diff options
Diffstat (limited to '')
| -rw-r--r-- | Makefile | 3 | ||||
| -rw-r--r-- | README | 7 | ||||
| -rw-r--r-- | librecrypt.7 | 7 | ||||
| -rw-r--r-- | librecrypt.h | 68 | ||||
| -rw-r--r-- | librecrypt_is_enabled.3 | 113 | ||||
| -rw-r--r-- | librecrypt_is_enabled.c | 86 | ||||
| -rw-r--r-- | librecrypt_test_supported.3 | 4 |
7 files changed, 284 insertions, 4 deletions
@@ -37,7 +37,8 @@ OBJ_PUBLIC_NO_FUZZ =\ librecrypt_wipe.o\ librecrypt_wipe_str.o\ librecrypt_equal_binary.o\ - librecrypt_equal.o + librecrypt_equal.o\ + librecrypt_is_enabled.o OBJ_PUBLIC =\ $(OBJ_PUBLIC_FUZZ)\ @@ -47,7 +47,7 @@ DESCRIPTION librecrypt_add_algorithm(3) Append an algorithm chain to a password hash string. - Password hashing configuration generation functions: + Password hashing configuration functions: librecrypt_test_supported(3) Check whether an algorithm chain is supported. @@ -103,6 +103,11 @@ DESCRIPTION Get encoding alphabet for the last algorithm in a chain. + Library introspection functions (ADVANCED): + librecrypt_is_enabled(3) + Check whenther the library is compiled with support + for a specific hash algorithm. + NOTES Using librecrypt_add_algorithm(3) to hash existing password hashes should be used as a transitional mitigation strategy diff --git a/librecrypt.7 b/librecrypt.7 index 0530246..8abf6d7 100644 --- a/librecrypt.7 +++ b/librecrypt.7 @@ -66,7 +66,7 @@ Validate password against known password hash. .BR librecrypt_add_algorithm (3) Append an algorithm chain to a password hash string. .sp -.SS Password hashing configuration generation functions: +.SS Password hashing configuration functions: .TP .BR librecrypt_test_supported (3) Check whether an algorithm chain is supported. @@ -125,6 +125,11 @@ binary. .BR librecrypt_get_encoding (3) Get encoding alphabet for the last algorithm in a chain. +.sp +.SS Library introspection functions (ADVANCED): +.BR librecrypt_is_enabled (3) +Check whenther the library is compiled with support +for a specific hash algorithm. .SH NOTES Using diff --git a/librecrypt.h b/librecrypt.h index 08efde6..d526e1d 100644 --- a/librecrypt.h +++ b/librecrypt.h @@ -10,11 +10,13 @@ #if defined(__GNUC__) # define LIBRECRYPT_PURE__ __attribute__((__pure__)) +# define LIBRECRYPT_CONST__ __attribute__((__const__)) # define LIBRECRYPT_NONNULL__ __attribute__((__nonnull__)) # define LIBRECRYPT_NONNULL_I__(I) __attribute__((__nonnull__(I))) # define LIBRECRYPT_WUR__ __attribute__((__warn_unused_result__)) #else # define LIBRECRYPT_PURE__ +# define LIBRECRYPT_CONST__ # define LIBRECRYPT_NONNULL__ # define LIBRECRYPT_NONNULL_I__(I) # define LIBRECRYPT_WUR__ @@ -58,6 +60,53 @@ /** + * Hash algorithms that the library might support + */ +enum librecrypt_hash_algorithm { + /** + * Argon2i, version 1.0 ("$argon2i$v=13$", optionally without "$v=13") + */ + LIBRECRYPT_ARGON2I_V1_0, + + /** + * Argon2i, version 1.3 ("$argon2i$v=19$") + */ + LIBRECRYPT_ARGON2I_V1_3, + + /** + * Argon2d, version 1.0 ("$argon2d$v=13$", optionally without "$v=13") + */ + LIBRECRYPT_ARGON2D_V1_0, + + /** + * Argon2d, version 1.3 ("$argon2d$v=19$") + */ + LIBRECRYPT_ARGON2D_V1_3, + + /** + * Argon2id, version 1.0 ("$argon2id$v=13$", optionally without "$v=13") + */ + LIBRECRYPT_ARGON2ID_V1_0, + + /** + * Argon2id, version 1.3 ("$argon2id$v=19$") + */ + LIBRECRYPT_ARGON2ID_V1_3, + + /** + * Argon2ds, version 1.0 ("$argon2ds$v=13$", optionally without "$v=13") + */ + LIBRECRYPT_ARGON2DS_V1_0, + + /** + * Argon2ds, version 1.3 ("$argon2ds$v=19$") + */ + LIBRECRYPT_ARGON2DS_V1_3 +}; + + + +/** * Get number of bytes in a password hash string * that make up the algorithm configuration * @@ -859,6 +908,8 @@ int librecrypt_verify(const char *phrase, size_t len, const char *settings, void * if the selected word does not match such constraints * for the first algorithm in the chain, 0 is returned * + * @seealso librecrypt_is_enabled + * * This function is MT-Safe and AS-Safe * * @since 1.0 @@ -868,6 +919,23 @@ int librecrypt_test_supported(const char *phrase, size_t len, int text, const ch /** + * Check whether the library has been compiled to + * support a specific hash algorithm + * + * @param algo The hash algorithm + * @return 1 if the hash algorithm is enabled, 0 otherwise + * + * @seealso librecrypt_test_supported + * + * This function is MT-Safe and AS-Safe + * + * @since 1.1 + */ +LIBRECRYPT_CONST__ LIBRECRYPT_WUR__ +int librecrypt_is_enabled(enum librecrypt_hash_algorithm algo); + + +/** * Chain togather another set of hash algorithms * * If you are using the `librecrypt_crypt` format, diff --git a/librecrypt_is_enabled.3 b/librecrypt_is_enabled.3 new file mode 100644 index 0000000..b7570aa --- /dev/null +++ b/librecrypt_is_enabled.3 @@ -0,0 +1,113 @@ +.TH LIBRECRYPT_IS_ENABLED 3 LIBRECRYPT +.SH NAME +librecrypt_is_enabled - Check whether an algorithm was enabled at compile-time + +.SH SYNOPSIS +.nf +#include <librecrypt.h> + +enum librecrypt_hash_algorithm { + LIBRECRYPT_ARGON2I_V1_0, + LIBRECRYPT_ARGON2I_V1_3, + LIBRECRYPT_ARGON2D_V1_0, + LIBRECRYPT_ARGON2D_V1_3, + LIBRECRYPT_ARGON2ID_V1_0, + LIBRECRYPT_ARGON2ID_V1_3, + LIBRECRYPT_ARGON2DS_V1_0, + LIBRECRYPT_ARGON2DS_V1_3 +}; + +int \fBlibrecrypt_is_enabled\fP(enum librecrypt_hash_algorithm \fIalgo\fP); +.fi +.PP +Link with +.IR -lrecrypt . + +.SH DESCRIPTION +The +.BR librecrypt_is_enabled () +function checks whether the the +.B librecrypt +library end it's dependencies where compiled to +support the hash algorithm specified in the +.I algo +parameter. + +.SH RETURN VALUES +The +.BR librecrypt_is_enabled () +function returns 1 if the hash algorithm is +enabled, 0 otherwise (disabled or not recognised). + +.SH ERRORS +The +.BR librecrypt_is_enabled () +function cannot fail. + +.SH ATTRIBUTES +For an explanation of the terms used in this section, see +.BR attributes (7). +.PP +.TS +allbox; +lb lb lb +l l l. +Interface Attribute Value +T{ +.BR librecrypt_is_enabled () +T} Thread safety MT-Safe +T{ +.BR librecrypt_is_enabled () +T} Async-signal safety AS-Safe +.TE +.sp + +.SH EXTENDED DESCRIPTION +The following values for +.I algo +are supported and may cause the +.BR librecrypt_is_enabled () +function to return either 0 or 1 +(all other cause the function to return 0): +.TP +.B LIBRECRYPT_ARGON2I_V1_0 +Argon2i, version 1.0, which is presented by +\(dq$argon2i$v=13$\(dq, optionally without \(dq$v=13\(dq. +.TP +.B LIBRECRYPT_ARGON2I_V1_3 +Argon2i, version 1.3, which is presented by +\(dq$argon2i$v=19$\(dq. +.TP +.B LIBRECRYPT_ARGON2D_V1_0 +Argon2d, version 1.0, which is presented by +\(dq$argon2d$v=13$\(dq, optionally without \(dq$v=13\(dq. +.TP +.B LIBRECRYPT_ARGON2D_V1_3 +Argon2d, version 1.3, which is presented by +\(dq$argon2d$v=19$\(dq. +.TP +.B LIBRECRYPT_ARGON2ID_V1_0 +Argon2id, version 1.0, which is presented by +\(dq$argon2id$v=13$\(dq, optionally without \(dq$v=13\(dq. +.TP +.B LIBRECRYPT_ARGON2ID_V1_3 +Argon2id, version 1.3, which is presented by +\(dq$argon2id$v=19$\(dq. +.TP +.B LIBRECRYPT_ARGON2DS_V1_0 +Argon2ds, version 1.0, which is presented by +\(dq$argon2ds$v=13$\(dq, optionally without \(dq$v=13\(dq. +.TP +.B LIBRECRYPT_ARGON2DS_V1_3 +Argon2ds, version 1.3, which is presented by +\(dq$argon2ds$v=19$\(dq. + +.SH HISTORY +The +.BR librecrypt_is_enabled () +function was introduced in version 1.1 of +.BR librecrypt . + +.SH SEE ALSO +.BR librecrypt (7), +.BR librecrypt_test_supported (3) diff --git a/librecrypt_is_enabled.c b/librecrypt_is_enabled.c new file mode 100644 index 0000000..1bc9429 --- /dev/null +++ b/librecrypt_is_enabled.c @@ -0,0 +1,86 @@ +/* See LICENSE file for copyright and license details. */ +#include "common.h" +#ifndef TEST + + +#define INCLUDE(ALGO, VAL) IF__##ALGO##__SUPPORTED((UINT64_C(1) << (VAL)) |) + +static const uint64_t enabled = + INCLUDE(argon2i, LIBRECRYPT_ARGON2I_V1_0) + INCLUDE(argon2i, LIBRECRYPT_ARGON2I_V1_3) + INCLUDE(argon2d, LIBRECRYPT_ARGON2D_V1_0) + INCLUDE(argon2d, LIBRECRYPT_ARGON2D_V1_3) + INCLUDE(argon2id, LIBRECRYPT_ARGON2ID_V1_0) + INCLUDE(argon2id, LIBRECRYPT_ARGON2ID_V1_3) + INCLUDE(argon2ds, LIBRECRYPT_ARGON2DS_V1_0) + INCLUDE(argon2ds, LIBRECRYPT_ARGON2DS_V1_3) + UINT64_C(0); + + +int +librecrypt_is_enabled(enum librecrypt_hash_algorithm algo) +{ +#if defined(__clang__) +# pragma clang diagnostic push +# pragma clang diagnostic ignored "-Wtautological-unsigned-enum-zero-compare" +#endif + + if (algo < 0 || algo >= 64) + return 0; + +#if defined(__clang__) +# pragma clang diagnostic pop +#endif + + /* Version 1.0 and 1.3 of Argon2 are supported in all + * versions of libar2, so there is no need to check + * libar2_latest_argon2_version*/ + + return (int)(enabled >> (unsigned)algo) & 1; +} + + +#else + + +#if defined(__clang__) +# pragma clang diagnostic ignored "-Wassign-enum" +# pragma clang diagnostic ignored "-Wsign-conversion" +#endif + + +#define CHECK(ALGO, EXPECTED)\ + do {\ + EXPECT(librecrypt_is_enabled(ALGO) == (EXPECTED));\ + if ((int)(ALGO) > highest)\ + highest = (int)(ALGO);\ + } while (0) + + +int +main(void) +{ + int i, highest = -1; + + SET_UP_ALARM(); + INIT_RESOURCE_TEST(); + + CHECK((enum librecrypt_hash_algorithm)-1, 0); + CHECK(LIBRECRYPT_ARGON2I_V1_0, IF__argon2i__SUPPORTED(1 + ) 0); + CHECK(LIBRECRYPT_ARGON2I_V1_3, IF__argon2i__SUPPORTED(1 + ) 0); + CHECK(LIBRECRYPT_ARGON2D_V1_0, IF__argon2i__SUPPORTED(1 + ) 0); + CHECK(LIBRECRYPT_ARGON2D_V1_3, IF__argon2i__SUPPORTED(1 + ) 0); + CHECK(LIBRECRYPT_ARGON2ID_V1_0, IF__argon2i__SUPPORTED(1 + ) 0); + CHECK(LIBRECRYPT_ARGON2ID_V1_3, IF__argon2i__SUPPORTED(1 + ) 0); + CHECK(LIBRECRYPT_ARGON2DS_V1_0, IF__argon2i__SUPPORTED(1 + ) 0); + CHECK(LIBRECRYPT_ARGON2DS_V1_3, IF__argon2i__SUPPORTED(1 + ) 0); + + for (i = 0; i < 1024 && highest != INT_MAX; i++) + CHECK((enum librecrypt_hash_algorithm)(highest + 1), 0); + + STOP_RESOURCE_TEST(); + return 0; +} + + +#endif diff --git a/librecrypt_test_supported.3 b/librecrypt_test_supported.3 index 6afb068..9cb1ec4 100644 --- a/librecrypt_test_supported.3 +++ b/librecrypt_test_supported.3 @@ -99,6 +99,8 @@ function was introduced in version 1.0 of .SH SEE ALSO .BR librecrypt (7), +.BR librecrypt_test_supported (3), .BR librecrypt_hash_binary (3), .BR librecrypt_hash (3), -.BR librecrypt_crypt (3) +.BR librecrypt_crypt (3), +.BR librecrypt_verify (3) |