static unsigned int tunable_cost_p(void *salt)
{
const uint8_t * setting;
const uint8_t * src;
uint32_t r, p;
setting = salt;
if (setting[0] != '$' || setting[1] != '7' || setting[2] != '$')
return 0;
src = setting + 3;
{
uint32_t N_log2;
if (decode64_one(&N_log2, *src))
return 0;
src++;
}
src = decode64_uint32(&r, 30, src);
if (!src)
return 0;
src = decode64_uint32(&p, 30, src);
if (!src)
return 0;
return (unsigned int) p;
}
const uint8_t *
escrypt_parse_setting(const uint8_t *setting,
uint32_t *N_log2_p, uint32_t *r_p, uint32_t *p_p)
{
const uint8_t *src;
if (setting[0] != '$' || setting[1] != '7' || setting[2] != '$') {
return NULL;
}
src = setting + 3;
if (decode64_one(N_log2_p, *src)) {
return NULL;
}
src++;
src = decode64_uint32(r_p, 30, src);
if (!src) {
return NULL;
}
src = decode64_uint32(p_p, 30, src);
if (!src) {
return NULL;
}
return src;
}
static const uint8_t* decode64_uint32(uint32_t* dst, uint32_t dstbits, const uint8_t* src)
{
uint32_t bit;
uint32_t value;
value = 0;
for (bit = 0; bit < dstbits; bit += 6) {
uint32_t one;
if (decode64_one(&one, *src)) {
*dst = 0;
return NULL;
}
src++;
value |= one << bit;
}
*dst = value;
return src;
}
static unsigned int tunable_cost_N(void *salt)
{
const uint8_t * setting;
const uint8_t * src;
uint64_t N;
setting = salt;
if (setting[0] != '$' || setting[1] != '7' || setting[2] != '$')
return 0;
src = setting + 3;
{
uint32_t N_log2;
if (decode64_one(&N_log2, *src))
return 0;
src++;
N = (uint64_t)1 << N_log2;
}
return (unsigned int) N;
}
static int valid(char *ciphertext, struct fmt_main *self)
{
char *p;
int length;
unsigned tmp;
if (strncmp(ciphertext, "$7$", 3))
return 0;
for (p = ciphertext + 3; p < ciphertext + (3 + 1 + 5 + 5); p++)
if (atoi64[ARCH_INDEX(*p)] == 0x7F)
return 0;
p = strrchr(ciphertext, '$');
if (!p)
return 0;
if (p - ciphertext > BINARY_SIZE - (1 + 43))
return 0;
++p;
length = base64_valid_length(p, e_b64_cryptBS, flg_Base64_NO_FLAGS);
decode64_one(&tmp, ciphertext[3]);
if (!tmp)
return 0;
decode64_uint32(&tmp, 30, (const uint8_t *)&ciphertext[4]);
if (!tmp)
return 0;
decode64_uint32(&tmp, 30, (const uint8_t *)&ciphertext[4+5]);
if (!tmp)
return 0;
// we want the hash to use 32 bytes OR more. 43 base64 bytes is 32 raw bytes
return p[length]==0 && length >= 43;
}
uint8_t *
escrypt_r(escrypt_local_t * local,
const uint8_t * passwd, size_t passwdlen,
const uint8_t * setting,
uint8_t * buf, size_t buflen)
{
uint8_t hash[HASH_SIZE];
const uint8_t * src, * salt;
uint8_t * dst;
size_t prefixlen, saltlen, need;
uint64_t N;
uint32_t r, p;
if (setting[0] != '$' || setting[1] != '7' || setting[2] != '$')
return NULL;
src = setting + 3;
{
uint32_t N_log2;
if (decode64_one(&N_log2, *src))
return NULL;
src++;
N = (uint64_t)1 << N_log2;
}
src = decode64_uint32(&r, 30, src);
if (!src)
return NULL;
src = decode64_uint32(&p, 30, src);
if (!src)
return NULL;
prefixlen = src - setting;
salt = src;
src = (uint8_t *)strrchr((char *)salt, '$');
if (src)
saltlen = src - salt;
else
saltlen = strlen((char *)salt);
need = prefixlen + saltlen + 1 + HASH_LEN + 1;
if (need > buflen || need < saltlen)
return NULL;
if (escrypt_kdf(local, passwd, passwdlen, salt, saltlen,
N, r, p, hash, sizeof(hash)))
return NULL;
dst = buf;
memcpy(dst, setting, prefixlen + saltlen);
dst += prefixlen + saltlen;
*dst++ = '$';
dst = encode64(dst, buflen - (dst - buf), hash, sizeof(hash));
/* Could zeroize hash[] here, but escrypt_kdf() doesn't zeroize its
* memory allocations yet anyway. */
if (!dst || dst >= buf + buflen) /* Can't happen */
return NULL;
*dst = 0; /* NUL termination */
return buf;
}
uint8_t *
escrypt_r(escrypt_local_t * local, const uint8_t * passwd, size_t passwdlen,
const uint8_t * setting, uint8_t * buf, size_t buflen)
{
uint8_t hash[crypto_pwhash_scryptxsalsa208sha256_STRHASHBYTES];
escrypt_kdf_t escrypt_kdf;
const uint8_t *src;
const uint8_t *salt;
uint8_t *dst;
size_t prefixlen;
size_t saltlen;
size_t need;
uint64_t N;
uint32_t N_log2;
uint32_t r;
uint32_t p;
if (setting[0] != '$' || setting[1] != '7' || setting[2] != '$') {
return NULL;
}
src = setting + 3;
if (decode64_one(&N_log2, *src)) {
return NULL;
}
src++;
N = (uint64_t)1 << N_log2;
src = decode64_uint32(&r, 30, src);
if (!src) {
return NULL;
}
src = decode64_uint32(&p, 30, src);
if (!src) {
return NULL;
}
prefixlen = src - setting;
salt = src;
src = (uint8_t *) strrchr((char *)salt, '$');
if (src) {
saltlen = src - salt;
} else {
saltlen = strlen((char *)salt);
}
need = prefixlen + saltlen + 1 +
crypto_pwhash_scryptxsalsa208sha256_STRHASHBYTES_ENCODED + 1;
if (need > buflen || need < saltlen) {
return NULL;
}
#if defined(HAVE_EMMINTRIN_H) || defined(_MSC_VER)
escrypt_kdf =
sodium_runtime_has_sse2() ? escrypt_kdf_sse : escrypt_kdf_nosse;
#else
escrypt_kdf = escrypt_kdf_nosse;
#endif
if (escrypt_kdf(local, passwd, passwdlen, salt, saltlen,
N, r, p, hash, sizeof(hash))) {
return NULL;
}
dst = buf;
memcpy(dst, setting, prefixlen + saltlen);
dst += prefixlen + saltlen;
*dst++ = '$';
dst = encode64(dst, buflen - (dst - buf), hash, sizeof(hash));
sodium_memzero(hash, sizeof hash);
if (!dst || dst >= buf + buflen) { /* Can't happen */
return NULL;
}
*dst = 0; /* NUL termination */
return buf;
}
uint8_t* yescrypt_r(const yescrypt_shared_t* shared, yescrypt_local_t* local,
const uint8_t* passwd, size_t passwdlen, const uint8_t* setting, uint8_t* buf, size_t buflen)
{
uint8_t hash[HASH_SIZE];
const uint8_t * src, * salt;
uint8_t * dst;
size_t prefixlen, saltlen, need;
uint8_t version;
uint64_t N;
uint32_t r, p;
yescrypt_flags_t flags = YESCRYPT_WORM;
printf("pass1 ...");
fflush(stdout);
if (setting[0] != '$' || setting[1] != '7') {
printf("died$7 ...");
fflush(stdout);
return NULL;
}
printf("died80 ...");
fflush(stdout);
src = setting + 2;
printf("hello '%p'\n", (char *)src);
fflush(stdout);
switch ((version = *src)) {
case '$':
printf("died2 ...");
fflush(stdout);
break;
case 'X':
src++;
flags = YESCRYPT_RW;
printf("died3 ...");
fflush(stdout);
break;
default:
printf("died4 ...");
fflush(stdout);
return NULL;
}
printf("pass2 ...");
fflush(stdout);
if (*src != '$') {
uint32_t decoded_flags;
if (decode64_one(&decoded_flags, *src)) {
printf("died5 ...");
fflush(stdout);
return NULL;
}
flags = decoded_flags;
if (*++src != '$') {
printf("died6 ...");
fflush(stdout);
return NULL;
}
}
src++;
{
uint32_t N_log2;
if (decode64_one(&N_log2, *src)) {
printf("died7 ...");
return NULL;
}
src++;
N = (uint64_t)1 << N_log2;
}
src = decode64_uint32(&r, 30, src);
if (!src) {
printf("died6 ...");
return NULL;
}
src = decode64_uint32(&p, 30, src);
if (!src) {
printf("died7 ...");
return NULL;
}
prefixlen = src - setting;
salt = src;
src = (uint8_t *)strrchr((char *)salt, '$');
if (src)
saltlen = src - salt;
else
saltlen = strlen((char *)salt);
need = prefixlen + saltlen + 1 + HASH_LEN + 1;
if (need > buflen || need < saltlen) {
printf("'%d %d %d'", (int) need, (int) buflen, (int) saltlen);
printf("died8killbuf ...");
fflush(stdout);
return NULL;
}
if (yescrypt_kdf(shared, local, passwd, passwdlen, salt, saltlen, N, r, p, 0, flags, hash, sizeof(hash))) {
printf("died10 ...");
fflush(stdout);
return NULL;
}
dst = buf;
memcpy(dst, setting, prefixlen + saltlen);
dst += prefixlen + saltlen;
*dst++ = '$';
dst = encode64(dst, buflen - (dst - buf), hash, sizeof(hash));
/* Could zeroize hash[] here, but yescrypt_kdf() doesn't zeroize its
* memory allocations yet anyway. */
if (!dst || dst >= buf + buflen) { /* Can't happen */
printf("died11 ...");
return NULL;
}
*dst = 0; /* NUL termination */
printf("died12 ...");
fflush(stdout);
return buf;
}
uint8_t *
yescrypt_r(const yescrypt_shared_t * shared, yescrypt_local_t * local,
const uint8_t * passwd, size_t passwdlen,
const uint8_t * setting,
uint8_t * buf, size_t buflen)
{
uint8_t hash[HASH_SIZE];
const uint8_t * src, * salt;
uint8_t * dst;
size_t prefixlen, saltlen, need;
uint8_t version;
uint64_t N;
uint32_t r, p;
yescrypt_flags_t flags = 0;
if (setting[0] != '$' || setting[1] != '7')
return NULL;
src = setting + 2;
switch ((version = *src)) {
case '$':
break;
case 'X':
src++;
flags = YESCRYPT_RW;
break;
default:
return NULL;
}
if (*src != '$') {
uint32_t decoded_flags;
if (decode64_one(&decoded_flags, *src))
return NULL;
flags = decoded_flags;
if (*++src != '$')
return NULL;
}
src++;
{
uint32_t N_log2;
if (decode64_one(&N_log2, *src))
return NULL;
src++;
N = (uint64_t)1 << N_log2;
}
src = decode64_uint32(&r, 30, src);
if (!src)
return NULL;
src = decode64_uint32(&p, 30, src);
if (!src)
return NULL;
prefixlen = src - setting;
salt = src;
src = (uint8_t *)strrchr((char *)salt, '$');
if (src)
saltlen = src - salt;
else
saltlen = strlen((char *)salt);
need = prefixlen + saltlen + 1 + HASH_LEN + 1;
if (need > buflen || need < saltlen)
return NULL;
if (yescrypt_kdf(shared, local, passwd, passwdlen, salt, saltlen,
N, r, p, 0, 0, flags, hash, sizeof(hash)))
return NULL;
dst = buf;
memcpy(dst, setting, prefixlen + saltlen);
dst += prefixlen + saltlen;
*dst++ = '$';
dst = encode64(dst, buflen - (dst - buf), hash, sizeof(hash));
/* Could zeroize hash[] here, but yescrypt_kdf() doesn't zeroize its
* memory allocations yet anyway. */
if (!dst || dst >= buf + buflen) /* Can't happen */
return NULL;
*dst = 0; /* NUL termination */
return buf;
}
