1 /* 2 * Argon2 reference source code package - reference C implementations 3 * 4 * Copyright 2015 5 * Daniel Dinu, Dmitry Khovratovich, Jean-Philippe Aumasson, and Samuel Neves 6 * 7 * You may use this work under the terms of a Creative Commons CC0 1.0 8 * License/Waiver or the Apache Public License 2.0, at your option. The terms of 9 * these licenses can be found at: 10 * 11 * - CC0 1.0 Universal : http://creativecommons.org/publicdomain/zero/1.0 12 * - Apache 2.0 : http://www.apache.org/licenses/LICENSE-2.0 13 * 14 * You should have received a copy of both of these licenses along with this 15 * software. If not, they may be obtained at the above URLs. 16 */ 17 18 #ifndef ARGON2_H 19 #define ARGON2_H 20 21 #include <stdint.h> 22 #include <stddef.h> 23 #include <limits.h> 24 25 #if defined(__cplusplus) 26 extern "C" { 27 #endif 28 29 /* Symbols visibility control */ 30 #ifdef A2_VISCTL 31 #define ARGON2_PUBLIC __attribute__((visibility("default"))) 32 #elif _MSC_VER 33 #define ARGON2_PUBLIC __declspec(dllexport) 34 #else 35 #define ARGON2_PUBLIC 36 #endif 37 38 /* 39 * Argon2 input parameter restrictions 40 */ 41 42 /* Minimum and maximum number of lanes (degree of parallelism) */ 43 #define ARGON2_MIN_LANES UINT32_C(1) 44 #define ARGON2_MAX_LANES UINT32_C(0xFFFFFF) 45 46 /* Minimum and maximum number of threads */ 47 #define ARGON2_MIN_THREADS UINT32_C(1) 48 #define ARGON2_MAX_THREADS UINT32_C(0xFFFFFF) 49 50 /* Number of synchronization points between lanes per pass */ 51 #define ARGON2_SYNC_POINTS UINT32_C(4) 52 53 /* Minimum and maximum digest size in bytes */ 54 #define ARGON2_MIN_OUTLEN UINT32_C(4) 55 #define ARGON2_MAX_OUTLEN UINT32_C(0xFFFFFFFF) 56 57 /* Minimum and maximum number of memory blocks (each of BLOCK_SIZE bytes) */ 58 #define ARGON2_MIN_MEMORY (2 * ARGON2_SYNC_POINTS) /* 2 blocks per slice */ 59 60 #define ARGON2_MIN(a, b) ((a) < (b) ? (a) : (b)) 61 /* Max memory size is addressing-space/2, topping at 2^32 blocks (4 TB) */ 62 #define ARGON2_MAX_MEMORY_BITS \ 63 ARGON2_MIN(UINT32_C(32), (sizeof(void *) * CHAR_BIT - 10 - 1)) 64 #define ARGON2_MAX_MEMORY \ 65 ARGON2_MIN(UINT32_C(0xFFFFFFFF), UINT64_C(1) << ARGON2_MAX_MEMORY_BITS) 66 67 /* Minimum and maximum number of passes */ 68 #define ARGON2_MIN_TIME UINT32_C(1) 69 #define ARGON2_MAX_TIME UINT32_C(0xFFFFFFFF) 70 71 /* Minimum and maximum password length in bytes */ 72 #define ARGON2_MIN_PWD_LENGTH UINT32_C(0) 73 #define ARGON2_MAX_PWD_LENGTH UINT32_C(0xFFFFFFFF) 74 75 /* Minimum and maximum associated data length in bytes */ 76 #define ARGON2_MIN_AD_LENGTH UINT32_C(0) 77 #define ARGON2_MAX_AD_LENGTH UINT32_C(0xFFFFFFFF) 78 79 /* Minimum and maximum salt length in bytes */ 80 #define ARGON2_MIN_SALT_LENGTH UINT32_C(8) 81 #define ARGON2_MAX_SALT_LENGTH UINT32_C(0xFFFFFFFF) 82 83 /* Minimum and maximum key length in bytes */ 84 #define ARGON2_MIN_SECRET UINT32_C(0) 85 #define ARGON2_MAX_SECRET UINT32_C(0xFFFFFFFF) 86 87 /* Flags to determine which fields are securely wiped (default = no wipe). */ 88 #define ARGON2_DEFAULT_FLAGS UINT32_C(0) 89 #define ARGON2_FLAG_CLEAR_PASSWORD (UINT32_C(1) << 0) 90 #define ARGON2_FLAG_CLEAR_SECRET (UINT32_C(1) << 1) 91 92 /* Global flag to determine if we are wiping internal memory buffers. This flag 93 * is defined in core.c and deafults to 1 (wipe internal memory). */ 94 //extern int FLAG_clear_internal_memory; 95 96 /* Error codes */ 97 typedef enum Argon2_ErrorCodes { 98 ARGON2_OK = 0, 99 100 ARGON2_OUTPUT_PTR_NULL = -1, 101 102 ARGON2_OUTPUT_TOO_SHORT = -2, 103 ARGON2_OUTPUT_TOO_LONG = -3, 104 105 ARGON2_PWD_TOO_SHORT = -4, 106 ARGON2_PWD_TOO_LONG = -5, 107 108 ARGON2_SALT_TOO_SHORT = -6, 109 ARGON2_SALT_TOO_LONG = -7, 110 111 ARGON2_AD_TOO_SHORT = -8, 112 ARGON2_AD_TOO_LONG = -9, 113 114 ARGON2_SECRET_TOO_SHORT = -10, 115 ARGON2_SECRET_TOO_LONG = -11, 116 117 ARGON2_TIME_TOO_SMALL = -12, 118 ARGON2_TIME_TOO_LARGE = -13, 119 120 ARGON2_MEMORY_TOO_LITTLE = -14, 121 ARGON2_MEMORY_TOO_MUCH = -15, 122 123 ARGON2_LANES_TOO_FEW = -16, 124 ARGON2_LANES_TOO_MANY = -17, 125 126 ARGON2_PWD_PTR_MISMATCH = -18, /* NULL ptr with non-zero length */ 127 ARGON2_SALT_PTR_MISMATCH = -19, /* NULL ptr with non-zero length */ 128 ARGON2_SECRET_PTR_MISMATCH = -20, /* NULL ptr with non-zero length */ 129 ARGON2_AD_PTR_MISMATCH = -21, /* NULL ptr with non-zero length */ 130 131 ARGON2_MEMORY_ALLOCATION_ERROR = -22, 132 133 ARGON2_FREE_MEMORY_CBK_NULL = -23, 134 ARGON2_ALLOCATE_MEMORY_CBK_NULL = -24, 135 136 ARGON2_INCORRECT_PARAMETER = -25, 137 ARGON2_INCORRECT_TYPE = -26, 138 139 ARGON2_OUT_PTR_MISMATCH = -27, 140 141 ARGON2_THREADS_TOO_FEW = -28, 142 ARGON2_THREADS_TOO_MANY = -29, 143 144 ARGON2_MISSING_ARGS = -30, 145 146 ARGON2_ENCODING_FAIL = -31, 147 148 ARGON2_DECODING_FAIL = -32, 149 150 ARGON2_THREAD_FAIL = -33, 151 152 ARGON2_DECODING_LENGTH_FAIL = -34, 153 154 ARGON2_VERIFY_MISMATCH = -35 155 } argon2_error_codes; 156 157 /* Memory allocator types --- for external allocation */ 158 typedef int (*allocate_fptr)(uint8_t **memory, size_t bytes_to_allocate); 159 typedef void (*deallocate_fptr)(uint8_t *memory, size_t bytes_to_allocate); 160 161 /* Argon2 external data structures */ 162 163 /* 164 ***** 165 * Context: structure to hold Argon2 inputs: 166 * output array and its length, 167 * password and its length, 168 * salt and its length, 169 * secret and its length, 170 * associated data and its length, 171 * number of passes, amount of used memory (in KBytes, can be rounded up a bit) 172 * number of parallel threads that will be run. 173 * All the parameters above affect the output hash value. 174 * Additionally, two function pointers can be provided to allocate and 175 * deallocate the memory (if NULL, memory will be allocated internally). 176 * Also, three flags indicate whether to erase password, secret as soon as they 177 * are pre-hashed (and thus not needed anymore), and the entire memory 178 ***** 179 * Simplest situation: you have output array out[8], password is stored in 180 * pwd[32], salt is stored in salt[16], you do not have keys nor associated 181 * data. You need to spend 1 GB of RAM and you run 5 passes of Argon2d with 182 * 4 parallel lanes. 183 * You want to erase the password, but you're OK with last pass not being 184 * erased. You want to use the default memory allocator. 185 * Then you initialize: 186 Argon2_Context(out,8,pwd,32,salt,16,NULL,0,NULL,0,5,1<<20,4,4,NULL,NULL,true,false,false,false) 187 */ 188 typedef struct Argon2_Context { 189 uint8_t *out; /* output array */ 190 uint32_t outlen; /* digest length */ 191 192 uint8_t *pwd; /* password array */ 193 uint32_t pwdlen; /* password length */ 194 195 uint8_t *salt; /* salt array */ 196 uint32_t saltlen; /* salt length */ 197 198 uint8_t *secret; /* key array */ 199 uint32_t secretlen; /* key length */ 200 201 uint8_t *ad; /* associated data array */ 202 uint32_t adlen; /* associated data length */ 203 204 uint32_t t_cost; /* number of passes */ 205 uint32_t m_cost; /* amount of memory requested (KB) */ 206 uint32_t lanes; /* number of lanes */ 207 uint32_t threads; /* maximum number of threads */ 208 209 uint32_t version; /* version number */ 210 211 allocate_fptr allocate_cbk; /* pointer to memory allocator */ 212 deallocate_fptr free_cbk; /* pointer to memory deallocator */ 213 214 uint32_t flags; /* array of bool options */ 215 } argon2_context; 216 217 /* Argon2 primitive type */ 218 typedef enum Argon2_type { 219 Argon2_d = 0, 220 Argon2_i = 1, 221 Argon2_id = 2 222 } argon2_type; 223 224 /* Version of the algorithm */ 225 typedef enum Argon2_version { 226 ARGON2_VERSION_10 = 0x10, 227 ARGON2_VERSION_13 = 0x13, 228 ARGON2_VERSION_NUMBER = ARGON2_VERSION_13 229 } argon2_version; 230 231 /* 232 * Function that performs memory-hard hashing with certain degree of parallelism 233 * @param context Pointer to the Argon2 internal structure 234 * @return Error code if smth is wrong, ARGON2_OK otherwise 235 */ 236 ARGON2_PUBLIC int cryptonite_argon2_ctx(argon2_context *context, argon2_type type); 237 238 /** 239 * Hashes a password with Argon2i, producing a raw hash by allocating memory at 240 * @hash 241 * @param t_cost Number of iterations 242 * @param m_cost Sets memory usage to m_cost kibibytes 243 * @param parallelism Number of threads and compute lanes 244 * @param pwd Pointer to password 245 * @param pwdlen Password size in bytes 246 * @param salt Pointer to salt 247 * @param saltlen Salt size in bytes 248 * @param hash Buffer where to write the raw hash - updated by the function 249 * @param hashlen Desired length of the hash in bytes 250 * @pre Different parallelism levels will give different results 251 * @pre Returns ARGON2_OK if successful 252 */ 253 254 /* generic function underlying the above ones */ 255 ARGON2_PUBLIC int cryptonite_argon2_hash(const uint32_t t_cost, const uint32_t m_cost, 256 const uint32_t parallelism, const void *pwd, 257 const size_t pwdlen, const void *salt, 258 const size_t saltlen, void *hash, 259 const size_t hashlen, argon2_type type, 260 const uint32_t version); 261 262 263 #if defined(__cplusplus) 264 } 265 #endif 266 267 #endif 268