Release

freestyle.c

@@ -911,7 +911,6 @@ void freestyle_hash_password_with_pepper (
 	);
 }
 
-
 bool freestyle_verify_password_hash (
 	const 	char 		*password,
 	const 	u8 		*salt,

optimized/merged/freestyle.c

@@ -1025,6 +1025,100 @@ void freestyle_hash_password (
 	);
 }
 
+void freestyle_hash_password_with_pepper (
+	const 	char 		*password,
+	const 	u8 		*salt,
+		u8		*hash,
+	const	size_t		hash_len,
+	const 	u8 		min_rounds,
+	const 	u8 		max_rounds,
+	const	u8		num_precomputed_rounds,
+	const	u8 		pepper_bits,
+	const	u8 		num_init_hashes,
+	const	u32 		pepper)
+{
+	int i,j;
+
+	freestyle_ctx	x;
+
+	/* salt is 'hash_len' bytes long */
+	const u8 	*plaintext	= salt;
+	u8 		*ciphertext	= NULL;
+
+	u8 key_and_iv [44];
+
+	u8 expected_hash;
+
+	int password_len = strlen (password);
+
+	assert (password_len 	>=  1);
+	assert (password_len 	<= 43);
+	assert (hash_len 	<= 64);
+
+	if (! (ciphertext = malloc(hash_len)))
+	{
+		perror("malloc failed ");
+		exit(-1);
+	}
+
+	/* Fill the key (32 bytes)
+	   and IV (first 11 bytes) with password */
+	for (i = 0; i < 43; )
+	{
+		for (j = 0; i < 43 && j < password_len; ++j)
+		{
+			key_and_iv [i++] = (u8) password[j];
+		}
+	}
+
+	// last byte of IV is the password length
+	key_and_iv [43] = password_len;
+
+	u8 *key	= key_and_iv;
+	u8 *iv	= key_and_iv + 32;
+
+	freestyle_init_encrypt_with_pepper (
+		&x,
+		key,
+		256,
+		iv,
+		min_rounds,
+		max_rounds,
+		num_precomputed_rounds,
+		pepper_bits,
+		num_init_hashes,
+		pepper
+	);
+
+	freestyle_encrypt (
+		&x,
+		plaintext,
+		ciphertext,
+		hash_len,
+		&expected_hash
+	);
+
+	// 'hash' is (num_init_hashes + 1 + hash_len) long
+
+	memcpy (
+		hash,
+		x.init_hash,
+		num_init_hashes
+	);
+
+	memcpy (
+		hash + num_init_hashes,
+		&expected_hash,
+		1
+	);
+
+	memcpy (
+		hash + num_init_hashes + 1,
+		ciphertext,
+		hash_len
+	);
+}
+
 bool freestyle_verify_password_hash (
 	const 	char 		*password,
 	const 	u8 		*salt,

side-channel-attack-resistance/freestyle.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018  P. Arun Babu and Jithin Jose Thomas 
+ * Copyright (c) 2018  P. Arun Babu and Jithin Jose Thomas
  * arun DOT hbni AT gmail DOT com, jithinjosethomas AT gmail DOT com
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -32,7 +32,7 @@ static void freestyle_init_random_indices(freestyle_ctx *x, u8 *random_indices)
 	u8 tmp;
 
 	for (i = 0; i < x->num_init_hashes; ++i) {
-		random_indices [i] = i;			
+		random_indices [i] = i;
 	}
 
 	for (i = 0; i < x->num_init_hashes/2; ++i)
@@ -212,7 +212,7 @@ static u8 freestyle_hash (
 }
 
 static u8 freestyle_xcrypt_block (
-		freestyle_ctx	*x,	
+		freestyle_ctx	*x,
 	const 	u8 		*plaintext,
 		u8 		*ciphertext,
 		u8 		bytes,
@@ -383,7 +383,7 @@ static void freestyle_randomsetup_encrypt (freestyle_ctx *x)
 				);
 
 				if (CR[random_i] == 0) {
-					goto retry;	
+					goto retry;
 				}
 
 			}
@@ -565,7 +565,7 @@ static void freestyle_init_common (
 	const	u8		num_precomputed_rounds,
 	const	u8 		pepper_bits,
 	const	u8 		num_init_hashes)
-{	
+{
 	assert (min_rounds >= 1);
 
 	/* if min_rounds == max_rounds,
@@ -601,7 +601,7 @@ void freestyle_init_encrypt (
 	const	u8		num_precomputed_rounds,
 	const	u8 		pepper_bits,
 	const	u8 		num_init_hashes)
-{	
+{
 	freestyle_init_common (
 		x,
 		key,
@@ -616,7 +616,7 @@ void freestyle_init_encrypt (
 
 	x->pepper		= 0;
 	x->is_pepper_set 	= false;
-	
+
 	freestyle_randomsetup_encrypt(x);
 }
 
@@ -631,7 +631,7 @@ void freestyle_init_encrypt_with_pepper (
 	const	u8 		pepper_bits,
 	const	u8 		num_init_hashes,
 	const	u32 		pepper)
-{	
+{
 	freestyle_init_common (
 		x,
 		key,
@@ -661,7 +661,7 @@ bool freestyle_init_decrypt (
 	const	u8 		pepper_bits,
 	const	u8 		num_init_hashes,
 	const	u8		*init_hash)
-{	
+{
 	freestyle_init_common (
 		x,
 		key,
@@ -697,7 +697,7 @@ bool freestyle_init_decrypt_with_pepper (
 	const	u8 		num_init_hashes,
 	const	u32 		pepper,
 	const	u8		*init_hash)
-{	
+{
 	freestyle_init_common (
 		x,
 		key,
@@ -712,7 +712,7 @@ bool freestyle_init_decrypt_with_pepper (
 
 	x->pepper 		= pepper;
 	x->is_pepper_set 	= true;
-	
+
 	memcpy ( x->init_hash,
 		 init_hash,
 		 sizeof(x->init_hash)
@@ -751,7 +751,7 @@ int freestyle_xcrypt (
 
 	    i 	  += bytes_to_process;
 	    bytes -= bytes_to_process;
-	
+
             ++block;
 
 	    freestyle_increment_counter(x);
@@ -804,11 +804,11 @@ void freestyle_hash_password (
 		}
 	}
 
-	// last byte of IV is the password length 
+	// last byte of IV is the password length
 	key_and_iv [43] = password_len;
 
 	u8 *key	= key_and_iv;
-	u8 *iv	= key_and_iv + 32; 
+	u8 *iv	= key_and_iv + 32;
 
 	freestyle_init_encrypt (
 		&x,
@@ -819,7 +819,7 @@ void freestyle_hash_password (
 		max_rounds,
 		num_precomputed_rounds,
 		pepper_bits,
-		num_init_hashes	
+		num_init_hashes
 	);
 
 	freestyle_encrypt (&x, plaintext, ciphertext, hash_len, &expected_hash);
@@ -831,6 +831,100 @@ void freestyle_hash_password (
 	memcpy (hash + num_init_hashes + 1, 	ciphertext, 	hash_len	);
 }
 
+void freestyle_hash_password_with_pepper (
+	const 	char 		*password,
+	const 	u8 		*salt,
+		u8		*hash,
+	const	size_t		hash_len,
+	const 	u8 		min_rounds,
+	const 	u8 		max_rounds,
+	const	u8		num_precomputed_rounds,
+	const	u8 		pepper_bits,
+	const	u8 		num_init_hashes,
+	const	u32 		pepper)
+{
+	int i,j;
+
+	freestyle_ctx	x;
+
+	/* salt is 'hash_len' bytes long */
+	const u8 	*plaintext	= salt;
+	u8 		*ciphertext	= NULL;
+
+	u8 key_and_iv [44];
+
+	u8 expected_hash;
+
+	int password_len = strlen (password);
+
+	assert (password_len 	>=  1);
+	assert (password_len 	<= 43);
+	assert (hash_len 	<= 64);
+
+	if (! (ciphertext = malloc(hash_len)))
+	{
+		perror("malloc failed ");
+		exit(-1);
+	}
+
+	/* Fill the key (32 bytes)
+	   and IV (first 11 bytes) with password */
+	for (i = 0; i < 43; )
+	{
+		for (j = 0; i < 43 && j < password_len; ++j)
+		{
+			key_and_iv [i++] = (u8) password[j];
+		}
+	}
+
+	// last byte of IV is the password length
+	key_and_iv [43] = password_len;
+
+	u8 *key	= key_and_iv;
+	u8 *iv	= key_and_iv + 32;
+
+	freestyle_init_encrypt_with_pepper (
+		&x,
+		key,
+		256,
+		iv,
+		min_rounds,
+		max_rounds,
+		num_precomputed_rounds,
+		pepper_bits,
+		num_init_hashes,
+		pepper
+	);
+
+	freestyle_encrypt (
+		&x,
+		plaintext,
+		ciphertext,
+		hash_len,
+		&expected_hash
+	);
+
+	// 'hash' is (num_init_hashes + 1 + hash_len) long
+
+	memcpy (
+		hash,
+		x.init_hash,
+		num_init_hashes
+	);
+
+	memcpy (
+		hash + num_init_hashes,
+		&expected_hash,
+		1
+	);
+
+	memcpy (
+		hash + num_init_hashes + 1,
+		ciphertext,
+		hash_len
+	);
+}
+
 bool freestyle_verify_password_hash (
 	const 	char 		*password,
 	const 	u8 		*salt,
@@ -874,11 +968,11 @@ bool freestyle_verify_password_hash (
 		}
 	}
 
-	// last byte of IV is the password length 
+	// last byte of IV is the password length
 	key_and_iv [43] = password_len;
 
 	u8 *key	= key_and_iv;
-	u8 *iv	= key_and_iv + 32; 
+	u8 *iv	= key_and_iv + 32;
 
 	if (! freestyle_init_decrypt (
 		&x,
@@ -890,7 +984,7 @@ bool freestyle_verify_password_hash (
 		num_precomputed_rounds,
 		pepper_bits,
 		num_init_hashes,
-		hash		
+		hash
 	))
 	{
 		return false;