aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--DEPENDENCIES14
-rw-r--r--argon2/argon2.h62
-rw-r--r--argon2/hash.c172
-rw-r--r--argon2/make_settings.c31
-rw-r--r--argon2/suffix.mk13
-rw-r--r--argon2/test_supported.c13
-rw-r--r--librecrypt_add_algorithm.c2
-rw-r--r--librecrypt_crypt.c28
-rw-r--r--librecrypt_find_first_algorithm_.c13
-rw-r--r--librecrypt_get_encoding.c13
-rw-r--r--librecrypt_get_pepper_.c56
-rw-r--r--librecrypt_hash.c18
-rw-r--r--librecrypt_hash_.c2
-rw-r--r--librecrypt_hash_binary.c12
-rw-r--r--librecrypt_is_enabled.c38
-rw-r--r--librecrypt_make_settings.c8
-rw-r--r--librecrypt_realise_salts.c16
-rw-r--r--librecrypt_scan_settings.c50
-rw-r--r--librecrypt_set_pepper.c79
-rw-r--r--librecrypt_settings_prefix.c22
-rw-r--r--librecrypt_test_supported.c20
-rw-r--r--librecrypt_verify.c6
-rw-r--r--libtest/config.mk5
-rw-r--r--libtest/config_backtraces=false.mk2
-rw-r--r--libtest/config_backtraces=true.mk2
-rw-r--r--libtest/libtest_free.c13
26 files changed, 518 insertions, 192 deletions
diff --git a/DEPENDENCIES b/DEPENDENCIES
index 3206f22..d302e44 100644
--- a/DEPENDENCIES
+++ b/DEPENDENCIES
@@ -14,6 +14,20 @@ For Argon2 support (runtime, build, and check dependencies):
is advisable to use WITH_LIBAR2SIMPLIFIED=false if you
are only going to use p=1 in the Argon2 parameters.
+ If you need to use the reference implementation of Argon2
+ instead, you can build with ARGON2_VERSION set to the
+ release number. Because the reference implementation does
+ not provide a stable API or ABI it is not guaranteed that
+ selecting an unsupported version or linking against another
+ version than compiled against works. Currently, up to and
+ including version 20190702 is supported. 20161029 or newer
+ is required for Argon2id. 20160406 or newer is required for
+ argon2 1.3, and older is required for Argon2ds. libar2 is
+ used unless ARGON2_VERSION is set; libar2 supports all
+ variants. If you are using the reference implementation of
+ Argon2 compiled with ARGON2_NO_THREADS, also set the macro
+ ARGON2_NO_THREADS when compiling this library.
+
Build dependencies:
libc
make
diff --git a/argon2/argon2.h b/argon2/argon2.h
index a14e782..02afcc5 100644
--- a/argon2/argon2.h
+++ b/argon2/argon2.h
@@ -1,6 +1,47 @@
/* See LICENSE file for copyright and license details. */
/* included from "algorithms.h" */
+#if defined(SUPPORT_ARGON2I) || defined(SUPPORT_ARGON2D) || defined(SUPPORT_ARGON2ID) || defined(SUPPORT_ARGON2DS)
+# if !defined(ARGON2_VERSION)
+# include <libar2.h>
+# ifndef NO_LIBAR2SIMPLIFIED
+# include <libar2simplified.h>
+# else
+# define libar2simplified_init_context init_context
+# endif
+# else
+# include <argon2.h>
+# define LIBAR2_ARGON2D 0
+# define LIBAR2_ARGON2I 1
+# define LIBAR2_ARGON2ID 2
+# define LIBAR2_ARGON2DS 4
+# define LIBAR2_ARGON2_VERSION_10 0x10
+# define LIBAR2_ARGON2_VERSION_13 0x13
+# define LIBAR2_MIN_M_COST ARGON2_MIN_MEMORY
+# define LIBAR2_MAX_M_COST ARGON2_MAX_MEMORY
+# define LIBAR2_MIN_T_COST ARGON2_MIN_TIME
+# define LIBAR2_MAX_T_COST ARGON2_MAX_TIME
+# define LIBAR2_MIN_LANES ARGON2_MIN_LANES
+# define LIBAR2_MAX_LANES ARGON2_MAX_LANES
+# define LIBAR2_MIN_SALTLEN ARGON2_MIN_SALT_LENGTH
+# define LIBAR2_MAX_SALTLEN ARGON2_MAX_SALT_LENGTH
+# define LIBAR2_MIN_HASHLEN ARGON2_MIN_OUTLEN
+# define LIBAR2_MAX_HASHLEN ARGON2_MAX_OUTLEN
+# if ARGON2_VERSION < 20161029L
+# ifdef SUPPORT_ARGON2ID
+# undef SUPPORT_ARGON2ID
+# endif
+# endif
+# if ARGON2_VERSION < 20160406L
+# define NO_ARGON2_VERSION_13__
+# else
+# ifdef SUPPORT_ARGON2DS
+# undef SUPPORT_ARGON2DS
+# endif
+# endif
+# endif
+#endif
+
#define IF__argon2i__SUPPORTED(A)
#define IF__argon2d__SUPPORTED(A)
@@ -76,7 +117,17 @@ HIDDEN ssize_t librecrypt__argon2ds__make_settings(char *out_buffer, size_t size
ssize_t (*rng)(void *out, size_t n, void *user), void *user);
#endif
+#define IF__argon2_v1_0__SUPPORTED(A)
+#define IF__argon2_v1_3__SUPPORTED(A)
#if defined(SUPPORT_ARGON2I) || defined(SUPPORT_ARGON2D) || defined(SUPPORT_ARGON2ID) || defined(SUPPORT_ARGON2DS)
+# undef IF__argon2_v1_0__SUPPORTED
+# define IF__argon2_v1_0__SUPPORTED(A) A
+# define SUPPORT_ARGON2_V1_0
+# ifndef NO_ARGON2_VERSION_13__
+# undef IF__argon2_v1_3__SUPPORTED
+# define IF__argon2_v1_3__SUPPORTED(A) A
+# define SUPPORT_ARGON2_V1_3
+# endif
# define argon2__HASH_SIZE 32u
# define argon2__FLEXIBLE_HASH_SIZE 1
# define argon2__STRICT_PAD 0
@@ -89,3 +140,14 @@ HIDDEN PURE int librecrypt__argon2__test_supported(const char *phrase, size_t le
# define REQUIRES_COMMON_RFC4848S4
# endif
#endif
+
+
+#define IF__argon2i_v1_0__SUPPORTED(A) IF__argon2_v1_0__SUPPORTED(IF__argon2i__SUPPORTED(A))
+#define IF__argon2d_v1_0__SUPPORTED(A) IF__argon2_v1_0__SUPPORTED(IF__argon2d__SUPPORTED(A))
+#define IF__argon2id_v1_0__SUPPORTED(A) IF__argon2_v1_0__SUPPORTED(IF__argon2id__SUPPORTED(A))
+#define IF__argon2ds_v1_0__SUPPORTED(A) IF__argon2_v1_0__SUPPORTED(IF__argon2ds__SUPPORTED(A))
+
+#define IF__argon2i_v1_3__SUPPORTED(A) IF__argon2_v1_3__SUPPORTED(IF__argon2i__SUPPORTED(A))
+#define IF__argon2d_v1_3__SUPPORTED(A) IF__argon2_v1_3__SUPPORTED(IF__argon2d__SUPPORTED(A))
+#define IF__argon2id_v1_3__SUPPORTED(A) IF__argon2_v1_3__SUPPORTED(IF__argon2id__SUPPORTED(A))
+#define IF__argon2ds_v1_3__SUPPORTED(A) IF__argon2_v1_3__SUPPORTED(IF__argon2ds__SUPPORTED(A))
diff --git a/argon2/hash.c b/argon2/hash.c
index c964455..e6d6841 100644
--- a/argon2/hash.c
+++ b/argon2/hash.c
@@ -2,20 +2,13 @@
#include "../common.h"
#ifndef TEST
-#include <libar2.h>
-#ifndef NO_LIBAR2SIMPLIFIED
-# include <libar2simplified.h>
-#else
-# define libar2simplified_init_context init_context
-#endif
-
#define RANGE(MIN, MAX) (uintmax_t)(MIN), (uintmax_t)(MAX)
#define BASE64 librecrypt_common_rfc4848s4_decoding_lut_, argon2__PAD, argon2__STRICT_PAD
#define REMOVE_CONST(X) (*(void **)(void *)&(X))
-#ifdef NO_LIBAR2SIMPLIFIED
+#if !defined(ARGON2_VERSION) && defined(NO_LIBAR2SIMPLIFIED)
static void *
allocate(size_t num, size_t size, size_t alignment, struct libar2_context *ctx)
@@ -89,15 +82,105 @@ init_context(struct libar2_context *ctxp)
#endif
+#if defined(ARGON2_VERSION)
+struct type_and_version {
+ unsigned type;
+ unsigned version;
+};
+
+
+# define libar2_hash librecrypt__libar2_hash
+static int
+libar2_hash(void *out_buffer, void *phrase, size_t len, struct Argon2_Context *params, struct type_and_version *params2)
+{
+ int r;
+
+# if ARGON2_VERSION < 20160406L
+ if (params2->version != LIBAR2_ARGON2_VERSION_10) {
+ errno = ENOSYS;
+ return -1;
+ }
+# endif
+
+ params->out = out_buffer;
+ params->pwd = phrase;
+ params->pwdlen = (uint32_t)len;
+# if ARGON2_VERSION >= 20160406L
+ params->version = params2->version;
+# endif
+
+# if ARGON2_VERSION >= 20160406L
+ r = argon2_ctx(params, params2->type);
+# else
+ switch (params2->type) {
+# if defined(SUPPORT_ARGON2D)
+ case LIBAR2_ARGON2D:
+ r = argon2d_ctx(params);
+ break;
+# endif
+# if defined(SUPPORT_ARGON2I)
+ case LIBAR2_ARGON2I:
+ r = argon2i_ctx(params);
+ break;
+# endif
+# if defined(SUPPORT_ARGON2ID)
+ case LIBAR2_ARGON2ID:
+ r = argon2id_ctx(params);
+ break;
+# endif
+#if defined(SUPPORT_ARGON2DS)
+ case LIBAR2_ARGON2DS:
+ r = argon2ds_ctx(params);
+ break;
+# endif
+ default:
+ errno = ENOSYS;
+ return -1;
+ }
+# endif
+
+ switch (r) {
+ case ARGON2_OK:
+ return 0;
+ case ARGON2_MEMORY_ALLOCATION_ERROR:
+ errno = ENOMEM;
+ return -1;
+ case ARGON2_INCORRECT_TYPE:
+ errno = ENOSYS;
+ return -1;
+ default:
+ errno = EINVAL;
+ return -1;
+ }
+}
+
+
+# define libar2_hash_buf_size librecrypt__libar2_hash_buf_size
+static size_t
+libar2_hash_buf_size(struct Argon2_Context *params)
+{
+ return params->outlen;
+}
+#endif
+
+
int
librecrypt__argon2__hash(char *restrict out_buffer, size_t size, const char *phrase, size_t len,
const char *settings, size_t prefix, LIBRECRYPT_CONTEXT *ctx)
{
enum librecrypt_hash_algorithm algo_v10, algo_v13, algo;
+#if !defined(ARGON2_VERSION)
+# define params2 params
struct libar2_argon2_parameters params;
struct libar2_context ar2ctx;
+#else
+# define ar2ctx params2
+# define hashlen outlen
+ struct Argon2_Context params;
+ struct type_and_version params2;
+#endif
const char *type, *version, *salt_encoded;
- uintmax_t mcost, tcost, lanes, saltlen, hashlen;
+ uintmax_t mcost, tcost, lanes, saltlen, taglen;
void *salt = NULL, *scratch = NULL;
size_t scratch_size;
struct pepper *pepper = NULL;
@@ -116,7 +199,7 @@ librecrypt__argon2__hash(char *restrict out_buffer, size_t size, const char *phr
&tcost, RANGE(LIBAR2_MIN_T_COST, LIBAR2_MAX_T_COST),
&lanes, RANGE(LIBAR2_MIN_LANES, LIBAR2_MAX_LANES),
&salt_encoded, &saltlen, RANGE(LIBAR2_MIN_SALTLEN, LIBAR2_MAX_SALTLEN), BASE64,
- &hashlen, RANGE(LIBAR2_MIN_HASHLEN, LIBAR2_MAX_HASHLEN), BASE64);
+ &taglen, RANGE(LIBAR2_MIN_HASHLEN, LIBAR2_MAX_HASHLEN), BASE64);
if (!r) {
errno = EINVAL;
return -1;
@@ -140,6 +223,7 @@ librecrypt__argon2__hash(char *restrict out_buffer, size_t size, const char *phr
return 0;
}
+#if !defined(ARGON2_VERSION)
/* Gives us memory allocation and threading support;
* so we don't have to implement any of that ourselves */
libar2simplified_init_context(&ar2ctx);
@@ -150,6 +234,7 @@ librecrypt__argon2__hash(char *restrict out_buffer, size_t size, const char *phr
ar2ctx.autoerase_salt = 1; /* since we are decoding the salt, we do a memory allocation,
* and our testing always checks that allocated memory is earse;
* it doesn't really matter, but it's paranoid, and that's good */
+#endif
/* Decode salt */
if (!salt_encoded) /* this would be if asterisk-notation is used, but it is not */
@@ -176,16 +261,17 @@ librecrypt__argon2__hash(char *restrict out_buffer, size_t size, const char *phr
}
/* Apply `settings` */
- params.type = type[1u] == 'd' ? LIBAR2_ARGON2ID :
- type[1u] == 's' ? LIBAR2_ARGON2DS :
- type[0u] == 'i' ? LIBAR2_ARGON2I :
- LIBAR2_ARGON2D;
- params.version = !*version ? LIBAR2_ARGON2_VERSION_10 :
- version[3u] == '9' ? LIBAR2_ARGON2_VERSION_13 : /* 19 = 0x13 = 1.3 */
- LIBAR2_ARGON2_VERSION_10; /* 16 = 0x10 = 1.0 */
+ memset(&params, 0, sizeof(params));
+ params2.type = type[1u] == 'd' ? LIBAR2_ARGON2ID :
+ type[1u] == 's' ? LIBAR2_ARGON2DS :
+ type[0u] == 'i' ? LIBAR2_ARGON2I :
+ LIBAR2_ARGON2D;
+ params2.version = !*version ? LIBAR2_ARGON2_VERSION_10 :
+ version[3u] == '9' ? LIBAR2_ARGON2_VERSION_13 : /* 19 = 0x13 = 1.3 */
+ LIBAR2_ARGON2_VERSION_10; /* 16 = 0x10 = 1.0 */
if (!ctx)
goto no_pepper;
- switch (params.type) {
+ switch (params2.type) {
case LIBAR2_ARGON2I:
algo_v10 = LIBRECRYPT_ARGON2I_V1_0;
algo_v13 = LIBRECRYPT_ARGON2I_V1_3;
@@ -207,7 +293,7 @@ librecrypt__argon2__hash(char *restrict out_buffer, size_t size, const char *phr
abort();
/* $covered}$ */
}
- switch (params.version) {
+ switch (params2.version) {
case LIBAR2_ARGON2_VERSION_10:
algo = algo_v10;
break;
@@ -225,12 +311,25 @@ no_pepper:
params.m_cost = (uint_least32_t)mcost;
params.lanes = (uint_least32_t)lanes;
params.salt = salt;
+#if !defined(ARGON2_VERSION)
params.saltlen = (size_t)saltlen;
params.key = pepper ? REMOVE_CONST(pepper->data) : NULL;
params.keylen = pepper ? pepper->len : 0u;
+#else
+ params.saltlen = (uint32_t)saltlen;
+ params.secret = pepper ? REMOVE_CONST(pepper->data) : NULL;
+ params.secretlen = pepper ? (uint32_t)pepper->len : 0u;
+#endif
params.ad = NULL;
params.adlen = 0u;
- params.hashlen = hashlen ? (size_t)hashlen : argon2__HASH_SIZE;
+#if !defined(ARGON2_VERSION)
+ params.hashlen = taglen ? (size_t)taglen : argon2__HASH_SIZE;
+#else
+ params.outlen = taglen ? (uint32_t)taglen : argon2__HASH_SIZE;
+ params.threads = params.lanes;
+ params.allocate_cbk = NULL;
+ params.free_cbk = NULL;
+#endif
/* Argon2 may require a larger buffer to work with for the hash than it outputs */
scratch_size = libar2_hash_buf_size(&params);
@@ -371,6 +470,11 @@ check(const char *phrase, const char *settings, const char *hash, size_t hashlen
#endif
+#if defined(ARGON2_VERSION)
+# define IF_LIBAR2(...)
+#else
+# define IF_LIBAR2(...) __VA_ARGS__
+#endif
#define COMMON buf, 1u, NULL, 0u
#define CHECK_BAD(ALGO)\
do {\
@@ -399,10 +503,12 @@ check(const char *phrase, const char *settings, const char *hash, size_t hashlen
EXPECT(errno == ENOMEM);\
\
/* target `libar2_hash` */\
- libtest_set_alloc_failure_in(3u);\
- errno = 0;\
- EXPECT(librecrypt__argon2__hash(COMMON, S(ALGO"m=1024,t=10,p=1$CCCCDDDDAAAABBBB$"), ctx) == -1);\
- EXPECT(errno == ENOMEM);\
+ IF_LIBAR2(\
+ libtest_set_alloc_failure_in(3u);\
+ errno = 0;\
+ EXPECT(librecrypt__argon2__hash(COMMON, S(ALGO"m=1024,t=10,p=1$CCCCDDDDAAAABBBB$"), ctx) == -1);\
+ EXPECT(errno == ENOMEM);\
+ )\
\
assert(!libtest_get_alloc_failure_in());\
} while (0)
@@ -426,12 +532,13 @@ main(void)
start_over:
#if defined(SUPPORT_ARGON2I)
-# if SIZE_MAX > UINT32_MAX
+# if defined(SUPPORT_ARGON2_V1_0)
+# if SIZE_MAX > UINT32_MAX
errno = 0;
EXPECT(librecrypt__argon2__hash(NULL, 0u, phony, (size_t)UINT32_MAX + 1u, "$argon2i$m=256,t=2,p=1$c29tZXNhbHQ$",
sizeof("$argon2i$m=256,t=2,p=1$c29tZXNhbHQ$"), ctx) == -1);
EXPECT(errno == EINVAL);
-#else
+# else
if (libtest_have_custom_malloc()) {
char conf[256];
int r;
@@ -457,23 +564,32 @@ start_over:
libtest_set_alloc_failure_in(0u);
}
-# endif
+# endif
CHECK("password", "$argon2i$" "m=256,t=2,p=1$c29tZXNhbHQ$", 32, "/U3YPXYsSb3q9XxHvc0MLxur+GP960kN9j7emXX8zwY");
+# endif
+# if defined(SUPPORT_ARGON2_V1_3)
CHECK("password", "$argon2i$v=19$m=256,t=2,p=1$c29tZXNhbHQ$", 32, "iekCn0Y3spW+sCcFanM2xBT63UP2sghkUoHLIUpWRS8");
+# endif
CHECK_BAD("$argon2i$");
#endif
#if defined(SUPPORT_ARGON2ID)
+# if defined(SUPPORT_ARGON2_V1_3)
CHECK("password", "$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$", 32, "nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4");
+# endif
CHECK_BAD("$argon2id$");
#endif
#if defined(SUPPORT_ARGON2DS)
+# if defined(SUPPORT_ARGON2_V1_0)
CHECK("", "$argon2ds$v=16$m=""8,t=1,p=1$ICAgICAgICA$", 32, "zgdykk9ZjN5VyrW0LxGw8LmrJ1Z6fqSC+3jPQtn4n0s");
+# endif
CHECK_BAD("$argon2ds$");
#endif
#if defined(SUPPORT_ARGON2D)
+# if defined(SUPPORT_ARGON2_V1_0)
CHECK("", "$argon2d$v=16$m=""8,t=1,p=1$ICAgICAgICA$", 100, "NjODMrWrS7zeivNNpHsuxD9c6uDmUQ6YqPRhb8H5DSNw9"
"n683FUCJZ3tyxgfJpYYANI+01WT/S5zp1UVs+qNRwnkdE"
"yLKZMg+DIOXVc9z1po9ZlZG8+Gp4g5brqfza3lvkR9vw");
+# endif
CHECK_BAD("$argon2d$");
#endif
@@ -485,7 +601,7 @@ start_over:
memset(nuls, 0, sizeof(nuls));
-#if defined(SUPPORT_ARGON2I)
+#if defined(SUPPORT_ARGON2I) && defined(SUPPORT_ARGON2_V1_3)
assert(sizeof(nuls) >= 4u);
assert(librecrypt_set_pepper(ctx, LIBRECRYPT_ARGON2I_V1_3, nuls, 4u) == 0);
CHECK(" ", "$argon2i$v=19$m=8,t=1,p=1$ICAgICAgICA$", 8, "Mhl4o3AkJuA");
diff --git a/argon2/make_settings.c b/argon2/make_settings.c
index bac49a4..c6d2128 100644
--- a/argon2/make_settings.c
+++ b/argon2/make_settings.c
@@ -1,6 +1,5 @@
/* See LICENSE file for copyright and license details. */
#include "../common.h"
-#include <libar2.h>
#ifndef TEST
@@ -8,7 +7,7 @@ static ssize_t
make_settings(char *out_buffer, size_t size, const char *algorithm, size_t memcost, uintmax_t timecost,
int gensalt, ssize_t (*rng)(void *out, size_t n, void *user), void *user)
{
- const char *p, *version = "19";
+ const char *p, *version;
size_t algolen, ret, min, len, i;
int r;
@@ -50,15 +49,21 @@ make_settings(char *out_buffer, size_t size, const char *algorithm, size_t memco
if (p && p[1u] == 'v') {
p = &p[2u];
if (!strncmp(p, "=16", 3u) && (!p[3u] || p[3u] == '$'))
- version = "16";
+ version = "$v=16";
else if (!strncmp(p, "=19", 3u) && (!p[3u] || p[3u] == '$'))
- version = "19";
+ version = "$v=19";
else
goto enosys;
+ } else {
+#if defined(SUPPORT_ARGON2_V1_3)
+ version = "$v=19";
+#else
+ version = "";
+#endif
}
/* Write algorithm and parameters */
- r = snprintf(out_buffer, size, "%.*s$v=%s$m=%zu,t=%ju,p=1$",
+ r = snprintf(out_buffer, size, "%.*s%s$m=%zu,t=%ju,p=1$",
(int)algolen, algorithm, version, memcost, timecost);
if (r < (int)sizeof("$argon2_$v=__$m=_,t=_,p=1$") - 1)
abort(); /* $covered$ (impossible) */
@@ -351,13 +356,19 @@ check_aborts(ssize_t (*gen)(char *, size_t, const char *, size_t, uintmax_t,
}
+#if defined(SUPPORT_ARGON2_V1_3)
+# define HIGHEST "v=19$"
+#else
+# define HIGHEST ""
+#endif
+
#define CHECK(FUNC, ALGO)\
do {\
- check(&(FUNC), "$"ALGO"$v=19$", NULL);\
- check(&(FUNC), "$"ALGO"$v=19$", "$"ALGO"$");\
- check(&(FUNC), "$"ALGO"$v=19$", "$"ALGO);\
- check(&(FUNC), "$"ALGO"$v=19$", "$"ALGO"$m=100,t=10,p=2$xxxx$*32");\
- check(&(FUNC), "$"ALGO"$v=19$", "$"ALGO"$m=100,t=10,p=2$*40$");\
+ check(&(FUNC), "$"ALGO"$"HIGHEST, NULL);\
+ check(&(FUNC), "$"ALGO"$"HIGHEST, "$"ALGO"$");\
+ check(&(FUNC), "$"ALGO"$"HIGHEST, "$"ALGO);\
+ check(&(FUNC), "$"ALGO"$"HIGHEST, "$"ALGO"$m=100,t=10,p=2$xxxx$*32");\
+ check(&(FUNC), "$"ALGO"$"HIGHEST, "$"ALGO"$m=100,t=10,p=2$*40$");\
check(&(FUNC), "$"ALGO"$v=16$", "$"ALGO"$v=16");\
check(&(FUNC), "$"ALGO"$v=16$", "$"ALGO"$v=16$");\
check(&(FUNC), "$"ALGO"$v=16$", "$"ALGO"$v=16$m=100,t=10,p=2$xxxx$*32");\
diff --git a/argon2/suffix.mk b/argon2/suffix.mk
index 5ca2ceb..f71b040 100644
--- a/argon2/suffix.mk
+++ b/argon2/suffix.mk
@@ -34,16 +34,23 @@ CPPFLAGS_ARGON2 !=\
;fi;\
if ! $(WITH_LIBAR2SIMPLIFIED); then echo\
-DNO_LIBAR2SIMPLIFIED\
+ ;fi;\
+ if test -n "$(ARGON2_VERSION)"; then echo\
+ -DARGON2_VERSION="$(ARGON2_VERSION)L"\
;fi
CFLAGS_ARGON2 !=\
- if $(SUPPORT_ANY_ARGON2) && $(WITH_LIBAR2SIMPLIFIED); then echo\
- -pthread\
+ if $(SUPPORT_ANY_ARGON2) && $(WITH_LIBAR2SIMPLIFIED); then\
+ if test -n "$(ARGON2_VERSION)" || test -n "$(ARGON2_NO_THREADS)"; then echo\
+ -pthread\
+ ;fi\
;fi
LDFLAGS_ARGON2 !=\
if $(SUPPORT_ANY_ARGON2); then\
- if $(WITH_LIBAR2SIMPLIFIED); then echo\
+ if test -n "$(ARGON2_VERSION)"; then echo\
+ -largon2\
+ ;elif $(WITH_LIBAR2SIMPLIFIED); then echo\
-lar2simplified\
-lar2\
-lblake\
diff --git a/argon2/test_supported.c b/argon2/test_supported.c
index cad7794..32aa5fd 100644
--- a/argon2/test_supported.c
+++ b/argon2/test_supported.c
@@ -2,8 +2,6 @@
#include "../common.h"
#ifndef TEST
-#include <libar2.h>
-
#define RANGE(MIN, MAX) (uintmax_t)(MIN), (uintmax_t)(MAX)
#define BASE64 librecrypt_common_rfc4848s4_decoding_lut_, argon2__PAD, argon2__STRICT_PAD
@@ -12,6 +10,7 @@
int
librecrypt__argon2__test_supported(const char *phrase, size_t len, int text, const char *settings, size_t prefix, size_t *len_out)
{
+ const char *version;
uintmax_t hashlen;
int r;
@@ -21,8 +20,8 @@ librecrypt__argon2__test_supported(const char *phrase, size_t len, int text, con
/* Validate string format and parameters */
r = librecrypt_scan_settings(settings, prefix,
- "$%*$%sm=%p,t=%p,p=%p$%b$%^h",
- "v=16$", "v=19$", "", NULL,
+ "$%*$%^sm=%p,t=%p,p=%p$%b$%^h",
+ &version, "v=16$", "v=19$", "", NULL,
RANGE(LIBAR2_MIN_M_COST, LIBAR2_MAX_M_COST),
RANGE(LIBAR2_MIN_T_COST, LIBAR2_MAX_T_COST),
RANGE(LIBAR2_MIN_LANES, LIBAR2_MAX_LANES),
@@ -31,6 +30,12 @@ librecrypt__argon2__test_supported(const char *phrase, size_t len, int text, con
if (!r)
return 0;
+ /* Check compatibility with library support */
+#if !defined(SUPPORT_ARGON2_V1_3)
+ if (!strcmp(version, "v=19$"))
+ return 0;
+#endif
+
/* Return hash size */
if (!hashlen)
hashlen = argon2__HASH_SIZE;
diff --git a/librecrypt_add_algorithm.c b/librecrypt_add_algorithm.c
index 4056041..877e410 100644
--- a/librecrypt_add_algorithm.c
+++ b/librecrypt_add_algorithm.c
@@ -264,7 +264,7 @@ main(void)
}\
} while (0)
-#if defined(SUPPORT_ARGON2I) && defined(SUPPORT_ARGON2D)
+#if defined(SUPPORT_ARGON2I) && defined(SUPPORT_ARGON2D) && defined(SUPPORT_ARGON2_V1_0)
CHECK("$argon2d$v=16$m=8,t=1,p=1$*16$*40", "$argon2i$v=19$m=16,t=4,p=2$*18$*50",
"$argon2d$v=16$m=8,t=1,p=1$*16$*40>" "$argon2i$v=19$m=16,t=4,p=2$*18$*50");
diff --git a/librecrypt_crypt.c b/librecrypt_crypt.c
index 21e6e32..fb93cd2 100644
--- a/librecrypt_crypt.c
+++ b/librecrypt_crypt.c
@@ -123,13 +123,14 @@ main(void)
#define GET_SCRATCH_SIZE(HASHLEN) GET_ARGON2_SCRATCH_SIZE(HASHLEN)
#if defined(SUPPORT_ARGON2I)
+# if defined(SUPPORT_ARGON2_V1_0)
r = snprintf(conf, sizeof(conf), "$argon2i$m=256,t=8,p=1$AAAABBBBCCCC$*%zu", SIZE_MAX / 4u * 3u + 3u);
assert(r > 0 && (size_t)r < sizeof(conf));
errno = 0;
EXPECT(librecrypt_crypt(NULL, 0u, NULL, 0u, conf, ctx) == -1);
-# if SIZE_MAX > UINT32_MAX
+# if SIZE_MAX > UINT32_MAX
EXPECT(errno == EINVAL);
-# else
+# else
EXPECT(errno == EOVERFLOW);
if (libtest_have_custom_malloc()) {
libtest_pretend_allocation_successful = 1;
@@ -138,43 +139,52 @@ main(void)
libtest_pretend_allocation_successful = 0;
EXPECT(errno == EOVERFLOW);
}
-# endif
+# endif
-# if SIZE_MAX == UINT32_MAX
+# if SIZE_MAX == UINT32_MAX
r = snprintf(conf, sizeof(conf), "$argon2i$m=256,t=8,p=1$AAAABBBBCCCC$*%zu", (SIZE_MAX / 4u * 3u) / 2u);
assert(r > 0 && (size_t)r < sizeof(conf));
errno = 0;
EXPECT(librecrypt_crypt(NULL, 0u, NULL, 0u, conf, ctx) == -1);
EXPECT(errno == EOVERFLOW);
-# endif
+# endif
-# if SIZE_MAX == UINT32_MAX
+# if SIZE_MAX == UINT32_MAX
r = snprintf(conf, sizeof(conf), "$argon2i$m=256,t=8,p=1$AAAABBBBCCCC$*%zu", SIZE_MAX / 4u * 3u);
assert(r > 0 && (size_t)r < sizeof(conf));
errno = 0;
EXPECT(librecrypt_crypt(NULL, 0u, NULL, 0u, conf, ctx) == -1);
EXPECT(errno == EOVERFLOW);
-# endif
+# endif
CHECK("password", "$argon2i$" "m=256,t=2,p=1$c29tZXNhbHQ$", 32, 1, "/U3YPXYsSb3q9XxHvc0MLxur+GP960kN9j7emXX8zwY");
+# endif
+# if defined(SUPPORT_ARGON2_V1_3)
CHECK("password", "$argon2i$v=19$m=256,t=2,p=1$c29tZXNhbHQ$", 32, 1, "iekCn0Y3spW+sCcFanM2xBT63UP2sghkUoHLIUpWRS8");
+# endif
CHECK_BAD("$argon2i$");
#endif
#if defined(SUPPORT_ARGON2ID)
+# if defined(SUPPORT_ARGON2_V1_3)
CHECK("password", "$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$", 32, 1, "nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4");
+# endif
CHECK_BAD("$argon2id$");
#endif
#if defined(SUPPORT_ARGON2DS)
+# if defined(SUPPORT_ARGON2_V1_0)
CHECK("", "$argon2ds$v=16$m=""8,t=1,p=1$ICAgICAgICA$", 32, 1, "zgdykk9ZjN5VyrW0LxGw8LmrJ1Z6fqSC+3jPQtn4n0s");
+# endif
CHECK_BAD("$argon2ds$");
#endif
#if defined(SUPPORT_ARGON2D)
+# if defined(SUPPORT_ARGON2_V1_0)
CHECK("", "$argon2d$v=16$m=""8,t=1,p=1$ICAgICAgICA$", 100, 0, "NjODMrWrS7zeivNNpHsuxD9c6uDmUQ6YqPRhb8H5DSNw9"
"n683FUCJZ3tyxgfJpYYANI+01WT/S5zp1UVs+qNRwnkdE"
"yLKZMg+DIOXVc9z1po9ZlZG8+Gp4g5brqfza3lvkR9vw");
+# endif
CHECK_BAD("$argon2d$");
#endif
-#if defined(SUPPORT_ARGON2ID)
+#if defined(SUPPORT_ARGON2ID) && defined(SUPPORT_ARGON2_V1_3)
assert(!libtest_getentropy_error);
libtest_getentropy_real = 0;
@@ -239,7 +249,7 @@ main(void)
assert(ctx != NULL);
memset(nuls, 0, sizeof(nuls));
-#if defined(SUPPORT_ARGON2I)
+#if defined(SUPPORT_ARGON2I) && defined(SUPPORT_ARGON2_V1_3)
# define GET_SCRATCH_SIZE(HASHLEN) GET_ARGON2_SCRATCH_SIZE(HASHLEN)
assert(sizeof(nuls) >= 4u);
assert(librecrypt_set_pepper(ctx, LIBRECRYPT_ARGON2I_V1_3, nuls, 4u) == 0);
diff --git a/librecrypt_find_first_algorithm_.c b/librecrypt_find_first_algorithm_.c
index a339d93..bbb5c7e 100644
--- a/librecrypt_find_first_algorithm_.c
+++ b/librecrypt_find_first_algorithm_.c
@@ -118,10 +118,15 @@ main(void)
EXPECT(librecrypt_find_first_algorithm_(NSA, sizeof(NSA) - 1u, NULL) == NULL);
EXPECT(librecrypt_find_first_algorithm_(NSA">", sizeof(NSA">") - 1u, NULL) == NULL);
- IF__argon2i__SUPPORTED(CHECK("$argon2i$"));
- IF__argon2d__SUPPORTED(CHECK("$argon2d$"));
- IF__argon2id__SUPPORTED(CHECK("$argon2id$"));
- IF__argon2ds__SUPPORTED(CHECK("$argon2ds$"));
+ IF__argon2i_v1_0__SUPPORTED(CHECK("$argon2i$"));
+ IF__argon2d_v1_0__SUPPORTED(CHECK("$argon2d$"));
+ IF__argon2id_v1_0__SUPPORTED(CHECK("$argon2id$"));
+ IF__argon2ds_v1_0__SUPPORTED(CHECK("$argon2ds$"));
+
+ IF__argon2i_v1_3__SUPPORTED(CHECK("$argon2i$v=19$"));
+ IF__argon2d_v1_3__SUPPORTED(CHECK("$argon2d$v=19$"));
+ IF__argon2id_v1_3__SUPPORTED(CHECK("$argon2id$v=19$"));
+ IF__argon2ds_v1_3__SUPPORTED(CHECK("$argon2ds$v=19$"));
ctx = librecrypt_create_context();
assert(ctx != NULL);
diff --git a/librecrypt_get_encoding.c b/librecrypt_get_encoding.c
index c1cf64c..7d0e62c 100644
--- a/librecrypt_get_encoding.c
+++ b/librecrypt_get_encoding.c
@@ -129,10 +129,15 @@ main(void)
EXPECT(librecrypt_get_encoding(">"NSA, sizeof(">"NSA) - 1u, &pad, &strict_pad, 1, NULL) == NULL);
EXPECT(errno == ENOSYS);
- IF__argon2i__SUPPORTED(CHECK("$argon2i$", UPPER LOWER DIGIT "+/", '=', 0);)
- IF__argon2d__SUPPORTED(CHECK("$argon2d$", UPPER LOWER DIGIT "+/", '=', 0);)
- IF__argon2id__SUPPORTED(CHECK("$argon2id$", UPPER LOWER DIGIT "+/", '=', 0);)
- IF__argon2ds__SUPPORTED(CHECK("$argon2ds$", UPPER LOWER DIGIT "+/", '=', 0);)
+ IF__argon2i_v1_0__SUPPORTED(CHECK("$argon2i$", UPPER LOWER DIGIT "+/", '=', 0);)
+ IF__argon2d_v1_0__SUPPORTED(CHECK("$argon2d$", UPPER LOWER DIGIT "+/", '=', 0);)
+ IF__argon2id_v1_0__SUPPORTED(CHECK("$argon2id$", UPPER LOWER DIGIT "+/", '=', 0);)
+ IF__argon2ds_v1_0__SUPPORTED(CHECK("$argon2ds$", UPPER LOWER DIGIT "+/", '=', 0);)
+
+ IF__argon2i_v1_3__SUPPORTED(CHECK("$argon2i$v=19$", UPPER LOWER DIGIT "+/", '=', 0);)
+ IF__argon2d_v1_3__SUPPORTED(CHECK("$argon2d$v=19$", UPPER LOWER DIGIT "+/", '=', 0);)
+ IF__argon2id_v1_3__SUPPORTED(CHECK("$argon2id$v=19$", UPPER LOWER DIGIT "+/", '=', 0);)
+ IF__argon2ds_v1_3__SUPPORTED(CHECK("$argon2ds$v=19$", UPPER LOWER DIGIT "+/", '=', 0);)
STOP_RESOURCE_TEST();
return 0;
diff --git a/librecrypt_get_pepper_.c b/librecrypt_get_pepper_.c
index df2a82d..2d306dd 100644
--- a/librecrypt_get_pepper_.c
+++ b/librecrypt_get_pepper_.c
@@ -14,22 +14,14 @@ librecrypt_get_pepper_(LIBRECRYPT_CONTEXT *ctx, enum librecrypt_hash_algorithm a
switch (algo) {
#if defined(SUPPORT_ARGON2I) || defined(SUPPORT_ARGON2D) || defined(SUPPORT_ARGON2ID) || defined(SUPPORT_ARGON2DS)
-# if defined(SUPPORT_ARGON2I)
- case LIBRECRYPT_ARGON2I_V1_0:
- case LIBRECRYPT_ARGON2I_V1_3:
-# endif
-# if defined(SUPPORT_ARGON2D)
- case LIBRECRYPT_ARGON2D_V1_0:
- case LIBRECRYPT_ARGON2D_V1_3:
-# endif
-# if defined(SUPPORT_ARGON2ID)
- case LIBRECRYPT_ARGON2ID_V1_0:
- case LIBRECRYPT_ARGON2ID_V1_3:
-# endif
-# if defined(SUPPORT_ARGON2DS)
- case LIBRECRYPT_ARGON2DS_V1_0:
- case LIBRECRYPT_ARGON2DS_V1_3:
-# endif
+ IF__argon2i_v1_0__SUPPORTED(case LIBRECRYPT_ARGON2I_V1_0:)
+ IF__argon2i_v1_3__SUPPORTED(case LIBRECRYPT_ARGON2I_V1_3:)
+ IF__argon2d_v1_0__SUPPORTED(case LIBRECRYPT_ARGON2D_V1_0:)
+ IF__argon2d_v1_3__SUPPORTED(case LIBRECRYPT_ARGON2D_V1_3:)
+ IF__argon2id_v1_0__SUPPORTED(case LIBRECRYPT_ARGON2ID_V1_0:)
+ IF__argon2id_v1_3__SUPPORTED(case LIBRECRYPT_ARGON2ID_V1_3:)
+ IF__argon2ds_v1_0__SUPPORTED(case LIBRECRYPT_ARGON2DS_V1_0:)
+ IF__argon2ds_v1_3__SUPPORTED(case LIBRECRYPT_ARGON2DS_V1_3:)
# if SIZE_MAX > UINT32_MAX /* LIBAR2_MAX_KEYLEN is just UINT32_MAX cast to size_t; keep it simple: don't include <libar2.h> */
if (len > UINT32_MAX) {
errno = EINVAL;
@@ -106,35 +98,51 @@ main(void)
ctx = librecrypt_create_context();
assert(ctx != NULL);
-#if defined(SUPPORT_ARGON2I)
+#if defined(SUPPORT_ARGON2I) && defined(SUPPORT_ARGON2_V1_0)
CHECK_ARGON2(LIBRECRYPT_ARGON2I_V1_0);
- CHECK_ARGON2(LIBRECRYPT_ARGON2I_V1_3);
#else
CHECK_DISABLED(LIBRECRYPT_ARGON2I_V1_0);
+#endif
+
+#if defined(SUPPORT_ARGON2I) && defined(SUPPORT_ARGON2_V1_3)
+ CHECK_ARGON2(LIBRECRYPT_ARGON2I_V1_3);
+#else
CHECK_DISABLED(LIBRECRYPT_ARGON2I_V1_3);
#endif
-#if defined(SUPPORT_ARGON2D)
+#if defined(SUPPORT_ARGON2D) && defined(SUPPORT_ARGON2_V1_0)
CHECK_ARGON2(LIBRECRYPT_ARGON2D_V1_0);
- CHECK_ARGON2(LIBRECRYPT_ARGON2D_V1_3);
#else
CHECK_DISABLED(LIBRECRYPT_ARGON2D_V1_0);
+#endif
+
+#if defined(SUPPORT_ARGON2D) && defined(SUPPORT_ARGON2_V1_3)
+ CHECK_ARGON2(LIBRECRYPT_ARGON2D_V1_3);
+#else
CHECK_DISABLED(LIBRECRYPT_ARGON2D_V1_3);
#endif
-#if defined(SUPPORT_ARGON2ID)
+#if defined(SUPPORT_ARGON2ID) && defined(SUPPORT_ARGON2_V1_0)
CHECK_ARGON2(LIBRECRYPT_ARGON2ID_V1_0);
- CHECK_ARGON2(LIBRECRYPT_ARGON2ID_V1_3);
#else
CHECK_DISABLED(LIBRECRYPT_ARGON2ID_V1_0);
+#endif
+
+#if defined(SUPPORT_ARGON2ID) && defined(SUPPORT_ARGON2_V1_3)
+ CHECK_ARGON2(LIBRECRYPT_ARGON2ID_V1_3);
+#else
CHECK_DISABLED(LIBRECRYPT_ARGON2ID_V1_3);
#endif
-#if defined(SUPPORT_ARGON2DS)
+#if defined(SUPPORT_ARGON2DS) && defined(SUPPORT_ARGON2_V1_0)
CHECK_ARGON2(LIBRECRYPT_ARGON2DS_V1_0);
- CHECK_ARGON2(LIBRECRYPT_ARGON2DS_V1_3);
#else
CHECK_DISABLED(LIBRECRYPT_ARGON2DS_V1_0);
+#endif
+
+#if defined(SUPPORT_ARGON2DS) && defined(SUPPORT_ARGON2_V1_3)
+ CHECK_ARGON2(LIBRECRYPT_ARGON2DS_V1_3);
+#else
CHECK_DISABLED(LIBRECRYPT_ARGON2DS_V1_3);
#endif
diff --git a/librecrypt_hash.c b/librecrypt_hash.c
index 35aa8e4..3d37d03 100644
--- a/librecrypt_hash.c
+++ b/librecrypt_hash.c
@@ -138,13 +138,14 @@ main(void)
#define GET_SCRATCH_SIZE(HASHLEN) GET_ARGON2_SCRATCH_SIZE(HASHLEN)
#if defined(SUPPORT_ARGON2I)
+# if defined(SUPPORT_ARGON2_V1_0)
r = snprintf(conf, sizeof(conf), "$argon2i$m=256,t=8,p=1$AAAABBBBCCCC$*%zu", SIZE_MAX / 4u * 3u + 3u);
assert(r > 0 && (size_t)r < sizeof(conf));
errno = 0;
EXPECT(librecrypt_hash(NULL, 0u, NULL, 0u, conf, ctx) == -1);
-# if SIZE_MAX > UINT32_MAX
+# if SIZE_MAX > UINT32_MAX
EXPECT(errno == EINVAL);
-# else
+# else
EXPECT(errno == EOVERFLOW);
if (libtest_have_custom_malloc()) {
char buf[1024];
@@ -154,24 +155,33 @@ main(void)
libtest_pretend_allocation_successful = 0;
EXPECT(errno == EOVERFLOW);
}
-# endif
+# endif
CHECK("password", "$argon2i$" "m=256,t=2,p=1$c29tZXNhbHQ$", 32, 1, "/U3YPXYsSb3q9XxHvc0MLxur+GP960kN9j7emXX8zwY");
+# endif
+# if defined(SUPPORT_ARGON2_V1_3)
CHECK("password", "$argon2i$v=19$m=256,t=2,p=1$c29tZXNhbHQ$", 32, 1, "iekCn0Y3spW+sCcFanM2xBT63UP2sghkUoHLIUpWRS8");
+# endif
CHECK_BAD("$argon2i$");
#endif
#if defined(SUPPORT_ARGON2ID)
+# if defined(SUPPORT_ARGON2_V1_3)
CHECK("password", "$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$", 32, 1, "nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4");
+# endif
CHECK_BAD("$argon2id$");
#endif
#if defined(SUPPORT_ARGON2DS)
+# if defined(SUPPORT_ARGON2_V1_0)
CHECK("", "$argon2ds$v=16$m=""8,t=1,p=1$ICAgICAgICA$", 32, 1, "zgdykk9ZjN5VyrW0LxGw8LmrJ1Z6fqSC+3jPQtn4n0s");
+# endif
CHECK_BAD("$argon2ds$");
#endif
#if defined(SUPPORT_ARGON2D)
+# if defined(SUPPORT_ARGON2_V1_0)
CHECK("", "$argon2d$v=16$m=""8,t=1,p=1$ICAgICAgICA$", 100, 0, "NjODMrWrS7zeivNNpHsuxD9c6uDmUQ6YqPRhb8H5DSNw9"
"n683FUCJZ3tyxgfJpYYANI+01WT/S5zp1UVs+qNRwnkdE"
"yLKZMg+DIOXVc9z1po9ZlZG8+Gp4g5brqfza3lvkR9vw");
+# endif
CHECK_BAD("$argon2d$");
#endif
#undef GET_SCRATCH_SIZE
@@ -180,7 +190,7 @@ main(void)
assert(ctx != NULL);
memset(nuls, 0, sizeof(nuls));
-#if defined(SUPPORT_ARGON2I)
+#if defined(SUPPORT_ARGON2I) && defined(SUPPORT_ARGON2_V1_3)
# define GET_SCRATCH_SIZE(HASHLEN) GET_ARGON2_SCRATCH_SIZE(HASHLEN)
assert(sizeof(nuls) >= 4u);
assert(librecrypt_set_pepper(ctx, LIBRECRYPT_ARGON2I_V1_3, nuls, 4u) == 0);
diff --git a/librecrypt_hash_.c b/librecrypt_hash_.c
index 538dc8a..71ec98d 100644
--- a/librecrypt_hash_.c
+++ b/librecrypt_hash_.c
@@ -491,7 +491,7 @@ start_over:
EXPECT(librecrypt_hash_(NULL, 0u, NULL, 0u, "$~no~such~algorithm~$*100$", ctx, ASCII_CRYPT) == -1);
EXPECT(errno == ENOSYS);
-#if defined(SUPPORT_ARGON2ID)
+#if defined(SUPPORT_ARGON2ID) && defined(SUPPORT_ARGON2_V1_3)
# define ARGON2ID_PREFIX "$argon2id$v=19$m=8,t=1,p=1$"
# define ARGON2ID_STR ARGON2ID_PREFIX SALT"$*32"
diff --git a/librecrypt_hash_binary.c b/librecrypt_hash_binary.c
index 63cfb41..8596160 100644
--- a/librecrypt_hash_binary.c
+++ b/librecrypt_hash_binary.c
@@ -104,22 +104,32 @@ main(void)
#define GET_SCRATCH_SIZE(HASHLEN) GET_ARGON2_SCRATCH_SIZE(HASHLEN)
#if defined(SUPPORT_ARGON2I)
+# if defined(SUPPORT_ARGON2_V1_0)
CHECK("password", "$argon2i$" "m=256,t=2,p=1$c29tZXNhbHQ$", 32, 1, "/U3YPXYsSb3q9XxHvc0MLxur+GP960kN9j7emXX8zwY");
+# endif
+# if defined(SUPPORT_ARGON2_V1_3)
CHECK("password", "$argon2i$v=19$m=256,t=2,p=1$c29tZXNhbHQ$", 32, 1, "iekCn0Y3spW+sCcFanM2xBT63UP2sghkUoHLIUpWRS8");
+# endif
CHECK_BAD("$argon2i$");
#endif
#if defined(SUPPORT_ARGON2ID)
+# if defined(SUPPORT_ARGON2_V1_3)
CHECK("password", "$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$", 32, 1, "nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4");
+# endif
CHECK_BAD("$argon2id$");
#endif
#if defined(SUPPORT_ARGON2DS)
+# if defined(SUPPORT_ARGON2_V1_0)
CHECK("", "$argon2ds$v=16$m=""8,t=1,p=1$ICAgICAgICA$", 32, 1, "zgdykk9ZjN5VyrW0LxGw8LmrJ1Z6fqSC+3jPQtn4n0s");
+# endif
CHECK_BAD("$argon2ds$");
#endif
#if defined(SUPPORT_ARGON2D)
+# if defined(SUPPORT_ARGON2_V1_0)
CHECK("", "$argon2d$v=16$m=""8,t=1,p=1$ICAgICAgICA$", 100, 0, "NjODMrWrS7zeivNNpHsuxD9c6uDmUQ6YqPRhb8H5DSNw9"
"n683FUCJZ3tyxgfJpYYANI+01WT/S5zp1UVs+qNRwnkdE"
"yLKZMg+DIOXVc9z1po9ZlZG8+Gp4g5brqfza3lvkR9vw");
+# endif
CHECK_BAD("$argon2d$");
#endif
#undef GET_SCRATCH_SIZE
@@ -128,7 +138,7 @@ main(void)
assert(ctx != NULL);
memset(nuls, 0, sizeof(nuls));
-#if defined(SUPPORT_ARGON2I)
+#if defined(SUPPORT_ARGON2I) && defined(SUPPORT_ARGON2_V1_3)
# define GET_SCRATCH_SIZE(HASHLEN) GET_ARGON2_SCRATCH_SIZE(HASHLEN)
assert(sizeof(nuls) >= 4u);
assert(librecrypt_set_pepper(ctx, LIBRECRYPT_ARGON2I_V1_3, nuls, 4u) == 0);
diff --git a/librecrypt_is_enabled.c b/librecrypt_is_enabled.c
index 7921075..4b2c40b 100644
--- a/librecrypt_is_enabled.c
+++ b/librecrypt_is_enabled.c
@@ -6,14 +6,14 @@
#define INCLUDE(ALGO, VAL) IF__##ALGO##__SUPPORTED((UINT64_C(1) << (VAL)) |)
static const uint64_t enabled =
- INCLUDE(argon2i, LIBRECRYPT_ARGON2I_V1_0)
- INCLUDE(argon2i, LIBRECRYPT_ARGON2I_V1_3)
- INCLUDE(argon2d, LIBRECRYPT_ARGON2D_V1_0)
- INCLUDE(argon2d, LIBRECRYPT_ARGON2D_V1_3)
- INCLUDE(argon2id, LIBRECRYPT_ARGON2ID_V1_0)
- INCLUDE(argon2id, LIBRECRYPT_ARGON2ID_V1_3)
- INCLUDE(argon2ds, LIBRECRYPT_ARGON2DS_V1_0)
- INCLUDE(argon2ds, LIBRECRYPT_ARGON2DS_V1_3)
+ INCLUDE(argon2i_v1_0, LIBRECRYPT_ARGON2I_V1_0)
+ INCLUDE(argon2i_v1_3, LIBRECRYPT_ARGON2I_V1_3)
+ INCLUDE(argon2d_v1_0, LIBRECRYPT_ARGON2D_V1_0)
+ INCLUDE(argon2d_v1_3, LIBRECRYPT_ARGON2D_V1_3)
+ INCLUDE(argon2id_v1_0, LIBRECRYPT_ARGON2ID_V1_0)
+ INCLUDE(argon2id_v1_3, LIBRECRYPT_ARGON2ID_V1_3)
+ INCLUDE(argon2ds_v1_0, LIBRECRYPT_ARGON2DS_V1_0)
+ INCLUDE(argon2ds_v1_3, LIBRECRYPT_ARGON2DS_V1_3)
UINT64_C(0);
@@ -34,7 +34,11 @@ librecrypt_is_enabled(enum librecrypt_hash_algorithm algo)
/* Version 1.0 and 1.3 of Argon2 are supported in all
* versions of libar2, so there is no need to check
- * libar2_latest_argon2_version*/
+ * libar2_latest_argon2_version. For the reference
+ * implementation of Argon2, the it's algorithms marked
+ * as supported depend on which version of the reference
+ * implementation is used (unfortunately the reference
+ * implementation isn't properly designed as a library). */
return (int)(enabled >> (unsigned)algo) & 1;
}
@@ -66,14 +70,14 @@ main(void)
INIT_RESOURCE_TEST();
CHECK((enum librecrypt_hash_algorithm)-1, 0);
- CHECK(LIBRECRYPT_ARGON2I_V1_0, IF__argon2i__SUPPORTED(1 + ) 0);
- CHECK(LIBRECRYPT_ARGON2I_V1_3, IF__argon2i__SUPPORTED(1 + ) 0);
- CHECK(LIBRECRYPT_ARGON2D_V1_0, IF__argon2i__SUPPORTED(1 + ) 0);
- CHECK(LIBRECRYPT_ARGON2D_V1_3, IF__argon2i__SUPPORTED(1 + ) 0);
- CHECK(LIBRECRYPT_ARGON2ID_V1_0, IF__argon2i__SUPPORTED(1 + ) 0);
- CHECK(LIBRECRYPT_ARGON2ID_V1_3, IF__argon2i__SUPPORTED(1 + ) 0);
- CHECK(LIBRECRYPT_ARGON2DS_V1_0, IF__argon2i__SUPPORTED(1 + ) 0);
- CHECK(LIBRECRYPT_ARGON2DS_V1_3, IF__argon2i__SUPPORTED(1 + ) 0);
+ CHECK(LIBRECRYPT_ARGON2I_V1_0, IF__argon2i_v1_0__SUPPORTED(1 + ) 0);
+ CHECK(LIBRECRYPT_ARGON2I_V1_3, IF__argon2i_v1_3__SUPPORTED(1 + ) 0);
+ CHECK(LIBRECRYPT_ARGON2D_V1_0, IF__argon2d_v1_0__SUPPORTED(1 + ) 0);
+ CHECK(LIBRECRYPT_ARGON2D_V1_3, IF__argon2d_v1_3__SUPPORTED(1 + ) 0);
+ CHECK(LIBRECRYPT_ARGON2ID_V1_0, IF__argon2id_v1_0__SUPPORTED(1 + ) 0);
+ CHECK(LIBRECRYPT_ARGON2ID_V1_3, IF__argon2id_v1_3__SUPPORTED(1 + ) 0);
+ CHECK(LIBRECRYPT_ARGON2DS_V1_0, IF__argon2ds_v1_0__SUPPORTED(1 + ) 0);
+ CHECK(LIBRECRYPT_ARGON2DS_V1_3, IF__argon2ds_v1_3__SUPPORTED(1 + ) 0);
assert((enum librecrypt_hash_algorithm)(highest + 1) == LIBRECRYPT_HASH_ALGORITHM_END);
for (i = 0; i < 1024 && highest != INT_MAX; i++)
diff --git a/librecrypt_make_settings.c b/librecrypt_make_settings.c
index 075d2a6..84270d1 100644
--- a/librecrypt_make_settings.c
+++ b/librecrypt_make_settings.c
@@ -97,7 +97,7 @@ main(void)
EXPECT(librecrypt_make_settings(NULL, 0u, "$~no~such~algorithm~$", 0u, 0u, 0, NULL, NULL, NULL) == -1);
EXPECT(errno == ENOSYS);
-#if defined(SUPPORT_ARGON2I)
+#if defined(SUPPORT_ARGON2I) && defined(SUPPORT_ARGON2_V1_3)
saltbyte = 0u;
CANARY_FILL(buf);
r = librecrypt_make_settings(buf, sizeof(buf), "$argon2i$", 8192u << 10, (uintmax_t)81920u, 1, &saltgen, &saltbyte, NULL);
@@ -109,7 +109,7 @@ main(void)
any_salted = 1;
#endif
-#if defined(SUPPORT_ARGON2D)
+#if defined(SUPPORT_ARGON2D) && defined(SUPPORT_ARGON2_V1_3)
saltbyte = 0u;
CANARY_FILL(buf);
r = librecrypt_make_settings(buf, sizeof(buf), "$argon2d$", 8192u << 10, (uintmax_t)81920u, 1, &saltgen, &saltbyte, NULL);
@@ -121,7 +121,7 @@ main(void)
any_salted = 1;
#endif
-#if defined(SUPPORT_ARGON2ID)
+#if defined(SUPPORT_ARGON2ID) && defined(SUPPORT_ARGON2_V1_3)
saltbyte = 0u;
CANARY_FILL(buf);
r = librecrypt_make_settings(buf, sizeof(buf), "$argon2id$", 8192u << 10, (uintmax_t)81920u, 1, &saltgen, &saltbyte, NULL);
@@ -133,7 +133,7 @@ main(void)
any_salted = 1;
#endif
-#if defined(SUPPORT_ARGON2DS)
+#if defined(SUPPORT_ARGON2DS) && defined(SUPPORT_ARGON2_V1_3)
saltbyte = 0u;
CANARY_FILL(buf);
r = librecrypt_make_settings(buf, sizeof(buf), "$argon2ds$", 8192u << 10, (uintmax_t)81920u, 1, &saltgen, &saltbyte, NULL);
diff --git a/librecrypt_realise_salts.c b/librecrypt_realise_salts.c
index e2853ca..0c8002a 100644
--- a/librecrypt_realise_salts.c
+++ b/librecrypt_realise_salts.c
@@ -241,14 +241,22 @@ start_over:
EXPECT(librecrypt_realise_salts(NULL, 0u, "", NULL, NULL, ctx) == 0);
-#if defined(SUPPORT_ARGON2ID)
+#if defined(SUPPORT_ARGON2ID) && defined(SUPPORT_ARGON2_V1_0)
# define ALGO "$argon2id$"
-#elif defined(SUPPORT_ARGON2I)
+#elif defined(SUPPORT_ARGON2I) && defined(SUPPORT_ARGON2_V1_0)
# define ALGO "$argon2i$"
-#elif defined(SUPPORT_ARGON2D)
+#elif defined(SUPPORT_ARGON2D) && defined(SUPPORT_ARGON2_V1_0)
# define ALGO "$argon2d$"
-#elif defined(SUPPORT_ARGON2DS)
+#elif defined(SUPPORT_ARGON2DS) && defined(SUPPORT_ARGON2_V1_0)
# define ALGO "$argon2ds$"
+#elif defined(SUPPORT_ARGON2ID) && defined(SUPPORT_ARGON2_V1_3)
+# define ALGO "$argon2id$v=19$"
+#elif defined(SUPPORT_ARGON2I) && defined(SUPPORT_ARGON2_V1_3)
+# define ALGO "$argon2i$v=19$"
+#elif defined(SUPPORT_ARGON2D) && defined(SUPPORT_ARGON2_V1_3)
+# define ALGO "$argon2d$v=19$"
+#elif defined(SUPPORT_ARGON2DS) && defined(SUPPORT_ARGON2_V1_3)
+# define ALGO "$argon2ds$v=19$"
#endif
#if defined(ALGO)
diff --git a/librecrypt_scan_settings.c b/librecrypt_scan_settings.c
index 749797e..4db7a12 100644
--- a/librecrypt_scan_settings.c
+++ b/librecrypt_scan_settings.c
@@ -66,31 +66,31 @@ check_uint(const char *settings, size_t *off, size_t len, char min_first_digit,
* This function does not check the value of any excess bit
* in the base-64 encoding
*
- * @param settings The password hash string
- * @param off The current in `settings` where the integer
- * begins; will be updated to its ends (one byte
- * after the last character encoding the integer)
- * @param len The number of bytes in `settings`
- * @param min The least allowed number of bytes
- * @param max The most allowed number of bytes
- * @param allow_empty Whether the empty string is allowed
- * (no encoded bytes and no asterisk-notation)
- * @param dlut Alphabet reverse lookup table, shall map any valid
- * character (except the padding character) to the value
- * of that character in the encoding alphabet, and map
- * any other character to the value `0xFF`
- * @param pad The padding character to used at the end; the NUL byte if none
- * @param strict_pad Zero if the padding at the end is optional, non-zero otherwise
- * @param strout Output parameter for the beginning of the base-64 text,
- * set to `NULL` if asterisk-notation is used
- * @param lenout Output parameter for the number of bytes in `*strout`, or if
- * `*strout` is set to `NULL`, the asterisk-encoded number;
- * however if `strout` is `NULL`, the number bytes used by
- * the salt or hash (when in raw binary format) is stored
- * @return 1 if the encoded value was of proper length,
- * a proper length was encoded using asterisk-notation, or
- * if `allow_empty` was non-zero, nothing was encoded;
- * 0 otherwise
+ * @param settings The password hash string
+ * @param off The current in `settings` where the integer
+ * begins; will be updated to its ends (one byte
+ * after the last character encoding the integer)
+ * @param len The number of bytes in `settings`
+ * @param min The least allowed number of bytes
+ * @param max The most allowed number of bytes
+ * @param allow_empty Whether the empty string is allowed
+ * (no encoded bytes and no asterisk-notation)
+ * @param dlut Alphabet reverse lookup table, shall map any valid
+ * character (except the padding character) to the value
+ * of that character in the encoding alphabet, and map
+ * any other character to the value `0xFF`
+ * @param pad The padding character to used at the end; the NUL byte if none
+ * @param strict_pad Zero if the padding at the end is optional, non-zero otherwise
+ * @param strout Output parameter for the beginning of the base-64 text,
+ * set to `NULL` if asterisk-notation is used
+ * @param lenout Output parameter for the number of bytes in `*strout`, or if
+ * `*strout` is set to `NULL`, the asterisk-encoded number;
+ * however if `strout` is `NULL`, the number bytes used by
+ * the salt or hash (when in raw binary format) is stored
+ * @return 1 if the encoded value was of proper length,
+ * a proper length was encoded using asterisk-notation, or
+ * if `allow_empty` was non-zero, nothing was encoded;
+ * 0 otherwise
*/
static int
check_data(const char *settings, size_t *off, size_t len, uintmax_t min, uintmax_t max, int allow_empty,
diff --git a/librecrypt_set_pepper.c b/librecrypt_set_pepper.c
index 966563c..ee51124 100644
--- a/librecrypt_set_pepper.c
+++ b/librecrypt_set_pepper.c
@@ -62,77 +62,106 @@ main(void)
assert(ctx != NULL);
-#if defined(SUPPORT_ARGON2I)
+#if defined(SUPPORT_ARGON2I) && defined(SUPPORT_ARGON2_V1_0)
SET_PEPPER(LIBRECRYPT_ARGON2I_V1_0, &a2i10, 2u);
- SET_PEPPER(LIBRECRYPT_ARGON2I_V1_3, &a2i13, 5u);
# if SIZE_MAX > UINT32_MAX
CHECK_EINVAL(LIBRECRYPT_ARGON2I_V1_0, NULL, (size_t)UINT32_MAX + 1u);
- CHECK_EINVAL(LIBRECRYPT_ARGON2I_V1_3, NULL, (size_t)UINT32_MAX + 1u);
# endif
#else
CHECK_ENOSYS(LIBRECRYPT_ARGON2I_V1_0, &a2i10, 2u);
- CHECK_ENOSYS(LIBRECRYPT_ARGON2I_V1_3, &a2i13, 5u);
#endif
-#if defined(SUPPORT_ARGON2D)
+#if defined(SUPPORT_ARGON2D) && defined(SUPPORT_ARGON2_V1_0)
SET_PEPPER(LIBRECRYPT_ARGON2D_V1_0, &a2d10, 3u);
- SET_PEPPER(LIBRECRYPT_ARGON2D_V1_3, &a2d13, 8u);
# if SIZE_MAX > UINT32_MAX
CHECK_EINVAL(LIBRECRYPT_ARGON2D_V1_0, NULL, (size_t)UINT32_MAX + 1u);
- CHECK_EINVAL(LIBRECRYPT_ARGON2D_V1_3, NULL, (size_t)UINT32_MAX + 1u);
# endif
#else
CHECK_ENOSYS(LIBRECRYPT_ARGON2D_V1_0, &a2d10, 3u);
- CHECK_ENOSYS(LIBRECRYPT_ARGON2D_V1_3, &a2d13, 8u);
#endif
-#if defined(SUPPORT_ARGON2ID)
+#if defined(SUPPORT_ARGON2ID) && defined(SUPPORT_ARGON2_V1_0)
SET_PEPPER(LIBRECRYPT_ARGON2ID_V1_0, &a2id10, 7u);
- SET_PEPPER(LIBRECRYPT_ARGON2ID_V1_3, &a2id13, 4u);
# if SIZE_MAX > UINT32_MAX
CHECK_EINVAL(LIBRECRYPT_ARGON2ID_V1_0, NULL, (size_t)UINT32_MAX + 1u);
- CHECK_EINVAL(LIBRECRYPT_ARGON2ID_V1_3, NULL, (size_t)UINT32_MAX + 1u);
# endif
#else
CHECK_ENOSYS(LIBRECRYPT_ARGON2ID_V1_0, &a2id10, 7u);
- CHECK_ENOSYS(LIBRECRYPT_ARGON2ID_V1_3, &a2id13, 4u);
#endif
-#if defined(SUPPORT_ARGON2DS)
+#if defined(SUPPORT_ARGON2DS) && defined(SUPPORT_ARGON2_V1_0)
SET_PEPPER(LIBRECRYPT_ARGON2DS_V1_0, &a2ds10, 9u);
- SET_PEPPER(LIBRECRYPT_ARGON2DS_V1_3, &a2ds13, 6u);
# if SIZE_MAX > UINT32_MAX
CHECK_EINVAL(LIBRECRYPT_ARGON2DS_V1_0, NULL, (size_t)UINT32_MAX + 1u);
- CHECK_EINVAL(LIBRECRYPT_ARGON2DS_V1_3, NULL, (size_t)UINT32_MAX + 1u);
# endif
#else
CHECK_ENOSYS(LIBRECRYPT_ARGON2DS_V1_0, &a2ds10, 9u);
- CHECK_ENOSYS(LIBRECRYPT_ARGON2DS_V1_3, &a2ds13, 6u);
#endif
+#if defined(SUPPORT_ARGON2I) && defined(SUPPORT_ARGON2_V1_3)
+ SET_PEPPER(LIBRECRYPT_ARGON2I_V1_3, &a2i13, 5u);
+# if SIZE_MAX > UINT32_MAX
+ CHECK_EINVAL(LIBRECRYPT_ARGON2I_V1_3, NULL, (size_t)UINT32_MAX + 1u);
+# endif
+#else
+ CHECK_ENOSYS(LIBRECRYPT_ARGON2I_V1_3, &a2i13, 5u);
+#endif
+
+#if defined(SUPPORT_ARGON2D) && defined(SUPPORT_ARGON2_V1_3)
+ SET_PEPPER(LIBRECRYPT_ARGON2D_V1_3, &a2d13, 8u);
+# if SIZE_MAX > UINT32_MAX
+ CHECK_EINVAL(LIBRECRYPT_ARGON2D_V1_3, NULL, (size_t)UINT32_MAX + 1u);
+# endif
+#else
+ CHECK_ENOSYS(LIBRECRYPT_ARGON2D_V1_3, &a2d13, 8u);
+#endif
+
+#if defined(SUPPORT_ARGON2ID) && defined(SUPPORT_ARGON2_V1_3)
+ SET_PEPPER(LIBRECRYPT_ARGON2ID_V1_3, &a2id13, 4u);
+# if SIZE_MAX > UINT32_MAX
+ CHECK_EINVAL(LIBRECRYPT_ARGON2ID_V1_3, NULL, (size_t)UINT32_MAX + 1u);
+# endif
+#else
+ CHECK_ENOSYS(LIBRECRYPT_ARGON2ID_V1_3, &a2id13, 4u);
+#endif
+
+#if defined(SUPPORT_ARGON2DS) && defined(SUPPORT_ARGON2_V1_3)
+ SET_PEPPER(LIBRECRYPT_ARGON2DS_V1_3, &a2ds13, 6u);
+# if SIZE_MAX > UINT32_MAX
+ CHECK_EINVAL(LIBRECRYPT_ARGON2DS_V1_3, NULL, (size_t)UINT32_MAX + 1u);
+# endif
+#else
+ CHECK_ENOSYS(LIBRECRYPT_ARGON2DS_V1_3, &a2ds13, 6u);
+#endif
CHECK_ENOSYS(LIBRECRYPT_HASH_ALGORITHM_END, NULL, 0u);
CHECK_ENOSYS(LIBRECRYPT_HASH_ALGORITHM_END, &(char){4}, 32u);
-
-#if defined(SUPPORT_ARGON2I)
+#if defined(SUPPORT_ARGON2I) && defined(SUPPORT_ARGON2_V1_0)
CHECK_PEPPER(LIBRECRYPT_ARGON2I_V1_0, &a2i10, 2u);
- CHECK_PEPPER(LIBRECRYPT_ARGON2I_V1_3, &a2i13, 5u);
#endif
-#if defined(SUPPORT_ARGON2D)
+#if defined(SUPPORT_ARGON2D) && defined(SUPPORT_ARGON2_V1_0)
CHECK_PEPPER(LIBRECRYPT_ARGON2D_V1_0, &a2d10, 3u);
- CHECK_PEPPER(LIBRECRYPT_ARGON2D_V1_3, &a2d13, 8u);
#endif
-#if defined(SUPPORT_ARGON2ID)
+#if defined(SUPPORT_ARGON2ID) && defined(SUPPORT_ARGON2_V1_0)
CHECK_PEPPER(LIBRECRYPT_ARGON2ID_V1_0, &a2id10, 7u);
- CHECK_PEPPER(LIBRECRYPT_ARGON2ID_V1_3, &a2id13, 4u);
#endif
-#if defined(SUPPORT_ARGON2DS)
+#if defined(SUPPORT_ARGON2DS) && defined(SUPPORT_ARGON2_V1_0)
CHECK_PEPPER(LIBRECRYPT_ARGON2DS_V1_0, &a2ds10, 9u);
+#endif
+#if defined(SUPPORT_ARGON2I) && defined(SUPPORT_ARGON2_V1_3)
+ CHECK_PEPPER(LIBRECRYPT_ARGON2I_V1_3, &a2i13, 5u);
+#endif
+#if defined(SUPPORT_ARGON2D) && defined(SUPPORT_ARGON2_V1_3)
+ CHECK_PEPPER(LIBRECRYPT_ARGON2D_V1_3, &a2d13, 8u);
+#endif
+#if defined(SUPPORT_ARGON2ID) && defined(SUPPORT_ARGON2_V1_3)
+ CHECK_PEPPER(LIBRECRYPT_ARGON2ID_V1_3, &a2id13, 4u);
+#endif
+#if defined(SUPPORT_ARGON2DS) && defined(SUPPORT_ARGON2_V1_3)
CHECK_PEPPER(LIBRECRYPT_ARGON2DS_V1_3, &a2ds13, 6u);
#endif
-
librecrypt_free_context(ctx);
STOP_RESOURCE_TEST();
diff --git a/librecrypt_settings_prefix.c b/librecrypt_settings_prefix.c
index 31359c7..e898cd0 100644
--- a/librecrypt_settings_prefix.c
+++ b/librecrypt_settings_prefix.c
@@ -136,36 +136,40 @@ main(void)
CHECK_ZERO("$~no~such~algorithm~$", "hash");
/* Check without hash and hashlen */
-#if defined(SUPPORT_ARGON2I)
+#if defined(SUPPORT_ARGON2I) && defined(SUPPORT_ARGON2_V1_0)
CHECK_HASH("$argon2i$m=8,t=1,p=1$*99$", "*100", 100);
CHECK_HASH("x$*99>$argon2i$m=8,t=1,p=1$*99$", "*100", 100);
CHECK_HASH("$argon2i$m=8,t=1,p=1$*99$", "NineByteHash", 9);
CHECK_HASH("x$*99>$argon2i$m=8,t=1,p=1$*99$", "NineByteHash", 9);
#endif
-#if defined(SUPPORT_ARGON2ID)
+#if defined(SUPPORT_ARGON2ID) && defined(SUPPORT_ARGON2_V1_0)
CHECK_HASH("$argon2id$m=8,t=1,p=1$*99$", "*100", 100);
CHECK_HASH("x$*99>$argon2id$m=8,t=1,p=1$*99$", "*100", 100);
CHECK_HASH("$argon2id$m=8,t=1,p=1$*99$", "NineByteHash", 9);
CHECK_HASH("x$*99>$argon2id$m=8,t=1,p=1$*99$", "NineByteHash", 9);
#endif
-#if defined(SUPPORT_ARGON2D)
+#if defined(SUPPORT_ARGON2D) && defined(SUPPORT_ARGON2_V1_0)
CHECK_HASH("$argon2d$m=8,t=1,p=1$*99$", "*100", 100);
CHECK_HASH("x$*99>$argon2d$m=8,t=1,p=1$*99$", "*100", 100);
CHECK_HASH("$argon2d$m=8,t=1,p=1$*99$", "NineByteHash", 9);
CHECK_HASH("x$*99>$argon2d$m=8,t=1,p=1$*99$", "NineByteHash", 9);
#endif
-#if defined(SUPPORT_ARGON2DS)
+#if defined(SUPPORT_ARGON2DS) && defined(SUPPORT_ARGON2_V1_0)
CHECK_HASH("$argon2ds$m=8,t=1,p=1$*99$", "*100", 100);
CHECK_HASH("x$*99>$argon2ds$m=8,t=1,p=1$*99$", "*100", 100);
CHECK_HASH("$argon2ds$m=8,t=1,p=1$*99$", "NineByteHash", 9);
CHECK_HASH("x$*99>$argon2ds$m=8,t=1,p=1$*99$", "NineByteHash", 9);
#endif
- /* Check without invalid hash */
- IF__argon2i__SUPPORTED(CHECK_ZERO("$argon2i$m=8,t=1,p=1$*99$", "#");)
- IF__argon2d__SUPPORTED(CHECK_ZERO("$argon2d$m=8,t=1,p=1$*99$", "#");)
- IF__argon2id__SUPPORTED(CHECK_ZERO("$argon2id$m=8,t=1,p=1$*99$", "#");)
- IF__argon2ds__SUPPORTED(CHECK_ZERO("$argon2ds$m=8,t=1,p=1$*99$", "#");)
+ /* Check with invalid hash */
+ IF__argon2i_v1_0__SUPPORTED(CHECK_ZERO("$argon2i$m=8,t=1,p=1$*99$", "#");)
+ IF__argon2d_v1_0__SUPPORTED(CHECK_ZERO("$argon2d$m=8,t=1,p=1$*99$", "#");)
+ IF__argon2id_v1_0__SUPPORTED(CHECK_ZERO("$argon2id$m=8,t=1,p=1$*99$", "#");)
+ IF__argon2ds_v1_0__SUPPORTED(CHECK_ZERO("$argon2ds$m=8,t=1,p=1$*99$", "#");)
+ IF__argon2i_v1_3__SUPPORTED(CHECK_ZERO("$argon2i$v=19$m=8,t=1,p=1$*99$", "#");)
+ IF__argon2d_v1_3__SUPPORTED(CHECK_ZERO("$argon2d$v=19$m=8,t=1,p=1$*99$", "#");)
+ IF__argon2id_v1_3__SUPPORTED(CHECK_ZERO("$argon2id$v=19$m=8,t=1,p=1$*99$", "#");)
+ IF__argon2ds_v1_3__SUPPORTED(CHECK_ZERO("$argon2ds$v=19$m=8,t=1,p=1$*99$", "#");)
/* Test without flexible hash size (but with context I guess) */
ctx = librecrypt_create_context();
diff --git a/librecrypt_test_supported.c b/librecrypt_test_supported.c
index 9cc8bd5..f069d44 100644
--- a/librecrypt_test_supported.c
+++ b/librecrypt_test_supported.c
@@ -25,7 +25,7 @@ librecrypt_test_supported(const char *phrase, size_t len, int text, const char *
if (!(*algo->test_supported)(phrase, len, text, settings, n, &len))
return 0;
- /* Return just process last chained algorithm */
+ /* Return if just processed last chained algorithm */
if (!settings[n])
return 1;
@@ -68,10 +68,20 @@ main(void)
EXPECT(librecrypt_test_supported("abcdefgh", 8u, 1, ">"NSA, NULL) == 0);
EXPECT(librecrypt_test_supported("abcdefgh", 8u, 1, NSA">"NSA, NULL) == 0);
- IF__argon2i__SUPPORTED(CHECK("$argon2i$v=19$", "m=8,t=1,p=1$*16$*40", "m=0,t=0,p=0$*1$*1"));
- IF__argon2d__SUPPORTED(CHECK("$argon2d$v=19$", "m=8,t=1,p=1$*16$*40", "m=0,t=0,p=0$*1$*1"));
- IF__argon2id__SUPPORTED(CHECK("$argon2id$v=19$", "m=8,t=1,p=1$*16$*40", "m=0,t=0,p=0$*1$*1"));
- IF__argon2ds__SUPPORTED(CHECK("$argon2ds$v=19$", "m=8,t=1,p=1$*16$*40", "m=0,t=0,p=0$*1$*1"));
+ IF__argon2i_v1_3__SUPPORTED(CHECK("$argon2i$v=19$", "m=8,t=1,p=1$*16$*40", "m=0,t=0,p=0$*1$*1"));
+ IF__argon2d_v1_3__SUPPORTED(CHECK("$argon2d$v=19$", "m=8,t=1,p=1$*16$*40", "m=0,t=0,p=0$*1$*1"));
+ IF__argon2id_v1_3__SUPPORTED(CHECK("$argon2id$v=19$", "m=8,t=1,p=1$*16$*40", "m=0,t=0,p=0$*1$*1"));
+ IF__argon2ds_v1_3__SUPPORTED(CHECK("$argon2ds$v=19$", "m=8,t=1,p=1$*16$*40", "m=0,t=0,p=0$*1$*1"));
+
+ IF__argon2i_v1_0__SUPPORTED(CHECK("$argon2i$v=16$", "m=8,t=1,p=1$*16$*40", "m=0,t=0,p=0$*1$*1"));
+ IF__argon2d_v1_0__SUPPORTED(CHECK("$argon2d$v=16$", "m=8,t=1,p=1$*16$*40", "m=0,t=0,p=0$*1$*1"));
+ IF__argon2id_v1_0__SUPPORTED(CHECK("$argon2id$v=16$", "m=8,t=1,p=1$*16$*40", "m=0,t=0,p=0$*1$*1"));
+ IF__argon2ds_v1_0__SUPPORTED(CHECK("$argon2ds$v=16$", "m=8,t=1,p=1$*16$*40", "m=0,t=0,p=0$*1$*1"));
+
+ IF__argon2i_v1_0__SUPPORTED(CHECK("$argon2i$", "m=8,t=1,p=1$*16$*40", "m=0,t=0,p=0$*1$*1"));
+ IF__argon2d_v1_0__SUPPORTED(CHECK("$argon2d$", "m=8,t=1,p=1$*16$*40", "m=0,t=0,p=0$*1$*1"));
+ IF__argon2id_v1_0__SUPPORTED(CHECK("$argon2id$", "m=8,t=1,p=1$*16$*40", "m=0,t=0,p=0$*1$*1"));
+ IF__argon2ds_v1_0__SUPPORTED(CHECK("$argon2ds$", "m=8,t=1,p=1$*16$*40", "m=0,t=0,p=0$*1$*1"));
STOP_RESOURCE_TEST();
return 0;
diff --git a/librecrypt_verify.c b/librecrypt_verify.c
index d74973c..fa51efd 100644
--- a/librecrypt_verify.c
+++ b/librecrypt_verify.c
@@ -78,7 +78,7 @@ main(void)
EXPECT(librecrypt_verify(NULL, 0u, "$~no~such~algorithm~$", ctx) == -1);
EXPECT(errno == ENOSYS);
-#if defined(SUPPORT_ARGON2ID)
+#if defined(SUPPORT_ARGON2ID) && defined(SUPPORT_ARGON2_V1_3)
EXPECT(librecrypt_verify("password", 8u, "$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4", ctx) == 1);
EXPECT(librecrypt_verify("password", 8u, "$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/", ctx) == 0);
EXPECT(librecrypt_verify("password", 8u, "$argon2id$v=19$m=256,t=2,p=1$c29tZXNhbHQ$nf65EOgLrQMR/uIPnA4rEsF5h7TKyQwu9U1bMCHGi/4x", ctx) == 0);
@@ -110,7 +110,9 @@ main(void)
assert(errno == ENOMEM);
assert(libtest_get_alloc_failure_in() == 0u);
}
+#endif
+#if defined(SUPPORT_ARGON2ID) && defined(SUPPORT_ARGON2_V1_0)
r = snprintf(conf, sizeof(conf), "$argon2id$m=256,t=8,p=1$AAAABBBBCCCC$*%zu", SIZE_MAX / 4u * 3u + 3u);
assert(r > 0 && (size_t)r < sizeof(conf));
errno = 0;
@@ -127,7 +129,7 @@ main(void)
memset(nuls, 0, sizeof(nuls));
memset(spaces, ' ', sizeof(spaces));
-#if defined(SUPPORT_ARGON2I)
+#if defined(SUPPORT_ARGON2I) && defined(SUPPORT_ARGON2_V1_3)
assert(sizeof(nuls) >= 4u);
assert(librecrypt_set_pepper(ctx, LIBRECRYPT_ARGON2I_V1_3, nuls, 4u) == 0);
EXPECT(librecrypt_verify(spaces, 1u, "$argon2i$v=19$m=8,t=1,p=1$ICAgICAgICA$Mhl4o3AkJuA", ctx) == 1);
diff --git a/libtest/config.mk b/libtest/config.mk
index 9538ee9..49179b4 100644
--- a/libtest/config.mk
+++ b/libtest/config.mk
@@ -1,6 +1,11 @@
WITH_BACKTRACE = false
IMPLEMENT_MMAP = true
+BZERO_CHECK_CPPFLAGS != \
+ if test -n "$(ARGON2_VERSION)"; then\
+ echo -DDONT_CHECK_MEMORY_ZEROED\
+ ;fi
+
TEST_CONFIGFILE = config_backtraces=$(WITH_BACKTRACE).mk
include $(TEST_INCLUDE_PREFIX)$(TEST_CONFIGFILE)
diff --git a/libtest/config_backtraces=false.mk b/libtest/config_backtraces=false.mk
index ff6b659..3b167af 100644
--- a/libtest/config_backtraces=false.mk
+++ b/libtest/config_backtraces=false.mk
@@ -1,6 +1,6 @@
include $(TEST_INCLUDE_PREFIX)common-config.mk
TEST_CPPFLAGS = -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_XOPEN_SOURCE=700 -D_GNU_SOURCE\
- $(IMPLEMENT_MMAP_CPPFLAGS)
+ $(IMPLEMENT_MMAP_CPPFLAGS) $(BZERO_CHECK_CPPFLAGS)
TEST_CFLAGS =
TEST_LDFLAGS =
diff --git a/libtest/config_backtraces=true.mk b/libtest/config_backtraces=true.mk
index aac9cc3..3db1e2e 100644
--- a/libtest/config_backtraces=true.mk
+++ b/libtest/config_backtraces=true.mk
@@ -1,7 +1,7 @@
include $(TEST_INCLUDE_PREFIX)common-config.mk
TEST_CPPFLAGS = -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_XOPEN_SOURCE=700 -D_GNU_SOURCE\
- $(IMPLEMENT_MMAP_CPPFLAGS) -DWITH_BACKTRACE
+ $(IMPLEMENT_MMAP_CPPFLAGS) $(BZERO_CHECK_CPPFLAGS) -DWITH_BACKTRACE
TEST_CFLAGS = -g
TEST_LDFLAGS = -lunwind -ldw
diff --git a/libtest/libtest_free.c b/libtest/libtest_free.c
index d46218e..8667e85 100644
--- a/libtest/libtest_free.c
+++ b/libtest/libtest_free.c
@@ -8,8 +8,7 @@ libtest_free(void *ptr, enum libtest_zero_check zero_checking)
{
struct meminfo *mem;
int saved_errno = errno;
- int unmap_err, memory_zeroed;
- uint8_t *usable_area;
+ int unmap_err;
size_t i;
#ifdef WITH_BACKTRACE
static _Thread_local int inside_free = 0;
@@ -52,10 +51,11 @@ libtest_free(void *ptr, enum libtest_zero_check zero_checking)
}
SPINUNLOCK(libtest_allocs_list_spinlock);
+#ifndef DONT_CHECK_MEMORY_ZEROED
/* Check memory is zeroed */
if (zero_checking && libtest_expect_zeroed && !mem->accept_leakage) {
- usable_area = mem->usable_area;
- memory_zeroed = 1;
+ uint8_t *usable_area = mem->usable_area;
+ int memory_zeroed = 1;
for (i = 0u; i < mem->usable_alloc_size; i++) {
if (usable_area[i]) {
memory_zeroed = 0;
@@ -63,7 +63,7 @@ libtest_free(void *ptr, enum libtest_zero_check zero_checking)
break;
}
}
-#ifdef WITH_BACKTRACE
+# ifdef WITH_BACKTRACE
if (!memory_zeroed && mem->backtrace) {
libtest_malloc_internal_usage++;
inside_free = 1;
@@ -72,9 +72,10 @@ libtest_free(void *ptr, enum libtest_zero_check zero_checking)
0u, mem->backtrace, NULL);
inside_free = 0;
}
-#endif
+# endif
assert(memory_zeroed);
}
+#endif
/* Optionally print out trace */
#ifdef WITH_BACKTRACE