1 /* 2 * Argon2 reference source code package - reference C implementations 3 * 4 * Copyright 2015 5 * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves 6 * 7 * You may use this work under the terms of a Creative Commons CC0 1.0 8 * License/Waiver or the Apache Public License 2.0, at your option. The terms of 9 * these licenses can be found at: 10 * 11 * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 12 * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * You should have received a copy of both of these licenses along with this 15 * software. If not, they may be obtained at the above URLs. 16 */ 17 18 #include <string.h> 19 #include <stdlib.h> 20 #include <stdio.h> 21 22 #include "argon2.h" 23 #include "encoding.h" 24 #include "core.h" 25 26 const char *argon2_type2string(argon2_type type, int uppercase) { 27 switch (type) { 28 case Argon2_d: 29 return uppercase ? "Argon2d" : "argon2d"; 30 case Argon2_i: 31 return uppercase ? "Argon2i" : "argon2i"; 32 case Argon2_id: 33 return uppercase ? "Argon2id" : "argon2id"; 34 } 35 36 return NULL; 37 } 38 39 int argon2_ctx(argon2_context *context, argon2_type type) { 40 /* 1. Validate all inputs */ 41 int result = validate_inputs(context); 42 uint32_t memory_blocks, segment_length; 43 argon2_instance_t instance; 44 45 if (ARGON2_OK != result) { 46 return result; 47 } 48 49 if (Argon2_d != type && Argon2_i != type && Argon2_id != type) { 50 return ARGON2_INCORRECT_TYPE; 51 } 52 53 /* 2. Align memory size */ 54 /* Minimum memory_blocks = 8L blocks, where L is the number of lanes */ 55 memory_blocks = context->m_cost; 56 57 if (memory_blocks < 2 * ARGON2_SYNC_POINTS * context->lanes) { 58 memory_blocks = 2 * ARGON2_SYNC_POINTS * context->lanes; 59 } 60 61 segment_length = memory_blocks / (context->lanes * ARGON2_SYNC_POINTS); 62 /* Ensure that all segments have equal length */ 63 memory_blocks = segment_length * (context->lanes * ARGON2_SYNC_POINTS); 64 65 instance.version = context->version; 66 instance.memory = NULL; 67 instance.passes = context->t_cost; 68 instance.memory_blocks = memory_blocks; 69 instance.segment_length = segment_length; 70 instance.lane_length = segment_length * ARGON2_SYNC_POINTS; 71 instance.lanes = context->lanes; 72 instance.threads = context->threads; 73 instance.type = type; 74 75 if (instance.threads > instance.lanes) { 76 instance.threads = instance.lanes; 77 } 78 79 /* 3. Initialization: Hashing inputs, allocating memory, filling first 80 * blocks 81 */ 82 result = initialize(&instance, context); 83 84 if (ARGON2_OK != result) { 85 return result; 86 } 87 88 /* 4. Filling memory */ 89 result = fill_memory_blocks(&instance); 90 91 if (ARGON2_OK != result) { 92 return result; 93 } 94 /* 5. Finalization */ 95 finalize(context, &instance); 96 97 return ARGON2_OK; 98 } 99 100 int argon2_hash(const uint32_t t_cost, const uint32_t m_cost, 101 const uint32_t parallelism, const void *pwd, 102 const size_t pwdlen, const void *salt, const size_t saltlen, 103 void *hash, const size_t hashlen, char *encoded, 104 const size_t encodedlen, argon2_type type, 105 const uint32_t version){ 106 107 argon2_context context; 108 int result; 109 uint8_t *out; 110 111 if (pwdlen > ARGON2_MAX_PWD_LENGTH) { 112 return ARGON2_PWD_TOO_LONG; 113 } 114 115 if (saltlen > ARGON2_MAX_SALT_LENGTH) { 116 return ARGON2_SALT_TOO_LONG; 117 } 118 119 if (hashlen > ARGON2_MAX_OUTLEN) { 120 return ARGON2_OUTPUT_TOO_LONG; 121 } 122 123 if (hashlen < ARGON2_MIN_OUTLEN) { 124 return ARGON2_OUTPUT_TOO_SHORT; 125 } 126 127 out = malloc(hashlen); 128 if (!out) { 129 return ARGON2_MEMORY_ALLOCATION_ERROR; 130 } 131 132 context.out = (uint8_t *)out; 133 context.outlen = (uint32_t)hashlen; 134 context.pwd = CONST_CAST(uint8_t *)pwd; 135 context.pwdlen = (uint32_t)pwdlen; 136 context.salt = CONST_CAST(uint8_t *)salt; 137 context.saltlen = (uint32_t)saltlen; 138 context.secret = NULL; 139 context.secretlen = 0; 140 context.ad = NULL; 141 context.adlen = 0; 142 context.t_cost = t_cost; 143 context.m_cost = m_cost; 144 context.lanes = parallelism; 145 context.threads = parallelism; 146 context.allocate_cbk = NULL; 147 context.free_cbk = NULL; 148 context.flags = ARGON2_DEFAULT_FLAGS; 149 context.version = version; 150 151 result = argon2_ctx(&context, type); 152 153 if (result != ARGON2_OK) { 154 clear_internal_memory(out, hashlen); 155 free(out); 156 return result; 157 } 158 159 /* if raw hash requested, write it */ 160 if (hash) { 161 memcpy(hash, out, hashlen); 162 } 163 164 /* if encoding requested, write it */ 165 if (encoded && encodedlen) { 166 if (encode_string(encoded, encodedlen, &context, type) != ARGON2_OK) { 167 clear_internal_memory(out, hashlen); /* wipe buffers if error */ 168 clear_internal_memory(encoded, encodedlen); 169 free(out); 170 return ARGON2_ENCODING_FAIL; 171 } 172 } 173 clear_internal_memory(out, hashlen); 174 free(out); 175 176 return ARGON2_OK; 177 } 178 179 int argon2i_hash_encoded(const uint32_t t_cost, const uint32_t m_cost, 180 const uint32_t parallelism, const void *pwd, 181 const size_t pwdlen, const void *salt, 182 const size_t saltlen, const size_t hashlen, 183 char *encoded, const size_t encodedlen) { 184 185 return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen, 186 NULL, hashlen, encoded, encodedlen, Argon2_i, 187 ARGON2_VERSION_NUMBER); 188 } 189 190 int argon2i_hash_raw(const uint32_t t_cost, const uint32_t m_cost, 191 const uint32_t parallelism, const void *pwd, 192 const size_t pwdlen, const void *salt, 193 const size_t saltlen, void *hash, const size_t hashlen) { 194 195 return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen, 196 hash, hashlen, NULL, 0, Argon2_i, ARGON2_VERSION_NUMBER); 197 } 198 199 int argon2d_hash_encoded(const uint32_t t_cost, const uint32_t m_cost, 200 const uint32_t parallelism, const void *pwd, 201 const size_t pwdlen, const void *salt, 202 const size_t saltlen, const size_t hashlen, 203 char *encoded, const size_t encodedlen) { 204 205 return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen, 206 NULL, hashlen, encoded, encodedlen, Argon2_d, 207 ARGON2_VERSION_NUMBER); 208 } 209 210 int argon2d_hash_raw(const uint32_t t_cost, const uint32_t m_cost, 211 const uint32_t parallelism, const void *pwd, 212 const size_t pwdlen, const void *salt, 213 const size_t saltlen, void *hash, const size_t hashlen) { 214 215 return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen, 216 hash, hashlen, NULL, 0, Argon2_d, ARGON2_VERSION_NUMBER); 217 } 218 219 int argon2id_hash_encoded(const uint32_t t_cost, const uint32_t m_cost, 220 const uint32_t parallelism, const void *pwd, 221 const size_t pwdlen, const void *salt, 222 const size_t saltlen, const size_t hashlen, 223 char *encoded, const size_t encodedlen) { 224 225 return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen, 226 NULL, hashlen, encoded, encodedlen, Argon2_id, 227 ARGON2_VERSION_NUMBER); 228 } 229 230 int argon2id_hash_raw(const uint32_t t_cost, const uint32_t m_cost, 231 const uint32_t parallelism, const void *pwd, 232 const size_t pwdlen, const void *salt, 233 const size_t saltlen, void *hash, const size_t hashlen) { 234 return argon2_hash(t_cost, m_cost, parallelism, pwd, pwdlen, salt, saltlen, 235 hash, hashlen, NULL, 0, Argon2_id, 236 ARGON2_VERSION_NUMBER); 237 } 238 239 static int argon2_compare(const uint8_t *b1, const uint8_t *b2, size_t len) { 240 size_t i; 241 uint8_t d = 0U; 242 243 for (i = 0U; i < len; i++) { 244 d |= b1[i] ^ b2[i]; 245 } 246 return (int)((1 & ((d - 1) >> 8)) - 1); 247 } 248 249 int argon2_verify(const char *encoded, const void *pwd, const size_t pwdlen, 250 argon2_type type) { 251 252 argon2_context ctx; 253 uint8_t *desired_result = NULL; 254 255 int ret = ARGON2_OK; 256 257 size_t encoded_len; 258 uint32_t max_field_len; 259 260 if (pwdlen > ARGON2_MAX_PWD_LENGTH) { 261 return ARGON2_PWD_TOO_LONG; 262 } 263 264 if (encoded == NULL) { 265 return ARGON2_DECODING_FAIL; 266 } 267 268 encoded_len = strlen(encoded); 269 if (encoded_len > UINT32_MAX) { 270 return ARGON2_DECODING_FAIL; 271 } 272 273 /* No field can be longer than the encoded length */ 274 max_field_len = (uint32_t)encoded_len; 275 276 ctx.saltlen = max_field_len; 277 ctx.outlen = max_field_len; 278 279 ctx.salt = malloc(ctx.saltlen); 280 ctx.out = malloc(ctx.outlen); 281 if (!ctx.salt || !ctx.out) { 282 ret = ARGON2_MEMORY_ALLOCATION_ERROR; 283 goto fail; 284 } 285 286 ctx.pwd = (uint8_t *)pwd; 287 ctx.pwdlen = (uint32_t)pwdlen; 288 289 ret = decode_string(&ctx, encoded, type); 290 if (ret != ARGON2_OK) { 291 goto fail; 292 } 293 294 /* Set aside the desired result, and get a new buffer. */ 295 desired_result = ctx.out; 296 ctx.out = malloc(ctx.outlen); 297 if (!ctx.out) { 298 ret = ARGON2_MEMORY_ALLOCATION_ERROR; 299 goto fail; 300 } 301 302 ret = argon2_verify_ctx(&ctx, (char *)desired_result, type); 303 if (ret != ARGON2_OK) { 304 goto fail; 305 } 306 307 fail: 308 free(ctx.salt); 309 free(ctx.out); 310 free(desired_result); 311 312 return ret; 313 } 314 315 int argon2i_verify(const char *encoded, const void *pwd, const size_t pwdlen) { 316 317 return argon2_verify(encoded, pwd, pwdlen, Argon2_i); 318 } 319 320 int argon2d_verify(const char *encoded, const void *pwd, const size_t pwdlen) { 321 322 return argon2_verify(encoded, pwd, pwdlen, Argon2_d); 323 } 324 325 int argon2id_verify(const char *encoded, const void *pwd, const size_t pwdlen) { 326 327 return argon2_verify(encoded, pwd, pwdlen, Argon2_id); 328 } 329 330 int argon2d_ctx(argon2_context *context) { 331 return argon2_ctx(context, Argon2_d); 332 } 333 334 int argon2i_ctx(argon2_context *context) { 335 return argon2_ctx(context, Argon2_i); 336 } 337 338 int argon2id_ctx(argon2_context *context) { 339 return argon2_ctx(context, Argon2_id); 340 } 341 342 int argon2_verify_ctx(argon2_context *context, const char *hash, 343 argon2_type type) { 344 int ret = argon2_ctx(context, type); 345 if (ret != ARGON2_OK) { 346 return ret; 347 } 348 349 if (argon2_compare((uint8_t *)hash, context->out, context->outlen)) { 350 return ARGON2_VERIFY_MISMATCH; 351 } 352 353 return ARGON2_OK; 354 } 355 356 int argon2d_verify_ctx(argon2_context *context, const char *hash) { 357 return argon2_verify_ctx(context, hash, Argon2_d); 358 } 359 360 int argon2i_verify_ctx(argon2_context *context, const char *hash) { 361 return argon2_verify_ctx(context, hash, Argon2_i); 362 } 363 364 int argon2id_verify_ctx(argon2_context *context, const char *hash) { 365 return argon2_verify_ctx(context, hash, Argon2_id); 366 } 367 368 const char *argon2_error_message(int error_code) { 369 switch (error_code) { 370 case ARGON2_OK: 371 return "OK"; 372 case ARGON2_OUTPUT_PTR_NULL: 373 return "Output pointer is NULL"; 374 case ARGON2_OUTPUT_TOO_SHORT: 375 return "Output is too short"; 376 case ARGON2_OUTPUT_TOO_LONG: 377 return "Output is too long"; 378 case ARGON2_PWD_TOO_SHORT: 379 return "Password is too short"; 380 case ARGON2_PWD_TOO_LONG: 381 return "Password is too long"; 382 case ARGON2_SALT_TOO_SHORT: 383 return "Salt is too short"; 384 case ARGON2_SALT_TOO_LONG: 385 return "Salt is too long"; 386 case ARGON2_AD_TOO_SHORT: 387 return "Associated data is too short"; 388 case ARGON2_AD_TOO_LONG: 389 return "Associated data is too long"; 390 case ARGON2_SECRET_TOO_SHORT: 391 return "Secret is too short"; 392 case ARGON2_SECRET_TOO_LONG: 393 return "Secret is too long"; 394 case ARGON2_TIME_TOO_SMALL: 395 return "Time cost is too small"; 396 case ARGON2_TIME_TOO_LARGE: 397 return "Time cost is too large"; 398 case ARGON2_MEMORY_TOO_LITTLE: 399 return "Memory cost is too small"; 400 case ARGON2_MEMORY_TOO_MUCH: 401 return "Memory cost is too large"; 402 case ARGON2_LANES_TOO_FEW: 403 return "Too few lanes"; 404 case ARGON2_LANES_TOO_MANY: 405 return "Too many lanes"; 406 case ARGON2_PWD_PTR_MISMATCH: 407 return "Password pointer is NULL, but password length is not 0"; 408 case ARGON2_SALT_PTR_MISMATCH: 409 return "Salt pointer is NULL, but salt length is not 0"; 410 case ARGON2_SECRET_PTR_MISMATCH: 411 return "Secret pointer is NULL, but secret length is not 0"; 412 case ARGON2_AD_PTR_MISMATCH: 413 return "Associated data pointer is NULL, but ad length is not 0"; 414 case ARGON2_MEMORY_ALLOCATION_ERROR: 415 return "Memory allocation error"; 416 case ARGON2_FREE_MEMORY_CBK_NULL: 417 return "The free memory callback is NULL"; 418 case ARGON2_ALLOCATE_MEMORY_CBK_NULL: 419 return "The allocate memory callback is NULL"; 420 case ARGON2_INCORRECT_PARAMETER: 421 return "Argon2_Context context is NULL"; 422 case ARGON2_INCORRECT_TYPE: 423 return "There is no such version of Argon2"; 424 case ARGON2_OUT_PTR_MISMATCH: 425 return "Output pointer mismatch"; 426 case ARGON2_THREADS_TOO_FEW: 427 return "Not enough threads"; 428 case ARGON2_THREADS_TOO_MANY: 429 return "Too many threads"; 430 case ARGON2_MISSING_ARGS: 431 return "Missing arguments"; 432 case ARGON2_ENCODING_FAIL: 433 return "Encoding failed"; 434 case ARGON2_DECODING_FAIL: 435 return "Decoding failed"; 436 case ARGON2_THREAD_FAIL: 437 return "Threading failure"; 438 case ARGON2_DECODING_LENGTH_FAIL: 439 return "Some of encoded parameters are too long or too short"; 440 case ARGON2_VERIFY_MISMATCH: 441 return "The password does not match the supplied hash"; 442 default: 443 return "Unknown error code"; 444 } 445 } 446 447 size_t argon2_encodedlen(uint32_t t_cost, uint32_t m_cost, uint32_t parallelism, 448 uint32_t saltlen, uint32_t hashlen, argon2_type type) { 449 return strlen("$$v=$m=,t=,p=$$") + strlen(argon2_type2string(type, 0)) + 450 numlen(t_cost) + numlen(m_cost) + numlen(parallelism) + 451 b64len(saltlen) + b64len(hashlen) + numlen(ARGON2_VERSION_NUMBER) + 1; 452 } 453