mirror of
https://github.com/jart/cosmopolitan.git
synced 2025-07-28 13:30:29 +00:00
Make improvements
- Document redbean's argon2 module - Fix regressions in cthreads library - Make testlib work better with threads - Give the cthreads library lots of love - Remove some of the stdio assembly code - Implement getloadavg() across platforms - Code size optimizations for errnos, etc. - Only check for signals in main thread on Windows - Make errnos for dup2 / dup3 consistent with posix This change also fixes a bug in the argon2 module, where the NUL terminator was being included in the hash encoded ascii string. This shouldn't require any database migrations to folks who found this module and productionized it, since the argon2 library treats it as a c string.
This commit is contained in:
parent
cb67223051
commit
de5de19004
234 changed files with 1728 additions and 1993 deletions
77
tool/build/wastecpu.c
Normal file
77
tool/build/wastecpu.c
Normal file
|
@ -0,0 +1,77 @@
|
|||
/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│
|
||||
│vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi│
|
||||
╞══════════════════════════════════════════════════════════════════════════════╡
|
||||
│ Copyright 2022 Justine Alexandra Roberts Tunney │
|
||||
│ │
|
||||
│ Permission to use, copy, modify, and/or distribute this software for │
|
||||
│ any purpose with or without fee is hereby granted, provided that the │
|
||||
│ above copyright notice and this permission notice appear in all copies. │
|
||||
│ │
|
||||
│ THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL │
|
||||
│ WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED │
|
||||
│ WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE │
|
||||
│ AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL │
|
||||
│ DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR │
|
||||
│ PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER │
|
||||
│ TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR │
|
||||
│ PERFORMANCE OF THIS SOFTWARE. │
|
||||
╚─────────────────────────────────────────────────────────────────────────────*/
|
||||
#include "libc/calls/struct/sigaction.h"
|
||||
#include "libc/intrin/spinlock.h"
|
||||
#include "libc/log/log.h"
|
||||
#include "libc/mem/mem.h"
|
||||
#include "libc/nexgen32e/threaded.h"
|
||||
#include "libc/runtime/gc.internal.h"
|
||||
#include "libc/runtime/runtime.h"
|
||||
#include "libc/runtime/stack.h"
|
||||
#include "libc/runtime/sysconf.h"
|
||||
#include "libc/sysv/consts/clone.h"
|
||||
#include "libc/sysv/consts/map.h"
|
||||
#include "libc/sysv/consts/prot.h"
|
||||
#include "libc/sysv/consts/sig.h"
|
||||
#include "libc/time/time.h"
|
||||
|
||||
volatile bool gotctrlc;
|
||||
|
||||
void GotCtrlC(int sig) {
|
||||
gotctrlc = true;
|
||||
}
|
||||
|
||||
int Worker(void *arg) {
|
||||
uint8_t *p;
|
||||
unsigned x = 0;
|
||||
struct sigaction sa = {.sa_handler = GotCtrlC};
|
||||
sigaction(SIGINT, &sa, 0);
|
||||
for (;;) {
|
||||
for (p = _base; p < _end; ++p) {
|
||||
x += *p;
|
||||
if (gotctrlc) {
|
||||
return x | x >> 8 | x >> 16 | x >> 24;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
int main(int argc, char *argv[]) {
|
||||
char **tls;
|
||||
int i, n, prot, flags;
|
||||
ShowCrashReports();
|
||||
n = GetCpuCount();
|
||||
tls = gc(malloc(n * sizeof(*tls)));
|
||||
for (i = 0; i < n; ++i) {
|
||||
prot = PROT_READ | PROT_WRITE;
|
||||
flags = MAP_STACK | MAP_ANONYMOUS;
|
||||
tls[i] = __initialize_tls(malloc(64));
|
||||
clone(Worker, mmap(0, GetStackSize(), prot, flags, -1, 0), GetStackSize(),
|
||||
CLONE_THREAD | CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND |
|
||||
CLONE_CHILD_SETTID | CLONE_CHILD_CLEARTID | CLONE_SETTLS,
|
||||
0, 0, tls[i], 64, (int *)(tls[i] + 0x38));
|
||||
}
|
||||
while (!gotctrlc) {
|
||||
usleep(1000);
|
||||
}
|
||||
for (i = 0; i < n; ++i) {
|
||||
_spinlock((int *)(tls[i] + 0x38));
|
||||
free(tls[i]);
|
||||
}
|
||||
}
|
|
@ -122,8 +122,8 @@
|
|||
"MEMORY"
|
||||
;; 3.8 PHDRS Command
|
||||
"PHDRS" "FILEHDR" "FLAGS"
|
||||
"PT_NULL" "PT_LOAD" "PT_DYNAMIC" "PT_INTERP" "PT_NOTE" "PT_SHLIB" "PT_PHDR"
|
||||
"PT_GNU_STACK"
|
||||
"PT_NULL" "PT_LOAD" "PT_DYNAMIC" "PT_INTERP" "PT_NOTE"
|
||||
"PT_SHLIB" "PT_PHDR" "PT_GNU_STACK" "PT_TLS"
|
||||
;; 3.9 VERSION Command
|
||||
"VERSION")
|
||||
"Keywords used of GNU ld script.")
|
||||
|
|
|
@ -1563,6 +1563,73 @@ MAXMIND MODULE
|
|||
|
||||
For further details, please see maxmind.lua in redbean-demo.com.
|
||||
|
||||
────────────────────────────────────────────────────────────────────────────────
|
||||
|
||||
ARGON2 MODULE
|
||||
|
||||
This module implemeents a password hashing algorithm based on blake2b
|
||||
that won the Password Hashing Competition.
|
||||
|
||||
It can be used to securely store user passwords in your SQLite
|
||||
database, in a way that destroys the password, but can be verified by
|
||||
regenerating the hash again the next time the user logs in. Destroying
|
||||
the password is important, since if your database is compromised, the
|
||||
bad guys won't be able to use rainbow tables to recover the plain text
|
||||
of the passwords.
|
||||
|
||||
Argon2 achieves this security by being expensive to compute. Care
|
||||
should be taken in choosing parameters, since an HTTP endpoint that
|
||||
uses Argon2 can just as easily become a denial of service vector. For
|
||||
example, you may want to consider throttling your login endpoint.
|
||||
|
||||
argon2.hash_encoded(pass:str, salt:int[, config:table])
|
||||
├─→ ascii:str
|
||||
└─→ nil, error:str
|
||||
|
||||
Hashes password.
|
||||
|
||||
This is consistent with the README of the reference implementation:
|
||||
|
||||
>: assert(argon2.hash_encoded("password", "somesalt", {
|
||||
variant = argon2.variants.argon2_i,
|
||||
m_cost = 65536,
|
||||
hash_len = 24,
|
||||
parallelism = 4,
|
||||
t_cost = 2,
|
||||
}))
|
||||
"$argon2i$v=19$m=65536,t=2,p=4$c29tZXNhbHQ$RdescudvJCsgt3ub+b+dWRWJTmaaJObG"
|
||||
|
||||
`pass` is the secret value to be encoded.
|
||||
|
||||
`salt` is a nonce value used to hash the string.
|
||||
|
||||
`config.m_cost` is the memory hardness in kibibytes, which defaults
|
||||
to 4096 (4 mibibytes). It's recommended that this be tuned upwards.
|
||||
|
||||
`config.t_cost` is the number of iterations, which defaults to 3.
|
||||
|
||||
`config.parallelism` is the parallelism factor, which defaults to 1.
|
||||
|
||||
`config.hash_len` is the number of desired bytes in hash output,
|
||||
which defaults to 32.
|
||||
|
||||
`config.variant` may be:
|
||||
|
||||
- `argon2.variants.argon2_id` blend of other two methods [default]
|
||||
- `argon2.variants.argon2_i` maximize resistance to side-channel attacks
|
||||
- `argon2.variants.argon2_d` maximize resistance to gpu cracking attacks
|
||||
|
||||
argon2.verify(encoded:str, pass:str)
|
||||
├─→ ok:bool
|
||||
└─→ nil, error:str
|
||||
|
||||
Verifies password, e.g.
|
||||
|
||||
>: argon2.verify(
|
||||
"$argon2i$v=19$m=65536,t=2," ..
|
||||
"p=4$c29tZXNhbHQ$RdescudvJCsgt3ub+b+dWRWJTmaaJObG",
|
||||
"password")
|
||||
true
|
||||
|
||||
────────────────────────────────────────────────────────────────────────────────
|
||||
|
||||
|
|
|
@ -60,14 +60,6 @@ original implementaiton.
|
|||
@release 3.0.1
|
||||
*/
|
||||
|
||||
#ifndef LUA_51
|
||||
#if !defined(LUA_VERSION_NUM) || LUA_VERSION_NUM < 502
|
||||
#define LUA_51 1
|
||||
#else
|
||||
#define LUA_51 0
|
||||
#endif
|
||||
#endif
|
||||
|
||||
|
||||
/***
|
||||
Argon2 hashing variants. Those fields are `userdatums`, read-only values that
|
||||
|
@ -350,12 +342,7 @@ largon2_hash_encoded(lua_State *L)
|
|||
encoded_len = argon2_encodedlen(t_cost, m_cost, parallelism, saltlen,
|
||||
hash_len, variant);
|
||||
|
||||
#if LUA_51
|
||||
luaL_buffinit(L, &buf);
|
||||
encoded = luaL_prepbuffer(&buf);
|
||||
#else
|
||||
encoded = luaL_buffinitsize(L, &buf, encoded_len);
|
||||
#endif
|
||||
|
||||
if (variant == Argon2_d) {
|
||||
ret_code =
|
||||
|
@ -373,12 +360,7 @@ largon2_hash_encoded(lua_State *L)
|
|||
salt, saltlen, hash_len, encoded, encoded_len);
|
||||
}
|
||||
|
||||
#if LUA_51
|
||||
luaL_addsize(&buf, encoded_len);
|
||||
luaL_pushresult(&buf);
|
||||
#else
|
||||
luaL_pushresultsize(&buf, encoded_len);
|
||||
#endif
|
||||
luaL_pushresultsize(&buf, encoded_len - 1);
|
||||
|
||||
if (ret_code != ARGON2_OK) {
|
||||
err_msg = (char *) argon2_error_message(ret_code);
|
||||
|
@ -484,30 +466,6 @@ largon2_push_argon2_variants_table(lua_State *L)
|
|||
}
|
||||
|
||||
|
||||
#if LUA_51
|
||||
/* Compatibility for Lua 5.1.
|
||||
*
|
||||
* luaL_setfuncs() is used to create a module table where the functions have
|
||||
* largon2_config_t as their first upvalue. Code borrowed from Lua 5.2 source. */
|
||||
static void
|
||||
compat_luaL_setfuncs(lua_State *l, const luaL_Reg *reg, int nup)
|
||||
{
|
||||
int i;
|
||||
|
||||
luaL_checkstack(l, nup, "too many upvalues");
|
||||
for (; reg->name != NULL; reg++) { /* fill the table with given functions */
|
||||
for (i = 0; i < nup; i++) /* copy upvalues to the top */
|
||||
lua_pushvalue(l, -nup);
|
||||
lua_pushcclosure(l, reg->func, nup); /* closure with those upvalues */
|
||||
lua_setfield(l, -(nup + 2), reg->name);
|
||||
}
|
||||
lua_pop(l, nup); /* remove upvalues */
|
||||
}
|
||||
#else
|
||||
#define compat_luaL_setfuncs(L, l, nup) luaL_setfuncs(L, l, nup)
|
||||
#endif
|
||||
|
||||
|
||||
static const luaL_Reg largon2[] = { { "verify", largon2_verify },
|
||||
{ "hash_encoded", largon2_hash_encoded },
|
||||
{ "t_cost", largon2_cfg_t_cost },
|
||||
|
@ -524,7 +482,7 @@ luaopen_argon2(lua_State *L)
|
|||
lua_newtable(L);
|
||||
|
||||
largon2_create_config(L);
|
||||
compat_luaL_setfuncs(L, largon2, 1);
|
||||
luaL_setfuncs(L, largon2, 1);
|
||||
|
||||
/* push argon2.variants table */
|
||||
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue