diff options
Diffstat (limited to 'libs/libsodium/src/crypto_pwhash/argon2')
14 files changed, 171 insertions, 174 deletions
diff --git a/libs/libsodium/src/crypto_pwhash/argon2/argon2-core.c b/libs/libsodium/src/crypto_pwhash/argon2/argon2-core.c index 893dcd5985..ee09450ca6 100644 --- a/libs/libsodium/src/crypto_pwhash/argon2/argon2-core.c +++ b/libs/libsodium/src/crypto_pwhash/argon2/argon2-core.c @@ -35,13 +35,17 @@ # define MAP_ANON MAP_ANONYMOUS
#endif
#ifndef MAP_NOCORE
-# define MAP_NOCORE 0
+# ifdef MAP_CONCEAL
+# define MAP_NOCORE MAP_CONCEAL
+# else
+# define MAP_NOCORE 0
+# endif
#endif
#ifndef MAP_POPULATE
# define MAP_POPULATE 0
#endif
-static fill_segment_fn fill_segment = fill_segment_ref;
+static fill_segment_fn fill_segment = argon2_fill_segment_ref;
static void
load_block(block *dst, const void *input)
@@ -72,7 +76,7 @@ static int allocate_memory(block_region **region, uint32_t m_cost); static int
allocate_memory(block_region **region, uint32_t m_cost)
{
- void * base;
+ void *base;
block *memory;
size_t memory_size;
@@ -95,12 +99,12 @@ allocate_memory(block_region **region, uint32_t m_cost) -1, 0)) == MAP_FAILED) {
base = NULL; /* LCOV_EXCL_LINE */
} /* LCOV_EXCL_LINE */
- memcpy(&memory, &base, sizeof memory);
+ memory = (block *) base;
#elif defined(HAVE_POSIX_MEMALIGN)
if ((errno = posix_memalign((void **) &base, 64, memory_size)) != 0) {
base = NULL;
}
- memcpy(&memory, &base, sizeof memory);
+ memory = (block *) base;
#else
memory = NULL;
if (memory_size + 63 < memory_size) {
@@ -109,13 +113,15 @@ allocate_memory(block_region **region, uint32_t m_cost) } else if ((base = malloc(memory_size + 63)) != NULL) {
uint8_t *aligned = ((uint8_t *) base) + 63;
aligned -= (uintptr_t) aligned & 63;
- memcpy(&memory, &aligned, sizeof memory);
+ memory = (block *) aligned;
}
#endif
if (base == NULL) {
+ /* LCOV_EXCL_START */
free(*region);
*region = NULL;
- return ARGON2_MEMORY_ALLOCATION_ERROR; /* LCOV_EXCL_LINE */
+ return ARGON2_MEMORY_ALLOCATION_ERROR;
+ /* LCOV_EXCL_STOP */
}
(*region)->base = base;
(*region)->memory = memory;
@@ -126,29 +132,6 @@ allocate_memory(block_region **region, uint32_t m_cost) /*********Memory functions*/
-/* Clears memory
- * @param instance pointer to the current instance
- * @param clear_memory indicates if we clear the memory with zeros.
- */
-static void clear_memory(argon2_instance_t *instance, int clear);
-
-static void
-clear_memory(argon2_instance_t *instance, int clear)
-{
- /* LCOV_EXCL_START */
- if (clear) {
- if (instance->region != NULL) {
- sodium_memzero(instance->region->memory,
- sizeof(block) * instance->memory_blocks);
- }
- if (instance->pseudo_rands != NULL) {
- sodium_memzero(instance->pseudo_rands,
- sizeof(uint64_t) * instance->segment_length);
- }
- }
- /* LCOV_EXCL_STOP */
-}
-
/* Deallocates memory
* @param memory pointer to the blocks
*/
@@ -157,7 +140,7 @@ static void free_memory(block_region *region); static void
free_memory(block_region *region)
{
- if (region && region->base) {
+ if (region != NULL && region->base != NULL) {
#if defined(MAP_ANON) && defined(HAVE_MMAP)
if (munmap(region->base, region->size)) {
return; /* LCOV_EXCL_LINE */
@@ -169,12 +152,9 @@ free_memory(block_region *region) free(region);
}
-void
-free_instance(argon2_instance_t *instance, int flags)
+static void
+argon2_free_instance(argon2_instance_t *instance, int flags)
{
- /* Clear memory */
- clear_memory(instance, flags & ARGON2_FLAG_CLEAR_MEMORY);
-
/* Deallocate the memory */
free(instance->pseudo_rands);
instance->pseudo_rands = NULL;
@@ -183,7 +163,7 @@ free_instance(argon2_instance_t *instance, int flags) }
void
-finalize(const argon2_context *context, argon2_instance_t *instance)
+argon2_finalize(const argon2_context *context, argon2_instance_t *instance)
{
if (context != NULL && instance != NULL) {
block blockhash;
@@ -212,12 +192,12 @@ finalize(const argon2_context *context, argon2_instance_t *instance) ARGON2_BLOCK_SIZE); /* clear blockhash_bytes */
}
- free_instance(instance, context->flags);
+ argon2_free_instance(instance, context->flags);
}
}
void
-fill_memory_blocks(argon2_instance_t *instance, uint32_t pass)
+argon2_fill_memory_blocks(argon2_instance_t *instance, uint32_t pass)
{
argon2_position_t position;
uint32_t l;
@@ -239,7 +219,7 @@ fill_memory_blocks(argon2_instance_t *instance, uint32_t pass) }
int
-validate_inputs(const argon2_context *context)
+argon2_validate_inputs(const argon2_context *context)
{
/* LCOV_EXCL_START */
if (NULL == context) {
@@ -319,6 +299,15 @@ validate_inputs(const argon2_context *context) }
}
+ /* Validate lanes */
+ if (ARGON2_MIN_LANES > context->lanes) {
+ return ARGON2_LANES_TOO_FEW;
+ }
+
+ if (ARGON2_MAX_LANES < context->lanes) {
+ return ARGON2_LANES_TOO_MANY;
+ }
+
/* Validate memory cost */
if (ARGON2_MIN_MEMORY > context->m_cost) {
return ARGON2_MEMORY_TOO_LITTLE;
@@ -341,15 +330,6 @@ validate_inputs(const argon2_context *context) return ARGON2_TIME_TOO_LARGE;
}
- /* Validate lanes */
- if (ARGON2_MIN_LANES > context->lanes) {
- return ARGON2_LANES_TOO_FEW;
- }
-
- if (ARGON2_MAX_LANES < context->lanes) {
- return ARGON2_LANES_TOO_MANY;
- }
-
/* Validate threads */
if (ARGON2_MIN_THREADS > context->threads) {
return ARGON2_THREADS_TOO_FEW;
@@ -363,8 +343,8 @@ validate_inputs(const argon2_context *context) return ARGON2_OK;
}
-void
-fill_first_blocks(uint8_t *blockhash, const argon2_instance_t *instance)
+static void
+argon2_fill_first_blocks(uint8_t *blockhash, const argon2_instance_t *instance)
{
uint32_t l;
/* Make the first and second block in each lane as G(H0||i||0) or
@@ -387,8 +367,9 @@ fill_first_blocks(uint8_t *blockhash, const argon2_instance_t *instance) sodium_memzero(blockhash_bytes, ARGON2_BLOCK_SIZE);
}
-void
-initial_hash(uint8_t *blockhash, argon2_context *context, argon2_type type)
+static void
+argon2_initial_hash(uint8_t *blockhash, argon2_context *context,
+ argon2_type type)
{
crypto_generichash_blake2b_state BlakeHash;
uint8_t value[4U /* sizeof(uint32_t) */];
@@ -471,7 +452,7 @@ initial_hash(uint8_t *blockhash, argon2_context *context, argon2_type type) }
int
-initialize(argon2_instance_t *instance, argon2_context *context)
+argon2_initialize(argon2_instance_t *instance, argon2_context *context)
{
uint8_t blockhash[ARGON2_PREHASH_SEED_LENGTH];
int result = ARGON2_OK;
@@ -489,7 +470,7 @@ initialize(argon2_instance_t *instance, argon2_context *context) result = allocate_memory(&(instance->region), instance->memory_blocks);
if (ARGON2_OK != result) {
- free_instance(instance, context->flags);
+ argon2_free_instance(instance, context->flags);
return result;
}
@@ -497,45 +478,45 @@ initialize(argon2_instance_t *instance, argon2_context *context) /* H_0 + 8 extra bytes to produce the first blocks */
/* uint8_t blockhash[ARGON2_PREHASH_SEED_LENGTH]; */
/* Hashing all inputs */
- initial_hash(blockhash, context, instance->type);
+ argon2_initial_hash(blockhash, context, instance->type);
/* Zeroing 8 extra bytes */
sodium_memzero(blockhash + ARGON2_PREHASH_DIGEST_LENGTH,
ARGON2_PREHASH_SEED_LENGTH - ARGON2_PREHASH_DIGEST_LENGTH);
/* 3. Creating first blocks, we always have at least two blocks in a slice
*/
- fill_first_blocks(blockhash, instance);
+ argon2_fill_first_blocks(blockhash, instance);
/* Clearing the hash */
sodium_memzero(blockhash, ARGON2_PREHASH_SEED_LENGTH);
return ARGON2_OK;
}
-int
+static int
argon2_pick_best_implementation(void)
{
/* LCOV_EXCL_START */
#if defined(HAVE_AVX512FINTRIN_H) && defined(HAVE_AVX2INTRIN_H) && \
defined(HAVE_TMMINTRIN_H) && defined(HAVE_SMMINTRIN_H)
if (sodium_runtime_has_avx512f()) {
- fill_segment = fill_segment_avx512f;
+ fill_segment = argon2_fill_segment_avx512f;
return 0;
}
#endif
#if defined(HAVE_AVX2INTRIN_H) && defined(HAVE_TMMINTRIN_H) && \
defined(HAVE_SMMINTRIN_H)
if (sodium_runtime_has_avx2()) {
- fill_segment = fill_segment_avx2;
+ fill_segment = argon2_fill_segment_avx2;
return 0;
}
#endif
#if defined(HAVE_EMMINTRIN_H) && defined(HAVE_TMMINTRIN_H)
if (sodium_runtime_has_ssse3()) {
- fill_segment = fill_segment_ssse3;
+ fill_segment = argon2_fill_segment_ssse3;
return 0;
}
#endif
- fill_segment = fill_segment_ref;
+ fill_segment = argon2_fill_segment_ref;
return 0;
/* LCOV_EXCL_STOP */
diff --git a/libs/libsodium/src/crypto_pwhash/argon2/argon2-core.h b/libs/libsodium/src/crypto_pwhash/argon2/argon2-core.h index 4af519b28e..359b1d8d32 100644 --- a/libs/libsodium/src/crypto_pwhash/argon2/argon2-core.h +++ b/libs/libsodium/src/crypto_pwhash/argon2/argon2-core.h @@ -17,6 +17,7 @@ #include <string.h>
#include "argon2.h"
+#include "private/quirks.h"
/*************************Argon2 internal
* constants**************************************************/
@@ -214,28 +215,7 @@ static uint32_t index_alpha(const argon2_instance_t *instance, * @return ARGON2_OK if everything is all right, otherwise one of error codes
* (all defined in <argon2.h>
*/
-int validate_inputs(const argon2_context *context);
-
-/*
- * Hashes all the inputs into @a blockhash[PREHASH_DIGEST_LENGTH], clears
- * password and secret if needed
- * @param context Pointer to the Argon2 internal structure containing memory
- * pointer, and parameters for time and space requirements.
- * @param blockhash Buffer for pre-hashing digest
- * @param type Argon2 type
- * @pre @a blockhash must have at least @a PREHASH_DIGEST_LENGTH bytes
- * allocated
- */
-void initial_hash(uint8_t *blockhash, argon2_context *context,
- argon2_type type);
-
-/*
- * Function creates first 2 blocks per lane
- * @param instance Pointer to the current instance
- * @param blockhash Pointer to the pre-hashing digest
- * @pre blockhash must point to @a PREHASH_SEED_LENGTH allocated values
- */
-void fill_first_blocks(uint8_t *blockhash, const argon2_instance_t *instance);
+int argon2_validate_inputs(const argon2_context *context);
/*
* Function allocates memory, hashes the inputs with Blake, and creates first
@@ -247,12 +227,7 @@ void fill_first_blocks(uint8_t *blockhash, const argon2_instance_t *instance); * @return Zero if successful, -1 if memory failed to allocate. @context->state
* will be modified if successful.
*/
-int initialize(argon2_instance_t *instance, argon2_context *context);
-
-/*
- * Deallocates memory. Used on error path.
- */
-void free_instance(argon2_instance_t *instance, int flags);
+int argon2_initialize(argon2_instance_t *instance, argon2_context *context);
/*
* XORing the last block of each lane, hashing it, making the tag. Deallocates
@@ -265,7 +240,8 @@ void free_instance(argon2_instance_t *instance, int flags); * @pre if context->free_cbk is not NULL, it should point to a function that
* deallocates memory
*/
-void finalize(const argon2_context *context, argon2_instance_t *instance);
+void argon2_finalize(const argon2_context *context,
+ argon2_instance_t *instance);
/*
* Function that fills the segment using previous segments also from other
@@ -276,15 +252,14 @@ void finalize(const argon2_context *context, argon2_instance_t *instance); */
typedef void (*fill_segment_fn)(const argon2_instance_t *instance,
argon2_position_t position);
-int argon2_pick_best_implementation(void);
-void fill_segment_avx512f(const argon2_instance_t *instance,
- argon2_position_t position);
-void fill_segment_avx2(const argon2_instance_t *instance,
- argon2_position_t position);
-void fill_segment_ssse3(const argon2_instance_t *instance,
- argon2_position_t position);
-void fill_segment_ref(const argon2_instance_t *instance,
- argon2_position_t position);
+void argon2_fill_segment_avx512f(const argon2_instance_t *instance,
+ argon2_position_t position);
+void argon2_fill_segment_avx2(const argon2_instance_t *instance,
+ argon2_position_t position);
+void argon2_fill_segment_ssse3(const argon2_instance_t *instance,
+ argon2_position_t position);
+void argon2_fill_segment_ref(const argon2_instance_t *instance,
+ argon2_position_t position);
/*
* Function that fills the entire memory t_cost times based on the first two
@@ -292,6 +267,6 @@ void fill_segment_ref(const argon2_instance_t *instance, * @param instance Pointer to the current instance
* @return Zero if successful, -1 if memory failed to allocate
*/
-void fill_memory_blocks(argon2_instance_t *instance, uint32_t pass);
+void argon2_fill_memory_blocks(argon2_instance_t *instance, uint32_t pass);
#endif
diff --git a/libs/libsodium/src/crypto_pwhash/argon2/argon2-encoding.c b/libs/libsodium/src/crypto_pwhash/argon2/argon2-encoding.c index a9a2b4872d..6221f285be 100644 --- a/libs/libsodium/src/crypto_pwhash/argon2/argon2-encoding.c +++ b/libs/libsodium/src/crypto_pwhash/argon2/argon2-encoding.c @@ -83,7 +83,7 @@ decode_decimal(const char *str, unsigned long *v) * output length must be in the allowed ranges defined in argon2.h.
*
* The ctx struct must contain buffers large enough to hold the salt and pwd
- * when it is fed into decode_string.
+ * when it is fed into argon2_decode_string.
*/
/*
@@ -91,7 +91,7 @@ decode_decimal(const char *str, unsigned long *v) * Returned value is ARGON2_OK on success.
*/
int
-decode_string(argon2_context *ctx, const char *str, argon2_type type)
+argon2_decode_string(argon2_context *ctx, const char *str, argon2_type type)
{
/* Prefix checking */
#define CC(prefix) \
@@ -193,7 +193,7 @@ decode_string(argon2_context *ctx, const char *str, argon2_type type) BIN(ctx->salt, maxsaltlen, ctx->saltlen);
CC("$");
BIN(ctx->out, maxoutlen, ctx->outlen);
- validation_result = validate_inputs(ctx);
+ validation_result = argon2_validate_inputs(ctx);
if (validation_result != ARGON2_OK) {
return validation_result;
}
@@ -238,7 +238,8 @@ u32_to_string(char *str, uint32_t x) * On success, ARGON2_OK is returned.
*/
int
-encode_string(char *dst, size_t dst_len, argon2_context *ctx, argon2_type type)
+argon2_encode_string(char *dst, size_t dst_len, argon2_context *ctx,
+ argon2_type type)
{
#define SS(str) \
do { \
@@ -280,7 +281,7 @@ encode_string(char *dst, size_t dst_len, argon2_context *ctx, argon2_type type) default:
return ARGON2_ENCODING_FAIL;
}
- validation_result = validate_inputs(ctx);
+ validation_result = argon2_validate_inputs(ctx);
if (validation_result != ARGON2_OK) {
return validation_result;
}
diff --git a/libs/libsodium/src/crypto_pwhash/argon2/argon2-encoding.h b/libs/libsodium/src/crypto_pwhash/argon2/argon2-encoding.h index c0a54f8274..4ba93d1543 100644 --- a/libs/libsodium/src/crypto_pwhash/argon2/argon2-encoding.h +++ b/libs/libsodium/src/crypto_pwhash/argon2/argon2-encoding.h @@ -2,6 +2,7 @@ #define argon2_encoding_H
#include "argon2.h"
+#include "private/quirks.h"
/*
* encode an Argon2 hash string into the provided buffer. 'dst_len'
@@ -17,8 +18,8 @@ *
* No other parameters are checked
*/
-int encode_string(char *dst, size_t dst_len, argon2_context *ctx,
- argon2_type type);
+int argon2_encode_string(char *dst, size_t dst_len, argon2_context *ctx,
+ argon2_type type);
/*
* Decodes an Argon2 hash string into the provided structure 'ctx'.
@@ -28,6 +29,7 @@ int encode_string(char *dst, size_t dst_len, argon2_context *ctx, *
* Returned value is ARGON2_OK on success.
*/
-int decode_string(argon2_context *ctx, const char *str, argon2_type type);
+int argon2_decode_string(argon2_context *ctx, const char *str,
+ argon2_type type);
#endif
diff --git a/libs/libsodium/src/crypto_pwhash/argon2/argon2-fill-block-avx2.c b/libs/libsodium/src/crypto_pwhash/argon2/argon2-fill-block-avx2.c index c41037fd43..fbbd5c773e 100644 --- a/libs/libsodium/src/crypto_pwhash/argon2/argon2-fill-block-avx2.c +++ b/libs/libsodium/src/crypto_pwhash/argon2/argon2-fill-block-avx2.c @@ -18,25 +18,24 @@ #include "argon2-core.h"
#include "argon2.h"
#include "private/common.h"
-#include "private/sse2_64_32.h"
#if defined(HAVE_AVX2INTRIN_H) && defined(HAVE_EMMINTRIN_H) && \
defined(HAVE_TMMINTRIN_H) && defined(HAVE_SMMINTRIN_H)
-# ifdef __GNUC__
-# pragma GCC target("sse2")
-# pragma GCC target("ssse3")
-# pragma GCC target("sse4.1")
-# pragma GCC target("avx2")
+# ifdef __clang__
+# pragma clang attribute push(__attribute__((target("sse2,ssse3,sse4.1,avx2"))), apply_to = function)
+# elif defined(__GNUC__)
+# pragma GCC target("sse2,ssse3,sse4.1,avx2")
# endif
# ifdef _MSC_VER
# include <intrin.h> /* for _mm_set_epi64x */
# endif
-#include <emmintrin.h>
-#include <immintrin.h>
-#include <smmintrin.h>
-#include <tmmintrin.h>
+# include <emmintrin.h>
+# include <immintrin.h>
+# include <smmintrin.h>
+# include <tmmintrin.h>
+# include "private/sse2_64_32.h"
# include "blamka-round-avx2.h"
@@ -141,8 +140,8 @@ generate_addresses(const argon2_instance_t *instance, }
void
-fill_segment_avx2(const argon2_instance_t *instance,
- argon2_position_t position)
+argon2_fill_segment_avx2(const argon2_instance_t *instance,
+ argon2_position_t position)
{
block *ref_block = NULL, *curr_block = NULL;
uint64_t pseudo_rand, ref_index, ref_lane;
@@ -236,4 +235,9 @@ fill_segment_avx2(const argon2_instance_t *instance, }
}
}
+
+#ifdef __clang__
+# pragma clang attribute pop
+#endif
+
#endif
diff --git a/libs/libsodium/src/crypto_pwhash/argon2/argon2-fill-block-avx512f.c b/libs/libsodium/src/crypto_pwhash/argon2/argon2-fill-block-avx512f.c index e6a8d18455..d50c40d18e 100644 --- a/libs/libsodium/src/crypto_pwhash/argon2/argon2-fill-block-avx512f.c +++ b/libs/libsodium/src/crypto_pwhash/argon2/argon2-fill-block-avx512f.c @@ -18,26 +18,28 @@ #include "argon2-core.h"
#include "argon2.h"
#include "private/common.h"
-#include "private/sse2_64_32.h"
#if defined(HAVE_AVX512FINTRIN_H) && defined(HAVE_AVX2INTRIN_H) && \
defined(HAVE_EMMINTRIN_H) && defined(HAVE_TMMINTRIN_H) && defined(HAVE_SMMINTRIN_H)
-# ifdef __GNUC__
-# pragma GCC target("sse2")
-# pragma GCC target("ssse3")
-# pragma GCC target("sse4.1")
-# pragma GCC target("avx2")
-# pragma GCC target("avx512f")
+# ifdef __clang__
+# if __clang_major__ >= 18
+# pragma clang attribute push(__attribute__((target("sse2,ssse3,sse4.1,avx2,avx512f,evex512"))), apply_to = function)
+# else
+# pragma clang attribute push(__attribute__((target("sse2,ssse3,sse4.1,avx2,avx512f"))), apply_to = function)
+# endif
+# elif defined(__GNUC__)
+# pragma GCC target("sse2,ssse3,sse4.1,avx2,avx512f")
# endif
# ifdef _MSC_VER
# include <intrin.h> /* for _mm_set_epi64x */
# endif
-#include <emmintrin.h>
-#include <immintrin.h>
-#include <smmintrin.h>
-#include <tmmintrin.h>
+# include <emmintrin.h>
+# include <immintrin.h>
+# include <smmintrin.h>
+# include <tmmintrin.h>
+# include "private/sse2_64_32.h"
# include "blamka-round-avx512f.h"
@@ -146,8 +148,8 @@ generate_addresses(const argon2_instance_t *instance, }
void
-fill_segment_avx512f(const argon2_instance_t *instance,
- argon2_position_t position)
+argon2_fill_segment_avx512f(const argon2_instance_t *instance,
+ argon2_position_t position)
{
block *ref_block = NULL, *curr_block = NULL;
uint64_t pseudo_rand, ref_index, ref_lane;
@@ -241,4 +243,9 @@ fill_segment_avx512f(const argon2_instance_t *instance, }
}
}
+
+#ifdef __clang__
+# pragma clang attribute pop
+#endif
+
#endif
diff --git a/libs/libsodium/src/crypto_pwhash/argon2/argon2-fill-block-ref.c b/libs/libsodium/src/crypto_pwhash/argon2/argon2-fill-block-ref.c index c973e8b489..85375fcc13 100644 --- a/libs/libsodium/src/crypto_pwhash/argon2/argon2-fill-block-ref.c +++ b/libs/libsodium/src/crypto_pwhash/argon2/argon2-fill-block-ref.c @@ -141,7 +141,8 @@ generate_addresses(const argon2_instance_t *instance, }
void
-fill_segment_ref(const argon2_instance_t *instance, argon2_position_t position)
+argon2_fill_segment_ref(const argon2_instance_t *instance,
+ argon2_position_t position)
{
block *ref_block = NULL, *curr_block = NULL;
/* Pseudo-random values that determine the reference block position */
diff --git a/libs/libsodium/src/crypto_pwhash/argon2/argon2-fill-block-ssse3.c b/libs/libsodium/src/crypto_pwhash/argon2/argon2-fill-block-ssse3.c index 85de04f132..151f9c78bd 100644 --- a/libs/libsodium/src/crypto_pwhash/argon2/argon2-fill-block-ssse3.c +++ b/libs/libsodium/src/crypto_pwhash/argon2/argon2-fill-block-ssse3.c @@ -18,13 +18,13 @@ #include "argon2-core.h"
#include "argon2.h"
#include "private/common.h"
-#include "private/sse2_64_32.h"
#if defined(HAVE_EMMINTRIN_H) && defined(HAVE_TMMINTRIN_H)
-# ifdef __GNUC__
-# pragma GCC target("sse2")
-# pragma GCC target("ssse3")
+# ifdef __clang__
+# pragma clang attribute push(__attribute__((target("sse2,ssse3"))), apply_to = function)
+# elif defined(__GNUC__)
+# pragma GCC target("sse2,ssse3")
# endif
# ifdef _MSC_VER
@@ -32,6 +32,7 @@ # endif
# include <emmintrin.h>
# include <tmmintrin.h>
+# include "private/sse2_64_32.h"
# include "blamka-round-ssse3.h"
@@ -140,8 +141,8 @@ generate_addresses(const argon2_instance_t *instance, }
void
-fill_segment_ssse3(const argon2_instance_t *instance,
- argon2_position_t position)
+argon2_fill_segment_ssse3(const argon2_instance_t *instance,
+ argon2_position_t position)
{
block *ref_block = NULL, *curr_block = NULL;
uint64_t pseudo_rand, ref_index, ref_lane;
@@ -235,4 +236,9 @@ fill_segment_ssse3(const argon2_instance_t *instance, }
}
}
+
+#ifdef __clang__
+# pragma clang attribute pop
+#endif
+
#endif
diff --git a/libs/libsodium/src/crypto_pwhash/argon2/argon2.c b/libs/libsodium/src/crypto_pwhash/argon2/argon2.c index 3b0f2f2723..a098feba9d 100644 --- a/libs/libsodium/src/crypto_pwhash/argon2/argon2.c +++ b/libs/libsodium/src/crypto_pwhash/argon2/argon2.c @@ -17,6 +17,7 @@ #include <stdlib.h>
#include <string.h>
+#include "randombytes.h"
#include "utils.h"
#include "argon2-core.h"
@@ -27,7 +28,7 @@ int argon2_ctx(argon2_context *context, argon2_type type)
{
/* 1. Validate all inputs */
- int result = validate_inputs(context);
+ int result = argon2_validate_inputs(context);
uint32_t memory_blocks, segment_length;
uint32_t pass;
argon2_instance_t instance;
@@ -65,7 +66,7 @@ argon2_ctx(argon2_context *context, argon2_type type) /* 3. Initialization: Hashing inputs, allocating memory, filling first
* blocks
*/
- result = initialize(&instance, context);
+ result = argon2_initialize(&instance, context);
if (ARGON2_OK != result) {
return result;
@@ -73,11 +74,11 @@ argon2_ctx(argon2_context *context, argon2_type type) /* 4. Filling memory */
for (pass = 0; pass < instance.passes; pass++) {
- fill_memory_blocks(&instance, pass);
+ argon2_fill_memory_blocks(&instance, pass);
}
/* 5. Finalization */
- finalize(context, &instance);
+ argon2_finalize(context, &instance);
return ARGON2_OK;
}
@@ -93,6 +94,10 @@ argon2_hash(const uint32_t t_cost, const uint32_t m_cost, int result;
uint8_t *out;
+ if (hash != NULL) {
+ randombytes_buf(hash, hashlen);
+ }
+
if (pwdlen > ARGON2_MAX_PWD_LENGTH) {
return ARGON2_PWD_TOO_LONG;
}
@@ -134,14 +139,10 @@ argon2_hash(const uint32_t t_cost, const uint32_t m_cost, return result;
}
- /* if raw hash requested, write it */
- if (hash) {
- memcpy(hash, out, hashlen);
- }
-
/* if encoding requested, write it */
if (encoded && encodedlen) {
- if (encode_string(encoded, encodedlen, &context, type) != ARGON2_OK) {
+ if (argon2_encode_string(encoded, encodedlen,
+ &context, type) != ARGON2_OK) {
sodium_memzero(out, hashlen);
sodium_memzero(encoded, encodedlen);
free(out);
@@ -149,6 +150,11 @@ argon2_hash(const uint32_t t_cost, const uint32_t m_cost, }
}
+ /* if raw hash requested, write it */
+ if (hash) {
+ memcpy(hash, out, hashlen);
+ }
+
sodium_memzero(out, hashlen);
free(out);
@@ -214,7 +220,7 @@ argon2_verify(const char *encoded, const void *pwd, const size_t pwdlen, ctx.secret = NULL;
ctx.secretlen = 0;
- /* max values, to be updated in decode_string */
+ /* max values, to be updated in argon2_decode_string */
encoded_len = strlen(encoded);
if (encoded_len > UINT32_MAX) {
return ARGON2_DECODING_LENGTH_FAIL;
@@ -240,7 +246,7 @@ argon2_verify(const char *encoded, const void *pwd, const size_t pwdlen, return ARGON2_MEMORY_ALLOCATION_ERROR;
}
- decode_result = decode_string(&ctx, encoded, type);
+ decode_result = argon2_decode_string(&ctx, encoded, type);
if (decode_result != ARGON2_OK) {
free(ctx.ad);
free(ctx.salt);
@@ -255,7 +261,7 @@ argon2_verify(const char *encoded, const void *pwd, const size_t pwdlen, free(ctx.ad);
free(ctx.salt);
- if (ret != ARGON2_OK || sodium_memcmp(out, ctx.out, ctx.outlen) != 0) {
+ if (ret == ARGON2_OK && sodium_memcmp(out, ctx.out, ctx.outlen) != 0) {
ret = ARGON2_VERIFY_MISMATCH;
}
free(out);
diff --git a/libs/libsodium/src/crypto_pwhash/argon2/argon2.h b/libs/libsodium/src/crypto_pwhash/argon2/argon2.h index 034a1be276..12c29c16f9 100644 --- a/libs/libsodium/src/crypto_pwhash/argon2/argon2.h +++ b/libs/libsodium/src/crypto_pwhash/argon2/argon2.h @@ -16,6 +16,8 @@ #include <stddef.h>
#include <stdint.h>
+#include "private/quirks.h"
+
/*
* Argon2 input parameter restrictions
*/
@@ -68,7 +70,6 @@ #define ARGON2_FLAG_CLEAR_PASSWORD (UINT32_C(1) << 0)
#define ARGON2_FLAG_CLEAR_SECRET (UINT32_C(1) << 1)
-#define ARGON2_FLAG_CLEAR_MEMORY (UINT32_C(1) << 2)
#define ARGON2_DEFAULT_FLAGS (UINT32_C(0))
/* Error codes */
@@ -283,7 +284,7 @@ int argon2_hash(const uint32_t t_cost, const uint32_t m_cost, /**
* Verifies a password against an encoded string
- * Encoded string is restricted as in validate_inputs()
+ * Encoded string is restricted as in argon2_validate_inputs()
* @param encoded String encoding parameters, salt, hash
* @param pwd Pointer to password
* @pre Returns ARGON2_OK if successful
@@ -292,7 +293,7 @@ int argon2i_verify(const char *encoded, const void *pwd, const size_t pwdlen); /**
* Verifies a password against an encoded string
- * Encoded string is restricted as in validate_inputs()
+ * Encoded string is restricted as in argon2_validate_inputs()
* @param encoded String encoding parameters, salt, hash
* @param pwd Pointer to password
* @pre Returns ARGON2_OK if successful
diff --git a/libs/libsodium/src/crypto_pwhash/argon2/blake2b-long.h b/libs/libsodium/src/crypto_pwhash/argon2/blake2b-long.h index f7275e0a78..9e308b8c04 100644 --- a/libs/libsodium/src/crypto_pwhash/argon2/blake2b-long.h +++ b/libs/libsodium/src/crypto_pwhash/argon2/blake2b-long.h @@ -2,6 +2,7 @@ #define blake2b_long_H
#include <stddef.h>
+#include "private/quirks.h"
int blake2b_long(void *pout, size_t outlen, const void *in, size_t inlen);
diff --git a/libs/libsodium/src/crypto_pwhash/argon2/blamka-round-ssse3.h b/libs/libsodium/src/crypto_pwhash/argon2/blamka-round-ssse3.h index f7290dbd49..d860405bc3 100644 --- a/libs/libsodium/src/crypto_pwhash/argon2/blamka-round-ssse3.h +++ b/libs/libsodium/src/crypto_pwhash/argon2/blamka-round-ssse3.h @@ -8,6 +8,9 @@ (_mm_setr_epi8(2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9))
#define r24 \
(_mm_setr_epi8(3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10))
+
+#if !(defined(_mm_roti_epi64) && defined(__XOP__))
+#undef _mm_roti_epi64
#define _mm_roti_epi64(x, c) \
(-(c) == 32) \
? _mm_shuffle_epi32((x), _MM_SHUFFLE(2, 3, 0, 1)) \
@@ -20,6 +23,7 @@ _mm_add_epi64((x), (x))) \
: _mm_xor_si128(_mm_srli_epi64((x), -(c)), \
_mm_slli_epi64((x), 64 - (-(c))))
+#endif
static inline __m128i
fBlaMka(__m128i x, __m128i y)
diff --git a/libs/libsodium/src/crypto_pwhash/argon2/pwhash_argon2i.c b/libs/libsodium/src/crypto_pwhash/argon2/pwhash_argon2i.c index e83a958e44..43b7a497bc 100644 --- a/libs/libsodium/src/crypto_pwhash/argon2/pwhash_argon2i.c +++ b/libs/libsodium/src/crypto_pwhash/argon2/pwhash_argon2i.c @@ -72,14 +72,14 @@ crypto_pwhash_argon2i_strprefix(void) return crypto_pwhash_argon2i_STRPREFIX;
}
-size_t
+unsigned long long
crypto_pwhash_argon2i_opslimit_min(void)
{
COMPILER_ASSERT(crypto_pwhash_argon2i_OPSLIMIT_MIN >= ARGON2_MIN_TIME);
return crypto_pwhash_argon2i_OPSLIMIT_MIN;
}
-size_t
+unsigned long long
crypto_pwhash_argon2i_opslimit_max(void)
{
COMPILER_ASSERT(crypto_pwhash_argon2i_OPSLIMIT_MAX <= ARGON2_MAX_TIME);
@@ -100,7 +100,7 @@ crypto_pwhash_argon2i_memlimit_max(void) return crypto_pwhash_argon2i_MEMLIMIT_MAX;
}
-size_t
+unsigned long long
crypto_pwhash_argon2i_opslimit_interactive(void)
{
return crypto_pwhash_argon2i_OPSLIMIT_INTERACTIVE;
@@ -112,7 +112,7 @@ crypto_pwhash_argon2i_memlimit_interactive(void) return crypto_pwhash_argon2i_MEMLIMIT_INTERACTIVE;
}
-size_t
+unsigned long long
crypto_pwhash_argon2i_opslimit_moderate(void)
{
return crypto_pwhash_argon2i_OPSLIMIT_MODERATE;
@@ -124,7 +124,7 @@ crypto_pwhash_argon2i_memlimit_moderate(void) return crypto_pwhash_argon2i_MEMLIMIT_MODERATE;
}
-size_t
+unsigned long long
crypto_pwhash_argon2i_opslimit_sensitive(void)
{
return crypto_pwhash_argon2i_OPSLIMIT_SENSITIVE;
@@ -163,6 +163,10 @@ crypto_pwhash_argon2i(unsigned char *const out, unsigned long long outlen, errno = EINVAL;
return -1;
}
+ if ((const void *) out == (const void *) passwd) {
+ errno = EINVAL;
+ return -1;
+ }
switch (alg) {
case crypto_pwhash_argon2i_ALG_ARGON2I13:
if (argon2i_hash_raw((uint32_t) opslimit, (uint32_t) (memlimit / 1024U),
@@ -210,8 +214,8 @@ crypto_pwhash_argon2i_str(char out[crypto_pwhash_argon2i_STRBYTES], }
int
-crypto_pwhash_argon2i_str_verify(const char str[crypto_pwhash_argon2i_STRBYTES],
- const char *const passwd,
+crypto_pwhash_argon2i_str_verify(const char * str,
+ const char * const passwd,
unsigned long long passwdlen)
{
int verify_ret;
@@ -261,7 +265,7 @@ _needs_rehash(const char *str, unsigned long long opslimit, size_t memlimit, ctx.outlen = ctx.pwdlen = ctx.saltlen = (uint32_t) fodder_len;
ctx.ad = ctx.secret = NULL;
ctx.adlen = ctx.secretlen = 0U;
- if (decode_string(&ctx, str, type) != 0) {
+ if (argon2_decode_string(&ctx, str, type) != 0) {
errno = EINVAL;
ret = -1;
} else if (ctx.t_cost != (uint32_t) opslimit ||
@@ -276,14 +280,14 @@ _needs_rehash(const char *str, unsigned long long opslimit, size_t memlimit, }
int
-crypto_pwhash_argon2i_str_needs_rehash(const char str[crypto_pwhash_argon2i_STRBYTES],
+crypto_pwhash_argon2i_str_needs_rehash(const char * str,
unsigned long long opslimit, size_t memlimit)
{
return _needs_rehash(str, opslimit, memlimit, Argon2_i);
}
int
-crypto_pwhash_argon2id_str_needs_rehash(const char str[crypto_pwhash_argon2id_STRBYTES],
+crypto_pwhash_argon2id_str_needs_rehash(const char * str,
unsigned long long opslimit, size_t memlimit)
{
return _needs_rehash(str, opslimit, memlimit, Argon2_id);
diff --git a/libs/libsodium/src/crypto_pwhash/argon2/pwhash_argon2id.c b/libs/libsodium/src/crypto_pwhash/argon2/pwhash_argon2id.c index 6105116c46..93e0ec2efc 100644 --- a/libs/libsodium/src/crypto_pwhash/argon2/pwhash_argon2id.c +++ b/libs/libsodium/src/crypto_pwhash/argon2/pwhash_argon2id.c @@ -68,14 +68,14 @@ crypto_pwhash_argon2id_strprefix(void) return crypto_pwhash_argon2id_STRPREFIX;
}
-size_t
+unsigned long long
crypto_pwhash_argon2id_opslimit_min(void)
{
COMPILER_ASSERT(crypto_pwhash_argon2id_OPSLIMIT_MIN >= ARGON2_MIN_TIME);
return crypto_pwhash_argon2id_OPSLIMIT_MIN;
}
-size_t
+unsigned long long
crypto_pwhash_argon2id_opslimit_max(void)
{
COMPILER_ASSERT(crypto_pwhash_argon2id_OPSLIMIT_MAX <= ARGON2_MAX_TIME);
@@ -96,7 +96,7 @@ crypto_pwhash_argon2id_memlimit_max(void) return crypto_pwhash_argon2id_MEMLIMIT_MAX;
}
-size_t
+unsigned long long
crypto_pwhash_argon2id_opslimit_interactive(void)
{
return crypto_pwhash_argon2id_OPSLIMIT_INTERACTIVE;
@@ -108,7 +108,7 @@ crypto_pwhash_argon2id_memlimit_interactive(void) return crypto_pwhash_argon2id_MEMLIMIT_INTERACTIVE;
}
-size_t
+unsigned long long
crypto_pwhash_argon2id_opslimit_moderate(void)
{
return crypto_pwhash_argon2id_OPSLIMIT_MODERATE;
@@ -120,7 +120,7 @@ crypto_pwhash_argon2id_memlimit_moderate(void) return crypto_pwhash_argon2id_MEMLIMIT_MODERATE;
}
-size_t
+unsigned long long
crypto_pwhash_argon2id_opslimit_sensitive(void)
{
return crypto_pwhash_argon2id_OPSLIMIT_SENSITIVE;
@@ -159,6 +159,10 @@ crypto_pwhash_argon2id(unsigned char *const out, unsigned long long outlen, errno = EINVAL;
return -1;
}
+ if ((const void *) out == (const void *) passwd) {
+ errno = EINVAL;
+ return -1;
+ }
switch (alg) {
case crypto_pwhash_argon2id_ALG_ARGON2ID13:
if (argon2id_hash_raw((uint32_t) opslimit, (uint32_t) (memlimit / 1024U),
@@ -206,8 +210,8 @@ crypto_pwhash_argon2id_str(char out[crypto_pwhash_argon2id_STRBYTES], }
int
-crypto_pwhash_argon2id_str_verify(const char str[crypto_pwhash_argon2id_STRBYTES],
- const char *const passwd,
+crypto_pwhash_argon2id_str_verify(const char * str,
+ const char * const passwd,
unsigned long long passwdlen)
{
int verify_ret;
|