int
crypto_scrypt_compat(const uint8_t * passwd, size_t passwdlen,
const uint8_t * salt, size_t saltlen,
uint64_t N, uint32_t r, uint32_t p,
uint8_t * buf, size_t buflen)
{
escrypt_kdf_t escrypt_kdf;
escrypt_local_t local;
int retval;
if (escrypt_init_local(&local)) {
return -1;
}
#if defined(HAVE_EMMINTRIN_H) || defined(_MSC_VER)
escrypt_kdf =
sodium_runtime_has_sse2() ? escrypt_kdf_sse : escrypt_kdf_nosse;
#else
escrypt_kdf = escrypt_kdf_nosse;
#endif
retval = escrypt_kdf(&local,
passwd, passwdlen, salt, saltlen,
N, r, p, buf, buflen);
if (escrypt_free_local(&local)) {
return -1;
}
return retval;
}
int
crypto_pwhash_scryptsalsa208sha256_ll(const uint8_t * passwd, size_t passwdlen,
const uint8_t * salt, size_t saltlen,
uint64_t N, uint32_t r, uint32_t p,
uint8_t * buf, size_t buflen)
{
escrypt_kdf_t escrypt_kdf;
escrypt_local_t local;
int retval;
if (escrypt_init_local(&local)) {
return -1; /* LCOV_EXCL_LINE */
}
#if defined(HAVE_EMMINTRIN_H) || \
(defined(_MSC_VER) && (defined(_M_X64) || defined(_M_AMD64) || defined(_M_IX86)))
escrypt_kdf =
sodium_runtime_has_sse2() ? escrypt_kdf_sse : escrypt_kdf_nosse;
#else
escrypt_kdf = escrypt_kdf_nosse;
#endif
retval = escrypt_kdf(&local,
passwd, passwdlen, salt, saltlen,
N, r, p, buf, buflen);
if (escrypt_free_local(&local)) {
return -1; /* LCOV_EXCL_LINE */
}
return retval;
}
uint8_t *
escrypt_r(escrypt_local_t *local, const uint8_t *passwd, size_t passwdlen,
const uint8_t *setting, uint8_t *buf, size_t buflen)
{
uint8_t hash[crypto_pwhash_scryptsalsa208sha256_STRHASHBYTES];
escrypt_kdf_t escrypt_kdf;
const uint8_t *src;
const uint8_t *salt;
uint8_t *dst;
size_t prefixlen;
size_t saltlen;
size_t need;
uint64_t N;
uint32_t N_log2;
uint32_t r;
uint32_t p;
src = escrypt_parse_setting(setting, &N_log2, &r, &p);
if (!src) {
return NULL;
}
N = (uint64_t) 1 << N_log2;
prefixlen = src - setting;
salt = src;
src = (uint8_t *) strrchr((char *) salt, '$');
if (src) {
saltlen = src - salt;
} else {
saltlen = strlen((char *) salt);
}
need = prefixlen + saltlen + 1 +
crypto_pwhash_scryptsalsa208sha256_STRHASHBYTES_ENCODED + 1;
if (need > buflen || need < saltlen) {
return NULL;
}
#ifdef HAVE_EMMINTRIN_H
escrypt_kdf =
sodium_runtime_has_sse2() ? escrypt_kdf_sse : escrypt_kdf_nosse;
#else
escrypt_kdf = escrypt_kdf_nosse;
#endif
if (escrypt_kdf(local, passwd, passwdlen, salt, saltlen, N, r, p, hash,
sizeof(hash))) {
return NULL;
}
dst = buf;
memcpy(dst, setting, prefixlen + saltlen);
dst += prefixlen + saltlen;
*dst++ = '$';
dst = encode64(dst, buflen - (dst - buf), hash, sizeof(hash));
sodium_memzero(hash, sizeof hash);
if (!dst || dst >= buf + buflen) {
return NULL; /* Can't happen LCOV_EXCL_LINE */
}
*dst = 0; /* NUL termination */
return buf;
}
int
crypto_scrypt(const uint8_t * passwd, size_t passwdlen,
const uint8_t * salt, size_t saltlen, uint64_t N, uint32_t r, uint32_t p,
uint8_t * buf, size_t buflen)
{
escrypt_local_t local;
int retval;
if (escrypt_init_local(&local))
return -1;
retval = escrypt_kdf(&local,
passwd, passwdlen, salt, saltlen, N, r, p, buf, buflen);
if (escrypt_free_local(&local))
return -1;
return retval;
}
uint8_t *
escrypt_r(escrypt_local_t * local,
const uint8_t * passwd, size_t passwdlen,
const uint8_t * setting,
uint8_t * buf, size_t buflen)
{
uint8_t hash[HASH_SIZE];
const uint8_t * src, * salt;
uint8_t * dst;
size_t prefixlen, saltlen, need;
uint64_t N;
uint32_t r, p;
if (setting[0] != '$' || setting[1] != '7' || setting[2] != '$')
return NULL;
src = setting + 3;
{
uint32_t N_log2;
if (decode64_one(&N_log2, *src))
return NULL;
src++;
N = (uint64_t)1 << N_log2;
}
src = decode64_uint32(&r, 30, src);
if (!src)
return NULL;
src = decode64_uint32(&p, 30, src);
if (!src)
return NULL;
prefixlen = src - setting;
salt = src;
src = (uint8_t *)strrchr((char *)salt, '$');
if (src)
saltlen = src - salt;
else
saltlen = strlen((char *)salt);
need = prefixlen + saltlen + 1 + HASH_LEN + 1;
if (need > buflen || need < saltlen)
return NULL;
if (escrypt_kdf(local, passwd, passwdlen, salt, saltlen,
N, r, p, hash, sizeof(hash)))
return NULL;
dst = buf;
memcpy(dst, setting, prefixlen + saltlen);
dst += prefixlen + saltlen;
*dst++ = '$';
dst = encode64(dst, buflen - (dst - buf), hash, sizeof(hash));
/* Could zeroize hash[] here, but escrypt_kdf() doesn't zeroize its
* memory allocations yet anyway. */
if (!dst || dst >= buf + buflen) /* Can't happen */
return NULL;
*dst = 0; /* NUL termination */
return buf;
}
uint8_t *
escrypt_r(escrypt_local_t * local, const uint8_t * passwd, size_t passwdlen,
const uint8_t * setting, uint8_t * buf, size_t buflen)
{
uint8_t hash[crypto_pwhash_scryptxsalsa208sha256_STRHASHBYTES];
escrypt_kdf_t escrypt_kdf;
const uint8_t *src;
const uint8_t *salt;
uint8_t *dst;
size_t prefixlen;
size_t saltlen;
size_t need;
uint64_t N;
uint32_t N_log2;
uint32_t r;
uint32_t p;
if (setting[0] != '$' || setting[1] != '7' || setting[2] != '$') {
return NULL;
}
src = setting + 3;
if (decode64_one(&N_log2, *src)) {
return NULL;
}
src++;
N = (uint64_t)1 << N_log2;
src = decode64_uint32(&r, 30, src);
if (!src) {
return NULL;
}
src = decode64_uint32(&p, 30, src);
if (!src) {
return NULL;
}
prefixlen = src - setting;
salt = src;
src = (uint8_t *) strrchr((char *)salt, '$');
if (src) {
saltlen = src - salt;
} else {
saltlen = strlen((char *)salt);
}
need = prefixlen + saltlen + 1 +
crypto_pwhash_scryptxsalsa208sha256_STRHASHBYTES_ENCODED + 1;
if (need > buflen || need < saltlen) {
return NULL;
}
#if defined(HAVE_EMMINTRIN_H) || defined(_MSC_VER)
escrypt_kdf =
sodium_runtime_has_sse2() ? escrypt_kdf_sse : escrypt_kdf_nosse;
#else
escrypt_kdf = escrypt_kdf_nosse;
#endif
if (escrypt_kdf(local, passwd, passwdlen, salt, saltlen,
N, r, p, hash, sizeof(hash))) {
return NULL;
}
dst = buf;
memcpy(dst, setting, prefixlen + saltlen);
dst += prefixlen + saltlen;
*dst++ = '$';
dst = encode64(dst, buflen - (dst - buf), hash, sizeof(hash));
sodium_memzero(hash, sizeof hash);
if (!dst || dst >= buf + buflen) { /* Can't happen */
return NULL;
}
*dst = 0; /* NUL termination */
return buf;
}
