Minor changes of argon2 implementation.

* We continue using `LTC_ARGCHK()` until we've decided on something else.
* Call the enum/struct the same as the typedef.
* Some other small adjustments/fixes.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>

Author: sjaeckel

src/headers/tomcrypt_misc.h

@@ -55,11 +55,12 @@ int base16_decode(const          char *in,  unsigned long  inlen,
 
 /* ---- Argon2 password hashing function (RFC 9106) ---- */
 #ifdef LTC_ARGON2
-typedef enum {
+typedef enum argon2_type {
    ARGON2_D  = 0,
    ARGON2_I  = 1,
    ARGON2_ID = 2
 } argon2_type;
+
 int argon2_hash(const unsigned char *pwd,  unsigned long pwdlen,
                 const unsigned char *salt, unsigned long saltlen,
                 const unsigned char *secret, unsigned long secretlen,

src/misc/argon2/argon2.c

@@ -19,12 +19,12 @@
 #define ARGON2_BLAKE2B_OUTBYTES    64
 
 /* 1024-byte memory block */
-typedef struct argon2_block_ {
+typedef struct argon2_block {
    ulong64 v[ARGON2_QWORDS_IN_BLOCK];
 } argon2_block;
 
 /* instance state */
-typedef struct {
+typedef struct argon2_instance {
    argon2_block *memory;
    ulong32       passes;
    ulong32       memory_blocks;
@@ -35,7 +35,7 @@ typedef struct {
 } argon2_instance;
 
 /* position within the memory matrix */
-typedef struct {
+typedef struct argon2_position {
    ulong32       pass;
    ulong32       lane;
    unsigned char slice;
@@ -491,17 +491,15 @@ int argon2_hash(const unsigned char *pwd,  unsigned long pwdlen,
    int err;
 
    LTC_ARGCHK(out != NULL);
-
-   /* Validate inputs */
-   if (outlen < ARGON2_MIN_OUTLEN)       return CRYPT_INVALID_ARG;
-   if (pwd == NULL && pwdlen != 0)       return CRYPT_INVALID_ARG;
-   if (salt == NULL && saltlen != 0)     return CRYPT_INVALID_ARG;
-   if (secret == NULL && secretlen != 0) return CRYPT_INVALID_ARG;
-   if (ad == NULL && adlen != 0)         return CRYPT_INVALID_ARG;
-   if (t_cost < 1)                       return CRYPT_INVALID_ARG;
-   if (parallelism < 1)                  return CRYPT_INVALID_ARG;
-   if (m_cost < 8 * parallelism)         return CRYPT_INVALID_ARG;
-   if (type != ARGON2_D && type != ARGON2_I && type != ARGON2_ID) return CRYPT_INVALID_ARG;
+   LTC_ARGCHK(outlen >= ARGON2_MIN_OUTLEN);
+   LTC_ARGCHK(pwd != NULL || pwdlen == 0);
+   LTC_ARGCHK(salt != NULL || saltlen == 0);
+   LTC_ARGCHK(secret != NULL || secretlen == 0);
+   LTC_ARGCHK(ad != NULL || adlen == 0);
+   LTC_ARGCHK(t_cost >= 1);
+   LTC_ARGCHK(parallelism >= 1);
+   LTC_ARGCHK(m_cost >= 8 * parallelism);
+   LTC_ARGCHK(type == ARGON2_D || type == ARGON2_I || type == ARGON2_ID);
 
    /* Align memory: ensure memory_blocks is a multiple of 4*parallelism */
    memory_blocks = (ulong32)m_cost;
@@ -525,9 +523,9 @@ int argon2_hash(const unsigned char *pwd,  unsigned long pwdlen,
       unsigned long alloc_size = (unsigned long)memory_blocks * sizeof(argon2_block);
       /* overflow check */
       if (alloc_size / sizeof(argon2_block) != memory_blocks) {
-         return CRYPT_MEM;
+         return CRYPT_OVERFLOW;
       }
-      instance.memory = (argon2_block *)XMALLOC(alloc_size);
+      instance.memory = XMALLOC(alloc_size);
       if (instance.memory == NULL) {
          return CRYPT_MEM;
       }
@@ -548,8 +546,6 @@ int argon2_hash(const unsigned char *pwd,  unsigned long pwdlen,
    err = s_fill_first_blocks(blockhash, &instance);
    if (err != CRYPT_OK) goto cleanup;
 
-   zeromem(blockhash, ARGON2_PREHASH_SEED_LEN);
-
    /* Fill memory */
    s_fill_memory(&instance);
 

tests/argon2_test.c

@@ -48,35 +48,29 @@ int argon2_test(void)
 
    unsigned char tag[32];
 
-   /* Argon2d */
-   DO(argon2_hash(password, sizeof(password),
-                  salt, sizeof(salt),
-                  secret, sizeof(secret),
-                  ad, sizeof(ad),
-                  3, 32, 4,
-                  ARGON2_D,
-                  tag, sizeof(tag)));
-   COMPARE_TESTVECTOR(tag, sizeof(tag), expected_argon2d, sizeof(expected_argon2d), "Argon2d", 0);
+   const struct {
+      const char *name;
+      argon2_type type;
+      const unsigned char *expected;
+      unsigned long elen;
+   } argon_testcase[] = {
+                         { "Argon2d", ARGON2_D, expected_argon2d, sizeof(expected_argon2d) },
+                         { "Argon2i", ARGON2_I, expected_argon2i, sizeof(expected_argon2i) },
+                         { "Argon2id", ARGON2_ID, expected_argon2id, sizeof(expected_argon2id) },
+   };
 
-   /* Argon2i */
-   DO(argon2_hash(password, sizeof(password),
-                  salt, sizeof(salt),
-                  secret, sizeof(secret),
-                  ad, sizeof(ad),
-                  3, 32, 4,
-                  ARGON2_I,
-                  tag, sizeof(tag)));
-   COMPARE_TESTVECTOR(tag, sizeof(tag), expected_argon2i, sizeof(expected_argon2i), "Argon2i", 1);
+   size_t n;
 
-   /* Argon2id */
-   DO(argon2_hash(password, sizeof(password),
-                  salt, sizeof(salt),
-                  secret, sizeof(secret),
-                  ad, sizeof(ad),
-                  3, 32, 4,
-                  ARGON2_ID,
-                  tag, sizeof(tag)));
-   COMPARE_TESTVECTOR(tag, sizeof(tag), expected_argon2id, sizeof(expected_argon2id), "Argon2id", 2);
+   for (n = 0; n < LTC_ARRAY_SIZE(argon_testcase); ++n) {
+      DO(argon2_hash(password, sizeof(password),
+                     salt, sizeof(salt),
+                     secret, sizeof(secret),
+                     ad, sizeof(ad),
+                     3, 32, 4,
+                     argon_testcase[n].type,
+                     tag, sizeof(tag)));
+      COMPARE_TESTVECTOR(tag, sizeof(tag), argon_testcase[n].expected, argon_testcase[n].elen, argon_testcase[n].name, n);
+   }
 
    return CRYPT_OK;
 }