cipher: Add new API for modern KDF function.

* cipher/kdf.c (hash, argon2_genh0_first_blocks): New for Argon2.
(argon2_init, argon2_ctl, argon2_iterator): Likewise.
(argon2_compute_row, argon2_final, argon2_close): Likewise.
(argon2_open): Likewise.
(balloon_open): New for Balloon.
(_gcry_kdf_open, _gcry_kdf_ctl, _gcry_kdf_iterator): Add new API.
(_gcry_kdf_compute_row, _gcry_kdf_final, _gcry_kdf_close): Likewise.
* src/gcrypt-int.h: Add declarations for new API.
* src/gcrypt.h.in: Likewise.
(enum gcry_kdf_algos): Add GCRY_KDF_ARGON2 and GCRY_KDF_BALLOON.
(enum gcry_kdf_subalgo_argon2): Add GCRY_KDF_ARGON2D,
GCRY_KDF_ARGON2I, and GCRY_KDF_ARGON2ID.
* src/libgcrypt.def, src/libgcrypt.vers: Update.
* src/visibility.h: Likewise.
* src/visibility.c: Add new API.
* tests/Makefile.am (t_kdf_LDADD, t_kdf_CFLAGS): Enable use of pthread.
* tests/t-kdf.c (check_argon2): New, not enabled yet.

--

New API has been added, decoupling thread support.  Implementation of
Argon2 is on-going.  Test is not enabled yet.

GnuPG-bug-id: 5797
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

6 files changed, 118 insertions, 9 deletions

diff --git a/src/gcrypt-int.h b/src/gcrypt-int.h
index 62e8b699..af7e2e26 100644
--- a/src/gcrypt-int.h
+++ b/src/gcrypt-int.h
@@ -140,9 +140,9 @@ gpg_err_code_t _gcry_md_extract (gcry_md_hd_t hd, int algo, void *buffer,
 void _gcry_md_hash_buffer (int algo, void *digest,
                            const void *buffer, size_t length);
 gpg_err_code_t _gcry_md_hash_buffers_extract (int algo, unsigned int flags,
-					      void *digest, int digestlen,
-					      const gcry_buffer_t *iov,
-					      int iovcnt);
+                                              void *digest, int digestlen,
+                                              const gcry_buffer_t *iov,
+                                              int iovcnt);
 gpg_err_code_t _gcry_md_hash_buffers (int algo, unsigned int flags,
                                       void *digest,
                                       const gcry_buffer_t *iov, int iovcnt);
@@ -207,6 +207,19 @@ gpg_err_code_t _gcry_kdf_derive (const void *passphrase, size_t passphraselen,
                                  unsigned long iterations,
                                  size_t keysize, void *keybuffer);
 
+gpg_err_code_t _gcry_kdf_open (gcry_kdf_hd_t *hd, int algo, int subalgo,
+                               const unsigned long *param, unsigned int paramlen,
+                               const void *passphrase, size_t passphraselen,
+                               const void *salt, size_t saltlen,
+                               const void *key, size_t keylen,
+                               const void *ad, size_t adlen);
+gpg_err_code_t _gcry_kdf_ctl (gcry_kdf_hd_t h, int cmd, void *buffer,
+                              size_t buflen);
+gpg_err_code_t _gcry_kdf_iterator (gcry_kdf_hd_t h, int *action, void **arg_p);
+gpg_err_code_t _gcry_kdf_compute_row (gcry_kdf_hd_t h, void *arg);
+gpg_err_code_t _gcry_kdf_final (gcry_kdf_hd_t h, size_t resultlen, void *result);
+void _gcry_kdf_close (gcry_kdf_hd_t h);
+
 
 gpg_err_code_t _gcry_prime_generate (gcry_mpi_t *prime,
                                      unsigned int prime_bits,
diff --git a/src/gcrypt.h.in b/src/gcrypt.h.in
index 6376b446..ea771db7 100644
--- a/src/gcrypt.h.in
+++ b/src/gcrypt.h.in
@@ -118,7 +118,7 @@ extern "C" {
 #ifdef _GCRYPT_IN_LIBGCRYPT
 #define _GCRY_ATTR_INTERNAL
 #else
-#define _GCRY_ATTR_INTERNAL	_GCRY_GCC_ATTR_DEPRECATED
+#define _GCRY_ATTR_INTERNAL     _GCRY_GCC_ATTR_DEPRECATED
 #endif
 
 /* Wrappers for the libgpg-error library.  */
@@ -383,7 +383,7 @@ gcry_error_t gcry_sexp_build (gcry_sexp_t *retsexp, size_t *erroff,
 /* Like gcry_sexp_build, but uses an array instead of variable
    function arguments.  */
 gcry_error_t gcry_sexp_build_array (gcry_sexp_t *retsexp, size_t *erroff,
-				    const char *format, void **arg_list);
+                                    const char *format, void **arg_list);
 
 /* Release the S-expression object SEXP */
 void gcry_sexp_release (gcry_sexp_t sexp);
@@ -1591,7 +1591,16 @@ enum gcry_kdf_algos
     GCRY_KDF_ITERSALTED_S2K = 19,
     GCRY_KDF_PBKDF1 = 33,
     GCRY_KDF_PBKDF2 = 34,
-    GCRY_KDF_SCRYPT = 48
+    GCRY_KDF_SCRYPT = 48,
+    GCRY_KDF_ARGON2   = 64,
+    GCRY_KDF_BALLOON  = 65
+  };
+
+enum gcry_kdf_subalgo_argon2
+  {
+    GCRY_KDF_ARGON2D  = 0,
+    GCRY_KDF_ARGON2I  = 1,
+    GCRY_KDF_ARGON2ID = 2
   };
 
 /* Derive a key from a passphrase.  */
@@ -1601,8 +1610,20 @@ gpg_error_t gcry_kdf_derive (const void *passphrase, size_t passphraselen,
                              unsigned long iterations,
                              size_t keysize, void *keybuffer);
 
-
-
+/* Another API to derive a key from a passphrase.  */
+typedef struct gcry_kdf_handle *gcry_kdf_hd_t;
+gcry_error_t gcry_kdf_open (gcry_kdf_hd_t *hd, int algo, int subalgo,
+                            const unsigned long *param, unsigned int paramlen,
+                            const void *passphrase, size_t passphraselen,
+                            const void *salt, size_t saltlen,
+                            const void *key, size_t keylen,
+                            const void *ad, size_t adlen);
+gcry_error_t gcry_kdf_ctl (gcry_kdf_hd_t h, int cmd, void *buffer,
+                           size_t buflen);
+gcry_error_t gcry_kdf_iterator (gcry_kdf_hd_t h, int *action_p, void **arg_p);
+gcry_error_t gcry_kdf_compute_row (gcry_kdf_hd_t h, void *arg);
+gcry_error_t gcry_kdf_final (gcry_kdf_hd_t h, size_t resultlen, void *result);
+void gcry_kdf_close (gcry_kdf_hd_t h);
 
 /************************************
  *                                  *
diff --git a/src/libgcrypt.def b/src/libgcrypt.def
index bd2f076b..1996481f 100644
--- a/src/libgcrypt.def
+++ b/src/libgcrypt.def
@@ -293,4 +293,11 @@ EXPORTS
       gcry_pk_hash_verify       @256
       gcry_pk_random_override_new @257
 
+      gcry_kdf_open             @258
+      gcry_kdf_ctl              @259
+      gcry_kdf_iterator         @260
+      gcry_kdf_compute_row      @261
+      gcry_kdf_final            @262
+      gcry_kdf_close            @263
+
 ;; end of file with public symbols for Windows.
diff --git a/src/libgcrypt.vers b/src/libgcrypt.vers
index 8fd89779..2b81caea 100644
--- a/src/libgcrypt.vers
+++ b/src/libgcrypt.vers
@@ -123,6 +123,9 @@ GCRYPT_1.6 {
     gcry_ctx_release;
 
     gcry_pk_hash_sign; gcry_pk_hash_verify; gcry_pk_random_override_new;
+
+    gcry_kdf_open; gcry_kdf_ctl; gcry_kdf_iterator;
+    gcry_kdf_compute_row; gcry_kdf_final; gcry_kdf_close;
   local:
     *;
 
diff --git a/src/visibility.c b/src/visibility.c
index 563d3f3b..d7f71254 100644
--- a/src/visibility.c
+++ b/src/visibility.c
@@ -923,7 +923,7 @@ gcry_mac_get_algo_keylen (int algo)
 
 gcry_error_t
 gcry_mac_open (gcry_mac_hd_t *handle, int algo, unsigned int flags,
-	       gcry_ctx_t ctx)
+               gcry_ctx_t ctx)
 {
   if (!fips_is_operational ())
     {
@@ -1359,6 +1359,59 @@ gcry_kdf_derive (const void *passphrase, size_t passphraselen,
                                       keysize, keybuffer));
 }
 
+gpg_error_t
+gcry_kdf_open (gcry_kdf_hd_t *hd, int algo, int subalgo,
+               const unsigned long *param, unsigned int paramlen,
+               const void *passphrase, size_t passphraselen,
+               const void *salt, size_t saltlen,
+               const void *key, size_t keylen,
+               const void *ad, size_t adlen)
+{
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+  return gpg_error (_gcry_kdf_open (hd, algo, subalgo, param, paramlen,
+                                    passphrase, passphraselen, salt, saltlen,
+                                    key, keylen, ad, adlen));
+}
+
+gcry_error_t
+gcry_kdf_ctl (gcry_kdf_hd_t h, int cmd, void *buffer, size_t buflen)
+{
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+  return gpg_error (_gcry_kdf_ctl (h, cmd, buffer, buflen));
+}
+
+gcry_error_t
+gcry_kdf_iterator (gcry_kdf_hd_t h, int *action, void **arg_p)
+{
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+  return gpg_error (_gcry_kdf_iterator (h, action, arg_p));
+}
+
+gcry_error_t
+gcry_kdf_compute_row (gcry_kdf_hd_t h, void *arg)
+{
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+  return gpg_error (_gcry_kdf_compute_row (h, arg));
+}
+
+gcry_error_t
+gcry_kdf_final (gcry_kdf_hd_t h, size_t resultlen, void *result)
+{
+  if (!fips_is_operational ())
+    return gpg_error (fips_not_operational ());
+  return gpg_error (_gcry_kdf_final (h, resultlen, result));
+}
+
+void
+gcry_kdf_close (gcry_kdf_hd_t h)
+{
+  _gcry_kdf_close (h);
+}
+
 void
 gcry_randomize (void *buffer, size_t length, enum gcry_random_level level)
 {
diff --git a/src/visibility.h b/src/visibility.h
index b48182d0..625d6f2b 100644
--- a/src/visibility.h
+++ b/src/visibility.h
@@ -172,6 +172,12 @@ MARK_VISIBLEX (gcry_pk_hash_verify)
 MARK_VISIBLEX (gcry_pk_random_override_new)
 
 MARK_VISIBLEX (gcry_kdf_derive)
+MARK_VISIBLEX (gcry_kdf_open)
+MARK_VISIBLEX (gcry_kdf_ctl)
+MARK_VISIBLEX (gcry_kdf_iterator)
+MARK_VISIBLEX (gcry_kdf_compute_row)
+MARK_VISIBLEX (gcry_kdf_final)
+MARK_VISIBLEX (gcry_kdf_close)
 
 MARK_VISIBLEX (gcry_prime_check)
 MARK_VISIBLEX (gcry_prime_generate)
@@ -412,6 +418,12 @@ MARK_VISIBLEX (_gcry_mpi_get_const)
 #define gcry_mac_ctl                _gcry_USE_THE_UNDERSCORED_FUNCTION
 
 #define gcry_kdf_derive             _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_kdf_open               _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_kdf_ctl                _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_kdf_iterator           _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_kdf_compute_row        _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_kdf_final              _gcry_USE_THE_UNDERSCORED_FUNCTION
+#define gcry_kdf_close              _gcry_USE_THE_UNDERSCORED_FUNCTION
 
 #define gcry_prime_check            _gcry_USE_THE_UNDERSCORED_FUNCTION
 #define gcry_prime_generate         _gcry_USE_THE_UNDERSCORED_FUNCTION