|
|
|
if (l >= instance->threads) { |
321
|
0
|
0
|
|
|
|
|
if (argon2_thread_join(thread[l - instance->threads])) { |
322
|
|
|
|
|
|
|
rc = ARGON2_THREAD_FAIL; |
323
|
0
|
|
|
|
|
|
goto fail; |
324
|
|
|
|
|
|
|
} |
325
|
|
|
|
|
|
|
} |
326
|
|
|
|
|
|
|
|
327
|
|
|
|
|
|
|
/* 2.2 Create thread */ |
328
|
48
|
|
|
|
|
|
position.pass = r; |
329
|
48
|
|
|
|
|
|
position.lane = l; |
330
|
48
|
|
|
|
|
|
position.slice = (uint8_t)s; |
331
|
48
|
|
|
|
|
|
position.index = 0; |
332
|
48
|
|
|
|
|
|
thr_data[l].instance_ptr = |
333
|
|
|
|
|
|
|
instance; /* preparing the thread input */ |
334
|
48
|
|
|
|
|
|
memcpy(&(thr_data[l].pos), &position, |
335
|
|
|
|
|
|
|
sizeof(argon2_position_t)); |
336
|
48
|
50
|
|
|
|
|
if (argon2_thread_create(&thread[l], &fill_segment_thr, |
337
|
|
|
|
|
|
|
(void *)&thr_data[l])) { |
338
|
|
|
|
|
|
|
/* Wait for already running threads */ |
339
|
0
|
0
|
|
|
|
|
for (ll = 0; ll < l; ++ll) |
340
|
0
|
|
|
|
|
|
argon2_thread_join(thread[ll]); |
341
|
|
|
|
|
|
|
rc = ARGON2_THREAD_FAIL; |
342
|
|
|
|
|
|
|
goto fail; |
343
|
|
|
|
|
|
|
} |
344
|
|
|
|
|
|
|
|
345
|
|
|
|
|
|
|
/* fill_segment(instance, position); */ |
346
|
|
|
|
|
|
|
/*Non-thread equivalent of the lines above */ |
347
|
|
|
|
|
|
|
} |
348
|
|
|
|
|
|
|
|
349
|
|
|
|
|
|
|
/* 3. Joining remaining threads */ |
350
|
72
|
100
|
|
|
|
|
for (l = instance->lanes - instance->threads; l < instance->lanes; |
351
|
48
|
|
|
|
|
|
++l) { |
352
|
48
|
50
|
|
|
|
|
if (argon2_thread_join(thread[l])) { |
353
|
|
|
|
|
|
|
rc = ARGON2_THREAD_FAIL; |
354
|
|
|
|
|
|
|
goto fail; |
355
|
|
|
|
|
|
|
} |
356
|
|
|
|
|
|
|
} |
357
|
|
|
|
|
|
|
} |
358
|
|
|
|
|
|
|
|
359
|
|
|
|
|
|
|
#ifdef GENKAT |
360
|
|
|
|
|
|
|
internal_kat(instance, r); /* Print all memory blocks */ |
361
|
|
|
|
|
|
|
#endif |
362
|
|
|
|
|
|
|
} |
363
|
|
|
|
|
|
|
|
364
|
|
|
|
|
|
|
fail: |
365
|
3
|
50
|
|
|
|
|
if (thread != NULL) { |
366
|
3
|
|
|
|
|
|
free(thread); |
367
|
|
|
|
|
|
|
} |
368
|
3
|
50
|
|
|
|
|
if (thr_data != NULL) { |
369
|
3
|
|
|
|
|
|
free(thr_data); |
370
|
|
|
|
|
|
|
} |
371
|
3
|
|
|
|
|
|
return rc; |
372
|
|
|
|
|
|
|
} |
373
|
|
|
|
|
|
|
|
374
|
|
|
|
|
|
|
#endif /* ARGON2_NO_THREADS */ |
375
|
|
|
|
|
|
|
|
376
|
28
|
|
|
|
|
|
int fill_memory_blocks(argon2_instance_t *instance) { |
377
|
28
|
50
|
|
|
|
|
if (instance == NULL || instance->lanes == 0) { |
|
|
50
|
|
|
|
|
|
378
|
|
|
|
|
|
|
return ARGON2_INCORRECT_PARAMETER; |
379
|
|
|
|
|
|
|
} |
380
|
|
|
|
|
|
|
#if defined(ARGON2_NO_THREADS) |
381
|
|
|
|
|
|
|
return fill_memory_blocks_st(instance); |
382
|
|
|
|
|
|
|
#else |
383
|
28
|
|
|
|
|
|
return instance->threads == 1 ? |
384
|
28
|
100
|
|
|
|
|
fill_memory_blocks_st(instance) : fill_memory_blocks_mt(instance); |
385
|
|
|
|
|
|
|
#endif |
386
|
|
|
|
|
|
|
} |
387
|
|
|
|
|
|
|
|
388
|
47
|
|
|
|
|
|
int validate_inputs(const argon2_context *context) { |
389
|
47
|
50
|
|
|
|
|
if (NULL == context) { |
390
|
|
|
|
|
|
|
return ARGON2_INCORRECT_PARAMETER; |
391
|
|
|
|
|
|
|
} |
392
|
|
|
|
|
|
|
|
393
|
47
|
50
|
|
|
|
|
if (NULL == context->out) { |
394
|
|
|
|
|
|
|
return ARGON2_OUTPUT_PTR_NULL; |
395
|
|
|
|
|
|
|
} |
396
|
|
|
|
|
|
|
|
397
|
|
|
|
|
|
|
/* Validate output length */ |
398
|
47
|
50
|
|
|
|
|
if (ARGON2_MIN_OUTLEN > context->outlen) { |
399
|
|
|
|
|
|
|
return ARGON2_OUTPUT_TOO_SHORT; |
400
|
|
|
|
|
|
|
} |
401
|
|
|
|
|
|
|
|
402
|
|
|
|
|
|
|
if (ARGON2_MAX_OUTLEN < context->outlen) { |
403
|
|
|
|
|
|
|
return ARGON2_OUTPUT_TOO_LONG; |
404
|
|
|
|
|
|
|
} |
405
|
|
|
|
|
|
|
|
406
|
|
|
|
|
|
|
/* Validate password (required param) */ |
407
|
47
|
50
|
|
|
|
|
if (NULL == context->pwd) { |
408
|
0
|
0
|
|
|
|
|
if (0 != context->pwdlen) { |
409
|
|
|
|
|
|
|
return ARGON2_PWD_PTR_MISMATCH; |
410
|
|
|
|
|
|
|
} |
411
|
|
|
|
|
|
|
} |
412
|
|
|
|
|
|
|
|
413
|
|
|
|
|
|
|
if (ARGON2_MIN_PWD_LENGTH > context->pwdlen) { |
414
|
|
|
|
|
|
|
return ARGON2_PWD_TOO_SHORT; |
415
|
|
|
|
|
|
|
} |
416
|
|
|
|
|
|
|
|
417
|
|
|
|
|
|
|
if (ARGON2_MAX_PWD_LENGTH < context->pwdlen) { |
418
|
|
|
|
|
|
|
return ARGON2_PWD_TOO_LONG; |
419
|
|
|
|
|
|
|
} |
420
|
|
|
|
|
|
|
|
421
|
|
|
|
|
|
|
/* Validate salt (required param) */ |
422
|
47
|
50
|
|
|
|
|
if (NULL == context->salt) { |
423
|
0
|
0
|
|
|
|
|
if (0 != context->saltlen) { |
424
|
|
|
|
|
|
|
return ARGON2_SALT_PTR_MISMATCH; |
425
|
|
|
|
|
|
|
} |
426
|
|
|
|
|
|
|
} |
427
|
|
|
|
|
|
|
|
428
|
47
|
50
|
|
|
|
|
if (ARGON2_MIN_SALT_LENGTH > context->saltlen) { |
429
|
|
|
|
|
|
|
return ARGON2_SALT_TOO_SHORT; |
430
|
|
|
|
|
|
|
} |
431
|
|
|
|
|
|
|
|
432
|
|
|
|
|
|
|
if (ARGON2_MAX_SALT_LENGTH < context->saltlen) { |
433
|
|
|
|
|
|
|
return ARGON2_SALT_TOO_LONG; |
434
|
|
|
|
|
|
|
} |
435
|
|
|
|
|
|
|
|
436
|
|
|
|
|
|
|
/* Validate secret (optional param) */ |
437
|
47
|
50
|
|
|
|
|
if (NULL == context->secret) { |
438
|
47
|
50
|
|
|
|
|
if (0 != context->secretlen) { |
439
|
|
|
|
|
|
|
return ARGON2_SECRET_PTR_MISMATCH; |
440
|
|
|
|
|
|
|
} |
441
|
|
|
|
|
|
|
} else { |
442
|
|
|
|
|
|
|
if (ARGON2_MIN_SECRET > context->secretlen) { |
443
|
|
|
|
|
|
|
return ARGON2_SECRET_TOO_SHORT; |
444
|
|
|
|
|
|
|
} |
445
|
|
|
|
|
|
|
if (ARGON2_MAX_SECRET < context->secretlen) { |
446
|
|
|
|
|
|
|
return ARGON2_SECRET_TOO_LONG; |
447
|
|
|
|
|
|
|
} |
448
|
|
|
|
|
|
|
} |
449
|
|
|
|
|
|
|
|
450
|
|
|
|
|
|
|
/* Validate associated data (optional param) */ |
451
|
47
|
50
|
|
|
|
|
if (NULL == context->ad) { |
452
|
47
|
50
|
|
|
|
|
if (0 != context->adlen) { |
453
|
|
|
|
|
|
|
return ARGON2_AD_PTR_MISMATCH; |
454
|
|
|
|
|
|
|
} |
455
|
|
|
|
|
|
|
} else { |
456
|
|
|
|
|
|
|
if (ARGON2_MIN_AD_LENGTH > context->adlen) { |
457
|
|
|
|
|
|
|
return ARGON2_AD_TOO_SHORT; |
458
|
|
|
|
|
|
|
} |
459
|
|
|
|
|
|
|
if (ARGON2_MAX_AD_LENGTH < context->adlen) { |
460
|
|
|
|
|
|
|
return ARGON2_AD_TOO_LONG; |
461
|
|
|
|
|
|
|
} |
462
|
|
|
|
|
|
|
} |
463
|
|
|
|
|
|
|
|
464
|
|
|
|
|
|
|
/* Validate memory cost */ |
465
|
47
|
50
|
|
|
|
|
if (ARGON2_MIN_MEMORY > context->m_cost) { |
466
|
|
|
|
|
|
|
return ARGON2_MEMORY_TOO_LITTLE; |
467
|
|
|
|
|
|
|
} |
468
|
|
|
|
|
|
|
|
469
|
|
|
|
|
|
|
if (ARGON2_MAX_MEMORY < context->m_cost) { |
470
|
|
|
|
|
|
|
return ARGON2_MEMORY_TOO_MUCH; |
471
|
|
|
|
|
|
|
} |
472
|
|
|
|
|
|
|
|
473
|
47
|
50
|
|
|
|
|
if (context->m_cost < 8 * context->lanes) { |
474
|
|
|
|
|
|
|
return ARGON2_MEMORY_TOO_LITTLE; |
475
|
|
|
|
|
|
|
} |
476
|
|
|
|
|
|
|
|
477
|
|
|
|
|
|
|
/* Validate time cost */ |
478
|
47
|
50
|
|
|
|
|
if (ARGON2_MIN_TIME > context->t_cost) { |
479
|
|
|
|
|
|
|
return ARGON2_TIME_TOO_SMALL; |
480
|
|
|
|
|
|
|
} |
481
|
|
|
|
|
|
|
|
482
|
|
|
|
|
|
|
if (ARGON2_MAX_TIME < context->t_cost) { |
483
|
|
|
|
|
|
|
return ARGON2_TIME_TOO_LARGE; |
484
|
|
|
|
|
|
|
} |
485
|
|
|
|
|
|
|
|
486
|
|
|
|
|
|
|
/* Validate lanes */ |
487
|
47
|
50
|
|
|
|
|
if (ARGON2_MIN_LANES > context->lanes) { |
488
|
|
|
|
|
|
|
return ARGON2_LANES_TOO_FEW; |
489
|
|
|
|
|
|
|
} |
490
|
|
|
|
|
|
|
|
491
|
47
|
50
|
|
|
|
|
if (ARGON2_MAX_LANES < context->lanes) { |
492
|
|
|
|
|
|
|
return ARGON2_LANES_TOO_MANY; |
493
|
|
|
|
|
|
|
} |
494
|
|
|
|
|
|
|
|
495
|
|
|
|
|
|
|
/* Validate threads */ |
496
|
47
|
50
|
|
|
|
|
if (ARGON2_MIN_THREADS > context->threads) { |
497
|
|
|
|
|
|
|
return ARGON2_THREADS_TOO_FEW; |
498
|
|
|
|
|
|
|
} |
499
|
|
|
|
|
|
|
|
500
|
47
|
50
|
|
|
|
|
if (ARGON2_MAX_THREADS < context->threads) { |
501
|
|
|
|
|
|
|
return ARGON2_THREADS_TOO_MANY; |
502
|
|
|
|
|
|
|
} |
503
|
|
|
|
|
|
|
|
504
|
47
|
50
|
|
|
|
|
if (NULL != context->allocate_cbk && NULL == context->free_cbk) { |
|
|
0
|
|
|
|
|
|
505
|
|
|
|
|
|
|
return ARGON2_FREE_MEMORY_CBK_NULL; |
506
|
|
|
|
|
|
|
} |
507
|
|
|
|
|
|
|
|
508
|
47
|
50
|
|
|
|
|
if (NULL == context->allocate_cbk && NULL != context->free_cbk) { |
|
|
50
|
|
|
|
|
|
509
|
|
|
|
|
|
|
return ARGON2_ALLOCATE_MEMORY_CBK_NULL; |
510
|
|
|
|
|
|
|
} |
511
|
|
|
|
|
|
|
|
512
|
47
|
|
|
|
|
|
return ARGON2_OK; |
513
|
|
|
|
|
|
|
} |
514
|
|
|
|
|
|
|
|
515
|
28
|
|
|
|
|
|
void fill_first_blocks(uint8_t *blockhash, const argon2_instance_t *instance) { |
516
|
|
|
|
|
|
|
uint32_t l; |
517
|
|
|
|
|
|
|
/* Make the first and second block in each lane as G(H0||0||i) or |
518
|
|
|
|
|
|
|
G(H0||1||i) */ |
519
|
|
|
|
|
|
|
uint8_t blockhash_bytes[ARGON2_BLOCK_SIZE]; |
520
|
59
|
100
|
|
|
|
|
for (l = 0; l < instance->lanes; ++l) { |
521
|
|
|
|
|
|
|
|
522
|
31
|
|
|
|
|
|
store32(blockhash + ARGON2_PREHASH_DIGEST_LENGTH, 0); |
523
|
31
|
|
|
|
|
|
store32(blockhash + ARGON2_PREHASH_DIGEST_LENGTH + 4, l); |
524
|
31
|
|
|
|
|
|
blake2b_long(blockhash_bytes, ARGON2_BLOCK_SIZE, blockhash, |
525
|
|
|
|
|
|
|
ARGON2_PREHASH_SEED_LENGTH); |
526
|
31
|
|
|
|
|
|
load_block(&instance->memory[l * instance->lane_length + 0], |
527
|
|
|
|
|
|
|
blockhash_bytes); |
528
|
|
|
|
|
|
|
|
529
|
|
|
|
|
|
|
store32(blockhash + ARGON2_PREHASH_DIGEST_LENGTH, 1); |
530
|
31
|
|
|
|
|
|
blake2b_long(blockhash_bytes, ARGON2_BLOCK_SIZE, blockhash, |
531
|
|
|
|
|
|
|
ARGON2_PREHASH_SEED_LENGTH); |
532
|
31
|
|
|
|
|
|
load_block(&instance->memory[l * instance->lane_length + 1], |
533
|
|
|
|
|
|
|
blockhash_bytes); |
534
|
|
|
|
|
|
|
} |
535
|
28
|
|
|
|
|
|
clear_internal_memory(blockhash_bytes, ARGON2_BLOCK_SIZE); |
536
|
28
|
|
|
|
|
|
} |
537
|
|
|
|
|
|
|
|
538
|
28
|
|
|
|
|
|
void initial_hash(uint8_t *blockhash, argon2_context *context, |
539
|
|
|
|
|
|
|
argon2_type type) { |
540
|
|
|
|
|
|
|
blake2b_state BlakeHash; |
541
|
|
|
|
|
|
|
uint8_t value[sizeof(uint32_t)]; |
542
|
|
|
|
|
|
|
|
543
|
28
|
50
|
|
|
|
|
if (NULL == context || NULL == blockhash) { |
544
|
0
|
|
|
|
|
|
return; |
545
|
|
|
|
|
|
|
} |
546
|
|
|
|
|
|
|
|
547
|
28
|
|
|
|
|
|
blake2b_init(&BlakeHash, ARGON2_PREHASH_DIGEST_LENGTH); |
548
|
|
|
|
|
|
|
|
549
|
28
|
|
|
|
|
|
store32(&value, context->lanes); |
550
|
28
|
|
|
|
|
|
blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); |
551
|
|
|
|
|
|
|
|
552
|
28
|
|
|
|
|
|
store32(&value, context->outlen); |
553
|
28
|
|
|
|
|
|
blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); |
554
|
|
|
|
|
|
|
|
555
|
28
|
|
|
|
|
|
store32(&value, context->m_cost); |
556
|
28
|
|
|
|
|
|
blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); |
557
|
|
|
|
|
|
|
|
558
|
28
|
|
|
|
|
|
store32(&value, context->t_cost); |
559
|
28
|
|
|
|
|
|
blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); |
560
|
|
|
|
|
|
|
|
561
|
28
|
|
|
|
|
|
store32(&value, context->version); |
562
|
28
|
|
|
|
|
|
blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); |
563
|
|
|
|
|
|
|
|
564
|
|
|
|
|
|
|
store32(&value, (uint32_t)type); |
565
|
28
|
|
|
|
|
|
blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); |
566
|
|
|
|
|
|
|
|
567
|
28
|
|
|
|
|
|
store32(&value, context->pwdlen); |
568
|
28
|
|
|
|
|
|
blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); |
569
|
|
|
|
|
|
|
|
570
|
28
|
50
|
|
|
|
|
if (context->pwd != NULL) { |
571
|
28
|
|
|
|
|
|
blake2b_update(&BlakeHash, (const uint8_t *)context->pwd, |
572
|
28
|
|
|
|
|
|
context->pwdlen); |
573
|
|
|
|
|
|
|
|
574
|
28
|
50
|
|
|
|
|
if (context->flags & ARGON2_FLAG_CLEAR_PASSWORD) { |
575
|
0
|
|
|
|
|
|
secure_wipe_memory(context->pwd, context->pwdlen); |
576
|
0
|
|
|
|
|
|
context->pwdlen = 0; |
577
|
|
|
|
|
|
|
} |
578
|
|
|
|
|
|
|
} |
579
|
|
|
|
|
|
|
|
580
|
28
|
|
|
|
|
|
store32(&value, context->saltlen); |
581
|
28
|
|
|
|
|
|
blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); |
582
|
|
|
|
|
|
|
|
583
|
28
|
50
|
|
|
|
|
if (context->salt != NULL) { |
584
|
28
|
|
|
|
|
|
blake2b_update(&BlakeHash, (const uint8_t *)context->salt, |
585
|
28
|
|
|
|
|
|
context->saltlen); |
586
|
|
|
|
|
|
|
} |
587
|
|
|
|
|
|
|
|
588
|
28
|
|
|
|
|
|
store32(&value, context->secretlen); |
589
|
28
|
|
|
|
|
|
blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); |
590
|
|
|
|
|
|
|
|
591
|
28
|
50
|
|
|
|
|
if (context->secret != NULL) { |
592
|
0
|
|
|
|
|
|
blake2b_update(&BlakeHash, (const uint8_t *)context->secret, |
593
|
0
|
|
|
|
|
|
context->secretlen); |
594
|
|
|
|
|
|
|
|
595
|
0
|
0
|
|
|
|
|
if (context->flags & ARGON2_FLAG_CLEAR_SECRET) { |
596
|
0
|
|
|
|
|
|
secure_wipe_memory(context->secret, context->secretlen); |
597
|
0
|
|
|
|
|
|
context->secretlen = 0; |
598
|
|
|
|
|
|
|
} |
599
|
|
|
|
|
|
|
} |
600
|
|
|
|
|
|
|
|
601
|
28
|
|
|
|
|
|
store32(&value, context->adlen); |
602
|
28
|
|
|
|
|
|
blake2b_update(&BlakeHash, (const uint8_t *)&value, sizeof(value)); |
603
|
|
|
|
|
|
|
|
604
|
28
|
50
|
|
|
|
|
if (context->ad != NULL) { |
605
|
0
|
|
|
|
|
|
blake2b_update(&BlakeHash, (const uint8_t *)context->ad, |
606
|
0
|
|
|
|
|
|
context->adlen); |
607
|
|
|
|
|
|
|
} |
608
|
|
|
|
|
|
|
|
609
|
28
|
|
|
|
|
|
blake2b_final(&BlakeHash, blockhash, ARGON2_PREHASH_DIGEST_LENGTH); |
610
|
|
|
|
|
|
|
} |
611
|
|
|
|
|
|
|
|
612
|
28
|
|
|
|
|
|
int initialize(argon2_instance_t *instance, argon2_context *context) { |
613
|
|
|
|
|
|
|
uint8_t blockhash[ARGON2_PREHASH_SEED_LENGTH]; |
614
|
|
|
|
|
|
|
int result = ARGON2_OK; |
615
|
|
|
|
|
|
|
|
616
|
28
|
50
|
|
|
|
|
if (instance == NULL || context == NULL) |
617
|
|
|
|
|
|
|
return ARGON2_INCORRECT_PARAMETER; |
618
|
28
|
|
|
|
|
|
instance->context_ptr = context; |
619
|
|
|
|
|
|
|
|
620
|
|
|
|
|
|
|
/* 1. Memory allocation */ |
621
|
28
|
|
|
|
|
|
result = allocate_memory(context, (uint8_t **)&(instance->memory), |
622
|
28
|
|
|
|
|
|
instance->memory_blocks, sizeof(block)); |
623
|
28
|
50
|
|
|
|
|
if (result != ARGON2_OK) { |
624
|
|
|
|
|
|
|
return result; |
625
|
|
|
|
|
|
|
} |
626
|
|
|
|
|
|
|
|
627
|
|
|
|
|
|
|
/* 2. Initial hashing */ |
628
|
|
|
|
|
|
|
/* H_0 + 8 extra bytes to produce the first blocks */ |
629
|
|
|
|
|
|
|
/* uint8_t blockhash[ARGON2_PREHASH_SEED_LENGTH]; */ |
630
|
|
|
|
|
|
|
/* Hashing all inputs */ |
631
|
28
|
|
|
|
|
|
initial_hash(blockhash, context, instance->type); |
632
|
|
|
|
|
|
|
/* Zeroing 8 extra bytes */ |
633
|
28
|
|
|
|
|
|
clear_internal_memory(blockhash + ARGON2_PREHASH_DIGEST_LENGTH, |
634
|
|
|
|
|
|
|
ARGON2_PREHASH_SEED_LENGTH - |
635
|
|
|
|
|
|
|
ARGON2_PREHASH_DIGEST_LENGTH); |
636
|
|
|
|
|
|
|
|
637
|
|
|
|
|
|
|
#ifdef GENKAT |
638
|
|
|
|
|
|
|
initial_kat(blockhash, context, instance->type); |
639
|
|
|
|
|
|
|
#endif |
640
|
|
|
|
|
|
|
|
641
|
|
|
|
|
|
|
/* 3. Creating first blocks, we always have at least two blocks in a slice |
642
|
|
|
|
|
|
|
*/ |
643
|
28
|
|
|
|
|
|
fill_first_blocks(blockhash, instance); |
644
|
|
|
|
|
|
|
/* Clearing the hash */ |
645
|
28
|
|
|
|
|
|
clear_internal_memory(blockhash, ARGON2_PREHASH_SEED_LENGTH); |
646
|
|
|
|
|
|
|
|
647
|
28
|
|
|
|
|
|
return ARGON2_OK; |
648
|
|
|
|
|
|
|
} |