diff options
author | NIIBE Yutaka <gniibe@fsij.org> | 2022-01-28 14:33:08 +0900 |
---|---|---|
committer | NIIBE Yutaka <gniibe@fsij.org> | 2022-01-28 14:33:08 +0900 |
commit | bd7ac530cf835d3f78cbc6ba1ff6c034cc526e02 (patch) | |
tree | f2661c661d2925ca661d779f8c9e71972da9f64c | |
parent | b5a049b0edd34d92d9b8a1bc1078bfed9a2d0815 (diff) | |
download | libgcrypt-bd7ac530cf835d3f78cbc6ba1ff6c034cc526e02.tar.gz |
kdf: Support ARGON2I and ARGON2ID.gniibe/t5797
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
-rw-r--r-- | cipher/kdf.c | 63 | ||||
-rw-r--r-- | tests/t-kdf.c | 6 |
2 files changed, 42 insertions, 27 deletions
diff --git a/cipher/kdf.c b/cipher/kdf.c index 9463d2ff..521bff0a 100644 --- a/cipher/kdf.c +++ b/cipher/kdf.c @@ -602,15 +602,6 @@ argon2_iterator (argon2_ctx_t a, int *action_p, return 0; } -static void -argon2_pseudo_rand_gen (argon2_ctx_t a, const struct argon2_thread_data *t, - u32 *random_index) -{ - (void)a; - (void)t; - (void)random_index; -} - static u64 fBlaMka (u64 x, u64 y) { const u64 m = U64_C(0xFFFFFFFF); @@ -656,7 +647,8 @@ fill_block (const u64 *prev_block, const u64 *ref_block, u64 *curr_block, int i; memcpy (block_r, ref_block, 1024); - xor_block (block_r, prev_block); + if (prev_block) + xor_block (block_r, prev_block); memcpy (block_tmp, block_r, 1024); if (with_xor) @@ -684,6 +676,18 @@ fill_block (const u64 *prev_block, const u64 *ref_block, u64 *curr_block, xor_block (curr_block, block_r); } +static void +pseudo_random_generate (u64 *random_block, u64 *input_block) +{ + u64 v; + + v = buf_get_le64 (&input_block[6]); + buf_put_le64 (&input_block[6], ++v); + + fill_block (NULL, input_block, random_block, 0); + fill_block (NULL, random_block, random_block, 0); +} + static u32 index_alpha (argon2_ctx_t a, const struct argon2_thread_data *t, int segment_index, u32 random, int same_lane) @@ -734,22 +738,32 @@ static gpg_err_code_t argon2_compute_segment (argon2_ctx_t a, const struct argon2_thread_data *t) { gpg_err_code_t ec = 0; - u32 *random_index = NULL; int i; int prev_offset, curr_offset; u32 ref_index, ref_lane; + u64 input_block[1024/sizeof (u64)]; + u64 address_block[1024/sizeof (u64)]; + u64 *random_block = NULL; if (a->hash_type == GCRY_KDF_ARGON2I || (a->hash_type == GCRY_KDF_ARGON2ID && t->pass == 0 && t->slice < 2)) { - random_index = xtrymalloc (2*sizeof (u32)*a->segment_length); - if (!random_index) - return gpg_err_code_from_errno (errno); - argon2_pseudo_rand_gen (a, t, random_index); + memset (input_block, 0, 1024); + buf_put_le64 ((unsigned char *)input_block+0*8, t->pass); + buf_put_le64 ((unsigned char *)input_block+1*8, t->lane); + buf_put_le64 ((unsigned char *)input_block+2*8, t->slice); + buf_put_le64 ((unsigned char *)input_block+3*8, a->memory_blocks); + buf_put_le64 ((unsigned char *)input_block+4*8, a->passes); + buf_put_le64 ((unsigned char *)input_block+5*8, a->hash_type); + random_block = address_block; } if (t->pass == 0 && t->slice == 0) - i = 2; + { + if (random_block) + pseudo_random_generate (random_block, input_block); + i = 2; + } else i = 0; @@ -761,26 +775,28 @@ argon2_compute_segment (argon2_ctx_t a, const struct argon2_thread_data *t) for (; i < a->segment_length; i++, curr_offset++, prev_offset++) { - void *pseudo_rand; + void *rand64_p; u64 *ref_block, *curr_block; if ((curr_offset % a->lane_length) == 1) prev_offset = curr_offset - 1; - if (random_index) + if (random_block) { - /* not yet implemented */ - pseudo_rand = &a->block[prev_offset*ARGON2_WORDS_IN_BLOCK]; + if ((i % (1024/sizeof (u64))) == 0) + pseudo_random_generate (random_block, input_block); + + rand64_p = &random_block[(i% (1024/sizeof (u64)))]; } else - pseudo_rand = &a->block[prev_offset*ARGON2_WORDS_IN_BLOCK]; + rand64_p = &a->block[prev_offset*ARGON2_WORDS_IN_BLOCK]; if (t->pass == 0 && t->slice == 0) ref_lane = t->lane; else - ref_lane = buf_get_le32 ((unsigned char *)pseudo_rand+4) % a->lanes; + ref_lane = buf_get_le32 ((unsigned char *)rand64_p+4) % a->lanes; - ref_index = index_alpha (a, t, i, buf_get_le32 (pseudo_rand), + ref_index = index_alpha (a, t, i, buf_get_le32 (rand64_p), ref_lane == t->lane); ref_block = &a->block[(a->lane_length * ref_lane + ref_index)* ARGON2_WORDS_IN_BLOCK]; @@ -790,7 +806,6 @@ argon2_compute_segment (argon2_ctx_t a, const struct argon2_thread_data *t) curr_block, t->pass != 0); } - xfree (random_index); return ec; } diff --git a/tests/t-kdf.c b/tests/t-kdf.c index 7963b36d..2aa3b5fb 100644 --- a/tests/t-kdf.c +++ b/tests/t-kdf.c @@ -1376,7 +1376,7 @@ check_argon2 (void) const unsigned char ad[12] = { 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4, 4 }; unsigned char out[32]; unsigned char expected[32] = { -#if 1 +#if 0 0x51, 0x2b, 0x39, 0x1b, 0x6f, 0x11, 0x62, 0x97, 0x53, 0x71, 0xd3, 0x09, 0x19, 0x73, 0x42, 0x94, 0xf8, 0x68, 0xe3, 0xbe, 0x39, 0x84, 0xf3, 0xc1, @@ -1396,7 +1396,7 @@ check_argon2 (void) int i; err = my_kdf_derive (0, - GCRY_KDF_ARGON2, GCRY_KDF_ARGON2D, param, 4, + GCRY_KDF_ARGON2, GCRY_KDF_ARGON2ID, param, 4, pass, 32, salt, 16, key, 8, ad, 12, 32, out); if (err) @@ -1412,7 +1412,7 @@ check_argon2 (void) #ifdef HAVE_PTHREAD err = my_kdf_derive (1, - GCRY_KDF_ARGON2, GCRY_KDF_ARGON2D, param, 5, + GCRY_KDF_ARGON2, GCRY_KDF_ARGON2ID, param, 5, pass, 32, salt, 16, key, 8, ad, 12, 32, out); if (err) |