Make improvements

- Document redbean's argon2 module
- Fix regressions in cthreads library
- Make testlib work better with threads
- Give the cthreads library lots of love
- Remove some of the stdio assembly code
- Implement getloadavg() across platforms
- Code size optimizations for errnos, etc.
- Only check for signals in main thread on Windows
- Make errnos for dup2 / dup3 consistent with posix

This change also fixes a bug in the argon2 module, where the NUL
terminator was being included in the hash encoded ascii string. This
shouldn't require any database migrations to folks who found this module
and productionized it, since the argon2 library treats it as a c string.
This commit is contained in:
Justine Tunney 2022-05-27 13:25:46 -07:00
parent cb67223051
commit de5de19004
234 changed files with 1728 additions and 1993 deletions

77
tool/build/wastecpu.c Normal file
View file

@ -0,0 +1,77 @@
/*-*- mode:c;indent-tabs-mode:nil;c-basic-offset:2;tab-width:8;coding:utf-8 -*-│
vi: set net ft=c ts=2 sts=2 sw=2 fenc=utf-8 :vi
Copyright 2022 Justine Alexandra Roberts Tunney
Permission to use, copy, modify, and/or distribute this software for
any purpose with or without fee is hereby granted, provided that the
above copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.
*/
#include "libc/calls/struct/sigaction.h"
#include "libc/intrin/spinlock.h"
#include "libc/log/log.h"
#include "libc/mem/mem.h"
#include "libc/nexgen32e/threaded.h"
#include "libc/runtime/gc.internal.h"
#include "libc/runtime/runtime.h"
#include "libc/runtime/stack.h"
#include "libc/runtime/sysconf.h"
#include "libc/sysv/consts/clone.h"
#include "libc/sysv/consts/map.h"
#include "libc/sysv/consts/prot.h"
#include "libc/sysv/consts/sig.h"
#include "libc/time/time.h"
volatile bool gotctrlc;
void GotCtrlC(int sig) {
gotctrlc = true;
}
int Worker(void *arg) {
uint8_t *p;
unsigned x = 0;
struct sigaction sa = {.sa_handler = GotCtrlC};
sigaction(SIGINT, &sa, 0);
for (;;) {
for (p = _base; p < _end; ++p) {
x += *p;
if (gotctrlc) {
return x | x >> 8 | x >> 16 | x >> 24;
}
}
}
}
int main(int argc, char *argv[]) {
char **tls;
int i, n, prot, flags;
ShowCrashReports();
n = GetCpuCount();
tls = gc(malloc(n * sizeof(*tls)));
for (i = 0; i < n; ++i) {
prot = PROT_READ | PROT_WRITE;
flags = MAP_STACK | MAP_ANONYMOUS;
tls[i] = __initialize_tls(malloc(64));
clone(Worker, mmap(0, GetStackSize(), prot, flags, -1, 0), GetStackSize(),
CLONE_THREAD | CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND |
CLONE_CHILD_SETTID | CLONE_CHILD_CLEARTID | CLONE_SETTLS,
0, 0, tls[i], 64, (int *)(tls[i] + 0x38));
}
while (!gotctrlc) {
usleep(1000);
}
for (i = 0; i < n; ++i) {
_spinlock((int *)(tls[i] + 0x38));
free(tls[i]);
}
}

View file

@ -122,8 +122,8 @@
"MEMORY"
;; 3.8 PHDRS Command
"PHDRS" "FILEHDR" "FLAGS"
"PT_NULL" "PT_LOAD" "PT_DYNAMIC" "PT_INTERP" "PT_NOTE" "PT_SHLIB" "PT_PHDR"
"PT_GNU_STACK"
"PT_NULL" "PT_LOAD" "PT_DYNAMIC" "PT_INTERP" "PT_NOTE"
"PT_SHLIB" "PT_PHDR" "PT_GNU_STACK" "PT_TLS"
;; 3.9 VERSION Command
"VERSION")
"Keywords used of GNU ld script.")

View file

@ -1563,6 +1563,73 @@ MAXMIND MODULE
For further details, please see maxmind.lua in redbean-demo.com.
────────────────────────────────────────────────────────────────────────────────
ARGON2 MODULE
This module implemeents a password hashing algorithm based on blake2b
that won the Password Hashing Competition.
It can be used to securely store user passwords in your SQLite
database, in a way that destroys the password, but can be verified by
regenerating the hash again the next time the user logs in. Destroying
the password is important, since if your database is compromised, the
bad guys won't be able to use rainbow tables to recover the plain text
of the passwords.
Argon2 achieves this security by being expensive to compute. Care
should be taken in choosing parameters, since an HTTP endpoint that
uses Argon2 can just as easily become a denial of service vector. For
example, you may want to consider throttling your login endpoint.
argon2.hash_encoded(pass:str, salt:int[, config:table])
├─→ ascii:str
└─→ nil, error:str
Hashes password.
This is consistent with the README of the reference implementation:
>: assert(argon2.hash_encoded("password", "somesalt", {
variant = argon2.variants.argon2_i,
m_cost = 65536,
hash_len = 24,
parallelism = 4,
t_cost = 2,
}))
"$argon2i$v=19$m=65536,t=2,p=4$c29tZXNhbHQ$RdescudvJCsgt3ub+b+dWRWJTmaaJObG"
`pass` is the secret value to be encoded.
`salt` is a nonce value used to hash the string.
`config.m_cost` is the memory hardness in kibibytes, which defaults
to 4096 (4 mibibytes). It's recommended that this be tuned upwards.
`config.t_cost` is the number of iterations, which defaults to 3.
`config.parallelism` is the parallelism factor, which defaults to 1.
`config.hash_len` is the number of desired bytes in hash output,
which defaults to 32.
`config.variant` may be:
- `argon2.variants.argon2_id` blend of other two methods [default]
- `argon2.variants.argon2_i` maximize resistance to side-channel attacks
- `argon2.variants.argon2_d` maximize resistance to gpu cracking attacks
argon2.verify(encoded:str, pass:str)
├─→ ok:bool
└─→ nil, error:str
Verifies password, e.g.
>: argon2.verify(
"$argon2i$v=19$m=65536,t=2," ..
"p=4$c29tZXNhbHQ$RdescudvJCsgt3ub+b+dWRWJTmaaJObG",
"password")
true
────────────────────────────────────────────────────────────────────────────────

View file

@ -60,14 +60,6 @@ original implementaiton.
@release 3.0.1
*/
#ifndef LUA_51
#if !defined(LUA_VERSION_NUM) || LUA_VERSION_NUM < 502
#define LUA_51 1
#else
#define LUA_51 0
#endif
#endif
/***
Argon2 hashing variants. Those fields are `userdatums`, read-only values that
@ -350,12 +342,7 @@ largon2_hash_encoded(lua_State *L)
encoded_len = argon2_encodedlen(t_cost, m_cost, parallelism, saltlen,
hash_len, variant);
#if LUA_51
luaL_buffinit(L, &buf);
encoded = luaL_prepbuffer(&buf);
#else
encoded = luaL_buffinitsize(L, &buf, encoded_len);
#endif
if (variant == Argon2_d) {
ret_code =
@ -373,12 +360,7 @@ largon2_hash_encoded(lua_State *L)
salt, saltlen, hash_len, encoded, encoded_len);
}
#if LUA_51
luaL_addsize(&buf, encoded_len);
luaL_pushresult(&buf);
#else
luaL_pushresultsize(&buf, encoded_len);
#endif
luaL_pushresultsize(&buf, encoded_len - 1);
if (ret_code != ARGON2_OK) {
err_msg = (char *) argon2_error_message(ret_code);
@ -484,30 +466,6 @@ largon2_push_argon2_variants_table(lua_State *L)
}
#if LUA_51
/* Compatibility for Lua 5.1.
*
* luaL_setfuncs() is used to create a module table where the functions have
* largon2_config_t as their first upvalue. Code borrowed from Lua 5.2 source. */
static void
compat_luaL_setfuncs(lua_State *l, const luaL_Reg *reg, int nup)
{
int i;
luaL_checkstack(l, nup, "too many upvalues");
for (; reg->name != NULL; reg++) { /* fill the table with given functions */
for (i = 0; i < nup; i++) /* copy upvalues to the top */
lua_pushvalue(l, -nup);
lua_pushcclosure(l, reg->func, nup); /* closure with those upvalues */
lua_setfield(l, -(nup + 2), reg->name);
}
lua_pop(l, nup); /* remove upvalues */
}
#else
#define compat_luaL_setfuncs(L, l, nup) luaL_setfuncs(L, l, nup)
#endif
static const luaL_Reg largon2[] = { { "verify", largon2_verify },
{ "hash_encoded", largon2_hash_encoded },
{ "t_cost", largon2_cfg_t_cost },
@ -524,7 +482,7 @@ luaopen_argon2(lua_State *L)
lua_newtable(L);
largon2_create_config(L);
compat_luaL_setfuncs(L, largon2, 1);
luaL_setfuncs(L, largon2, 1);
/* push argon2.variants table */