From bc04e6f4cbc4ecbad128402a5f03c7054e0e258d Mon Sep 17 00:00:00 2001 From: SergiySW Date: Fri, 29 Sep 2017 20:08:51 +0300 Subject: [PATCH] Deleting old Agron2 version --- Argon2/LICENSE | 31 -- Argon2/Source/Argon2/argon2.cpp | 123 ------ Argon2/Source/Argon2/argon2.h | 254 ------------ Argon2/Source/Blake2/blake-round-mka.h | 44 --- Argon2/Source/Blake2/blake2-round-mka.h | 97 ----- Argon2/Source/Common/brg-endian.h | 143 ------- Argon2/Source/Core/argon2-core.cpp | 493 ------------------------ Argon2/Source/Core/argon2-core.h | 254 ------------ Argon2/Source/Core/argon2-opt-core.cpp | 250 ------------ Argon2/Source/Core/argon2-ref-core.cpp | 165 -------- Argon2/Source/Core/kat.cpp | 126 ------ Argon2/Source/Core/kat.h | 42 -- 12 files changed, 2022 deletions(-) delete mode 100644 Argon2/LICENSE delete mode 100644 Argon2/Source/Argon2/argon2.cpp delete mode 100644 Argon2/Source/Argon2/argon2.h delete mode 100644 Argon2/Source/Blake2/blake-round-mka.h delete mode 100644 Argon2/Source/Blake2/blake2-round-mka.h delete mode 100644 Argon2/Source/Common/brg-endian.h delete mode 100644 Argon2/Source/Core/argon2-core.cpp delete mode 100644 Argon2/Source/Core/argon2-core.h delete mode 100644 Argon2/Source/Core/argon2-opt-core.cpp delete mode 100644 Argon2/Source/Core/argon2-ref-core.cpp delete mode 100644 Argon2/Source/Core/kat.cpp delete mode 100644 Argon2/Source/Core/kat.h diff --git a/Argon2/LICENSE b/Argon2/LICENSE deleted file mode 100644 index 3568435f..00000000 --- a/Argon2/LICENSE +++ /dev/null @@ -1,31 +0,0 @@ - CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED HEREUNDER. - -Statement of Purpose - -The laws of most jurisdictions throughout the world automatically confer exclusive Copyright and Related Rights (defined below) upon the creator and subsequent owner(s) (each and all, an "owner") of an original work of authorship and/or a database (each, a "Work"). - -Certain owners wish to permanently relinquish those rights to a Work for the purpose of contributing to a commons of creative, cultural and scientific works ("Commons") that the public can reliably and without fear of later claims of infringement build upon, modify, incorporate in other works, reuse and redistribute as freely as possible in any form whatsoever and for any purposes, including without limitation commercial purposes. These owners may contribute to the Commons to promote the ideal of a free culture and the further production of creative, cultural and scientific works, or to gain reputation or greater distribution for their Work in part through the use and efforts of others. - -For these and/or other purposes and motivations, and without any expectation of additional consideration or compensation, the person associating CC0 with a Work (the "Affirmer"), to the extent that he or she is an owner of Copyright and Related Rights in the Work, voluntarily elects to apply CC0 to the Work and publicly distribute the Work under its terms, with knowledge of his or her Copyright and Related Rights in the Work and the meaning and intended legal effect of CC0 on those rights. - -1. Copyright and Related Rights. A Work made available under CC0 may be protected by copyright and related or neighboring rights ("Copyright and Related Rights"). Copyright and Related Rights include, but are not limited to, the following: - - the right to reproduce, adapt, distribute, perform, display, communicate, and translate a Work; - moral rights retained by the original author(s) and/or performer(s); - publicity and privacy rights pertaining to a person's image or likeness depicted in a Work; - rights protecting against unfair competition in regards to a Work, subject to the limitations in paragraph 4(a), below; - rights protecting the extraction, dissemination, use and reuse of data in a Work; - database rights (such as those arising under Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, and under any national implementation thereof, including any amended or successor version of such directive); and - other similar, equivalent or corresponding rights throughout the world based on applicable law or treaty, and any national implementations thereof. - -2. Waiver. To the greatest extent permitted by, but not in contravention of, applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and unconditionally waives, abandons, and surrenders all of Affirmer's Copyright and Related Rights and associated claims and causes of action, whether now known or unknown (including existing as well as future claims and causes of action), in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each member of the public at large and to the detriment of Affirmer's heirs and successors, fully intending that such Waiver shall not be subject to revocation, rescission, cancellation, termination, or any other legal or equitable action to disrupt the quiet enjoyment of the Work by the public as contemplated by Affirmer's express Statement of Purpose. - -3. Public License Fallback. Should any part of the Waiver for any reason be judged legally invalid or ineffective under applicable law, then the Waiver shall be preserved to the maximum extent permitted taking into account Affirmer's express Statement of Purpose. In addition, to the extent the Waiver is so judged Affirmer hereby grants to each affected person a royalty-free, non transferable, non sublicensable, non exclusive, irrevocable and unconditional license to exercise Affirmer's Copyright and Related Rights in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "License"). The License shall be deemed effective as of the date CC0 was applied by Affirmer to the Work. Should any part of the License for any reason be judged legally invalid or ineffective under applicable law, such partial invalidity or ineffectiveness shall not invalidate the remainder of the License, and in such case Affirmer hereby affirms that he or she will not (i) exercise any of his or her remaining Copyright and Related Rights in the Work or (ii) assert any associated claims and causes of action with respect to the Work, in either case contrary to Affirmer's express Statement of Purpose. - -4. Limitations and Disclaimers. - - No trademark or patent rights held by Affirmer are waived, abandoned, surrendered, licensed or otherwise affected by this document. - Affirmer offers the Work as-is and makes no representations or warranties of any kind concerning the Work, express, implied, statutory or otherwise, including without limitation warranties of title, merchantability, fitness for a particular purpose, non infringement, or the absence of latent or other defects, accuracy, or the present or absence of errors, whether or not discoverable, all to the greatest extent permissible under applicable law. - Affirmer disclaims responsibility for clearing rights of other persons that may apply to the Work or any use thereof, including without limitation any person's Copyright and Related Rights in the Work. Further, Affirmer disclaims responsibility for obtaining any necessary consents, permissions or other rights required for any use of the Work. - Affirmer understands and acknowledges that Creative Commons is not a party to this document and has no duty or obligation with respect to this CC0 or use of the Work. - diff --git a/Argon2/Source/Argon2/argon2.cpp b/Argon2/Source/Argon2/argon2.cpp deleted file mode 100644 index ca71767c..00000000 --- a/Argon2/Source/Argon2/argon2.cpp +++ /dev/null @@ -1,123 +0,0 @@ -/* - * Argon2 source code package - * - * This work is licensed under a Creative Commons CC0 1.0 License/Waiver. - * - * You should have received a copy of the CC0 Public Domain Dedication along with - * this software. If not, see . - */ - - -#include - - -#include -#include -#include "argon2.h" -#include "argon2-core.h" - - -/************************* Error messages *********************************************************************************/ - -static std::map Argon2_ErrorMessage = { - {ARGON2_OK, "OK"}, - - {ARGON2_OUTPUT_PTR_NULL, "Output pointer is NULL"}, - - {ARGON2_OUTPUT_TOO_SHORT, "Output is too short"}, - {ARGON2_OUTPUT_TOO_LONG, "Output is too long"}, - - {ARGON2_PWD_TOO_SHORT, "Password is too short"}, - {ARGON2_PWD_TOO_LONG, "Password is too long"}, - - {ARGON2_SALT_TOO_SHORT, "Salt is too short"}, - {ARGON2_SALT_TOO_LONG, "Salt is too long"}, - - {ARGON2_AD_TOO_SHORT, "Associated data is too short"}, - {ARGON2_AD_TOO_LONG, "Associated date is too long"}, - - {ARGON2_SECRET_TOO_SHORT, "Secret is too short"}, - {ARGON2_SECRET_TOO_LONG, "Secret is too long"}, - - {ARGON2_TIME_TOO_SMALL, "Time cost is too small"}, - {ARGON2_TIME_TOO_LARGE, "Time cost is too large"}, - - {ARGON2_MEMORY_TOO_LITTLE, "Memory cost is too small"}, - {ARGON2_MEMORY_TOO_MUCH, "Memory cost is too large"}, - - {ARGON2_LANES_TOO_FEW, "Too few lanes"}, - {ARGON2_LANES_TOO_MANY, "Too many lanes"}, - - {ARGON2_PWD_PTR_MISMATCH, "Password pointer is NULL, but password length is not 0"}, - {ARGON2_SALT_PTR_MISMATCH, "Salt pointer is NULL, but salt length is not 0"}, - {ARGON2_SECRET_PTR_MISMATCH, "Secret pointer is NULL, but secret length is not 0"}, - {ARGON2_AD_PTR_MISMATCH, "Associated data pointer is NULL, but ad length is not 0"}, - - {ARGON2_MEMORY_ALLOCATION_ERROR, "Memory allocation error"}, - - {ARGON2_FREE_MEMORY_CBK_NULL, "The free memory callback is NULL"}, - {ARGON2_ALLOCATE_MEMORY_CBK_NULL, "The allocate memory callback is NULL"}, - - {ARGON2_INCORRECT_PARAMETER, "Argon2_Context context is NULL"}, - {ARGON2_INCORRECT_TYPE, "There is no such version of Argon2"}, - - {ARGON2_OUT_PTR_MISMATCH, "Output pointer mismatch"} -}; - -int PHS(void *out, size_t outlen, const void *in, size_t inlen, const void *salt, size_t saltlen, unsigned int t_cost, unsigned int m_cost) { - uint8_t* default_ad_ptr = NULL; - uint32_t default_ad_length = 0; - uint8_t* default_secret_ptr = NULL; - uint32_t default_secret_length = 0; - uint8_t default_parallelism = 1; - - Argon2_Context context((uint8_t*) out, (uint32_t) outlen, - (uint8_t*) in, (uint32_t) inlen, - (uint8_t*) salt, (uint32_t) saltlen, - default_ad_ptr, default_ad_length, - default_secret_ptr, default_secret_length, - (uint32_t) t_cost, (uint32_t) m_cost, default_parallelism); - - return Argon2Core(&context, Argon2_d); -} - -int Argon2d(Argon2_Context* context) { - return Argon2Core(context, Argon2_d); -} - -int Argon2i(Argon2_Context* context) { - return Argon2Core(context, Argon2_i); -} - -int Argon2di(Argon2_Context* context) { - return Argon2Core(context, Argon2_di); -} - -int Argon2id(Argon2_Context* context) { - return Argon2Core(context, Argon2_id); -} - -int Argon2ds(Argon2_Context* context) { - return Argon2Core(context, Argon2_ds); -} - -int VerifyD(Argon2_Context* context, const char *hash) { - if (0 == context->outlen || NULL == hash) { - return ARGON2_OUT_PTR_MISMATCH; - } - - int result = Argon2Core(context, Argon2_d); - if (ARGON2_OK != result) { - return result; - } - - return 0 == memcmp(hash, context->out, context->outlen); -} - -const char* ErrorMessage(int error_code) { - if (error_code < ARGON2_ERROR_CODES_LENGTH) { - return Argon2_ErrorMessage[(Argon2_ErrorCodes) error_code].c_str(); - } - - return "Unknown error code."; -} diff --git a/Argon2/Source/Argon2/argon2.h b/Argon2/Source/Argon2/argon2.h deleted file mode 100644 index bb835476..00000000 --- a/Argon2/Source/Argon2/argon2.h +++ /dev/null @@ -1,254 +0,0 @@ -/* - * Argon2 source code package - * - * This work is licensed under a Creative Commons CC0 1.0 License/Waiver. - * - * You should have received a copy of the CC0 Public Domain Dedication along with - * this software. If not, see . - */ - - -#ifndef __ARGON2_H__ -#define __ARGON2_H__ - -#include - - -/************************* Constants to enable Known Answer Tests (KAT) **************************************************/ -/* Enable KAT */ -//#define KAT -//#define KAT_INTERNAL - - -#if defined(KAT) || defined(KAT_INTERNAL) -/* The KAT file name */ -extern const char* KAT_FILENAME; -#endif - - -/*************************Argon2 input parameter restrictions**************************************************/ - -/* Minimum and maximum number of lanes (degree of parallelism) */ -const uint8_t MIN_LANES = 1; -const uint8_t MAX_LANES = 255; - -/* Number of synchronization points between lanes per pass */ -const uint32_t SYNC_POINTS = 4; - -/* Minimum and maximum digest size in bytes */ -const uint32_t MIN_OUTLEN = 4; -const uint32_t MAX_OUTLEN = 0xFFFFFFFF; - -/* Minimum and maximum number of memory blocks (each of BLOCK_SIZE bytes) */ -const uint32_t MIN_MEMORY = 2 * SYNC_POINTS; // 2 blocks per slice -const uint32_t MAX_MEMORY = 0xFFFFFFFF; // 2^32-1 blocks - -/* Minimum and maximum number of passes */ -const uint32_t MIN_TIME = 1; -const uint32_t MAX_TIME = 0xFFFFFFFF; - -/* Minimum and maximum password length in bytes */ -const uint32_t MIN_PWD_LENGTH = 0; -const uint32_t MAX_PWD_LENGTH = 0xFFFFFFFF; - -/* Minimum and maximum associated data length in bytes */ -const uint32_t MIN_AD_LENGTH = 0; -const uint32_t MAX_AD_LENGTH = 0xFFFFFFFF; - -/* Minimum and maximum salt length in bytes */ -const uint32_t MIN_SALT_LENGTH = 8; -const uint32_t MAX_SALT_LENGTH = 0xFFFFFFFF; - -/* Minimum and maximum key length in bytes */ -const uint32_t MIN_SECRET = 0; -const uint32_t MAX_SECRET = 0xFFFFFFFF; - -/************************* Error codes *********************************************************************************/ -enum Argon2_ErrorCodes { - ARGON2_OK = 0, - - ARGON2_OUTPUT_PTR_NULL = 1, - - ARGON2_OUTPUT_TOO_SHORT = 2, - ARGON2_OUTPUT_TOO_LONG = 3, - - ARGON2_PWD_TOO_SHORT = 4, - ARGON2_PWD_TOO_LONG = 5, - - ARGON2_SALT_TOO_SHORT = 6, - ARGON2_SALT_TOO_LONG = 7, - - ARGON2_AD_TOO_SHORT = 8, - ARGON2_AD_TOO_LONG = 9, - - ARGON2_SECRET_TOO_SHORT = 10, - ARGON2_SECRET_TOO_LONG = 11, - - ARGON2_TIME_TOO_SMALL = 12, - ARGON2_TIME_TOO_LARGE = 13, - - ARGON2_MEMORY_TOO_LITTLE = 14, - ARGON2_MEMORY_TOO_MUCH = 15, - - ARGON2_LANES_TOO_FEW = 16, - ARGON2_LANES_TOO_MANY = 17, - - ARGON2_PWD_PTR_MISMATCH = 18, //NULL ptr with non-zero length - ARGON2_SALT_PTR_MISMATCH = 19, //NULL ptr with non-zero length - ARGON2_SECRET_PTR_MISMATCH = 20, //NULL ptr with non-zero length - ARGON2_AD_PTR_MISMATCH = 21, //NULL ptr with non-zero length - - ARGON2_MEMORY_ALLOCATION_ERROR = 22, - - ARGON2_FREE_MEMORY_CBK_NULL = 23, - ARGON2_ALLOCATE_MEMORY_CBK_NULL = 24, - - ARGON2_INCORRECT_PARAMETER = 25, - ARGON2_INCORRECT_TYPE = 26, - - ARGON2_OUT_PTR_MISMATCH = 27, - - ARGON2_ERROR_CODES_LENGTH /* Do NOT remove; Do NOT add error codes after this error code */ -}; - - - -/********************************************* Memory allocator types --- for external allocation *************************************************************/ -typedef int (*AllocateMemoryCallback)(uint8_t **memory, size_t bytes_to_allocate); -typedef void(*FreeMemoryCallback)(uint8_t *memory, size_t bytes_to_allocate); - -/********************************************* Argon2 external data structures*************************************************************/ - -/* - *****Context: structure to hold Argon2 inputs: - * output array and its length, - * password and its length, - * salt and its length, - * secret and its length, - * associated data and its length, - * number of passes, amount of used memory (in KBytes, can be rounded up a bit) - * number of parallel threads that will be run. - * All the parameters above affect the output hash value. - * Additionally, two function pointers can be provided to allocate and deallocate the memory (if NULL, memory will be allocated internally). - * Also, three flags indicate whether to erase password, secret as soon as they are pre-hashed (and thus not needed anymore), and the entire memory - **************************** - Simplest situation: you have output array out[8], password is stored in pwd[32], salt is stored in salt[16], you do not have keys nor associated data. - You need to spend 1 GB of RAM and you run 5 passes of Argon2d with 4 parallel lanes. - You want to erase the password, but you're OK with last pass not being erased. - You want to use the default memory allocator. - Then you initialize - Argon2_Context(out,8,pwd,32,salt,16,NULL,0,NULL,0,5,1<<20,4,NULL,NULL,true,false,false). - */ -struct Argon2_Context { - uint8_t *out; //output array - const uint32_t outlen; //digest length - - uint8_t *pwd; //password array - uint32_t pwdlen; //password length - - const uint8_t *salt; //salt array - const uint32_t saltlen; //salt length - - uint8_t *secret; //key array - uint32_t secretlen; //key length - - const uint8_t *ad; //associated data array - const uint32_t adlen; //associated data length - - const uint32_t t_cost; //number of passes - const uint32_t m_cost; //amount of memory requested (KB) - const uint32_t lanes; //number of parallel threads - - AllocateMemoryCallback allocate_cbk; //pointer to memory allocator - FreeMemoryCallback free_cbk; //pointer to memory deallocator - - const bool clear_password; //whether to clear the password array - const bool clear_secret; //whether to clear the secret array - const bool clear_memory; //whether to clear the memory after the run - - Argon2_Context(uint8_t *o, uint32_t olen, - /*const*/ uint8_t *m, uint32_t mlen, - /*const*/ uint8_t *n, uint32_t nlen, - /*const*/ uint8_t *s, uint32_t slen, - /*const*/ uint8_t *a, uint32_t alen, - uint32_t t_c, uint32_t m_c, uint32_t l, - AllocateMemoryCallback a_cbk = NULL, FreeMemoryCallback f_cbk = NULL, bool c_p = true, bool c_s = true, bool c_m = false) : out(o), outlen(olen), - pwd(m), pwdlen(mlen), - salt(n), saltlen(nlen), - secret(s), secretlen(slen), - ad(a), adlen(alen), - t_cost(t_c), m_cost(m_c), lanes(l), - allocate_cbk(a_cbk), free_cbk(f_cbk), clear_password(c_p), clear_secret(c_s), clear_memory(c_m) { - } -}; - -/** - * Function to hash the inputs in the memory-hard fashion - * @param out Pointer to the memory where the hash digest will be written - * @param outlen Digest length in bytes - * @param in Pointer to the input (password) - * @param inlen Input length in bytes - * @param salt Pointer to the salt - * @param saltlen Salt length in bytes - * @pre @a out must have at least @a outlen bytes allocated - * @pre @a in must be at least @inlen bytes long - * @pre @a saltlen must be at least @saltlen bytes long - * @return Zero if successful, 1 otherwise. - */ -extern "C" int PHS(void *out, size_t outlen, const void *in, size_t inlen, const void *salt, size_t saltlen, - unsigned int t_cost, unsigned int m_cost); - -/* - * **************Argon2d: Version of Argon2 that picks memory blocks depending on the password and salt. Only for side-channel-free environment!!*************** - * @param context Pointer to current Argon2 context - * @return Zero if successful, a non zero error code otherwise - */ -extern int Argon2d(Argon2_Context* context); - -/* - * * **************Argon2i: Version of Argon2 that picks memory blocks independing on the password and salt. Good for side-channels, - ******************* but worse w.r.t. tradeoff attacks if - *******************only one pass is used*************** - * @param context Pointer to current Argon2 context - * @return Zero if successful, a non zero error code otherwise - */ -extern int Argon2i(Argon2_Context* context); - -/* - * * **************Argon2di: Reserved name*************** - * @param context Pointer to current Argon2 context - * @return Zero if successful, a non zero error code otherwise - */ -extern int Argon2di(Argon2_Context* context); - -/* - * * **************Argon2ds: Argon2d hardened against GPU attacks, 20% slower*************** - * @param context Pointer to current Argon2 context - * @return Zero if successful, a non zero error code otherwise - */ -extern int Argon2ds(Argon2_Context* context); - - -/* - * * **************Argon2id: First half-pass over memory is password-independent, the rest are password-dependent - ********************OK against side channels: they reduce to 1/2-pass Argon2i*************** - * @param context Pointer to current Argon2 context - * @return Zero if successful, a non zero error code otherwise - */ -extern int Argon2id(Argon2_Context* context); - -/* - * Verify if a given password is correct for Argon2d hashing - * @param context Pointer to current Argon2 context - * @param hash The password hash to verify. The length of the hash is specified by the context outlen member - * @return Zero if successful, a non zero error code otherwise - */ -extern int VerifyD(Argon2_Context* context, const char *hash); - -/* - * Get the associated error message for given erro code - * @return The error message associated with the given error code - */ -const char* ErrorMessage(int error_code); - -#endif diff --git a/Argon2/Source/Blake2/blake-round-mka.h b/Argon2/Source/Blake2/blake-round-mka.h deleted file mode 100644 index fc3a8c45..00000000 --- a/Argon2/Source/Blake2/blake-round-mka.h +++ /dev/null @@ -1,44 +0,0 @@ -#pragma once - -#ifndef __BLAKE_ROUND_MKA_H__ -#define __BLAKE_ROUND_MKA_H__ - - -#define G(a,b,c,d) \ - a = fBlaMka(a, b) ; \ - d = rotr64(d ^ a, 32); \ - c = fBlaMka(c, d); \ - b = rotr64(b ^ c, 24); \ - a = fBlaMka(a, b) ; \ - d = rotr64(d ^ a, 16); \ - c = fBlaMka(c, d); \ - b = rotr64(b ^ c, 63); - -#define BLAKE2_ROUND_NOMSG(v0,v1,v2,v3,v4,v5,v6,v7,v8,v9,v10,v11,v12,v13,v14,v15) \ - G(v0, v4, v8, v12); \ - G(v1, v5, v9, v13); \ - G(v2, v6, v10, v14); \ - G(v3, v7, v11, v15); \ - G(v0, v5, v10, v15); \ - G(v1, v6, v11, v12); \ - G(v2, v7, v8, v13); \ - G(v3, v4, v9, v14); - - -/*designed by the Lyra PHC team */ -static inline uint64_t fBlaMka(uint64_t x, uint64_t y) -{ - uint32_t lessX = (uint32_t)x; - uint32_t lessY = (uint32_t)y; - - uint64_t lessZ = (uint64_t)lessX; - lessZ = lessZ * lessY; - lessZ = lessZ << 1; - - uint64_t z = lessZ + x + y; - - return z; -} - - -#endif diff --git a/Argon2/Source/Blake2/blake2-round-mka.h b/Argon2/Source/Blake2/blake2-round-mka.h deleted file mode 100644 index 9342def0..00000000 --- a/Argon2/Source/Blake2/blake2-round-mka.h +++ /dev/null @@ -1,97 +0,0 @@ -#define _mm_roti_epi64(x, c) \ - (-(c) == 32) ? _mm_shuffle_epi32((x), _MM_SHUFFLE(2,3,0,1)) \ - : (-(c) == 24) ? _mm_shuffle_epi8((x), r24) \ - : (-(c) == 16) ? _mm_shuffle_epi8((x), r16) \ - : (-(c) == 63) ? _mm_xor_si128(_mm_srli_epi64((x), -(c)), _mm_add_epi64((x), (x))) \ - : _mm_xor_si128(_mm_srli_epi64((x), -(c)), _mm_slli_epi64((x), 64-(-(c)))) - -static inline __m128i fBlaMka(__m128i x, __m128i y){ - __m128i z = _mm_mul_epu32 (x, y); - - z = _mm_slli_epi64 (z, 1); - - z = _mm_add_epi64 (z, x); - z = _mm_add_epi64 (z, y); - - return z; -} - -#define G1(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h) \ - row1l = fBlaMka(row1l, row2l); \ - row1h = fBlaMka(row1h, row2h); \ - \ - row4l = _mm_xor_si128(row4l, row1l); \ - row4h = _mm_xor_si128(row4h, row1h); \ - \ - row4l = _mm_roti_epi64(row4l, -32); \ - row4h = _mm_roti_epi64(row4h, -32); \ - \ - row3l = fBlaMka(row3l, row4l); \ - row3h = fBlaMka(row3h, row4h); \ - \ - row2l = _mm_xor_si128(row2l, row3l); \ - row2h = _mm_xor_si128(row2h, row3h); \ - \ - row2l = _mm_roti_epi64(row2l, -24); \ - row2h = _mm_roti_epi64(row2h, -24); \ - -#define G2(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h) \ - row1l = fBlaMka(row1l, row2l); \ - row1h = fBlaMka(row1h, row2h); \ - \ - row4l = _mm_xor_si128(row4l, row1l); \ - row4h = _mm_xor_si128(row4h, row1h); \ - \ - row4l = _mm_roti_epi64(row4l, -16); \ - row4h = _mm_roti_epi64(row4h, -16); \ - \ - row3l = fBlaMka(row3l, row4l); \ - row3h = fBlaMka(row3h, row4h); \ - \ - row2l = _mm_xor_si128(row2l, row3l); \ - row2h = _mm_xor_si128(row2h, row3h); \ - \ - row2l = _mm_roti_epi64(row2l, -63); \ - row2h = _mm_roti_epi64(row2h, -63); \ - - -#define DIAGONALIZE(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h) \ - t0 = _mm_alignr_epi8(row2h, row2l, 8); \ - t1 = _mm_alignr_epi8(row2l, row2h, 8); \ - row2l = t0; \ - row2h = t1; \ - \ - t0 = row3l; \ - row3l = row3h; \ - row3h = t0; \ - \ - t0 = _mm_alignr_epi8(row4h, row4l, 8); \ - t1 = _mm_alignr_epi8(row4l, row4h, 8); \ - row4l = t1; \ - row4h = t0; - -#define UNDIAGONALIZE(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h) \ - t0 = _mm_alignr_epi8(row2l, row2h, 8); \ - t1 = _mm_alignr_epi8(row2h, row2l, 8); \ - row2l = t0; \ - row2h = t1; \ - \ - t0 = row3l; \ - row3l = row3h; \ - row3h = t0; \ - \ - t0 = _mm_alignr_epi8(row4l, row4h, 8); \ - t1 = _mm_alignr_epi8(row4h, row4l, 8); \ - row4l = t1; \ - row4h = t0; - -#define BLAKE2_ROUND(row1l,row1h,row2l,row2h,row3l,row3h,row4l,row4h) \ - G1(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h); \ - G2(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h); \ - \ - DIAGONALIZE(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h); \ - \ - G1(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h); \ - G2(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h); \ - \ - UNDIAGONALIZE(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h); diff --git a/Argon2/Source/Common/brg-endian.h b/Argon2/Source/Common/brg-endian.h deleted file mode 100644 index 90d8d2c9..00000000 --- a/Argon2/Source/Common/brg-endian.h +++ /dev/null @@ -1,143 +0,0 @@ -/* - --------------------------------------------------------------------------- - Copyright (c) 1998-2008, Brian Gladman, Worcester, UK. All rights reserved. - - LICENSE TERMS - - The redistribution and use of this software (with or without changes) - is allowed without the payment of fees or royalties provided that: - - 1. source code distributions include the above copyright notice, this - list of conditions and the following disclaimer; - - 2. binary distributions include the above copyright notice, this list - of conditions and the following disclaimer in their documentation; - - 3. the name of the copyright holder is not used to endorse products - built using this software without specific written permission. - - DISCLAIMER - - This software is provided 'as is' with no explicit or implied warranties - in respect of its properties, including, but not limited to, correctness - and/or fitness for purpose. - --------------------------------------------------------------------------- - Issue Date: 20/12/2007 - Changes for ARM 9/9/2010 -*/ - -#ifndef _BRG_ENDIAN_H -#define _BRG_ENDIAN_H - -#define IS_BIG_ENDIAN 4321 /* byte 0 is most significant (mc68k) */ -#define IS_LITTLE_ENDIAN 1234 /* byte 0 is least significant (i386) */ - -#if 0 -/* Include files where endian defines and byteswap functions may reside */ -#if defined( __sun ) -# include -#elif defined( __FreeBSD__ ) || defined( __OpenBSD__ ) || defined( __NetBSD__ ) -# include -#elif defined( BSD ) && ( BSD >= 199103 ) || defined( __APPLE__ ) || \ - defined( __CYGWIN32__ ) || defined( __DJGPP__ ) || defined( __osf__ ) -# include -#elif defined( __linux__ ) || defined( __GNUC__ ) || defined( __GNU_LIBRARY__ ) -# if !defined( __MINGW32__ ) && !defined( _AIX ) -# include -# if !defined( __BEOS__ ) -# include -# endif -# endif -#endif -#endif - -/* Now attempt to set the define for platform byte order using any */ -/* of the four forms SYMBOL, _SYMBOL, __SYMBOL & __SYMBOL__, which */ -/* seem to encompass most endian symbol definitions */ - -#if defined( BIG_ENDIAN ) && defined( LITTLE_ENDIAN ) -# if defined( BYTE_ORDER ) && BYTE_ORDER == BIG_ENDIAN -# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN -# elif defined( BYTE_ORDER ) && BYTE_ORDER == LITTLE_ENDIAN -# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN -# endif -#elif defined( BIG_ENDIAN ) -# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN -#elif defined( LITTLE_ENDIAN ) -# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN -#endif - -#if defined( _BIG_ENDIAN ) && defined( _LITTLE_ENDIAN ) -# if defined( _BYTE_ORDER ) && _BYTE_ORDER == _BIG_ENDIAN -# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN -# elif defined( _BYTE_ORDER ) && _BYTE_ORDER == _LITTLE_ENDIAN -# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN -# endif -#elif defined( _BIG_ENDIAN ) -# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN -#elif defined( _LITTLE_ENDIAN ) -# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN -#endif - -#if defined( __BIG_ENDIAN ) && defined( __LITTLE_ENDIAN ) -# if defined( __BYTE_ORDER ) && __BYTE_ORDER == __BIG_ENDIAN -# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN -# elif defined( __BYTE_ORDER ) && __BYTE_ORDER == __LITTLE_ENDIAN -# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN -# endif -#elif defined( __BIG_ENDIAN ) -# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN -#elif defined( __LITTLE_ENDIAN ) -# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN -#endif - -#if defined( __BIG_ENDIAN__ ) && defined( __LITTLE_ENDIAN__ ) -# if defined( __BYTE_ORDER__ ) && __BYTE_ORDER__ == __BIG_ENDIAN__ -# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN -# elif defined( __BYTE_ORDER__ ) && __BYTE_ORDER__ == __LITTLE_ENDIAN__ -# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN -# endif -#elif defined( __BIG_ENDIAN__ ) -# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN -#elif defined( __LITTLE_ENDIAN__ ) -# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN -#endif - -/* if the platform byte order could not be determined, then try to */ -/* set this define using common machine defines */ -#if !defined(PLATFORM_BYTE_ORDER) - -#if defined( __alpha__ ) || defined( __alpha ) || defined( i386 ) || \ - defined( __i386__ ) || defined( _M_I86 ) || defined( _M_IX86 ) || \ - defined( __OS2__ ) || defined( sun386 ) || defined( __TURBOC__ ) || \ - defined( vax ) || defined( vms ) || defined( VMS ) || \ - defined( __VMS ) || defined( _M_X64 ) -# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN - -#elif defined( AMIGA ) || defined( applec ) || defined( __AS400__ ) || \ - defined( _CRAY ) || defined( __hppa ) || defined( __hp9000 ) || \ - defined( ibm370 ) || defined( mc68000 ) || defined( m68k ) || \ - defined( __MRC__ ) || defined( __MVS__ ) || defined( __MWERKS__ ) || \ - defined( sparc ) || defined( __sparc) || defined( SYMANTEC_C ) || \ - defined( __VOS__ ) || defined( __TIGCC__ ) || defined( __TANDEM ) || \ - defined( THINK_C ) || defined( __VMCMS__ ) || defined( _AIX ) -# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN - -#elif defined(__arm__) -# ifdef __BIG_ENDIAN -# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN -# else -# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN -# endif -#elif 1 /* **** EDIT HERE IF NECESSARY **** */ -# define PLATFORM_BYTE_ORDER IS_LITTLE_ENDIAN -#elif 0 /* **** EDIT HERE IF NECESSARY **** */ -# define PLATFORM_BYTE_ORDER IS_BIG_ENDIAN -#else -# error Please edit lines 132 or 134 in brg_endian.h to set the platform byte order -#endif - -#endif - -#endif - diff --git a/Argon2/Source/Core/argon2-core.cpp b/Argon2/Source/Core/argon2-core.cpp deleted file mode 100644 index 09d243f3..00000000 --- a/Argon2/Source/Core/argon2-core.cpp +++ /dev/null @@ -1,493 +0,0 @@ -/* - * Argon2 source code package - * - * This work is licensed under a Creative Commons CC0 1.0 License/Waiver. - * - * You should have received a copy of the CC0 Public Domain Dedication along with - * this software. If not, see . - */ - - -using namespace std; - -/*For memory wiping*/ -#ifdef _MSC_VER -#include "windows.h" -#include "winbase.h" //For SecureZeroMemory -#endif -#if defined __STDC_LIB_EXT1__ -#define __STDC_WANT_LIB_EXT1__ 1 -#endif -#define VC_GE_2005( version ) ( version >= 1400 ) - - -#include -#include -#include -#include - -#include "argon2.h" -#include "argon2-core.h" -#include "kat.h" - - -#include "blake2.h" -#include "blake2-impl.h" - - #if defined(__clang__) -#if __has_attribute(optnone) -#define NOT_OPTIMIZED __attribute__((optnone)) -#endif -#elif defined(__GNUC__) -#define GCC_VERSION (__GNUC__ * 10000 \ - + __GNUC_MINOR__ * 100 \ - + __GNUC_PATCHLEVEL__) -#if GCC_VERSION >= 40400 - #define NOT_OPTIMIZED __attribute__((optimize("O0"))) -#endif -#else -#define NOT_OPTIMIZED -#endif - - - - -block operator^(const block& l, const block& r) { - block a = l; - a ^= r; - return a; -} - -int AllocateMemory(block **memory, uint32_t m_cost) { - if (memory != NULL) { - *memory = new block[m_cost]; - if (!*memory) { - return ARGON2_MEMORY_ALLOCATION_ERROR; - } - return ARGON2_OK; - } else return ARGON2_MEMORY_ALLOCATION_ERROR; -} - -/* Function that securely cleans the memory -* @param mem Pointer to the memory -* @param s Memory size in bytes -*/ - -static inline void NOT_OPTIMIZED secure_wipe_memory( void *v, size_t n ) -{ -#if defined (_MSC_VER ) && VC_GE_2005( _MSC_VER ) - SecureZeroMemory(v,n); -#elif defined memset_s - memset_s(v, n); -#elif defined( __OpenBSD__ ) - explicit_bzero( memory, size ); -#else - static void* (*const volatile memset_sec)(void*, int, size_t) = &memset; - memset_sec(v,0,n); -#endif -} - -void FreeMemory(Argon2_instance_t* instance, bool clear) { - if (instance->state != NULL) { - if (clear) { - if (instance->type == Argon2_ds && instance->Sbox != NULL) { - secure_wipe_memory(instance->Sbox, SBOX_SIZE * sizeof (uint64_t)); - } - secure_wipe_memory(instance->state, sizeof (block) * instance->memory_blocks); - } - delete[] instance->state; - if (instance->Sbox != NULL) - delete[] instance->Sbox; - } -} -int blake2b_long(uint8_t *out, const void *in, const uint32_t outlen, const uint64_t inlen) -{ - blake2b_state blake_state; - if (outlen <= BLAKE2B_OUTBYTES) - { - blake2b_init(&blake_state, outlen); - blake2b_update(&blake_state, (const uint8_t*)&outlen, sizeof(uint32_t)); - blake2b_update(&blake_state, (const uint8_t *)in, inlen); - blake2b_final(&blake_state, out, outlen); - } - else - { - uint8_t out_buffer[BLAKE2B_OUTBYTES]; - uint8_t in_buffer[BLAKE2B_OUTBYTES]; - blake2b_init(&blake_state, BLAKE2B_OUTBYTES); - blake2b_update(&blake_state, (const uint8_t*)&outlen, sizeof(uint32_t)); - blake2b_update(&blake_state, (const uint8_t *)in, inlen); - blake2b_final(&blake_state, out_buffer, BLAKE2B_OUTBYTES); - memcpy(out, out_buffer, BLAKE2B_OUTBYTES / 2); - out += BLAKE2B_OUTBYTES / 2; - uint32_t toproduce = outlen - BLAKE2B_OUTBYTES / 2; - while (toproduce > BLAKE2B_OUTBYTES) - { - memcpy(in_buffer, out_buffer, BLAKE2B_OUTBYTES); - blake2b(out_buffer, in_buffer, NULL, BLAKE2B_OUTBYTES, BLAKE2B_OUTBYTES, 0); - memcpy(out, out_buffer, BLAKE2B_OUTBYTES / 2); - out += BLAKE2B_OUTBYTES / 2; - toproduce -= BLAKE2B_OUTBYTES / 2; - } - memcpy(in_buffer, out_buffer, BLAKE2B_OUTBYTES); - blake2b(out_buffer, in_buffer, NULL, toproduce, BLAKE2B_OUTBYTES, 0); - memcpy(out, out_buffer, toproduce); - - } - return 0; -} - -void Finalize(const Argon2_Context *context, Argon2_instance_t* instance) { - if (context != NULL && instance != NULL) { - block blockhash = instance->state[instance->lane_length - 1]; - - // XOR the last blocks - for (uint8_t l = 1; l < instance->lanes; ++l) { - uint32_t last_block_in_lane = l * instance->lane_length + (instance->lane_length - 1); - blockhash ^= instance->state[last_block_in_lane]; - - } - - // Hash the result - blake2b_long(context->out, (uint8_t*) blockhash.v, context->outlen, BLOCK_SIZE); - secure_wipe_memory(blockhash.v, BLOCK_SIZE); //clear the blockhash -#ifdef KAT - PrintTag(context->out, context->outlen); -#endif - - // Deallocate the memory - if (NULL != context->free_cbk) { - context->free_cbk((uint8_t *) instance->state, instance->memory_blocks * sizeof (block)); - } else { - FreeMemory(instance, context->clear_memory); - } - - } -} - -uint32_t IndexAlpha(const Argon2_instance_t* instance, const Argon2_position_t* position, uint32_t pseudo_rand, bool same_lane) { - /* - * Pass 0: - * This lane : all already finished segments plus already constructed blocks in this segment - * Other lanes : all already finished segments - * Pass 1+: - * This lane : (SYNC_POINTS - 1) last segments plus already constructed blocks in this segment - * Other lanes : (SYNC_POINTS - 1) last segments - */ - uint32_t reference_area_size; - - if (0 == position->pass) { - // First pass - if (0 == position->slice) { - // First slice - reference_area_size = position->index - 1; // all but the previous - } else { - if (same_lane) { - // The same lane => add current segment - reference_area_size = position->slice * instance->segment_length + position->index - 1; - } else { - reference_area_size = position->slice * instance->segment_length + ((position->index == 0) ? (-1) : 0); - } - } - } else { - // Second pass - if (same_lane) { - reference_area_size = instance->lane_length - instance->segment_length + position->index - 1; - } else { - reference_area_size = instance->lane_length - instance->segment_length + ((position->index == 0) ? (-1) : 0); - } - } - - /* 1.2.4. Mapping pseudo_rand to 0.. and produce relative position */ - uint64_t relative_position = pseudo_rand; - relative_position = relative_position * relative_position >> 32; - relative_position = reference_area_size - 1 - (reference_area_size * relative_position >> 32); - - /* 1.2.5 Computing starting position */ - uint32_t start_position = 0; - if (0 != position->pass) { - start_position = (position->slice == SYNC_POINTS - 1) ? 0 : (position->slice + 1) * instance->segment_length; - } - - /* 1.2.6. Computing absolute position */ - uint32_t absolute_position = (start_position + relative_position) % instance->lane_length; // absolute position - return absolute_position; -} - -void FillMemoryBlocks(Argon2_instance_t* instance) { - vector Threads; - if (instance != NULL) { - for (uint8_t r = 0; r < instance->passes; ++r) { - if (Argon2_ds == instance->type) { - GenerateSbox(instance); - } - for (uint8_t s = 0; s < SYNC_POINTS; ++s) { - for (uint8_t l = 0; l < instance->lanes; ++l) { - Threads.push_back(thread(FillSegment, instance, Argon2_position_t(r, l, s, 0))); - } - - for (auto& t : Threads) { - t.join(); - } - Threads.clear(); - } - -#ifdef KAT_INTERNAL - InternalKat(instance, r); -#endif - - } - } -} - -int ValidateInputs(const Argon2_Context* context) { - if (NULL == context) { - return ARGON2_INCORRECT_PARAMETER; - } - - if (NULL == context->out) { - return ARGON2_OUTPUT_PTR_NULL; - } - - /* Validate output length */ - if (MIN_OUTLEN > context->outlen) { - return ARGON2_OUTPUT_TOO_SHORT; - } - if (MAX_OUTLEN < context->outlen) { - return ARGON2_OUTPUT_TOO_LONG; - } - - /* Validate password length */ - if (NULL == context->pwd) { - if (0 != context->pwdlen) { - return ARGON2_PWD_PTR_MISMATCH; - } - } else { - if (MIN_PWD_LENGTH > context->pwdlen) { - return ARGON2_PWD_TOO_SHORT; - } - if (MAX_PWD_LENGTH < context->pwdlen) { - return ARGON2_PWD_TOO_LONG; - } - } - - /* Validate salt length */ - if (NULL == context->salt) { - if (0 != context->saltlen) { - return ARGON2_SALT_PTR_MISMATCH; - } - } else { - if (MIN_SALT_LENGTH > context->saltlen) { - return ARGON2_SALT_TOO_SHORT; - } - if (MAX_SALT_LENGTH < context->saltlen) { - return ARGON2_SALT_TOO_LONG; - } - } - - /* Validate secret length */ - if (NULL == context->secret) { - if (0 != context->secretlen) { - return ARGON2_SECRET_PTR_MISMATCH; - } - } else { - if (MIN_SECRET > context->secretlen) { - return ARGON2_SECRET_TOO_SHORT; - } - if (MAX_SECRET < context->secretlen) { - return ARGON2_SECRET_TOO_LONG; - } - } - - /* Validate associated data */ - if (NULL == context->ad) { - if (0 != context->adlen) { - return ARGON2_AD_PTR_MISMATCH; - } - } else { - if (MIN_AD_LENGTH > context->adlen) { - return ARGON2_AD_TOO_SHORT; - } - if (MAX_AD_LENGTH < context->adlen) { - return ARGON2_AD_TOO_LONG; - } - } - - /* Validate memory cost */ - if (MIN_MEMORY > context->m_cost) { - return ARGON2_MEMORY_TOO_LITTLE; - } - if (MAX_MEMORY < context->m_cost) { - return ARGON2_MEMORY_TOO_MUCH; - } - - /* Validate time cost */ - if (MIN_TIME > context->t_cost) { - return ARGON2_TIME_TOO_SMALL; - } - if (MAX_TIME < context->t_cost) { - return ARGON2_TIME_TOO_LARGE; - } - - /* Validate lanes */ - if (MIN_LANES > context->lanes) { - return ARGON2_LANES_TOO_FEW; - } - if (MAX_LANES < context->lanes) { - return ARGON2_LANES_TOO_MANY; - } - - if (NULL != context->allocate_cbk && NULL == context->free_cbk) { - return ARGON2_FREE_MEMORY_CBK_NULL; - } - - if (NULL == context->allocate_cbk && NULL != context->free_cbk) { - return ARGON2_ALLOCATE_MEMORY_CBK_NULL; - } - - return ARGON2_OK; -} - -void FillFirstBlocks(uint8_t* blockhash, const Argon2_instance_t* instance) { - // Make the first and second block in each lane as G(H0||i||0) or G(H0||i||1) - for (uint8_t l = 0; l < instance->lanes; ++l) { - blockhash[PREHASH_DIGEST_LENGTH + 4] = l; - blockhash[PREHASH_DIGEST_LENGTH] = 0; - blake2b_long((uint8_t*) (instance->state[l * instance->lane_length].v), blockhash, BLOCK_SIZE, PREHASH_SEED_LENGTH); - - blockhash[PREHASH_DIGEST_LENGTH] = 1; - blake2b_long((uint8_t*) (instance->state[l * instance->lane_length + 1].v), blockhash, BLOCK_SIZE, PREHASH_SEED_LENGTH); - } -} - -void InitialHash(uint8_t* blockhash, Argon2_Context* context, Argon2_type type) { - blake2b_state BlakeHash; - uint8_t value[sizeof (uint32_t)]; - - if (NULL == context || NULL == blockhash) { - return; - } - - blake2b_init(&BlakeHash, PREHASH_DIGEST_LENGTH); - - store32(&value, context->lanes); - blake2b_update(&BlakeHash, (const uint8_t*) &value, sizeof (value)); - - store32(&value, context->outlen); - blake2b_update(&BlakeHash, (const uint8_t*) &value, sizeof (value)); - - store32(&value, context->m_cost); - blake2b_update(&BlakeHash, (const uint8_t*) &value, sizeof (value)); - - store32(&value, context->t_cost); - blake2b_update(&BlakeHash, (const uint8_t*) &value, sizeof (value)); - - store32(&value, VERSION_NUMBER); - blake2b_update(&BlakeHash, (const uint8_t*) &value, sizeof (value)); - - store32(&value, (uint32_t) type); - blake2b_update(&BlakeHash, (const uint8_t*) &value, sizeof (value)); - - store32(&value, context->pwdlen); - blake2b_update(&BlakeHash, (const uint8_t*) &value, sizeof (value)); - if (context->pwd != NULL) { - blake2b_update(&BlakeHash, (const uint8_t*) context->pwd, context->pwdlen); - if (context->clear_password) { - secure_wipe_memory(context->pwd, context->pwdlen); - context->pwdlen = 0; - } - } - - store32(&value, context->saltlen); - blake2b_update(&BlakeHash, (const uint8_t*) &value, sizeof (value)); - if (context->salt != NULL) { - blake2b_update(&BlakeHash, (const uint8_t*) context->salt, context->saltlen); - } - - store32(&value, context->secretlen); - blake2b_update(&BlakeHash, (const uint8_t*) &value, sizeof (value)); - if (context->secret != NULL) { - blake2b_update(&BlakeHash, (const uint8_t*) context->secret, context->secretlen); - if (context->clear_secret) { - secure_wipe_memory(context->secret, context->secretlen); - context->secretlen = 0; - } - } - - store32(&value, context->adlen); - blake2b_update(&BlakeHash, (const uint8_t*) &value, sizeof (value)); - if (context->ad != NULL) { - blake2b_update(&BlakeHash, (const uint8_t*) context->ad, context->adlen); - } - blake2b_final(&BlakeHash, blockhash, PREHASH_DIGEST_LENGTH); -} - -int Initialize(Argon2_instance_t* instance, Argon2_Context* context) { - if (instance == NULL || context == NULL) - return ARGON2_INCORRECT_PARAMETER; - // 1. Memory allocation - int result = ARGON2_OK; - if (NULL != context->allocate_cbk) { - result = context->allocate_cbk((uint8_t **)&(instance->state), instance->memory_blocks * BLOCK_SIZE); - } else { - result = AllocateMemory(&(instance->state), instance->memory_blocks); - } - - if (ARGON2_OK != result) { - return result; - } - - // 2. Initial hashing - // H_0 + 8 extra bytes to produce the first blocks - uint8_t blockhash[PREHASH_SEED_LENGTH]; - // Hashing all inputs - InitialHash(blockhash, context, instance->type); - // Zeroing 8 extra bytes - secure_wipe_memory(blockhash + PREHASH_DIGEST_LENGTH, PREHASH_SEED_LENGTH - PREHASH_DIGEST_LENGTH); - -#ifdef KAT - InitialKat(blockhash, context, instance->type); -#endif - - // 3. Creating first blocks, we always have at least two blocks in a slice - FillFirstBlocks(blockhash, instance); - // Clearing the hash - secure_wipe_memory(blockhash, PREHASH_SEED_LENGTH); - - return ARGON2_OK; -} - -int Argon2Core(Argon2_Context* context, Argon2_type type) { - /* 1. Validate all inputs */ - int result = ValidateInputs(context); - if (ARGON2_OK != result) { - return result; - } - if (type > MAX_ARGON2_TYPE) - return ARGON2_INCORRECT_TYPE; - - /* 2. Align memory size */ - // Minimum memory_blocks = 8L blocks, where L is the number of lanes - uint32_t memory_blocks = context->m_cost; - if (memory_blocks < 2 * SYNC_POINTS * context->lanes) { - memory_blocks = 2 * SYNC_POINTS * context->lanes; - } - uint32_t segment_length = memory_blocks / (context->lanes * SYNC_POINTS); - // Ensure that all segments have equal length - memory_blocks = segment_length * (context->lanes * SYNC_POINTS); - Argon2_instance_t instance(NULL, type, context->t_cost, memory_blocks, context->lanes); - - /* 3. Initialization: Hashing inputs, allocating memory, filling first blocks */ - result = Initialize(&instance, context); - if (ARGON2_OK != result) { - return result; - } - - /* 4. Filling memory */ - FillMemoryBlocks(&instance); - - /* 5. Finalization */ - Finalize(context, &instance); - - return ARGON2_OK; -} diff --git a/Argon2/Source/Core/argon2-core.h b/Argon2/Source/Core/argon2-core.h deleted file mode 100644 index ea2f8b83..00000000 --- a/Argon2/Source/Core/argon2-core.h +++ /dev/null @@ -1,254 +0,0 @@ -/* - * Argon2 source code package - * - * This work is licensed under a Creative Commons CC0 1.0 License/Waiver. - * - * You should have received a copy of the CC0 Public Domain Dedication along with - * this software. If not, see . - */ - - -#pragma once - -#ifndef __ARGON2_CORE_H__ -#define __ARGON2_CORE_H__ - -#include - -/*************************Argon2 internal constants**************************************************/ - -/* Version of the algorithm */ -const uint8_t VERSION_NUMBER = 0x10; - -/* Memory block size in bytes */ -const uint32_t BLOCK_SIZE = 1024; -const uint32_t WORDS_IN_BLOCK = BLOCK_SIZE / sizeof (uint64_t); -const uint32_t QWORDS_IN_BLOCK = WORDS_IN_BLOCK / 2; - -/* Number of pseudo-random values generated by one call to Blake in Argon2i to generate reference block positions*/ -const uint32_t ADDRESSES_IN_BLOCK = (BLOCK_SIZE * sizeof (uint8_t) / sizeof (uint64_t)); - -/* Pre-hashing digest length and its extension*/ -const uint32_t PREHASH_DIGEST_LENGTH = 64; -const uint32_t PREHASH_SEED_LENGTH = PREHASH_DIGEST_LENGTH + 8; - -/* Argon2 primitive type */ -enum Argon2_type { - Argon2_d=0, - Argon2_i=1, - Argon2_di=2, - Argon2_id=3, - Argon2_ds=4, - MAX_ARGON2_TYPE /* Do NOT remove; Do NOT other types after this one */ -}; - - -/*****SM-related constants******/ -const uint32_t SBOX_SIZE = 1 << 10; -const uint32_t SBOX_MASK = SBOX_SIZE / 2 - 1; - - -/*************************Argon2 internal data types**************************************************/ - -/* - * Structure for the (1KB) memory block implemented as 128 64-bit words. - * Memory blocks can be copied, XORed. Internal words can be accessed by [] (no bounds checking). - */ -struct block { - uint64_t v[WORDS_IN_BLOCK]; - - block() { //default ctor - - } - - block(uint8_t in) { - memset(v, in, BLOCK_SIZE); - } - - uint64_t& operator[](const uint8_t i) { //Subscript operator - return v[i]; - } - - block& operator=(const block& r) { //Assignment operator - memcpy(v, r.v, BLOCK_SIZE); - return *this; - } - - block& operator^=(const block& r) { //Xor-assignment - for (uint8_t j = 0; j < WORDS_IN_BLOCK; ++j) { - v[j] ^= r.v[j]; - } - return *this; - } - - block(const block& r) { - memcpy(v, r.v, BLOCK_SIZE); - } -}; - -/* - * XORs two blocks - * @param l Left operand - * @param r Right operand - * @return Xors of the blocks - */ -block operator^(const block& l, const block& r); - -/* - * Argon2 instance: memory pointer, number of passes, amount of memory, type, and derived values. - * Used to evaluate the number and location of blocks to construct in each thread - */ -struct Argon2_instance_t { - block* state; //Memory pointer - const uint32_t passes; //Number of passes - const uint32_t memory_blocks; //Number of blocks in memory - const uint32_t segment_length; - const uint32_t lane_length; - const uint8_t lanes; - const Argon2_type type; - uint64_t *Sbox; //S-boxes for Argon2_ds - - Argon2_instance_t(block* ptr = NULL, Argon2_type t = Argon2_d, uint32_t p = 1, uint32_t m = 8, uint8_t l = 1) : - state(ptr), type(t), passes(p), memory_blocks(m), lanes(l), segment_length(m / (l*SYNC_POINTS)), lane_length(m / l), Sbox(NULL) { - }; -}; - -/* - * Argon2 position: where we construct the block right now. Used to distribute work between threads. - */ -struct Argon2_position_t { - const uint32_t pass; - const uint8_t lane; - const uint8_t slice; - uint32_t index; - - Argon2_position_t(uint32_t p = 0, uint8_t l = 0, uint8_t s = 0, uint32_t i = 0) : pass(p), slice(s), lane(l), index(i) { - }; -}; - -/*Macro for endianness conversion*/ - -#if defined(_MSC_VER) -#define BSWAP32(x) _byteswap_ulong(x) -#else -#define BSWAP32(x) __builtin_bswap32(x) -#endif - -/*************************Argon2 core functions**************************************************/ - -/* Allocates memory to the given pointer - * @param memory pointer to the pointer to the memory - * @param m_cost number of blocks to allocate in the memory - * @return ARGON2_OK if @memory is a valid pointer and memory is allocated - */ -int AllocateMemory(block **memory, uint32_t m_cost); - -/* Deallocates memory - * @param instance pointer to the current instance - * @param clear_memory indicates if we clear the memory with zeros. - */ -void FreeMemory(Argon2_instance_t* instance, bool clear_memory); - -/* - * Generate pseudo-random values to reference blocks in the segment and puts them into the array - * @param instance Pointer to the current instance - * @param position Pointer to the current position - * @param pseudo_rands Pointer to the array of 64-bit values - * @pre pseudo_rands must point to @a instance->segment_length allocated values - */ -void GenerateAddresses(const Argon2_instance_t* instance, const Argon2_position_t* position, uint64_t* pseudo_rands); - -/* - * Computes absolute position of reference block in the lane following a skewed distribution and using a pseudo-random value as input - * @param instance Pointer to the current instance - * @param position Pointer to the current position - * @param pseudo_rand 32-bit pseudo-random value used to determine the position - * @param same_lane Indicates if the block will be taken from the current lane. If so we can reference the current segment - * @pre All pointers must be valid - */ -uint32_t IndexAlpha(const Argon2_instance_t* instance, const Argon2_position_t* position, uint32_t pseudo_rand, bool same_lane); - -/* - * Function that validates all inputs against predefined restrictions and return an error code - * @param context Pointer to current Argon2 context - * @return ARGON2_OK if everything is all right, otherwise one of error codes (all defined in - */ -int ValidateInputs(const Argon2_Context* context); - -/* - * Hashes all the inputs into @a blockhash[PREHASH_DIGEST_LENGTH], clears password and secret if needed - * @param context Pointer to the Argon2 internal structure containing memory pointer, and parameters for time and space requirements. - * @param blockhash Buffer for pre-hashing digest - * @param type Argon2 type - * @pre @a blockhash must have at least @a PREHASH_DIGEST_LENGTH bytes allocated - */ -void InitialHash(uint8_t* blockhash, const Argon2_Context* context, Argon2_type type); - -/* - * Function creates first 2 blocks per lane - * @param instance Pointer to the current instance - * @param blockhash Pointer to the pre-hashing digest - * @pre blockhash must point to @a PREHASH_SEED_LENGTH allocated values - */ -void FillFirstBlocks(uint8_t* blockhash, const Argon2_instance_t* instance); - - -/* - * Function allocates memory, hashes the inputs with Blake, and creates first two blocks. Returns the pointer to the main memory with 2 blocks per lane - * initialized - * @param context Pointer to the Argon2 internal structure containing memory pointer, and parameters for time and space requirements. - * @param instance Current Argon2 instance - * @return Zero if successful, -1 if memory failed to allocate. @context->state will be modified if successful. - */ -int Initialize(Argon2_instance_t* instance, Argon2_Context* context); - -/* - * XORing the last block of each lane, hashing it, making the tag. Deallocates the memory. - * @param context Pointer to current Argon2 context (use only the out parameters from it) - * @param instance Pointer to current instance of Argon2 - * @pre instance->state must point to necessary amount of memory - * @pre context->out must point to outlen bytes of memory - * @pre if context->free_cbk is not NULL, it should point to a function that deallocates memory - */ -void Finalize(const Argon2_Context *context, Argon2_instance_t* instance); - - -/* - * Function fills a new memory block - * @param prev_block Pointer to the previous block - * @param ref_block Pointer to the reference block - * @param next_block Pointer to the block to be constructed - * @param Sbox Pointer to the Sbox (used in Argon2_ds only) - * @pre all block pointers must be valid - */ -void FillBlock(const block* prev_block, const block* ref_block, block* next_block, const uint64_t* Sbox); - -/* - * Function that fills the segment using previous segments also from other threads - * @param instance Pointer to the current instance - * @param position Current position - * @pre all block pointers must be valid - */ -void FillSegment(const Argon2_instance_t* instance, Argon2_position_t position); - -/* - * Function that fills the entire memory t_cost times based on the first two blocks in each lane - * @param instance Pointer to the current instance - */ -void FillMemoryBlocks(const Argon2_instance_t* instance); - - -/* - * Function that performs memory-hard hashing with certain degree of parallelism - * @param context Pointer to the Argon2 internal structure - * @return Error code if smth is wrong, ARGON2_OK otherwise - */ -int Argon2Core(Argon2_Context* context, Argon2_type type); - -/* - * Generates the Sbox from the first memory block (must be ready at that time) - * @param instance Pointer to the current instance - */ -void GenerateSbox(Argon2_instance_t* instance); - -#endif diff --git a/Argon2/Source/Core/argon2-opt-core.cpp b/Argon2/Source/Core/argon2-opt-core.cpp deleted file mode 100644 index f09a8380..00000000 --- a/Argon2/Source/Core/argon2-opt-core.cpp +++ /dev/null @@ -1,250 +0,0 @@ -/* - * Argon2 source code package - * - * This work is licensed under a Creative Commons CC0 1.0 License/Waiver. - * - * You should have received a copy of the CC0 Public Domain Dedication along with - * this software. If not, see . - */ - - -#include - - -#if !defined(_MSC_VER) -#include -#else -#include -#include -#include -#endif - - -#include "argon2.h" -#include "argon2-core.h" -#include "kat.h" - - -#include "blake2-round-mka.h" -#include "blake2-impl.h" -#include "blake2.h" - - -#if defined(KAT) || defined(KAT_INTERNAL) -/* The KAT file name */ -const char* KAT_FILENAME = "kat-argon2-opt.log"; -#endif - - -const __m128i r16 = _mm_setr_epi8(2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9); -const __m128i r24 = _mm_setr_epi8(3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10); - -__m128i t0, t1; - - -/* -* Function fills a new memory block -* @param state Pointer to the just produced block. Content will be updated(!) -* @param ref_block Pointer to the reference block -* @param next_block Pointer to the block to be constructed -* @param Sbox Pointer to the Sbox (used in Argon2_ds only) -* @pre all block pointers must be valid -*/ -void FillBlock(__m128i* state, const uint8_t *ref_block, uint8_t *next_block, const uint64_t* Sbox) { - __m128i block_XY[QWORDS_IN_BLOCK]; - //__m128i state[64]; - - - - for (uint8_t i = 0; i < QWORDS_IN_BLOCK; i++) { - block_XY[i] = _mm_load_si128((__m128i *) ref_block); - ref_block += 16; - } - for (uint8_t i = 0; i < QWORDS_IN_BLOCK; i++) { - block_XY[i] = state[i] = _mm_xor_si128(state[i], block_XY[i]); - } - - uint64_t x = 0; - if (Sbox != NULL) { - x = _mm_extract_epi64(block_XY[0], 0) ^ _mm_extract_epi64(block_XY[QWORDS_IN_BLOCK - 1],1); - for (int i = 0; i < 6 * 16; ++i) { - uint32_t x1 = x >> 32; - uint32_t x2 = x & 0xFFFFFFFF; - uint64_t y = Sbox[x1 & SBOX_MASK]; - uint64_t z = Sbox[x2 & SBOX_MASK + SBOX_SIZE / 2]; - x = (uint64_t) x1 * (uint64_t) x2; - x += y; - x ^= z; - } - } - - BLAKE2_ROUND(state[0], state[1], state[2], state[3], - state[4], state[5], state[6], state[7]); - - BLAKE2_ROUND(state[8], state[9], state[10], state[11], - state[12], state[13], state[14], state[15]); - - BLAKE2_ROUND(state[16], state[17], state[18], state[19], - state[20], state[21], state[22], state[23]); - - BLAKE2_ROUND(state[24], state[25], state[26], state[27], - state[28], state[29], state[30], state[31]); - - BLAKE2_ROUND(state[32], state[33], state[34], state[35], - state[36], state[37], state[38], state[39]); - - BLAKE2_ROUND(state[40], state[41], state[42], state[43], - state[44], state[45], state[46], state[47]); - - BLAKE2_ROUND(state[48], state[49], state[50], state[51], - state[52], state[53], state[54], state[55]); - - BLAKE2_ROUND(state[56], state[57], state[58], state[59], - state[60], state[61], state[62], state[63]); - - - BLAKE2_ROUND(state[0], state[8], state[16], state[24], - state[32], state[40], state[48], state[56]); - - BLAKE2_ROUND(state[1], state[9], state[17], state[25], - state[33], state[41], state[49], state[57]); - - BLAKE2_ROUND(state[2], state[10], state[18], state[26], - state[34], state[42], state[50], state[58]) - - BLAKE2_ROUND(state[3], state[11], state[19], state[27], - state[35], state[43], state[51], state[59]); - - BLAKE2_ROUND(state[4], state[12], state[20], state[28], - state[36], state[44], state[52], state[60]); - - BLAKE2_ROUND(state[5], state[13], state[21], state[29], - state[37], state[45], state[53], state[61]); - - BLAKE2_ROUND(state[6], state[14], state[22], state[30], - state[38], state[46], state[54], state[62]); - - BLAKE2_ROUND(state[7], state[15], state[23], state[31], - state[39], state[47], state[55], state[63]); - - for (uint8_t i = 0; i < QWORDS_IN_BLOCK; i++) { - // Feedback - state[i] = _mm_xor_si128(state[i], block_XY[i]); - } - state[0] = _mm_add_epi64(state[0], _mm_set_epi64x(0, x)); - state[QWORDS_IN_BLOCK - 1] = _mm_add_epi64(state[QWORDS_IN_BLOCK - 1], _mm_set_epi64x(x, 0)); - for (uint8_t i = 0; i < QWORDS_IN_BLOCK; i++) { - _mm_store_si128((__m128i *) next_block, state[i]); - next_block += 16; - } -} - -void GenerateAddresses(const Argon2_instance_t* instance, const Argon2_position_t* position, uint64_t* pseudo_rands) { - block input_block(0), address_block(0); - if (instance != NULL && position != NULL) { - input_block.v[0] = position->pass; - input_block.v[1] = position->lane; - input_block.v[2] = position->slice; - input_block.v[3] = instance->memory_blocks; - input_block.v[4] = instance->passes; - input_block.v[5] = instance->type; - - for (uint32_t i = 0; i < instance->segment_length; ++i) { - if (i % ADDRESSES_IN_BLOCK == 0) { - input_block.v[6]++; - block zero_block(0), zero2_block(0); - FillBlock((__m128i *) & zero_block.v, (uint8_t *)& input_block.v, (uint8_t *)& address_block.v, NULL); - FillBlock((__m128i *) & zero2_block.v, (uint8_t *)& address_block.v, (uint8_t *)& address_block.v, NULL); - } - pseudo_rands[i] = address_block[i % ADDRESSES_IN_BLOCK]; - } - } -} - - - -/* -* Function that fills the segment using previous segments also from other threads. Identical to the reference code except that it calls optimized FillBlock() -* @param instance Pointer to the current instance -* @param position Current position -* @pre all block pointers must be valid -*/ -void FillSegment(const Argon2_instance_t* instance, Argon2_position_t position) { - uint64_t pseudo_rand, ref_index, ref_lane; - uint32_t prev_offset, curr_offset; - __m128i state[64]; - bool data_independent_addressing = (instance->type == Argon2_i) || (instance->type == Argon2_id && (position.pass == 0) && (position.slice < SYNC_POINTS / 2)); - if (instance != NULL) { - // Pseudo-random values that determine the reference block position - uint64_t *pseudo_rands = new uint64_t[instance->segment_length]; - if (pseudo_rands != NULL) { - if (data_independent_addressing) { - GenerateAddresses(instance, &position, pseudo_rands); - } - - uint32_t starting_index = 0; - if ((0 == position.pass) && (0 == position.slice)) { - starting_index = 2; // we have already generated the first two blocks - } - - // Offset of the current block - curr_offset = position.lane * instance->lane_length + position.slice * instance->segment_length + starting_index; - if (0 == curr_offset % instance->lane_length) { - // Last block in this lane - prev_offset = curr_offset + instance->lane_length - 1; - } else { - // Previous block - prev_offset = curr_offset - 1; - } - memcpy(state, (uint8_t *) (instance->state + prev_offset), BLOCK_SIZE); - for (uint32_t i = starting_index; i < instance->segment_length; ++i, ++curr_offset, ++prev_offset) { - /*1.1 Rotating prev_offset if needed */ - if (curr_offset % instance->lane_length == 1) { - prev_offset = curr_offset - 1; - } - - /* 1.2 Computing the index of the reference block */ - /* 1.2.1 Taking pseudo-random value from the previous block */ - if (data_independent_addressing) { - pseudo_rand = pseudo_rands[i]; - } else { - pseudo_rand = instance->state[prev_offset][0]; - } - - /* 1.2.2 Computing the lane of the reference block */ - ref_lane = ((pseudo_rand >> 32)) % instance->lanes; - if ((position.pass == 0) && (position.slice == 0)) { - // Can not reference other lanes yet - ref_lane = position.lane; - } - - /* 1.2.3 Computing the number of possible reference block within the lane. */ - position.index = i; - ref_index = IndexAlpha(instance, &position, pseudo_rand & 0xFFFFFFFF, ref_lane == position.lane); - - /* 2 Creating a new block */ - block* ref_block = instance->state + instance->lane_length * ref_lane + ref_index; - block* curr_block = instance->state + curr_offset; - FillBlock(state, (uint8_t *) ref_block->v, (uint8_t *) curr_block->v, instance->Sbox); - } - - delete[] pseudo_rands; - } - } -} - -void GenerateSbox(Argon2_instance_t* instance) { - - block start_block(instance->state[0]), out_block(0), zero_block(0); - if (instance == NULL) - return; - if (instance->Sbox == NULL) - instance->Sbox = new uint64_t[SBOX_SIZE]; - - for (uint32_t i = 0; i < SBOX_SIZE / WORDS_IN_BLOCK; ++i) { - block zero_block(0), zero2_block(0); - FillBlock((__m128i*)zero_block.v, (uint8_t*)start_block.v, (uint8_t*)out_block.v, NULL); - FillBlock((__m128i*) zero2_block.v, (uint8_t*)out_block.v, (uint8_t*)start_block.v,NULL); - memcpy(instance->Sbox + i*WORDS_IN_BLOCK, start_block.v, BLOCK_SIZE); - } -} diff --git a/Argon2/Source/Core/argon2-ref-core.cpp b/Argon2/Source/Core/argon2-ref-core.cpp deleted file mode 100644 index 115f4ee8..00000000 --- a/Argon2/Source/Core/argon2-ref-core.cpp +++ /dev/null @@ -1,165 +0,0 @@ -/* - * Argon2 source code package - * - * This work is licensed under a Creative Commons CC0 1.0 License/Waiver. - * - * You should have received a copy of the CC0 Public Domain Dedication along with - * this software. If not, see . - */ - - -#include - - -#include "argon2.h" -#include "argon2-core.h" -#include "kat.h" - - -#include "blake-round-mka.h" -#include "blake2-impl.h" -#include "blake2.h" - - -#if defined(KAT) || defined(KAT_INTERNAL) -/* The KAT file name */ -const char* KAT_FILENAME = "kat-argon2-ref.log"; -#endif - - -void FillBlock(const block* prev_block, const block* ref_block, block* next_block, const uint64_t* Sbox) { - block blockR = *prev_block ^ *ref_block; - block block_tmp = blockR; - - uint64_t x = 0; - if (Sbox != NULL) { - x = blockR[0] ^ blockR[WORDS_IN_BLOCK - 1]; - for (int i = 0; i < 6 * 16; ++i) { - uint32_t x1 = x >> 32; - uint32_t x2 = x & 0xFFFFFFFF; - uint64_t y = Sbox[x1 & SBOX_MASK]; - uint64_t z = Sbox[x2 & SBOX_MASK + SBOX_SIZE / 2]; - x = (uint64_t) x1 * (uint64_t) x2; - x += y; - x ^= z; - } - } - - - // Apply Blake2 on columns of 64-bit words: (0,1,...,15) , then (16,17,..31)... finally (112,113,...127) - for (unsigned i = 0; i < 8; ++i) { - BLAKE2_ROUND_NOMSG(blockR[16 * i], blockR[16 * i + 1], blockR[16 * i + 2], blockR[16 * i + 3], - blockR[16 * i + 4], blockR[16 * i + 5], blockR[16 * i + 6], blockR[16 * i + 7], - blockR[16 * i + 8], blockR[16 * i + 9], blockR[16 * i + 10], blockR[16 * i + 11], - blockR[16 * i + 12], blockR[16 * i + 13], blockR[16 * i + 14], blockR[16 * i + 15]); - } - // Apply Blake2 on rows of 64-bit words: (0,1,16,17,...112,113), then (2,3,18,19,...,114,115).. finally (14,15,30,31,...,126,127) - for (unsigned i = 0; i < 8; i++) { - BLAKE2_ROUND_NOMSG(blockR[2 * i], blockR[2 * i + 1], blockR[2 * i + 16], blockR[2 * i + 17], - blockR[2 * i + 32], blockR[2 * i + 33], blockR[2 * i + 48], blockR[2 * i + 49], - blockR[2 * i + 64], blockR[2 * i + 65], blockR[2 * i + 80], blockR[2 * i + 81], - blockR[2 * i + 96], blockR[2 * i + 97], blockR[2 * i + 112], blockR[2 * i + 113]); - } - - *next_block = blockR ^ block_tmp; - next_block->v[0] += x; - next_block->v[WORDS_IN_BLOCK - 1] += x; -} - -void GenerateAddresses(const Argon2_instance_t* instance, const Argon2_position_t* position, uint64_t* pseudo_rands) { - block zero_block(0), input_block(0), address_block(0); - if (instance != NULL && position != NULL) { - input_block.v[0] = position->pass; - input_block.v[1] = position->lane; - input_block.v[2] = position->slice; - input_block.v[3] = instance->memory_blocks; - input_block.v[4] = instance->passes; - input_block.v[5] = instance->type; - - for (uint32_t i = 0; i < instance->segment_length; ++i) { - if (i % ADDRESSES_IN_BLOCK == 0) { - input_block.v[6]++; - FillBlock(&zero_block, &input_block, &address_block, NULL); - FillBlock(&zero_block, &address_block, &address_block, NULL); - } - pseudo_rands[i] = address_block[i % ADDRESSES_IN_BLOCK]; - } - } -} - -void FillSegment(const Argon2_instance_t* instance, Argon2_position_t position) { - uint64_t pseudo_rand, ref_index, ref_lane; - uint32_t prev_offset, curr_offset; - bool data_independent_addressing = (instance->type == Argon2_i) || (instance->type == Argon2_id && (position.pass == 0) && (position.slice < SYNC_POINTS / 2)); - if (instance != NULL) { - // Pseudo-random values that determine the reference block position - uint64_t *pseudo_rands = new uint64_t[instance->segment_length]; - if (pseudo_rands != NULL) { - if (data_independent_addressing) { - GenerateAddresses(instance, &position, pseudo_rands); - } - - uint32_t starting_index = 0; - if ((0 == position.pass) && (0 == position.slice)) { - starting_index = 2; // we have already generated the first two blocks - } - - // Offset of the current block - curr_offset = position.lane * instance->lane_length + position.slice * instance->segment_length + starting_index; - if (0 == curr_offset % instance->lane_length) { - // Last block in this lane - prev_offset = curr_offset + instance->lane_length - 1; - } else { - // Previous block - prev_offset = curr_offset - 1; - } - - for (uint32_t i = starting_index; i < instance->segment_length; ++i, ++curr_offset, ++prev_offset) { - /*1.1 Rotating prev_offset if needed */ - if (curr_offset % instance->lane_length == 1) { - prev_offset = curr_offset - 1; - } - - /* 1.2 Computing the index of the reference block */ - /* 1.2.1 Taking pseudo-random value from the previous block */ - if (data_independent_addressing) { - pseudo_rand = pseudo_rands[i]; - } else { - pseudo_rand = instance->state[prev_offset][0]; - } - - /* 1.2.2 Computing the lane of the reference block */ - ref_lane = ((pseudo_rand >> 32)) % instance->lanes; - if ((position.pass == 0) && (position.slice == 0)) { - // Can not reference other lanes yet - ref_lane = position.lane; - } - - /* 1.2.3 Computing the number of possible reference block within the lane. */ - position.index = i; - ref_index = IndexAlpha(instance, &position, pseudo_rand & 0xFFFFFFFF, ref_lane == position.lane); - - /* 2 Creating a new block */ - block* ref_block = instance->state + instance->lane_length * ref_lane + ref_index; - block* curr_block = instance->state + curr_offset; - FillBlock(instance->state + prev_offset, ref_block, curr_block, instance->Sbox); - } - - delete[] pseudo_rands; - } - } -} - -void GenerateSbox(Argon2_instance_t* instance) { - block zero_block(0), start_block(instance->state[0]), out_block(0); - if (instance == NULL) - return; - if (instance->Sbox == NULL) - instance->Sbox = new uint64_t[SBOX_SIZE]; - - for (uint32_t i = 0; i < SBOX_SIZE / WORDS_IN_BLOCK; ++i) { - FillBlock(&zero_block, &start_block, &out_block, NULL); - FillBlock(&zero_block, &out_block, &start_block, NULL); - memcpy(instance->Sbox + i*WORDS_IN_BLOCK, start_block.v, BLOCK_SIZE); - } -} diff --git a/Argon2/Source/Core/kat.cpp b/Argon2/Source/Core/kat.cpp deleted file mode 100644 index 09b983b2..00000000 --- a/Argon2/Source/Core/kat.cpp +++ /dev/null @@ -1,126 +0,0 @@ -/* - * Argon2 source code package - * - * This work is licensed under a Creative Commons CC0 1.0 License/Waiver. - * - * You should have received a copy of the CC0 Public Domain Dedication along with - * this software. If not, see . - */ - - -#include -#include - -#include "argon2.h" -#include "argon2-core.h" - - - -#ifdef KAT - -void InitialKat(const uint8_t* blockhash, const Argon2_Context* context, Argon2_type type) { - FILE* fp = fopen(KAT_FILENAME, "a+"); - - if (fp && blockhash != NULL && context != NULL) { - fprintf(fp, "======================================="); - - switch (type) { - case Argon2_d: - fprintf(fp, "Argon2d\n"); - break; - case Argon2_i: - fprintf(fp, "Argon2i\n"); - break; - case Argon2_di: - fprintf(fp, "Argon2di\n"); - break; - case Argon2_id: - fprintf(fp, "Argon2id\n"); - break; - case Argon2_ds: - fprintf(fp, "Argon2ds\n"); - break; - } - - fprintf(fp, "Iterations: %d, Memory: %d KBytes, Parallelism: %d lanes, Tag length: %d bytes\n", - context->t_cost, context->m_cost, context->lanes, context->outlen); - - - fprintf(fp, "Password[%d]: ", context->pwdlen); - if (context->clear_password) { - fprintf(fp, "CLEARED\n"); - } else { - for (unsigned i = 0; i < context->pwdlen; ++i) { - fprintf(fp, "%2.2x ", ((unsigned char*) context->pwd)[i]); - } - fprintf(fp, "\n"); - } - - - fprintf(fp, "Salt[%d]: ", context->saltlen); - for (unsigned i = 0; i < context->saltlen; ++i) { - fprintf(fp, "%2.2x ", ((unsigned char*) context->salt)[i]); - } - fprintf(fp, "\n"); - - fprintf(fp, "Secret[%d]: ", context->secretlen); - - if (context->clear_secret) { - fprintf(fp, "CLEARED\n"); - } else { - for (unsigned i = 0; i < context->secretlen; ++i) { - fprintf(fp, "%2.2x ", ((unsigned char*) context->secret)[i]); - } - fprintf(fp, "\n"); - } - - fprintf(fp, "Associated data[%d]: ", context->adlen); - for (unsigned i = 0; i < context->adlen; ++i) { - fprintf(fp, "%2.2x ", ((unsigned char*) context->ad)[i]); - } - fprintf(fp, "\n"); - - - - fprintf(fp, "Pre-hashing digest: "); - for (unsigned i = 0; i < PREHASH_DIGEST_LENGTH; ++i) { - fprintf(fp, "%2.2x ", ((unsigned char*) blockhash)[i]); - } - fprintf(fp, "\n"); - - fclose(fp); - } -} - -void PrintTag(const void* out, uint32_t outlen) { - FILE* fp = fopen(KAT_FILENAME, "a+"); - - if (fp && out != NULL) { - fprintf(fp, "Tag: "); - for (unsigned i = 0; i < outlen; ++i) { - fprintf(fp, "%2.2x ", ((uint8_t*) out)[i]); - } - fprintf(fp, "\n"); - - fclose(fp); - } -} -#endif - - -#ifdef KAT_INTERNAL - -void InternalKat(const Argon2_instance_t* instance, uint32_t pass) { - FILE* fp = fopen(KAT_FILENAME, "a+"); - if (fp && instance != NULL) { - fprintf(fp, "\n After pass %d:\n", pass); - for (uint32_t i = 0; i < instance->memory_blocks; ++i) { - uint32_t how_many_words = (instance->memory_blocks > WORDS_IN_BLOCK) ? 1 : WORDS_IN_BLOCK; - for (uint32_t j = 0; j < how_many_words; ++j) - fprintf(fp, "Block %.4d [%3d]: %016" PRIx64 "\n", i, j, instance->state[i][j]); - } - - fclose(fp); - } -} -#endif diff --git a/Argon2/Source/Core/kat.h b/Argon2/Source/Core/kat.h deleted file mode 100644 index 12d13a6e..00000000 --- a/Argon2/Source/Core/kat.h +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Argon2 source code package - * - * This work is licensed under a Creative Commons CC0 1.0 License/Waiver. - * - * You should have received a copy of the CC0 Public Domain Dedication along with - * this software. If not, see . - */ - - -#ifndef __ARGON2_KAT_H__ -#define __ARGON2_KAT_H__ - - -/* - * Initial KAT function that prints the inputs to the file - * @param blockhash Array that contains pre-hashing digest - * @param context Holds inputs - * @param type Argon2 type - * @pre blockhash must point to INPUT_INITIAL_HASH_LENGTH bytes - * @pre context member pointers must point to allocated memory of size according to the length values - */ -void InitialKat(const uint8_t* blockhash, const Argon2_Context* context, Argon2_type type); - -/* - * Function that prints the output tag - * @param out output array pointer - * @param outlen digest length - * @pre out must point to @a outlen bytes - **/ -void PrintTag(const void* out, uint32_t outlen); - -/* - * Function that prints the internal state at given moment - * @param instance pointer to the current instance - * @param pass current pass number - * @pre instance must have necessary memory allocated - **/ -void InternalKat(const Argon2_instance_t* instance, uint32_t pass); - - -#endif