1 /*
2  * Argon2 reference source code package - reference C implementations
3  *
4  * Copyright 2015
5  * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves
6  *
7  * You may use this work under the terms of a Creative Commons CC0 1.0
8  * License/Waiver or the Apache Public License 2.0, at your option. The terms of
9  * these licenses can be found at:
10  *
11  * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0
12  * - Apache 2.0        : http://www.apache.org/licenses/LICENSE-2.0
13  *
14  * You should have received a copy of both of these licenses along with this
15  * software. If not, they may be obtained at the above URLs.
16  */
17 
18 #ifndef ARGON2_H
19 #define ARGON2_H
20 
21 #include <stdint.h>
22 #include <stddef.h>
23 #include <limits.h>
24 
25 #if defined(__cplusplus)
26 extern "C" {
27 #endif
28 
29 /* Symbols visibility control */
30 #ifdef A2_VISCTL
31 #define ARGON2_PUBLIC __attribute__((visibility("default")))
32 #elif _MSC_VER
33 #define ARGON2_PUBLIC __declspec(dllexport)
34 #else
35 #define ARGON2_PUBLIC
36 #endif
37 
38 /*
39  * Argon2 input parameter restrictions
40  */
41 
42 /* Minimum and maximum number of lanes (degree of parallelism) */
43 #define ARGON2_MIN_LANES UINT32_C(1)
44 #define ARGON2_MAX_LANES UINT32_C(0xFFFFFF)
45 
46 /* Minimum and maximum number of threads */
47 #define ARGON2_MIN_THREADS UINT32_C(1)
48 #define ARGON2_MAX_THREADS UINT32_C(0xFFFFFF)
49 
50 /* Number of synchronization points between lanes per pass */
51 #define ARGON2_SYNC_POINTS UINT32_C(4)
52 
53 /* Minimum and maximum digest size in bytes */
54 #define ARGON2_MIN_OUTLEN UINT32_C(4)
55 #define ARGON2_MAX_OUTLEN UINT32_C(0xFFFFFFFF)
56 
57 /* Minimum and maximum number of memory blocks (each of BLOCK_SIZE bytes) */
58 #define ARGON2_MIN_MEMORY (2 * ARGON2_SYNC_POINTS) /* 2 blocks per slice */
59 
60 #define ARGON2_MIN(a, b) ((a) < (b) ? (a) : (b))
61 /* Max memory size is addressing-space/2, topping at 2^32 blocks (4 TB) */
62 #define ARGON2_MAX_MEMORY_BITS                                                 \
63     ARGON2_MIN(UINT32_C(32), (sizeof(void *) * CHAR_BIT - 10 - 1))
64 #define ARGON2_MAX_MEMORY                                                      \
65     ARGON2_MIN(UINT32_C(0xFFFFFFFF), UINT64_C(1) << ARGON2_MAX_MEMORY_BITS)
66 
67 /* Minimum and maximum number of passes */
68 #define ARGON2_MIN_TIME UINT32_C(1)
69 #define ARGON2_MAX_TIME UINT32_C(0xFFFFFFFF)
70 
71 /* Minimum and maximum password length in bytes */
72 #define ARGON2_MIN_PWD_LENGTH UINT32_C(0)
73 #define ARGON2_MAX_PWD_LENGTH UINT32_C(0xFFFFFFFF)
74 
75 /* Minimum and maximum associated data length in bytes */
76 #define ARGON2_MIN_AD_LENGTH UINT32_C(0)
77 #define ARGON2_MAX_AD_LENGTH UINT32_C(0xFFFFFFFF)
78 
79 /* Minimum and maximum salt length in bytes */
80 #define ARGON2_MIN_SALT_LENGTH UINT32_C(8)
81 #define ARGON2_MAX_SALT_LENGTH UINT32_C(0xFFFFFFFF)
82 
83 /* Minimum and maximum key length in bytes */
84 #define ARGON2_MIN_SECRET UINT32_C(0)
85 #define ARGON2_MAX_SECRET UINT32_C(0xFFFFFFFF)
86 
87 /* Flags to determine which fields are securely wiped (default = no wipe). */
88 #define ARGON2_DEFAULT_FLAGS UINT32_C(0)
89 #define ARGON2_FLAG_CLEAR_PASSWORD (UINT32_C(1) << 0)
90 #define ARGON2_FLAG_CLEAR_SECRET (UINT32_C(1) << 1)
91 
92 /* Global flag to determine if we are wiping internal memory buffers. This flag
93  * is defined in core.c and deafults to 1 (wipe internal memory). */
94 //extern int FLAG_clear_internal_memory;
95 
96 /* Error codes */
97 typedef enum Argon2_ErrorCodes {
98     ARGON2_OK = 0,
99 
100     ARGON2_OUTPUT_PTR_NULL = -1,
101 
102     ARGON2_OUTPUT_TOO_SHORT = -2,
103     ARGON2_OUTPUT_TOO_LONG = -3,
104 
105     ARGON2_PWD_TOO_SHORT = -4,
106     ARGON2_PWD_TOO_LONG = -5,
107 
108     ARGON2_SALT_TOO_SHORT = -6,
109     ARGON2_SALT_TOO_LONG = -7,
110 
111     ARGON2_AD_TOO_SHORT = -8,
112     ARGON2_AD_TOO_LONG = -9,
113 
114     ARGON2_SECRET_TOO_SHORT = -10,
115     ARGON2_SECRET_TOO_LONG = -11,
116 
117     ARGON2_TIME_TOO_SMALL = -12,
118     ARGON2_TIME_TOO_LARGE = -13,
119 
120     ARGON2_MEMORY_TOO_LITTLE = -14,
121     ARGON2_MEMORY_TOO_MUCH = -15,
122 
123     ARGON2_LANES_TOO_FEW = -16,
124     ARGON2_LANES_TOO_MANY = -17,
125 
126     ARGON2_PWD_PTR_MISMATCH = -18,    /* NULL ptr with non-zero length */
127     ARGON2_SALT_PTR_MISMATCH = -19,   /* NULL ptr with non-zero length */
128     ARGON2_SECRET_PTR_MISMATCH = -20, /* NULL ptr with non-zero length */
129     ARGON2_AD_PTR_MISMATCH = -21,     /* NULL ptr with non-zero length */
130 
131     ARGON2_MEMORY_ALLOCATION_ERROR = -22,
132 
133     ARGON2_FREE_MEMORY_CBK_NULL = -23,
134     ARGON2_ALLOCATE_MEMORY_CBK_NULL = -24,
135 
136     ARGON2_INCORRECT_PARAMETER = -25,
137     ARGON2_INCORRECT_TYPE = -26,
138 
139     ARGON2_OUT_PTR_MISMATCH = -27,
140 
141     ARGON2_THREADS_TOO_FEW = -28,
142     ARGON2_THREADS_TOO_MANY = -29,
143 
144     ARGON2_MISSING_ARGS = -30,
145 
146     ARGON2_ENCODING_FAIL = -31,
147 
148     ARGON2_DECODING_FAIL = -32,
149 
150     ARGON2_THREAD_FAIL = -33,
151 
152     ARGON2_DECODING_LENGTH_FAIL = -34,
153 
154     ARGON2_VERIFY_MISMATCH = -35
155 } argon2_error_codes;
156 
157 /* Memory allocator types --- for external allocation */
158 typedef int (*allocate_fptr)(uint8_t **memory, size_t bytes_to_allocate);
159 typedef void (*deallocate_fptr)(uint8_t *memory, size_t bytes_to_allocate);
160 
161 /* Argon2 external data structures */
162 
163 /*
164  *****
165  * Context: structure to hold Argon2 inputs:
166  *  output array and its length,
167  *  password and its length,
168  *  salt and its length,
169  *  secret and its length,
170  *  associated data and its length,
171  *  number of passes, amount of used memory (in KBytes, can be rounded up a bit)
172  *  number of parallel threads that will be run.
173  * All the parameters above affect the output hash value.
174  * Additionally, two function pointers can be provided to allocate and
175  * deallocate the memory (if NULL, memory will be allocated internally).
176  * Also, three flags indicate whether to erase password, secret as soon as they
177  * are pre-hashed (and thus not needed anymore), and the entire memory
178  *****
179  * Simplest situation: you have output array out[8], password is stored in
180  * pwd[32], salt is stored in salt[16], you do not have keys nor associated
181  * data. You need to spend 1 GB of RAM and you run 5 passes of Argon2d with
182  * 4 parallel lanes.
183  * You want to erase the password, but you're OK with last pass not being
184  * erased. You want to use the default memory allocator.
185  * Then you initialize:
186  Argon2_Context(out,8,pwd,32,salt,16,NULL,0,NULL,0,5,1<<20,4,4,NULL,NULL,true,false,false,false)
187  */
188 typedef struct Argon2_Context {
189     uint8_t *out;    /* output array */
190     uint32_t outlen; /* digest length */
191 
192     uint8_t *pwd;    /* password array */
193     uint32_t pwdlen; /* password length */
194 
195     uint8_t *salt;    /* salt array */
196     uint32_t saltlen; /* salt length */
197 
198     uint8_t *secret;    /* key array */
199     uint32_t secretlen; /* key length */
200 
201     uint8_t *ad;    /* associated data array */
202     uint32_t adlen; /* associated data length */
203 
204     uint32_t t_cost;  /* number of passes */
205     uint32_t m_cost;  /* amount of memory requested (KB) */
206     uint32_t lanes;   /* number of lanes */
207     uint32_t threads; /* maximum number of threads */
208 
209     uint32_t version; /* version number */
210 
211     allocate_fptr allocate_cbk; /* pointer to memory allocator */
212     deallocate_fptr free_cbk;   /* pointer to memory deallocator */
213 
214     uint32_t flags; /* array of bool options */
215 } argon2_context;
216 
217 /* Argon2 primitive type */
218 typedef enum Argon2_type {
219   Argon2_d = 0,
220   Argon2_i = 1,
221   Argon2_id = 2
222 } argon2_type;
223 
224 /* Version of the algorithm */
225 typedef enum Argon2_version {
226     ARGON2_VERSION_10 = 0x10,
227     ARGON2_VERSION_13 = 0x13,
228     ARGON2_VERSION_NUMBER = ARGON2_VERSION_13
229 } argon2_version;
230 
231 /*
232  * Function that performs memory-hard hashing with certain degree of parallelism
233  * @param  context  Pointer to the Argon2 internal structure
234  * @return Error code if smth is wrong, ARGON2_OK otherwise
235  */
236 ARGON2_PUBLIC int cryptonite_argon2_ctx(argon2_context *context, argon2_type type);
237 
238 /**
239  * Hashes a password with Argon2i, producing a raw hash by allocating memory at
240  * @hash
241  * @param t_cost Number of iterations
242  * @param m_cost Sets memory usage to m_cost kibibytes
243  * @param parallelism Number of threads and compute lanes
244  * @param pwd Pointer to password
245  * @param pwdlen Password size in bytes
246  * @param salt Pointer to salt
247  * @param saltlen Salt size in bytes
248  * @param hash Buffer where to write the raw hash - updated by the function
249  * @param hashlen Desired length of the hash in bytes
250  * @pre   Different parallelism levels will give different results
251  * @pre   Returns ARGON2_OK if successful
252  */
253 
254 /* generic function underlying the above ones */
255 ARGON2_PUBLIC int cryptonite_argon2_hash(const uint32_t t_cost, const uint32_t m_cost,
256                               const uint32_t parallelism, const void *pwd,
257                               const size_t pwdlen, const void *salt,
258                               const size_t saltlen, void *hash,
259                               const size_t hashlen, argon2_type type,
260                               const uint32_t version);
261 
262 
263 #if defined(__cplusplus)
264 }
265 #endif
266 
267 #endif
268