24 #if CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE 25 # if defined(__clang__) 26 # pragma GCC diagnostic ignored "-Wtautological-compare" 27 # elif defined(__GNUC__) 28 # pragma GCC diagnostic ignored "-Wtype-limits" 32 ANONYMOUS_NAMESPACE_BEGIN
35 using CryptoPP::word32;
36 using CryptoPP::word64;
42 using CryptoPP::AlignedSecByteBlock;
44 inline void LE32ENC(byte* out, word32 in)
49 inline word32 LE32DEC(
const byte* in)
54 inline word64 LE64DEC(
const byte* in)
59 inline void BlockCopy(byte* dest, byte* src,
size_t len)
64 for (
size_t i = 0; i < len; ++i)
67 for (
size_t i = 0; i < len; ++i)
72 inline void BlockXOR(byte* dest, byte* src,
size_t len)
77 for (
size_t i = 0; i < len; ++i)
80 for (
size_t i = 0; i < len; ++i)
85 inline void PBKDF2_SHA256(byte* buf,
size_t dkLen,
86 const byte* passwd,
size_t passwdlen,
87 const byte* salt,
size_t saltlen, byte count)
89 using CryptoPP::SHA256;
90 using CryptoPP::PKCS5_PBKDF2_HMAC;
93 pbkdf.
DeriveKey(buf, dkLen, 0, passwd, passwdlen, salt, saltlen, count, 0.0f);
96 inline void Salsa20_8(byte B[64])
100 for (
size_t i = 0; i < 16; ++i)
101 B32[i] = LE32DEC(&B[i * 4]);
105 for (
size_t i = 0; i < 16; ++i)
106 LE32ENC(&B[4 * i], B32[i]);
109 inline void BlockMix(byte* B, byte* Y,
size_t r)
114 BlockCopy(X, &B[(2 * r - 1) * 64], 64);
117 for (
size_t i = 0; i < 2 * r; ++i)
120 BlockXOR(X, &B[i * 64], 64);
124 BlockCopy(&Y[i * 64], X, 64);
128 for (
size_t i = 0; i < r; ++i)
129 BlockCopy(&B[i * 64], &Y[(i * 2) * 64], 64);
131 for (
size_t i = 0; i < r; ++i)
132 BlockCopy(&B[(i + r) * 64], &Y[(i * 2 + 1) * 64], 64);
135 inline word64 Integerify(byte* B,
size_t r)
137 byte* X = &B[(2 * r - 1) * 64];
141 inline void Smix(byte* B,
size_t r, word64 N, byte* V, byte* XY)
147 BlockCopy(X, B, 128 * r);
150 for (word64 i = 0; i < N; ++i)
153 BlockCopy(&V[i * (128 * r)], X, 128 * r);
160 for (word64 i = 0; i < N; ++i)
163 word64 j = Integerify(X, r) & (N - 1);
166 BlockXOR(X, &V[j * (128 * r)], 128 * r);
171 BlockCopy(B, X, 128 * r);
174 ANONYMOUS_NAMESPACE_END
178 size_t
Scrypt::GetValidDerivedLength(
size_t keylength)
const 180 if (keylength > MaxDerivedLength())
181 return MaxDerivedLength();
185 void Scrypt::ValidateParameters(
size_t derivedLen, word64 cost, word64 blockSize, word64 parallelization)
const 188 if (std::numeric_limits<size_t>::max() > std::numeric_limits<word32>::max())
190 const word64 maxLen = ((
static_cast<word64
>(1) << 32) - 1) * 32;
191 if (derivedLen > maxLen) {
192 std::ostringstream oss;
193 oss <<
"derivedLen " << derivedLen <<
" is larger than " << maxLen;
200 if (parallelization > static_cast<word64>(std::numeric_limits<int>::max()))
202 std::ostringstream oss;
203 oss <<
" parallelization " << parallelization <<
" is larger than ";
204 oss << std::numeric_limits<int>::max();
212 const word64 prod =
static_cast<word64
>(blockSize) * parallelization;
215 if (prod >= (1U << 30)) {
216 std::ostringstream oss;
217 oss <<
"r*p " << prod <<
" is larger than " << (1U << 30);
227 #if defined(CRYPTOPP_WORD128_AVAILABLE) 228 const word128 maxElems =
static_cast<word128
>(
SIZE_MAX);
229 bool bLimit = (maxElems >=
static_cast<word128
>(cost) * blockSize * 128U);
230 bool xyLimit = (maxElems >=
static_cast<word128
>(parallelization) * blockSize * 128U);
231 bool vLimit = (maxElems >=
static_cast<word128
>(blockSize) * 256U + 64U);
233 const word64 maxElems =
static_cast<word64
>(
SIZE_MAX);
234 bool bLimit = (blockSize < maxElems / 128U / cost);
235 bool xyLimit = (blockSize < maxElems / 128U / parallelization);
236 bool vLimit = (blockSize < (maxElems - 64U) / 256U);
240 if (!bLimit || !xyLimit || !vLimit)
241 throw std::bad_alloc();
245 const byte*secret,
size_t secretLen,
const NameValuePairs& params)
const 251 word64 cost=0, blockSize=0, parallelization=0;
252 if(params.
GetValue(
"Cost", cost) ==
false)
255 if(params.
GetValue(
"BlockSize", blockSize) ==
false)
256 blockSize = defaultBlockSize;
258 if(params.
GetValue(
"Parallelization", parallelization) ==
false)
259 parallelization = defaultParallelization;
262 (void)params.
GetValue(
"Salt", salt);
264 return DeriveKey(derived, derivedLen, secret, secretLen, salt.
begin(), salt.
size(), cost, blockSize, parallelization);
268 const byte*salt,
size_t saltLen, word64 cost, word64 blockSize, word64 parallel)
const 274 ThrowIfInvalidDerivedLength(derivedLen);
275 ValidateParameters(derivedLen, cost, blockSize, parallel);
280 PBKDF2_SHA256(B, B.
size(), secret, secretLen, salt, saltLen, 1);
285 maxParallel = std::numeric_limits<int>::max();
288 int threads =
STDMIN(omp_get_max_threads(), maxParallel);
292 #pragma omp parallel num_threads(threads) 300 for (
int i = 0; i < maxParallel; ++i)
303 const ptrdiff_t offset =
static_cast<ptrdiff_t
>(blockSize*i*128);
304 Smix(B+offset, static_cast<size_t>(blockSize), cost, V, XY);
309 PBKDF2_SHA256(derived, derivedLen, secret, secretLen, B, B.
size(), 1);
Used to pass byte array input as part of a NameValuePairs object.
Standard names for retrieving values by name when working with NameValuePairs.
An invalid argument was detected.
Classes for working with NameValuePairs.
bool SafeConvert(T1 from, T2 &to)
Tests whether a conversion from -> to is safe to perform.
Utility functions for the Crypto++ library.
size_t size() const
Length of the memory block.
void PutWord(bool assumeAligned, ByteOrder order, byte *block, T value, const byte *xorBlock=NULL)
Access a block of memory.
size_t MaxDerivedLength() const
Determine maximum number of bytes.
byte order is little-endian
size_t DeriveKey(byte *derived, size_t derivedLen, const byte *secret, size_t secretLen, const NameValuePairs ¶ms=g_nullNameValuePairs) const
Derive a key from a seed.
T GetWord(bool assumeAligned, ByteOrder order, const byte *block)
Access a block of memory.
const byte * begin() const
Pointer to the first byte in the memory block.
T rotlConstant(T x)
Performs a left rotate.
void Salsa20_Core(word32 *data, unsigned int rounds)
Salsa20 core transform.
bool IsPowerOf2(const T &value)
Tests whether a value is a power of 2.
SecBlock using AllocatorWithCleanup<byte, true> typedef.
const T & STDMIN(const T &a, const T &b)
Replacement function for std::min.
#define CRYPTOPP_ASSERT(exp)
Debugging and diagnostic assertion.
Classes for Scrypt from RFC 7914.
Classes for SHA-1 and SHA-2 family of message digests.
Classes for Salsa and Salsa20 stream ciphers.
Password based key derivation functions.
size_t DeriveKey(byte *derived, size_t derivedLen, const byte *secret, size_t secretLen, const NameValuePairs ¶ms) const
Derive a key from a seed.
Crypto++ library namespace.
bool GetValue(const char *name, T &value) const
Get a named value.
Scrypt key derivation function.
size_type size() const
Provides the count of elements in the SecBlock.
#define SIZE_MAX
The maximum value of a machine word.
Interface for retrieving values given their names.