diff options
Diffstat (limited to 'argon2')
| -rw-r--r-- | argon2/argon2.h | 2 | ||||
| -rw-r--r-- | argon2/hash.c | 66 |
2 files changed, 53 insertions, 15 deletions
diff --git a/argon2/argon2.h b/argon2/argon2.h index cd149da..a14e782 100644 --- a/argon2/argon2.h +++ b/argon2/argon2.h @@ -82,7 +82,7 @@ HIDDEN ssize_t librecrypt__argon2ds__make_settings(char *out_buffer, size_t size # define argon2__STRICT_PAD 0 # define argon2__PAD '=' HIDDEN int librecrypt__argon2__hash(char *restrict out_buffer, size_t size, const char *phrase, size_t len, - const char *settings, size_t prefix, void *reserved); + const char *settings, size_t prefix, LIBRECRYPT_CONTEXT *ctx); HIDDEN PURE int librecrypt__argon2__test_supported(const char *phrase, size_t len, int text, const char *settings, size_t prefix, size_t *len_out); # ifndef REQUIRES_COMMON_RFC4848S4 diff --git a/argon2/hash.c b/argon2/hash.c index 2a41c69..e498d35 100644 --- a/argon2/hash.c +++ b/argon2/hash.c @@ -91,19 +91,21 @@ init_context(struct libar2_context *ctxp) int librecrypt__argon2__hash(char *restrict out_buffer, size_t size, const char *phrase, size_t len, - const char *settings, size_t prefix, void *reserved) + const char *settings, size_t prefix, LIBRECRYPT_CONTEXT *ctx) { + enum librecrypt_hash_algorithm algo_v10, algo_v13, algo; struct libar2_argon2_parameters params; - struct libar2_context ctx; + struct libar2_context ar2ctx; const char *type, *version, *salt_encoded; uintmax_t mcost, tcost, lanes, saltlen, hashlen; void *salt = NULL, *scratch = NULL; size_t scratch_size; + struct pepper *pepper = NULL; ssize_t r; int saved_errno; /* Not yet used */ - (void) reserved; + (void) ctx; /* Parse `settings` */ r = librecrypt_scan_settings_(settings, prefix, @@ -140,14 +142,14 @@ librecrypt__argon2__hash(char *restrict out_buffer, size_t size, const char *phr /* Gives us memory allocation and threading support; * so we don't have to implement any of that ourselves */ - libar2simplified_init_context(&ctx); + libar2simplified_init_context(&ar2ctx); /* Configure automatic erasure of input memory */ - ctx.autoerase_message = 0; /* allows `phrase` to be read-only */ - ctx.autoerase_secret = 0; /* alloes to params.key, which we are not using, but maybe in the future */ - ctx.autoerase_associated_data = 0; /* alloes to params.ad, which we are not using, but maybe in the future */ - ctx.autoerase_salt = 1; /* since we are decoding the salt, we do a memory allocation, - * and our testing always checks that allocated memory is earse; - * it doesn't really matter, but it's paranoid, and that's good */ + ar2ctx.autoerase_message = 0; /* allows `phrase` to be read-only */ + ar2ctx.autoerase_secret = 0; /* allows params.key to be read-only */ + ar2ctx.autoerase_associated_data = 0; /* allows params.ad to be read-only, which we are not using, but maybe in the future */ + ar2ctx.autoerase_salt = 1; /* since we are decoding the salt, we do a memory allocation, + * and our testing always checks that allocated memory is earse; + * it doesn't really matter, but it's paranoid, and that's good */ /* Decode salt */ if (!salt_encoded) /* this would be if asterisk-notation is used, but it is not */ @@ -181,13 +183,47 @@ librecrypt__argon2__hash(char *restrict out_buffer, size_t size, const char *phr params.version = !*version ? LIBAR2_ARGON2_VERSION_10 : version[3u] == '9' ? LIBAR2_ARGON2_VERSION_13 : /* 19 = 0x13 = 1.3 */ LIBAR2_ARGON2_VERSION_10; /* 16 = 0x10 = 1.0 */ + if (!ctx) + goto no_pepper; + switch (params.type) { + case LIBAR2_ARGON2I: + algo_v10 = LIBRECRYPT_ARGON2I_V1_0; + algo_v13 = LIBRECRYPT_ARGON2I_V1_3; + break; + case LIBAR2_ARGON2D: + algo_v10 = LIBRECRYPT_ARGON2D_V1_0; + algo_v13 = LIBRECRYPT_ARGON2D_V1_3; + break; + case LIBAR2_ARGON2ID: + algo_v10 = LIBRECRYPT_ARGON2ID_V1_0; + algo_v13 = LIBRECRYPT_ARGON2ID_V1_3; + break; + case LIBAR2_ARGON2DS: + algo_v10 = LIBRECRYPT_ARGON2DS_V1_0; + algo_v13 = LIBRECRYPT_ARGON2DS_V1_3; + break; + default: + abort(); /* $covered$ (impossible) */ + } + switch (params.version) { + case LIBAR2_ARGON2_VERSION_10: + algo = algo_v10; + break; + case LIBAR2_ARGON2_VERSION_13: + algo = algo_v13; + break; + default: + abort(); /* $covered$ (impossible) */ + } + pepper = librecrypt_context_get_pepper_(ctx, algo, 0u); +no_pepper: params.t_cost = (uint_least32_t)tcost; params.m_cost = (uint_least32_t)mcost; params.lanes = (uint_least32_t)lanes; params.salt = salt; params.saltlen = (size_t)saltlen; - params.key = NULL; - params.keylen = 0u; + params.key = pepper ? REMOVE_CONST(pepper->data) : NULL; + params.keylen = pepper ? pepper->len : 0u; params.ad = NULL; params.adlen = 0u; params.hashlen = hashlen ? (size_t)hashlen : argon2__HASH_SIZE; @@ -215,7 +251,7 @@ librecrypt__argon2__hash(char *restrict out_buffer, size_t size, const char *phr /* Calculate hash */ #ifndef FUZZ - if (libar2_hash(scratch ? scratch : out_buffer, REMOVE_CONST(phrase), len, ¶ms, &ctx)) + if (libar2_hash(scratch ? scratch : out_buffer, REMOVE_CONST(phrase), len, ¶ms, &ar2ctx)) goto fail; #else memset(scratch ? scratch : out_buffer, '5', scratch_size); @@ -223,7 +259,7 @@ librecrypt__argon2__hash(char *restrict out_buffer, size_t size, const char *phr if (scratch && out_buffer) memcpy(out_buffer, scratch, MIN(params.hashlen, size)); - /* same rationale as for `ctx.autoerase_salt = 1;` */ + /* same rationale as for `ar2ctx.autoerase_salt = 1;` */ if (scratch) { librecrypt_wipe(scratch, scratch_size); free(scratch); @@ -431,6 +467,8 @@ main(void) STOP_RESOURCE_TEST(); return 0; } +/* TODO check with pepper */ +/* TODO check with context but no pepper */ #endif |