finding bugs

hashers/src/argon2/argon2.rs

@@ -193,10 +193,10 @@ fn argon2i_addr(
     memory_blocks: u64,
     total_passes: u64,
     mode: u64,
-    ctr: &mut [u8; 968],
+    ctr: &mut [u8; 976],
 ) -> Block {
     // The counter is incrementated before every call
-    incr_array_ctr_be(&mut ctr[0..968]);
+    incr_array_ctr_be(&mut ctr[0..976]);
 
     let mut input = Vec::new();
     input.extend(pass.to_le_bytes());
@@ -206,8 +206,11 @@ fn argon2i_addr(
     input.extend(total_passes.to_le_bytes());
     input.extend(mode.to_le_bytes());
     input.extend_from_slice(ctr);
+    // println!("input len {}", input.len());
+    // println!("{:02x?}", input);
     let zero = Block::default();
     let input_block = Block::try_from(input).expect("input block not constructed correctly");
+
     // Compress the input block with the zero block twice
     compress(&zero, &compress(&zero, &input_block))
 }
@@ -424,7 +427,21 @@ impl ClassicHasher for Argon2 {
             mem_blocks[lane + 1] = block;
         }
 
-        let mut ctr = [0u8; 968];
+        println!("Lane 0 (first four words)");
+        println!("{:016x?}", mem_blocks[0][0]);
+        println!("{:016x?}", mem_blocks[0][1]);
+        println!("{:016x?}", mem_blocks[0][2]);
+        println!("{:016x?}", mem_blocks[0][3]);
+        println!("");
+
+        println!("Lane 31 (last four words)");
+        println!("{:016x?}", mem_blocks[31][124]);
+        println!("{:016x?}", mem_blocks[31][125]);
+        println!("{:016x?}", mem_blocks[31][126]);
+        println!("{:016x?}", mem_blocks[31][127]);
+        println!("");
+
+        let mut ctr = [0u8; 976];
         // Additional passes over the lanes
         for pass in 2..iterations {
             for slice in 0..SYNC_POINTS {
@@ -546,6 +563,19 @@ impl ClassicHasher for Argon2 {
                     }
                 }
             }
+            println!("Lane 0 (first four words)");
+            println!("{:016x?}", mem_blocks[0][0]);
+            println!("{:016x?}", mem_blocks[0][1]);
+            println!("{:016x?}", mem_blocks[0][2]);
+            println!("{:016x?}", mem_blocks[0][3]);
+            println!("");
+
+            println!("Lane 31 (last four words)");
+            println!("{:016x?}", mem_blocks[31][124]);
+            println!("{:016x?}", mem_blocks[31][125]);
+            println!("{:016x?}", mem_blocks[31][126]);
+            println!("{:016x?}", mem_blocks[31][127]);
+            println!("");
         }
 
         // XOR together the final block of each lane

hashers/src/argon2/consts.rs

@@ -23,16 +23,17 @@ pub enum Mode {
 impl Mode {
     pub fn to_u64(&self) -> u64 {
         match self {
-            Mode::I => 0,
-            Mode::D => 1,
+            Mode::D => 0,
+            Mode::I => 1,
+
             Mode::ID => 2,
         }
     }
 
     pub fn to_u32(&self) -> u32 {
         match self {
-            Mode::I => 0,
-            Mode::D => 1,
+            Mode::I => 1,
+            Mode::D => 0,
             Mode::ID => 2,
         }
     }

hashers/src/blake/blake2b_long.rs

@@ -53,22 +53,24 @@ impl Blake2bLong {
 
 impl ClassicHasher for Blake2bLong {
     fn hash(&self, bytes: &[u8]) -> Vec<u8> {
-        assert!(self.hash_len > 1, "hash_len cannot be 0 bytes");
         assert!(
             self.key.len() <= 64,
             "the length of the key cannot be more than 64 bytes"
         );
 
         // Incorporate the length of the output and the bytes
-        let mut h = Blake2bStateful::init(&self.key, self.hash_len as u64);
-        h.update(&(self.hash_len as u32).to_le_bytes());
-        h.update(bytes);
 
         // For short output just finalize and return the bytes
         if self.hash_len <= 64 {
+            let mut h = Blake2bStateful::init(&self.key, self.hash_len as u64);
+            h.update(&(self.hash_len as u32).to_le_bytes());
+            h.update(bytes);
             return h.finalize();
         }
 
+        let mut h = Blake2bStateful::init(&self.key, 64);
+        h.update(&(self.hash_len as u32).to_le_bytes());
+        h.update(bytes);
         let mut out = Vec::with_capacity(self.hash_len);
         let mut ctr = self.hash_len;
         let mut v = h.finalize();
@@ -78,14 +80,13 @@ impl ClassicHasher for Blake2bLong {
             // This is presumably related to length extension type attacks
             out.extend_from_slice(&v[0..32]);
             ctr -= 32;
-            h.update(&v);
-            v = h.state_bytes();
+            v = Blake2bStateful::hash_512(&v)
         }
 
-        // // Final bytes change the hash length of Blake2b, which alters its state, so truncation is not used
-        // hasher.hash_len = ctr;
-        // v = hasher.hash(&v);
-        // out.extend_from_slice(&v);
+        // Final bytes change the hash length of Blake2b, which alters its state, so truncation is not used
+        let mut h = Blake2bStateful::init(&[], ctr as u64);
+        h.update(&v);
+        out.extend_from_slice(&h.finalize());
 
         out
     }

hashers/src/blake/blake2b_stateful.rs

@@ -106,6 +106,21 @@ impl Blake2bStateful {
         hasher
     }
 
+    pub fn init256() -> Self {
+        let mut hasher = Self {
+            state: IV,
+            hash_len: 32,
+            bytes_taken: 0,
+            buffer: Vec::new(),
+        };
+
+        // The key length and hash length are mixed into the state
+        let mixer: u64 = 0x01010000 ^ 32;
+        hasher.state[0] ^= mixer;
+
+        hasher
+    }
+
     pub fn hash_len(&self) -> u64 {
         self.hash_len
     }
@@ -122,6 +137,18 @@ impl Blake2bStateful {
             .take(self.hash_len as usize)
             .collect_vec()
     }
+
+    pub fn hash_256(bytes: &[u8]) -> Vec<u8> {
+        let mut h = Self::init256();
+        h.update(bytes);
+        h.finalize()
+    }
+
+    pub fn hash_512(bytes: &[u8]) -> Vec<u8> {
+        let mut h = Self::init512();
+        h.update(bytes);
+        h.finalize()
+    }
 }
 
 impl StatefulHasher for Blake2bStateful {