diff options
| author | Mattias Andrée <maandree@kth.se> | 2022-02-15 13:48:52 +0100 | 
|---|---|---|
| committer | Mattias Andrée <maandree@kth.se> | 2022-02-15 13:48:52 +0100 | 
| commit | 107c9f195b9a480c58c657efac05947de9043d5f (patch) | |
| tree | 168e13b29a5cd87bc0b80e2118be0953c6148e34 | |
| parent | Add test for salt generation (diff) | |
| download | libar2simplified-107c9f195b9a480c58c657efac05947de9043d5f.tar.gz libar2simplified-107c9f195b9a480c58c657efac05947de9043d5f.tar.bz2 libar2simplified-107c9f195b9a480c58c657efac05947de9043d5f.tar.xz | |
Add libar2simplified_recommendation1.0
Signed-off-by: Mattias Andrée <maandree@kth.se>
Diffstat (limited to '')
| -rw-r--r-- | Makefile | 3 | ||||
| -rw-r--r-- | common.h | 8 | ||||
| -rw-r--r-- | libar2simplified.7 | 3 | ||||
| -rw-r--r-- | libar2simplified.h | 18 | ||||
| -rw-r--r-- | libar2simplified_crypt.3 | 1 | ||||
| -rw-r--r-- | libar2simplified_decode.3 | 3 | ||||
| -rw-r--r-- | libar2simplified_recommendation.3 | 50 | ||||
| -rw-r--r-- | libar2simplified_recommendation.c | 9 | ||||
| -rw-r--r-- | test.c | 54 | 
9 files changed, 145 insertions, 4 deletions
| @@ -21,7 +21,8 @@ OBJ =\  	libar2simplified_decode.o\  	libar2simplified_encode.o\  	libar2simplified_encode_hash.o\ -	libar2simplified_hash.o +	libar2simplified_hash.o\ +	libar2simplified_recommendation.o  HDR =\  	libar2simplified.h\ @@ -31,3 +31,11 @@  #ifndef FALLBACK_NPROC  # define FALLBACK_NPROC 4  #endif + + +#ifndef RECOMMENDATION_SIDE_CHANNEL_ENVIRONMENT +# define RECOMMENDATION_SIDE_CHANNEL_ENVIRONMENT "$argon2id$v=19$m=3072,t=32,p=4$*16$*48" +#endif +#ifndef RECOMMENDATION_SIDE_CHANNEL_FREE_ENVIRONMENT +# define RECOMMENDATION_SIDE_CHANNEL_FREE_ENVIRONMENT "$argon2d$v=19$m=3072,t=32,p=4$*16$*48" +#endif diff --git a/libar2simplified.7 b/libar2simplified.7 index bc03fff..ef7584c 100644 --- a/libar2simplified.7 +++ b/libar2simplified.7 @@ -45,4 +45,5 @@ the parameters.  .BR libar2simplified_decode (3),  .BR libar2simplified_encode (3),  .BR libar2simplified_encode_hash (3), -.BR libar2simplified_hash (3) +.BR libar2simplified_hash (3), +.BR libar2simplified_recommendation (3) diff --git a/libar2simplified.h b/libar2simplified.h index cd784d4..e1233e2 100644 --- a/libar2simplified.h +++ b/libar2simplified.h @@ -4,6 +4,24 @@  #include <libar2.h> +/** + * Get a recommended set of hashing parameter + *  + * These shall not be taken too seriously, they are + * just for getting you up and running. You should + * tweak the them to your requirements. + *  + * @param   side_channel_free  Whether the environment is considered safe + *                             enought against side-channel attacks, use 0 if + *                             you don't know (it is very unlikely that it is) + * @return                     Hashing parameters than can be used for + *                             `libar2simplified_crypt` or `libar2simplified_decode` + */ +#if defined(__GNUC__) +__attribute__((const)) +#endif +const char *libar2simplified_recommendation(int side_channel_free); +  /* These are useful when the database stores parameters and   * hash separately, when the application uses a pepper, or   * when composing multiple hash functions: */ diff --git a/libar2simplified_crypt.3 b/libar2simplified_crypt.3 index 6b6a0e4..b2851e5 100644 --- a/libar2simplified_crypt.3 +++ b/libar2simplified_crypt.3 @@ -125,6 +125,7 @@ A thread terminated unexpectedly.  .SH SEE ALSO  .BR libar2simplified (7), +.BR libar2simplified_recommendation (3),  .BR libar2simplified_encode (3),  .BR libar2simplified_hash (3),  .BR libar2_hash (3), diff --git a/libar2simplified_decode.3 b/libar2simplified_decode.3 index eaf8388..8de6ddf 100644 --- a/libar2simplified_decode.3 +++ b/libar2simplified_decode.3 @@ -32,7 +32,7 @@ parameter; or if  .I random_byte_generator  is  .IR NULL , -a function built into the libary itself. If the parameter +a function built into the library itself. If the parameter  string specifies a tag (hash result), a pointer to it  is stored in  .IR *tagp , @@ -135,6 +135,7 @@ deallocated.  .BR libar2simplified (7),  .BR libar2simplified_encode (3),  .BR libar2simplified_encode_hash (3), +.BR libar2simplified_recommendation (3),  .BR libar2simplified_hash (3),  .BR libar2_decode_params (3),  .BR libar2_validate_params (3), diff --git a/libar2simplified_recommendation.3 b/libar2simplified_recommendation.3 new file mode 100644 index 0000000..842af40 --- /dev/null +++ b/libar2simplified_recommendation.3 @@ -0,0 +1,50 @@ +.TH LIBAR2SIMPLIFIED_RECOMMENDATION 3 LIBAR2SIMPLIFIED +.SH NAME +libar2simplified_recommendation - Get recommended hashing parameters + +.SH SYNOPSIS +.nf +#include <libar2simplified.h> + +const char *libar2simplified_recommendation(int \fIside_channel_free\fP); +.fi +.PP +Link with +.IR "-lar2simplified" . + +.SH DESCRIPTION +The +.BR libar2simplified_recommendation () +function returns a hashing parameter string +that can be used as input to the +.BR libar2simplified_crypt (3) +and +.BR libar2simplified_decode (3) +functions. +.PP +.I side_channel_free +shall be 1 if you know that the environment +is safe enought against side-channel attacks, +otherwise it shall be 0. +.PP +The output parameters are just so you have +something to start with, they shall not be taken +too seriously, and should be tween to your +requirements. + +.SH RETURN VALUES +The +.BR libar2simplified_recommendation () +function returns a statically allocated, +read-only, hashing parameter string. + +.SH ERRORS +The +.BR libar2simplified_recommendation () +function cannot fail. + +.SH SEE ALSO +.BR libar2simplified (7), +.BR libar2simplified_crypt (3), +.BR libar2simplified_decode (3), +.BR libar2_hash (3) diff --git a/libar2simplified_recommendation.c b/libar2simplified_recommendation.c new file mode 100644 index 0000000..23f7060 --- /dev/null +++ b/libar2simplified_recommendation.c @@ -0,0 +1,9 @@ +/* See LICENSE file for copyright and license details. */ +#include "common.h" + + +const char * +libar2simplified_recommendation(int side_channel_free) +{ +	return side_channel_free ? RECOMMENDATION_SIDE_CHANNEL_FREE_ENVIRONMENT : RECOMMENDATION_SIDE_CHANNEL_ENVIRONMENT; +} @@ -3,6 +3,10 @@  #ifdef __linux__  #include <sys/random.h>  #endif +#include <time.h> +#ifndef CLOCK_MONOTONIC_RAW +# define CLOCK_MONOTONIC_RAW CLOCK_MONOTONIC +#endif  #define SALT_ALPHABET "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" @@ -114,8 +118,9 @@ check_hash(const char *pwd, size_t pwdlen, const char *input, const char *output  #ifdef __linux__ -static ssize_t getrandom_return; +static ssize_t getrandom_return = -1;  static char getrandom_random0; +static int getrandom_real;  #endif  ssize_t @@ -149,6 +154,7 @@ check_random_salt_generate(void)  		"HIJKLMNOHIJ"  	}; +	getrandom_real = 0;  	for (i = 0; i < sizeof(params) / sizeof(*params); i++) {  		getrandom_return = (ssize_t)(i + 1);  		getrandom_random0 = (char)i; @@ -177,6 +183,41 @@ check_random_salt_generate(void)  } +static void +time_hash(const char *params_str, const char *params_name, int lineno) +{ +	struct libar2_argon2_parameters *params; +	unsigned char hash[1024]; +	struct timespec start, end; +	uintmax_t ms, sub_ms; +	int r; + +	from_lineno = lineno; +	errno = 0; + +	assert(!!(params = libar2simplified_decode(params_str, NULL, NULL, NULL))); +	assert(params->hashlen <= sizeof(hash)); +	clock_gettime(CLOCK_MONOTONIC_RAW, &start); +	r = libar2simplified_hash(hash, NULL, 0, params); +	clock_gettime(CLOCK_MONOTONIC_RAW, &end); +	assert(!r); +	free(params); +	end.tv_sec -= start.tv_sec; +	end.tv_nsec -= start.tv_nsec; +	if (end.tv_nsec < 0) { +		end.tv_sec -= 1; +		end.tv_nsec += 1000000000L; +	} +	ms = (uintmax_t)end.tv_sec; +	ms *= 1000; +	ms += (uintmax_t)(end.tv_nsec / 1000000L); +	sub_ms = (uintmax_t)(end.tv_nsec % 1000000L); +	fprintf(stderr, "Hash time for %s: %ju.%06jums\n", params_name, ms, sub_ms); + +	from_lineno = 0; +} + +  static int  gensalt_ICAgICAgICA(char *out, size_t n)  { @@ -192,6 +233,7 @@ gensalt_ICAgICAgICA(char *out, size_t n)  int  main(void)  { +#if 1  #define CHECK(PWD, HASH)\  	check_hash(MEM(PWD), HASH, HASH, NULL, __LINE__) @@ -245,5 +287,15 @@ main(void)  	check_random_salt_generate(); +	assert_streq(libar2simplified_recommendation(0), RECOMMENDATION_SIDE_CHANNEL_ENVIRONMENT); +	assert_streq(libar2simplified_recommendation(1), RECOMMENDATION_SIDE_CHANNEL_FREE_ENVIRONMENT); +#endif + +#if 0 +#define TIME_HASH(PARAMS) time_hash(PARAMS, #PARAMS, __LINE__) +	TIME_HASH(libar2simplified_recommendation(0)); +	TIME_HASH(libar2simplified_recommendation(1)); +#endif +  	return 0;  } | 
