Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto/argon2: wrong keys are computed if parallelism degree > 1 #23200

Closed
aead opened this issue Dec 20, 2017 · 1 comment
Closed

x/crypto/argon2: wrong keys are computed if parallelism degree > 1 #23200

aead opened this issue Dec 20, 2017 · 1 comment
Labels
FrozenDueToAge
Milestone
Unreleased

Comments

@aead
Copy link
Contributor

aead commented Dec 20, 2017
edited

What version of Go are you using (go version)?

go version go1.9.1 linux/amd64

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/home/andreas/go"
GORACE=""
GOROOT="/home/andreas/.go/1.9.1"
GOTOOLDIR="/home/andreas/.go/1.9.1/pkg/tool/linux_amd64"
GCCGO="gccgo"
CC="gcc"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build893696360=/tmp/go-build -gno-record-gcc-switches"
CXX="g++"
CGO_ENABLED="1"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"

What did you do?

package main

import (
     "bytes"
     "encoding/hex"
     "fmt"
     "golang.org/x/crypto/argon2"
)

func main() {
     want, _ := hex.DecodeString("2089f3e78a799720f80af806553128f29b132cafe40d059f")
     key := argon2.Key([]byte("password"), []byte("somesalt"), 2, 64, 2, 24)
     if !bytes.Equal(want, key) {
           fmt.Println("Argon2 produces wrong key")
     }

     want, _ = hex.DecodeString("5cab452fe6b8479c8661def8cd703b611a3905a6d5477fe6")
     key = argon2.Key([]byte("password"), []byte("somesalt"), 2, 64, 3, 24)
     if !bytes.Equal(want, key) {
           fmt.Println("Argon2 produces wrong key")
     }
}

Solution

The current implementation has two issues:

  1. The memory cost is rounded before the initial hash is computed.
  2. The reference lane should be equal to the lane for the first pass and slice.
    The following line refLane := uint32(rand>>32) % threads requires an additional check:
if n == 0 && slice == 0 {
     refLane = lane
}

This was not detected by the official Argon2 test vectors.
@gopherbot
Copy link

Change https://golang.org/cl/85055 mentions this issue: argon2: fix incorrect key derivation if parallelism > 1

@odeke-em odeke-em changed the title argon2 computes wrong keys if parallelism degree > 1 x/crypto/argon2: wrong keys are computed if parallelism degree > 1 Dec 21, 2017
@gopherbot gopherbot added this to the Unreleased milestone Dec 21, 2017
@dgryski dgryski mentioned this issue Dec 26, 2017
Closed
@golang golang locked and limited conversation to collaborators Dec 31, 2018
c-expert-zigbee pushed a commit to c-expert-zigbee/crypto_go that referenced this issue Mar 28, 2022
@agl
argon2: fix incorrect key derivation if parallelism > 1
1a38a08 
This change fixes an incorrect key derivation if the
degree of parallelism is greater than 1.

This change adds additional test vectors generated by the
https://github.com/P-H-C/phc-winner-argon2 CLI.

Fixes golang/go#23200

Change-Id: I8add8382b9e9ebbf9a70493050867c9af4ed6aa7
Reviewed-on: https://go-review.googlesource.com/85055
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
c-expert-zigbee pushed a commit to c-expert-zigbee/crypto_go that referenced this issue Mar 29, 2022
@c-expert-zigbee
argon2: fix incorrect key derivation if parallelism > 1
e1dbe54 
This change fixes an incorrect key derivation if the
degree of parallelism is greater than 1.

This change adds additional test vectors generated by the
https://github.com/P-H-C/phc-winner-argon2 CLI.

Fixes golang/go#23200

Change-Id: I8add8382b9e9ebbf9a70493050867c9af4ed6aa7
Reviewed-on: https://go-review.googlesource.com/85055
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
LewiGoddard pushed a commit to LewiGoddard/crypto that referenced this issue Feb 16, 2023
@agl
argon2: fix incorrect key derivation if parallelism > 1
b36c57a 
This change fixes an incorrect key derivation if the
degree of parallelism is greater than 1.

This change adds additional test vectors generated by the
https://github.com/P-H-C/phc-winner-argon2 CLI.

Fixes golang/go#23200

Change-Id: I8add8382b9e9ebbf9a70493050867c9af4ed6aa7
Reviewed-on: https://go-review.googlesource.com/85055
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
BiiChris pushed a commit to BiiChris/crypto that referenced this issue Sep 15, 2023
@agl
argon2: fix incorrect key derivation if parallelism > 1
d5ef971 
This change fixes an incorrect key derivation if the
degree of parallelism is greater than 1.

This change adds additional test vectors generated by the
https://github.com/P-H-C/phc-winner-argon2 CLI.

Fixes golang/go#23200

Change-Id: I8add8382b9e9ebbf9a70493050867c9af4ed6aa7
Reviewed-on: https://go-review.googlesource.com/85055
Reviewed-by: Adam Langley <agl@golang.org>
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
2 participants
@gopherbot @aead