├── scrypt ├── scrypt-1.2.0 │ ├── .deps │ │ └── scrypt-main.Po │ ├── stamp-h1 │ ├── lib │ │ ├── util │ │ │ ├── .deps │ │ │ │ └── scrypt-memlimit.Po │ │ │ ├── build │ │ │ │ └── config.gypi │ │ │ └── memlimit.h │ │ ├── crypto │ │ │ ├── .deps │ │ │ │ ├── scrypt-crypto_scrypt.Po │ │ │ │ ├── scrypt-crypto_scrypt_smix.Po │ │ │ │ └── libscrypt_sse2_a-crypto_scrypt_smix_sse2.Po │ │ │ ├── crypto_scrypt_smix.h │ │ │ ├── crypto_scrypt_smix_sse2.h │ │ │ ├── crypto_scrypt.h │ │ │ ├── crypto_scrypt_smix.c │ │ │ ├── crypto_scrypt_smix_sse2.c │ │ │ ├── crypto_scrypt.c │ │ │ └── crypto_scrypt-ref.c │ │ ├── scryptenc │ │ │ ├── .deps │ │ │ │ ├── scrypt-scryptenc.Po │ │ │ │ └── scrypt-scryptenc_cpuperf.Po │ │ │ ├── scryptenc_cpuperf.h │ │ │ ├── scryptenc_cpuperf.c │ │ │ └── scryptenc.h │ │ └── README │ ├── libcperciva │ │ ├── alg │ │ │ ├── .deps │ │ │ │ └── scrypt-sha256.Po │ │ │ └── sha256.h │ │ ├── util │ │ │ ├── .deps │ │ │ │ ├── scrypt-entropy.Po │ │ │ │ ├── scrypt-readpass.Po │ │ │ │ ├── scrypt-warnp.Po │ │ │ │ └── scrypt-insecure_memzero.Po │ │ │ ├── entropy.h │ │ │ ├── insecure_memzero.c │ │ │ ├── readpass.h │ │ │ ├── warnp.h │ │ │ ├── insecure_memzero.h │ │ │ ├── warnp.c │ │ │ ├── entropy.c │ │ │ ├── sysendian.h │ │ │ └── readpass.c │ │ ├── crypto │ │ │ ├── .deps │ │ │ │ ├── scrypt-crypto_aes.Po │ │ │ │ ├── scrypt-crypto_aesctr.Po │ │ │ │ ├── scrypt-crypto_entropy.Po │ │ │ │ └── libcperciva_aesni_a-crypto_aes_aesni.Po │ │ │ ├── crypto_entropy.h │ │ │ ├── crypto_aes.h │ │ │ ├── crypto_aes_aesni.h │ │ │ ├── crypto_aesctr.h │ │ │ ├── crypto_aesctr.c │ │ │ ├── crypto_aes.c │ │ │ └── crypto_entropy.c │ │ ├── cpusupport │ │ │ ├── .deps │ │ │ │ ├── scrypt-cpusupport_x86_aesni.Po │ │ │ │ └── scrypt-cpusupport_x86_sse2.Po │ │ │ ├── Build │ │ │ │ ├── cpusupport-X86-CPUID.c │ │ │ │ ├── cpusupport-X86-SSE2.c │ │ │ │ ├── cpusupport-X86-AESNI.c │ │ │ │ └── cpusupport.sh │ │ │ ├── cpusupport_x86_sse2.c │ │ │ ├── cpusupport_x86_aesni.c │ │ │ └── cpusupport.h │ │ └── COPYRIGHT │ ├── scrypt_platform.h │ ├── FORMAT │ ├── hash.h │ ├── keyderivation.h │ ├── autocrap │ │ ├── configure.ac │ │ └── Makefile.am │ ├── hash.c │ ├── config.h.in │ ├── config.h │ ├── keyderivation.c │ └── config.aux │ │ └── missing └── win │ ├── include │ ├── gettimeofday.h │ ├── unistd.h │ ├── sys │ │ └── mman.h │ └── stdint.h │ ├── gettimeofday.c │ ├── mman.c │ └── memlimit.c ├── .gitignore ├── .travis.yml ├── node-scrypt-preinstall.js ├── src ├── node-boilerplate │ ├── scrypt_kdf-verify_async.cc │ ├── scrypt_kdf_async.cc │ ├── scrypt_kdf-verify_sync.cc │ ├── scrypt_params_async.cc │ ├── scrypt_kdf_sync.cc │ ├── scrypt_params_sync.cc │ ├── scrypt_hash_sync.cc │ ├── inc │ │ ├── scrypt_common.h │ │ ├── scrypt_params_async.h │ │ ├── scrypt_kdf-verify_async.h │ │ ├── scrypt_kdf_async.h │ │ ├── scrypt_async.h │ │ └── scrypt_hash_async.h │ ├── scrypt_hash_async.cc │ └── scrypt_common.cc ├── scryptwrapper │ ├── inc │ │ ├── pickparams.h │ │ ├── keyderivation.h │ │ └── hash.h │ ├── hash.c │ ├── keyderivation.c │ └── pickparams.c └── util │ ├── memlimit.h │ └── memlimit.c ├── package.json ├── changelog.md ├── scrypt_node.cc └── binding.gyp /scrypt/scrypt-1.2.0/.deps/scrypt-main.Po: -------------------------------------------------------------------------------- 1 | # dummy 2 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/stamp-h1: -------------------------------------------------------------------------------- 1 | timestamp for config.h 2 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/lib/util/.deps/scrypt-memlimit.Po: -------------------------------------------------------------------------------- 1 | # dummy 2 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/lib/crypto/.deps/scrypt-crypto_scrypt.Po: -------------------------------------------------------------------------------- 1 | # dummy 2 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/lib/scryptenc/.deps/scrypt-scryptenc.Po: -------------------------------------------------------------------------------- 1 | # dummy 2 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/alg/.deps/scrypt-sha256.Po: -------------------------------------------------------------------------------- 1 | # dummy 2 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/util/.deps/scrypt-entropy.Po: -------------------------------------------------------------------------------- 1 | # dummy 2 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/util/.deps/scrypt-readpass.Po: -------------------------------------------------------------------------------- 1 | # dummy 2 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/util/.deps/scrypt-warnp.Po: -------------------------------------------------------------------------------- 1 | # dummy 2 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/lib/crypto/.deps/scrypt-crypto_scrypt_smix.Po: -------------------------------------------------------------------------------- 1 | # dummy 2 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/crypto/.deps/scrypt-crypto_aes.Po: -------------------------------------------------------------------------------- 1 | # dummy 2 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/lib/scryptenc/.deps/scrypt-scryptenc_cpuperf.Po: -------------------------------------------------------------------------------- 1 | # dummy 2 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/crypto/.deps/scrypt-crypto_aesctr.Po: -------------------------------------------------------------------------------- 1 | # dummy 2 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/crypto/.deps/scrypt-crypto_entropy.Po: -------------------------------------------------------------------------------- 1 | # dummy 2 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/util/.deps/scrypt-insecure_memzero.Po: -------------------------------------------------------------------------------- 1 | # dummy 2 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/lib/crypto/.deps/libscrypt_sse2_a-crypto_scrypt_smix_sse2.Po: -------------------------------------------------------------------------------- 1 | # dummy 2 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/cpusupport/.deps/scrypt-cpusupport_x86_aesni.Po: -------------------------------------------------------------------------------- 1 | # dummy 2 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/cpusupport/.deps/scrypt-cpusupport_x86_sse2.Po: -------------------------------------------------------------------------------- 1 | # dummy 2 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/crypto/.deps/libcperciva_aesni_a-crypto_aes_aesni.Po: -------------------------------------------------------------------------------- 1 | # dummy 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | node_modules/* 2 | build/* 3 | *.DS_Store 4 | *.swp 5 | npm-debug.log 6 | scrypt/scrypt-1.1.6/config.h 7 | scrypt/configuration/config_output 8 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/cpusupport/Build/cpusupport-X86-CPUID.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main(void) 4 | { 5 | unsigned int a, b, c, d; 6 | 7 | return __get_cpuid(0, &a, &b, &c, &d); 8 | } 9 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/cpusupport/Build/cpusupport-X86-SSE2.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | static char a[16]; 4 | 5 | int main(void) 6 | { 7 | __m128i x; 8 | 9 | x = _mm_loadu_si128((__m128i *)a); 10 | _mm_storeu_si128((__m128i *)a, x); 11 | return (a[0]); 12 | } 13 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | sudo: false 2 | language: node_js 3 | node_js: 4 | - "4" 5 | compiler: 6 | - gcc 7 | - clang 8 | install: 9 | env: 10 | - CXX=g++-4.8 11 | addons: 12 | apt: 13 | sources: 14 | - ubuntu-toolchain-r-test 15 | packages: 16 | - gcc-4.8 17 | - g++-4.8 18 | - clang 19 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/cpusupport/Build/cpusupport-X86-AESNI.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | static char a[16]; 4 | 5 | int main(void) 6 | { 7 | __m128i x, y; 8 | 9 | x = _mm_loadu_si128((__m128i *)a); 10 | y = _mm_aesenc_si128(x, x); 11 | _mm_storeu_si128((__m128i *)a, y); 12 | return (a[0]); 13 | } 14 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/scrypt_platform.h: -------------------------------------------------------------------------------- 1 | #ifndef _SCRYPT_PLATFORM_H_ 2 | #define _SCRYPT_PLATFORM_H_ 3 | 4 | #if defined(CONFIG_H_FILE) 5 | #include CONFIG_H_FILE 6 | #elif defined(HAVE_CONFIG_H) 7 | #include "config.h" 8 | #else 9 | #error Need either CONFIG_H_FILE or HAVE_CONFIG_H defined. 10 | #endif 11 | 12 | #endif /* !_SCRYPT_PLATFORM_H_ */ 13 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/util/entropy.h: -------------------------------------------------------------------------------- 1 | #ifndef _ENTROPY_H_ 2 | #define _ENTROPY_H_ 3 | 4 | #include 5 | #include 6 | 7 | /** 8 | * entropy_read(buf, buflen): 9 | * Fill the given buffer with random bytes provided by the operating system. 10 | */ 11 | int entropy_read(uint8_t *, size_t); 12 | 13 | #endif /* !_ENTROPY_H_ */ 14 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/lib/README: -------------------------------------------------------------------------------- 1 | The source code under this directory is taken from the client for the 2 | Tarsnap online backup system (and released under the 2-clause BSD license 3 | with permission of the author); keeping this code in sync with the Tarsnap 4 | code is highly desirable and explains why there is some functionality 5 | included here which is not actually used by the scrypt file encryption 6 | utility. 7 | -------------------------------------------------------------------------------- /scrypt/win/include/gettimeofday.h: -------------------------------------------------------------------------------- 1 | #ifndef _MY_GETTIMEOFDAY_H_ 2 | #define _MY_GETTIMEOFDAY_H_ 3 | 4 | #ifdef _MSC_VER 5 | 6 | #include 7 | int gettimeofday(struct timeval * tp, struct timezone * tzp); 8 | 9 | #if _MSC_VER < 1900 10 | struct timespec { 11 | time_t tv_sec; 12 | time_t tv_nsec; 13 | }; 14 | #endif 15 | 16 | #endif /* _MSC_VER */ 17 | 18 | #endif /* _MY_GETTIMEOFDAY_H_ */ 19 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/crypto/crypto_entropy.h: -------------------------------------------------------------------------------- 1 | #ifndef _CRYPTO_ENTROPY_H_ 2 | #define _CRYPTO_ENTROPY_H_ 3 | 4 | #include 5 | #include 6 | 7 | /** 8 | * crypto_entropy_read(buf, buflen): 9 | * Fill the buffer with unpredictable bits. The value ${buflen} must be 10 | * less than 2^16. 11 | */ 12 | int crypto_entropy_read(uint8_t *, size_t); 13 | 14 | #endif /* !_CRYPTO_ENTROPY_H_ */ 15 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/util/insecure_memzero.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | #include "insecure_memzero.h" 5 | 6 | /* Function which does the zeroing. */ 7 | static void 8 | insecure_memzero_func(volatile void * buf, size_t len) 9 | { 10 | volatile uint8_t * _buf = buf; 11 | size_t i; 12 | 13 | for (i = 0; i < len; i++) 14 | _buf[i] = 0; 15 | } 16 | 17 | /* Pointer to memory-zeroing function. */ 18 | void (* volatile insecure_memzero_ptr)(volatile void *, size_t) = 19 | insecure_memzero_func; 20 | -------------------------------------------------------------------------------- /node-scrypt-preinstall.js: -------------------------------------------------------------------------------- 1 | "use strict"; 2 | 3 | var OS = require("os") 4 | , path = require('path').dirname(require.main.filename) 5 | , exec = require('child_process').exec 6 | , puts = function(error, stdout, stderr) { if (error) console.log("Error: " + error);}; 7 | 8 | // Regenerate config if not a windows platform 9 | // if windows, use the default config.h 10 | if (OS.platform() !== "win32") { 11 | exec("make clean", {"cwd": path + "/scrypt/scrypt-1.2.0"}); 12 | exec("./configure", {cwd: path + "/scrypt/scrypt-1.2.0"}, puts); 13 | } 14 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/lib/crypto/crypto_scrypt_smix.h: -------------------------------------------------------------------------------- 1 | #ifndef _CRYPTO_SCRYPT_SMIX_H_ 2 | #define _CRYPTO_SCRYPT_SMIX_H_ 3 | 4 | /** 5 | * crypto_scrypt_smix(B, r, N, V, XY): 6 | * Compute B = SMix_r(B, N). The input B must be 128r bytes in length; 7 | * the temporary storage V must be 128rN bytes in length; the temporary 8 | * storage XY must be 256r + 64 bytes in length. The value N must be a 9 | * power of 2 greater than 1. The arrays B, V, and XY must be aligned to a 10 | * multiple of 64 bytes. 11 | */ 12 | void crypto_scrypt_smix(uint8_t *, size_t, uint64_t, void *, void *); 13 | 14 | #endif /* !_CRYPTO_SCRYPT_SMIX_H_ */ 15 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/lib/crypto/crypto_scrypt_smix_sse2.h: -------------------------------------------------------------------------------- 1 | #ifndef _CRYPTO_SCRYPT_SMIX_SSE2_H_ 2 | #define _CRYPTO_SCRYPT_SMIX_SSE2_H_ 3 | 4 | /** 5 | * crypto_scrypt_smix_sse2(B, r, N, V, XY): 6 | * Compute B = SMix_r(B, N). The input B must be 128r bytes in length; 7 | * the temporary storage V must be 128rN bytes in length; the temporary 8 | * storage XY must be 256r + 64 bytes in length. The value N must be a 9 | * power of 2 greater than 1. The arrays B, V, and XY must be aligned to a 10 | * multiple of 64 bytes. 11 | * 12 | * Use SSE2 instructions. 13 | */ 14 | void crypto_scrypt_smix_sse2(uint8_t *, size_t, uint64_t, void *, void *); 15 | 16 | #endif /* !_CRYPTO_SCRYPT_SMIX_SSE2_H_ */ 17 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/FORMAT: -------------------------------------------------------------------------------- 1 | scrypt encrypted data format 2 | ---------------------------- 3 | 4 | offset length 5 | 0 6 "scrypt" 6 | 6 1 scrypt data file version number (== 0) 7 | 7 1 log2(N) (must be between 1 and 63 inclusive) 8 | 8 4 r (big-endian integer; must satisfy r * p < 2^30) 9 | 12 4 p (big-endian integer; must satisfy r * p < 2^30) 10 | 16 32 salt 11 | 48 16 first 16 bytes of SHA256(bytes 0 .. 47) 12 | 64 32 HMAC-SHA256(bytes 0 .. 63) 13 | 96 X data xor AES256-CTR key stream generated with nonce == 0 14 | 96+X 32 HMAC-SHA256(bytes 0 .. 96 + (X - 1)) 15 | 16 | AES256-CTR is computed with a 256-bit AES key key_enc, and HMAC-SHA256 is 17 | computed with a 256-bit key key_hmac, where 18 | scrypt(password, salt, N, r, p, 64) == [key_enc][key_hmac] 19 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/cpusupport/cpusupport_x86_sse2.c: -------------------------------------------------------------------------------- 1 | #include "cpusupport.h" 2 | 3 | #ifdef CPUSUPPORT_X86_CPUID 4 | #include 5 | #endif 6 | 7 | #define CPUID_SSE2_BIT (1 << 26) 8 | 9 | CPUSUPPORT_FEATURE_DECL(x86, sse2) 10 | { 11 | #ifdef CPUSUPPORT_X86_CPUID 12 | unsigned int eax, ebx, ecx, edx; 13 | 14 | /* Check if CPUID supports the level we need. */ 15 | if (!__get_cpuid(0, &eax, &ebx, &ecx, &edx)) 16 | goto unsupported; 17 | if (eax < 1) 18 | goto unsupported; 19 | 20 | /* Ask about CPU features. */ 21 | if (!__get_cpuid(1, &eax, &ebx, &ecx, &edx)) 22 | goto unsupported; 23 | 24 | /* Return the relevant feature bit. */ 25 | return (edx & CPUID_SSE2_BIT); 26 | 27 | unsupported: 28 | #endif 29 | return (0); 30 | } 31 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/cpusupport/cpusupport_x86_aesni.c: -------------------------------------------------------------------------------- 1 | #include "cpusupport.h" 2 | 3 | #ifdef CPUSUPPORT_X86_CPUID 4 | #include 5 | #endif 6 | 7 | #define CPUID_AESNI_BIT (1 << 25) 8 | 9 | CPUSUPPORT_FEATURE_DECL(x86, aesni) 10 | { 11 | #ifdef CPUSUPPORT_X86_CPUID 12 | unsigned int eax, ebx, ecx, edx; 13 | 14 | /* Check if CPUID supports the level we need. */ 15 | if (!__get_cpuid(0, &eax, &ebx, &ecx, &edx)) 16 | goto unsupported; 17 | if (eax < 1) 18 | goto unsupported; 19 | 20 | /* Ask about CPU features. */ 21 | if (!__get_cpuid(1, &eax, &ebx, &ecx, &edx)) 22 | goto unsupported; 23 | 24 | /* Return the relevant feature bit. */ 25 | return (ecx & CPUID_AESNI_BIT); 26 | 27 | unsupported: 28 | #endif 29 | return (0); 30 | } 31 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/util/readpass.h: -------------------------------------------------------------------------------- 1 | #ifndef _READPASS_H_ 2 | #define _READPASS_H_ 3 | 4 | /* Avoid namespace collisions with other "readpass" functions. */ 5 | #ifdef readpass 6 | #undef readpass 7 | #endif 8 | #define readpass libcperciva_readpass 9 | 10 | /** 11 | * readpass(passwd, prompt, confirmprompt, devtty) 12 | * If ${devtty} is non-zero, read a password from /dev/tty if possible; if 13 | * not, read from stdin. If reading from a tty (either /dev/tty or stdin), 14 | * disable echo and prompt the user by printing ${prompt} to stderr. If 15 | * ${confirmprompt} is non-NULL, read a second password (prompting if a 16 | * terminal is being used) and repeat until the user enters the same password 17 | * twice. Return the password as a malloced NUL-terminated string via 18 | * ${passwd}. 19 | */ 20 | int readpass(char **, const char *, const char *, int); 21 | 22 | #endif /* !_READPASS_H_ */ 23 | -------------------------------------------------------------------------------- /src/node-boilerplate/scrypt_kdf-verify_async.cc: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | #include "scrypt_kdf-verify_async.h" 5 | 6 | //Scrypt is a C library and there needs c linkings 7 | extern "C" { 8 | #include "keyderivation.h" 9 | } 10 | 11 | using namespace v8; 12 | 13 | void ScryptKDFVerifyAsyncWorker::Execute() { 14 | // 15 | // Scrypt KDF Verification function 16 | // 17 | result = Verify(kdf_ptr, key_ptr, key_size); 18 | match = (result == 0); 19 | result = (result == 11) ? 0 : result; // Set result to 0 if 11 so error not thrown 20 | } 21 | 22 | void ScryptKDFVerifyAsyncWorker::HandleOKCallback() { 23 | Nan::HandleScope scope; 24 | 25 | Local argv[] = { 26 | Nan::Null(), 27 | (match) ? Nan::True() : Nan::False() 28 | }; 29 | 30 | callback->Call(2, argv, async_resource); 31 | } 32 | 33 | NAN_METHOD(kdfVerify) { 34 | Nan::AsyncQueueWorker(new ScryptKDFVerifyAsyncWorker(info)); 35 | } 36 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/crypto/crypto_aes.h: -------------------------------------------------------------------------------- 1 | #ifndef _CRYPTO_AES_H_ 2 | #define _CRYPTO_AES_H_ 3 | 4 | #include 5 | #include 6 | 7 | /* Opaque structure. */ 8 | struct crypto_aes_key; 9 | 10 | /** 11 | * crypto_aes_key_expand(key, len): 12 | * Expand the ${len}-byte AES key ${key} into a structure which can be passed 13 | * to crypto_aes_encrypt_block. The length must be 16 or 32. 14 | */ 15 | struct crypto_aes_key * crypto_aes_key_expand(const uint8_t *, size_t); 16 | 17 | /** 18 | * crypto_aes_encrypt_block(in, out, key): 19 | * Using the expanded AES key ${key}, encrypt the block ${in} and write the 20 | * resulting ciphertext to ${out}. 21 | */ 22 | void crypto_aes_encrypt_block(const uint8_t *, uint8_t *, 23 | const struct crypto_aes_key *); 24 | 25 | /** 26 | * crypto_aes_key_free(key): 27 | * Free the expanded AES key ${key}. 28 | */ 29 | void crypto_aes_key_free(struct crypto_aes_key *); 30 | 31 | #endif /* !_CRYPTO_AES_H_ */ 32 | -------------------------------------------------------------------------------- /src/node-boilerplate/scrypt_kdf_async.cc: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | #include "scrypt_kdf_async.h" 5 | 6 | //Scrypt is a C library and there needs c linkings 7 | extern "C" { 8 | #include "keyderivation.h" 9 | } 10 | 11 | using namespace v8; 12 | 13 | void ScryptKDFAsyncWorker::Execute() { 14 | // 15 | // Scrypt key derivation function 16 | // 17 | result = KDF(key_ptr, key_size, KDFResult_ptr, params.N, params.r, params.p, salt_ptr); 18 | } 19 | 20 | void ScryptKDFAsyncWorker::HandleOKCallback() { 21 | Nan::HandleScope scope; 22 | 23 | Local argv[] = { 24 | Nan::Null(), 25 | Nan::Get(Nan::To(GetFromPersistent("ScryptPeristentObject")).ToLocalChecked(), Nan::New("KDFResult").ToLocalChecked()).ToLocalChecked() 26 | }; 27 | 28 | callback->Call(2, argv, async_resource); 29 | } 30 | 31 | // Asynchronous access to scrypt params 32 | NAN_METHOD(kdf) { 33 | Nan::AsyncQueueWorker(new ScryptKDFAsyncWorker(info)); 34 | } 35 | -------------------------------------------------------------------------------- /src/node-boilerplate/scrypt_kdf-verify_sync.cc: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | #include "scrypt_common.h" 5 | 6 | //Scrypt is a C library and there needs c linkings 7 | extern "C" { 8 | #include "keyderivation.h" 9 | } 10 | 11 | using namespace v8; 12 | 13 | //Synchronous access to scrypt params 14 | NAN_METHOD(kdfVerifySync) { 15 | // 16 | // Variable Declaration 17 | // 18 | const uint8_t* kdf_ptr = reinterpret_cast(node::Buffer::Data(info[0])); 19 | const uint8_t* key_ptr = reinterpret_cast(node::Buffer::Data(info[1])); 20 | const size_t key_size = node::Buffer::Length(info[1]); 21 | 22 | // 23 | // Scrypt KDF Verification 24 | // 25 | const unsigned int result = Verify(kdf_ptr, key_ptr, key_size); 26 | 27 | // 28 | // Return result (or error) 29 | // 30 | if (result && result != 11) { // 11 is the "error" code for an incorrect match 31 | Nan::ThrowError(NodeScrypt::ScryptError(result)); 32 | } 33 | 34 | info.GetReturnValue().Set((!result) ? Nan::True() : Nan::False()); 35 | } 36 | -------------------------------------------------------------------------------- /src/node-boilerplate/scrypt_params_async.cc: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | #include "scrypt_params_async.h" 5 | 6 | //Scrypt is a C library and there needs c linkings 7 | extern "C" { 8 | #include "pickparams.h" 9 | } 10 | 11 | using namespace v8; 12 | 13 | void ScryptParamsAsyncWorker::Execute() { 14 | // Scrypt: calculate input parameters 15 | result = pickparams(&logN, &r, &p, maxtime, maxmem, maxmemfrac, osfreemem); 16 | } 17 | 18 | void ScryptParamsAsyncWorker::HandleOKCallback() { 19 | Nan::HandleScope scope; 20 | 21 | // Returned params in JSON object 22 | Local obj = Nan::New(); 23 | Nan::Set(obj, Nan::New("N").ToLocalChecked(), Nan::New(logN)); 24 | Nan::Set(obj, Nan::New("r").ToLocalChecked(), Nan::New(r)); 25 | Nan::Set(obj, Nan::New("p").ToLocalChecked(), Nan::New(p)); 26 | 27 | Local argv[] = { 28 | Nan::Null(), 29 | obj 30 | }; 31 | 32 | callback->Call(2, argv, async_resource); 33 | } 34 | 35 | // Asynchronous access to scrypt params 36 | NAN_METHOD(params) { 37 | Nan::AsyncQueueWorker(new ScryptParamsAsyncWorker(info)); 38 | } 39 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "scrypt", 3 | "description": "The scrypt crypto library for NodeJS", 4 | "version": "6.0.3", 5 | "license": "zlib", 6 | "keywords": [ 7 | "scrypt", 8 | "password", 9 | "auth", 10 | "authentication", 11 | "encryption", 12 | "crypto", 13 | "secret", 14 | "key", 15 | "secret key", 16 | "hash", 17 | "verify" 18 | ], 19 | "author": { 20 | "name": "Barry Steyn", 21 | "email": "barry.steyn@gmail.com", 22 | "url": "http://doctrina.org" 23 | }, 24 | "engines": { 25 | "node": ">= 0.10" 26 | }, 27 | "repository": { 28 | "type": "git", 29 | "url": "https://github.com/barrysteyn/node-scrypt.git" 30 | }, 31 | "devDependencies": { 32 | "mocha": "2.2.5", 33 | "chai": "3.0.0", 34 | "chai-as-promised": "^5.1.0" 35 | }, 36 | "dependencies": { 37 | "nan": "^2.14.0" 38 | }, 39 | "licenses": [ 40 | { 41 | "type": "MIT" 42 | } 43 | ], 44 | "bugs": { 45 | "url": "https://github.com/barrysteyn/node-scrypt/issues" 46 | }, 47 | "scripts": { 48 | "preinstall": "node node-scrypt-preinstall.js", 49 | "install": "node-gyp rebuild", 50 | "test": "mocha tests/scrypt-tests.js" 51 | } 52 | } 53 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/crypto/crypto_aes_aesni.h: -------------------------------------------------------------------------------- 1 | #ifndef _CRYPTO_AES_AESNI_H_ 2 | #define _CRYPTO_AES_AESNI_H_ 3 | 4 | #include 5 | #include 6 | 7 | /** 8 | * crypto_aes_key_expand_aesni(key, len): 9 | * Expand the ${len}-byte AES key ${key} into a structure which can be passed 10 | * to crypto_aes_encrypt_block_aesni. The length must be 16 or 32. This 11 | * implementation uses x86 AESNI instructions, and should only be used if 12 | * CPUSUPPORT_X86_AESNI is defined and cpusupport_x86_aesni() returns nonzero. 13 | */ 14 | void * crypto_aes_key_expand_aesni(const uint8_t *, size_t); 15 | 16 | /** 17 | * crypto_aes_encrypt_block_aesni(in, out, key): 18 | * Using the expanded AES key ${key}, encrypt the block ${in} and write the 19 | * resulting ciphertext to ${out}. This implementation uses x86 AESNI 20 | * instructions, and should only be used if CPUSUPPORT_X86_AESNI is defined 21 | * and cpusupport_x86_aesni() returns nonzero. 22 | */ 23 | void crypto_aes_encrypt_block_aesni(const uint8_t *, uint8_t *, const void *); 24 | 25 | /** 26 | * crypto_aes_key_free_aesni(key): 27 | * Free the expanded AES key ${key}. 28 | */ 29 | void crypto_aes_key_free_aesni(void *); 30 | 31 | #endif /* !_CRYPTO_AES_AESNI_H_ */ 32 | -------------------------------------------------------------------------------- /src/scryptwrapper/inc/pickparams.h: -------------------------------------------------------------------------------- 1 | /* 2 | pickparams.h 3 | 4 | Copyright (C) 2013 Barry Steyn (http://doctrina.org/Scrypt-Authentication-For-Node.html) 5 | 6 | This source code is provided 'as-is', without any express or implied 7 | warranty. In no event will the author be held liable for any damages 8 | arising from the use of this software. 9 | 10 | Permission is granted to anyone to use this software for any purpose, 11 | including commercial applications, and to alter it and redistribute it 12 | freely, subject to the following restrictions: 13 | 14 | 1. The origin of this source code must not be misrepresented; you must not 15 | claim that you wrote the original source code. If you use this source code 16 | in a product, an acknowledgment in the product documentation would be 17 | appreciated but is not required. 18 | 19 | 2. Altered source versions must be plainly marked as such, and must not be 20 | misrepresented as being the original source code. 21 | 22 | 3. This notice may not be removed or altered from any source distribution. 23 | 24 | Barry Steyn barry.steyn@gmail.com 25 | */ 26 | 27 | #ifndef _PICKPARAMS_H_ 28 | #define _PICKPARAMS_H_ 29 | 30 | unsigned int 31 | pickparams(int*, uint32_t*, uint32_t*, double, size_t, double, size_t); 32 | 33 | #endif /* !_PICKPARAMS_H_ */ 34 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/lib/util/build/config.gypi: -------------------------------------------------------------------------------- 1 | # Do not edit. File was generated by node-gyp's "configure" step 2 | { 3 | "target_defaults": { 4 | "cflags": [], 5 | "default_configuration": "Release", 6 | "defines": [], 7 | "include_dirs": [], 8 | "libraries": [] 9 | }, 10 | "variables": { 11 | "clang": 0, 12 | "gcc_version": 48, 13 | "host_arch": "x64", 14 | "node_install_npm": "true", 15 | "node_prefix": "/usr", 16 | "node_shared_cares": "false", 17 | "node_shared_http_parser": "false", 18 | "node_shared_libuv": "false", 19 | "node_shared_openssl": "false", 20 | "node_shared_v8": "false", 21 | "node_shared_zlib": "false", 22 | "node_tag": "", 23 | "node_unsafe_optimizations": 0, 24 | "node_use_dtrace": "false", 25 | "node_use_etw": "false", 26 | "node_use_openssl": "true", 27 | "node_use_perfctr": "false", 28 | "node_use_systemtap": "false", 29 | "openssl_no_asm": 0, 30 | "python": "/usr/bin/python", 31 | "target_arch": "x64", 32 | "v8_enable_gdbjit": 0, 33 | "v8_no_strict_aliasing": 1, 34 | "v8_use_snapshot": "false", 35 | "want_separate_host_toolset": 0, 36 | "nodedir": "/home/baz/.node-gyp/0.10.33", 37 | "copy_dev_lib": "true", 38 | "standalone_static_library": 1 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/hash.h: -------------------------------------------------------------------------------- 1 | /* 2 | hash.h 3 | 4 | Copyright (C) 2013 Barry Steyn (http://doctrina.org/Scrypt-Authentication-For-Node.html) 5 | 6 | This source code is provided 'as-is', without any express or implied 7 | warranty. In no event will the author be held liable for any damages 8 | arising from the use of this software. 9 | 10 | Permission is granted to anyone to use this software for any purpose, 11 | including commercial applications, and to alter it and redistribute it 12 | freely, subject to the following restrictions: 13 | 14 | 1. The origin of this source code must not be misrepresented; you must not 15 | claim that you wrote the original source code. If you use this source code 16 | in a product, an acknowledgment in the product documentation would be 17 | appreciated but is not required. 18 | 2. Altered source versions must be plainly marked as such, and must not be 19 | misrepresented as being the original source code. 20 | 3. This notice may not be removed or altered from any source distribution. 21 | 22 | Barry Steyn barry.steyn@gmail.com 23 | */ 24 | 25 | #ifndef _KEYDERIVATION_H_ 26 | #define _KEYDERIVATION_H_ 27 | 28 | int 29 | ScryptHashFunction(const uint8_t*, size_t, const uint8_t*, size_t, uint64_t, uint32_t, uint32_t, uint8_t*, size_t); 30 | 31 | #endif /* !_KEYDERIVATION_H_ */ 32 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/keyderivation.h: -------------------------------------------------------------------------------- 1 | /* 2 | keyderivation.h 3 | 4 | Copyright (C) 2013 Barry Steyn (http://doctrina.org/Scrypt-Authentication-For-Node.html) 5 | 6 | This source code is provided 'as-is', without any express or implied 7 | warranty. In no event will the author be held liable for any damages 8 | arising from the use of this software. 9 | 10 | Permission is granted to anyone to use this software for any purpose, 11 | including commercial applications, and to alter it and redistribute it 12 | freely, subject to the following restrictions: 13 | 14 | 1. The origin of this source code must not be misrepresented; you must not 15 | claim that you wrote the original source code. If you use this source code 16 | in a product, an acknowledgment in the product documentation would be 17 | appreciated but is not required. 18 | 19 | 2. Altered source versions must be plainly marked as such, and must not be 20 | misrepresented as being the original source code. 21 | 22 | 3. This notice may not be removed or altered from any source distribution. 23 | 24 | Barry Steyn barry.steyn@gmail.com 25 | */ 26 | 27 | #ifndef _SCRYPTHASH_H_ 28 | #define _SCRYPTHASH_H_ 29 | 30 | int 31 | KDF(const uint8_t*, size_t, uint8_t*, uint32_t, uint32_t, uint32_t); 32 | 33 | int 34 | Verify(const uint8_t*, const uint8_t*, size_t); 35 | 36 | #endif /* !_SCRYPTHASH_H_ */ 37 | -------------------------------------------------------------------------------- /src/node-boilerplate/scrypt_kdf_sync.cc: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | #include "scrypt_common.h" 5 | 6 | // 7 | // Scrypt is a C library and there needs c linkings 8 | // 9 | extern "C" { 10 | #include "keyderivation.h" 11 | } 12 | 13 | using namespace v8; 14 | 15 | // 16 | // Synchronous Scrypt params 17 | // 18 | NAN_METHOD(kdfSync) { 19 | // 20 | // Variable Declaration 21 | // 22 | Local kdfResult = Nan::NewBuffer(96).ToLocalChecked(); 23 | 24 | // 25 | // Arguments from JavaScript 26 | // 27 | const uint8_t* key_ptr = reinterpret_cast(node::Buffer::Data(info[0])); //assume info[0] is a buffer (checked in JS land) 28 | const size_t keySize = node::Buffer::Length(info[0]); 29 | const NodeScrypt::Params params = Nan::To(info[1]).ToLocalChecked(); 30 | const uint8_t* salt_ptr = reinterpret_cast(node::Buffer::Data(info[2])); 31 | 32 | // 33 | // Scrypt key derivation function 34 | // 35 | const unsigned int result = KDF(key_ptr, keySize, reinterpret_cast(node::Buffer::Data(kdfResult)), params.N, params.r, params.p, salt_ptr); 36 | 37 | // 38 | // Error handling 39 | // 40 | if (result) { 41 | Nan::ThrowError(NodeScrypt::ScryptError(result)); 42 | } 43 | 44 | info.GetReturnValue().Set(kdfResult); 45 | } 46 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/cpusupport/Build/cpusupport.sh: -------------------------------------------------------------------------------- 1 | # Should be sourced by `command -p sh path/to/cpusupport.sh` from 2 | # within a Makefile. 3 | # Standard output should be written to cpusupport-config.h, which is both a 4 | # C header file defining CPUSUPPORT_ARCH_FEATURE macros and sourceable sh 5 | # code which sets CFLAGS_ARCH_FEATURE environment variables. 6 | SRCDIR=`command -p dirname "$0"` 7 | 8 | feature() { 9 | ARCH=$1 10 | FEATURE=$2 11 | shift 2; 12 | printf "Checking if compiler supports $ARCH $FEATURE feature..." 1>&2 13 | for CFLAG in "$@"; do 14 | if ${CC} ${CFLAGS} -D_POSIX_C_SOURCE=200809L ${CFLAG} \ 15 | ${SRCDIR}/cpusupport-$ARCH-$FEATURE.c 2>/dev/null; then 16 | rm -f a.out 17 | break; 18 | fi 19 | CFLAG=NOTSUPPORTED; 20 | done 21 | case $CFLAG in 22 | NOTSUPPORTED) 23 | echo " no" 1>&2 24 | ;; 25 | "") 26 | echo " yes" 1>&2 27 | echo "#define CPUSUPPORT_${ARCH}_${FEATURE}" 28 | ;; 29 | *) 30 | echo " yes, via $CFLAG" 1>&2 31 | echo "#define CPUSUPPORT_${ARCH}_${FEATURE}" 32 | echo "#ifdef cpusupport_dummy" 33 | echo "export CFLAGS_${ARCH}_${FEATURE}=\"${CFLAG}\"" 34 | echo "#endif" 35 | ;; 36 | esac 37 | } 38 | 39 | feature X86 CPUID "" 40 | feature X86 SSE2 "" "-msse2" "-msse2 -Wno-cast-align" 41 | feature X86 AESNI "" "-maes" "-maes -Wno-cast-align" "-maes -Wno-missing-prototypes -Wno-cast-qual" 42 | -------------------------------------------------------------------------------- /src/scryptwrapper/inc/keyderivation.h: -------------------------------------------------------------------------------- 1 | /* 2 | keyderivation.h 3 | 4 | Copyright (C) 2013 Barry Steyn (http://doctrina.org/Scrypt-Authentication-For-Node.html) 5 | 6 | This source code is provided 'as-is', without any express or implied 7 | warranty. In no event will the author be held liable for any damages 8 | arising from the use of this software. 9 | 10 | Permission is granted to anyone to use this software for any purpose, 11 | including commercial applications, and to alter it and redistribute it 12 | freely, subject to the following restrictions: 13 | 14 | 1. The origin of this source code must not be misrepresented; you must not 15 | claim that you wrote the original source code. If you use this source code 16 | in a product, an acknowledgment in the product documentation would be 17 | appreciated but is not required. 18 | 19 | 2. Altered source versions must be plainly marked as such, and must not be 20 | misrepresented as being the original source code. 21 | 22 | 3. This notice may not be removed or altered from any source distribution. 23 | 24 | Barry Steyn barry.steyn@gmail.com 25 | */ 26 | 27 | #ifndef _SCRYPTHASH_H_ 28 | #define _SCRYPTHASH_H_ 29 | 30 | unsigned int 31 | KDF(const uint8_t*, size_t, uint8_t*, uint32_t, uint32_t, uint32_t, const uint8_t*); 32 | 33 | unsigned int 34 | Verify(const uint8_t*, const uint8_t*, size_t); 35 | 36 | #endif /* !_SCRYPTHASH_H_ */ 37 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/crypto/crypto_aesctr.h: -------------------------------------------------------------------------------- 1 | #ifndef _CRYPTO_AESCTR_H_ 2 | #define _CRYPTO_AESCTR_H_ 3 | 4 | #include 5 | #include 6 | 7 | /* Opaque type. */ 8 | struct crypto_aes_key; 9 | 10 | /** 11 | * crypto_aesctr_init(key, nonce): 12 | * Prepare to encrypt/decrypt data with AES in CTR mode, using the provided 13 | * expanded key and nonce. The key provided must remain valid for the 14 | * lifetime of the stream. 15 | */ 16 | struct crypto_aesctr * crypto_aesctr_init(const struct crypto_aes_key *, 17 | uint64_t); 18 | 19 | /** 20 | * crypto_aesctr_stream(stream, inbuf, outbuf, buflen): 21 | * Generate the next ${buflen} bytes of the AES-CTR stream and xor them with 22 | * bytes from ${inbuf}, writing the result into ${outbuf}. If the buffers 23 | * ${inbuf} and ${outbuf} overlap, they must be identical. 24 | */ 25 | void crypto_aesctr_stream(struct crypto_aesctr *, const uint8_t *, 26 | uint8_t *, size_t); 27 | 28 | /** 29 | * crypto_aesctr_free(stream): 30 | * Free the provided stream object. 31 | */ 32 | void crypto_aesctr_free(struct crypto_aesctr *); 33 | 34 | /** 35 | * crypto_aesctr_buf(key, nonce, inbuf, outbuf, buflen): 36 | * Equivalent to init(key, nonce); stream(inbuf, outbuf, buflen); free. 37 | */ 38 | void crypto_aesctr_buf(const struct crypto_aes_key *, uint64_t, 39 | const uint8_t *, uint8_t *, size_t); 40 | 41 | #endif /* !_CRYPTO_AESCTR_H_ */ 42 | -------------------------------------------------------------------------------- /src/scryptwrapper/inc/hash.h: -------------------------------------------------------------------------------- 1 | /* 2 | hash.h 3 | 4 | Copyright (C) 2013 Barry Steyn (http://doctrina.org/Scrypt-Authentication-For-Node.html) 5 | 6 | This source code is provided 'as-is', without any express or implied 7 | warranty. In no event will the author be held liable for any damages 8 | arising from the use of this software. 9 | 10 | Permission is granted to anyone to use this software for any purpose, 11 | including commercial applications, and to alter it and redistribute it 12 | freely, subject to the following restrictions: 13 | 14 | 1. The origin of this source code must not be misrepresented; you must not 15 | claim that you wrote the original source code. If you use this source code 16 | in a product, an acknowledgment in the product documentation would be 17 | appreciated but is not required. 18 | 2. Altered source versions must be plainly marked as such, and must not be 19 | misrepresented as being the original source code. 20 | 3. This notice may not be removed or altered from any source distribution. 21 | 22 | Barry Steyn barry.steyn@gmail.com 23 | */ 24 | 25 | #ifndef _KEYDERIVATION_H_ 26 | #define _KEYDERIVATION_H_ 27 | 28 | unsigned int 29 | Hash(const uint8_t*, size_t, const uint8_t*, size_t, uint64_t, uint32_t, uint32_t, uint8_t*, size_t); 30 | 31 | unsigned int 32 | ScryptHashFunction(const uint8_t*, size_t, const uint8_t*, size_t, uint64_t, uint32_t, uint32_t, uint8_t*, size_t); 33 | 34 | #endif /* !_KEYDERIVATION_H_ */ 35 | -------------------------------------------------------------------------------- /scrypt/win/include/unistd.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copied from StackOverflow: 3 | * http://stackoverflow.com/a/826027 4 | */ 5 | 6 | #ifndef _UNISTD_H 7 | #define _UNISTD_H 1 8 | 9 | /* This file intended to serve as a drop-in replacement for 10 | * unistd.h on Windows 11 | * Please add functionality as neeeded 12 | */ 13 | 14 | #include 15 | #include 16 | #include /* for getpid() and the exec..() family */ 17 | 18 | #define srandom srand 19 | #define random rand 20 | 21 | /* Values for the second argument to access. 22 | These may be OR'd together. */ 23 | #define R_OK 4 /* Test for read permission. */ 24 | #define W_OK 2 /* Test for write permission. */ 25 | //#define X_OK 1 /* execute permission - unsupported in windows*/ 26 | #define F_OK 0 /* Test for existence. */ 27 | 28 | #define access _access 29 | #define ftruncate _chsize 30 | #define unlink _unlink 31 | 32 | #define ssize_t int 33 | 34 | #define STDIN_FILENO 0 35 | #define STDOUT_FILENO 1 36 | #define STDERR_FILENO 2 37 | /* should be in some equivalent to */ 38 | typedef __int8 int8_t; 39 | typedef __int16 int16_t; 40 | typedef __int32 int32_t; 41 | typedef __int64 int64_t; 42 | typedef unsigned __int8 uint8_t; 43 | typedef unsigned __int16 uint16_t; 44 | typedef unsigned __int32 uint32_t; 45 | typedef unsigned __int64 uint64_t; 46 | 47 | #endif /* unistd.h */ 48 | -------------------------------------------------------------------------------- /src/node-boilerplate/scrypt_params_sync.cc: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | #include "scrypt_common.h" 5 | 6 | //Scrypt is a C library and there needs c linkings 7 | extern "C" { 8 | #include "pickparams.h" 9 | } 10 | 11 | using namespace v8; 12 | 13 | //Synchronous access to scrypt params 14 | NAN_METHOD(paramsSync) { 15 | // 16 | // Variable Declaration 17 | // 18 | int logN = 0; 19 | uint32_t r = 0; 20 | uint32_t p = 0; 21 | 22 | // 23 | // Arguments from JavaScript 24 | // 25 | const double maxtime = Nan::To(info[0]).ToChecked(); 26 | const size_t maxmem = Nan::To(info[2]).ToChecked(); 27 | const double maxmemfrac = Nan::To(info[1]).ToChecked(); 28 | const size_t osfreemem = Nan::To(info[3]).ToChecked(); 29 | 30 | // 31 | // Scrypt: calculate input parameters 32 | // 33 | const unsigned int result = pickparams(&logN, &r, &p, maxtime, maxmem, maxmemfrac, osfreemem); 34 | 35 | // 36 | // Error handling 37 | // 38 | if (result) { 39 | Nan::ThrowError(NodeScrypt::ScryptError(result)); 40 | } 41 | 42 | // 43 | // Return values in JSON object 44 | // 45 | Local obj = Nan::New(); 46 | Nan::Set(obj, Nan::New("N").ToLocalChecked(), Nan::New(logN)); 47 | Nan::Set(obj, Nan::New("r").ToLocalChecked(), Nan::New(r)); 48 | Nan::Set(obj, Nan::New("p").ToLocalChecked(), Nan::New(p)); 49 | 50 | info.GetReturnValue().Set(obj); 51 | } 52 | -------------------------------------------------------------------------------- /src/node-boilerplate/scrypt_hash_sync.cc: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | #include "scrypt_common.h" 5 | 6 | // 7 | // Scrypt is a C library and there needs c linkings 8 | // 9 | extern "C" { 10 | #include "hash.h" 11 | } 12 | 13 | using namespace v8; 14 | 15 | // 16 | // Synchronous Scrypt params 17 | // 18 | NAN_METHOD(hashSync) { 19 | // 20 | // Arguments from JavaScript 21 | // 22 | const uint8_t* key_ptr = reinterpret_cast(node::Buffer::Data(info[0])); 23 | const size_t key_size = node::Buffer::Length(info[0]); 24 | const NodeScrypt::Params params = Nan::To(info[1]).ToLocalChecked(); 25 | const size_t hash_size = Nan::To(info[2]).ToChecked(); 26 | const uint8_t* salt_ptr = reinterpret_cast(node::Buffer::Data(info[3])); 27 | const size_t salt_size = node::Buffer::Length(info[3]); 28 | 29 | // 30 | // Variable Declaration 31 | // 32 | Local hash_result = Nan::NewBuffer(static_cast(hash_size)).ToLocalChecked(); 33 | uint8_t* hash_ptr = reinterpret_cast(node::Buffer::Data(hash_result)); 34 | 35 | // 36 | // Scrypt key derivation function 37 | // 38 | const unsigned int result = Hash(key_ptr, key_size, salt_ptr, salt_size, params.N, params.r, params.p, hash_ptr, hash_size); 39 | 40 | // 41 | // Error handling 42 | // 43 | if (result) { 44 | Nan::ThrowError(NodeScrypt::ScryptError(result)); 45 | } 46 | 47 | info.GetReturnValue().Set(hash_result); 48 | } 49 | -------------------------------------------------------------------------------- /src/util/memlimit.h: -------------------------------------------------------------------------------- 1 | /* 2 | memlimit.h 3 | 4 | Copyright (C) 2013 Barry Steyn (http://doctrina.org/Scrypt-Authentication-For-Node.html) 5 | 6 | This source code is provided 'as-is', without any express or implied 7 | warranty. In no event will the author be held liable for any damages 8 | arising from the use of this software. 9 | 10 | Permission is granted to anyone to use this software for any purpose, 11 | including commercial applications, and to alter it and redistribute it 12 | freely, subject to the following restrictions: 13 | 14 | 1. The origin of this source code must not be misrepresented; you must not 15 | claim that you wrote the original source code. If you use this source code 16 | in a product, an acknowledgment in the product documentation would be 17 | appreciated but is not required. 18 | 19 | 2. Altered source versions must be plainly marked as such, and must not be 20 | misrepresented as being the original source code. 21 | 22 | 3. This notice may not be removed or altered from any source distribution. 23 | 24 | Barry Steyn barry.steyn@gmail.com 25 | */ 26 | #ifndef _MEMLIMIT_H_ 27 | #define _MEMLIMIT_H_ 28 | 29 | /** 30 | * memtouse(maxmem, maxmemfrac, memlimit): 31 | * Examine the system and return via memlimit the amount of RAM which should 32 | * be used -- the specified fraction of the available RAM, but no more than 33 | * maxmem, and no less than 1MiB. 34 | */ 35 | int memtouse(size_t, double, size_t, size_t*); 36 | 37 | #endif /* !_MEMLIMIT_H_ */ 38 | -------------------------------------------------------------------------------- /changelog.md: -------------------------------------------------------------------------------- 1 | # Change Log 2 | All notable changes to this project will be documented in this file. 3 | This project adheres to [Semantic Versioning](http://semver.org/). 4 | 5 | ## [6.0.2] - 2016-04-17 6 | ### Fixed 7 | - Microsoft compile issues 8 | 9 | ## [5.4.1] - 2015-10-12 10 | ### Fixed 11 | - Corrected Hash API documentation in README 12 | 13 | ## [5.4.0] - 2015-10-09 14 | ### Fixed 15 | - Check for empty buffer (see #97) 16 | 17 | ## [5.3.0] - 2015-10-08 18 | ### Added 19 | - This changelog file 20 | 21 | ### Changed 22 | - Renamed Readme.md to README.md 23 | - Inserted link to changelog in README.md 24 | 25 | ## [5.2.0] - 2015-10-06 26 | ### Fixed 27 | - Allow building on MS 2015 28 | 29 | ## [5.1.1] - 2015-09-21 30 | ### Fixed 31 | - Remove hardcoded nan paths - issue 92 32 | 33 | ## [5.1.0] - 2015-09-21 34 | ### Changed 35 | - Updated Readme documentation to include ..... 36 | 37 | ## [5.0] - 2015-09-13 38 | ### Added 39 | - Made module ES6 Promise compatible 40 | - ... 41 | 42 | ### Fixed 43 | - Fixes ... 44 | 45 | ### Changed 46 | - C++ addon code rewritten using Nan 2.x 47 | - API has changed: 48 | - Every output is a buffer. 49 | - Separated functions into async and sync versions. 50 | - Api name swap: What was kdf in previous versions is now hash (and vice versa). 51 | - Async functions will return a Promise if no callback function is present and Promises are available (else it will throw a SyntaxError). 52 | - Using correct JavaScript Error object for all errors 53 | - Updated Readme documentation to include ..... 54 | -------------------------------------------------------------------------------- /scrypt/win/include/sys/mman.h: -------------------------------------------------------------------------------- 1 | /* 2 | * sys/mman.h 3 | * mman-win32 4 | */ 5 | 6 | #ifndef _SYS_MMAN_H_ 7 | #define _SYS_MMAN_H_ 8 | 9 | #ifndef _WIN32_WINNT // Allow use of features specific to Windows XP or later. 10 | #define _WIN32_WINNT 0x0501 // Change this to the appropriate value to target other versions of Windows. 11 | #endif 12 | 13 | /* All the headers include this file. */ 14 | #ifndef _MSC_VER 15 | #include <_mingw.h> 16 | #else 17 | #include "inttypes.h" 18 | #endif 19 | 20 | #include 21 | 22 | #ifdef __cplusplus 23 | extern "C" { 24 | #endif 25 | 26 | #define PROT_NONE 0 27 | #define PROT_READ 1 28 | #define PROT_WRITE 2 29 | #define PROT_EXEC 4 30 | 31 | #define MAP_FILE 0 32 | #define MAP_SHARED 1 33 | #define MAP_PRIVATE 2 34 | #define MAP_TYPE 0xf 35 | #define MAP_FIXED 0x10 36 | #define MAP_ANONYMOUS 0x20 37 | #define MAP_ANON MAP_ANONYMOUS 38 | 39 | #define MAP_FAILED ((void *)-1) 40 | 41 | /* Flags for msync. */ 42 | #define MS_ASYNC 1 43 | #define MS_SYNC 2 44 | #define MS_INVALIDATE 4 45 | 46 | void* mmap(void *addr, size_t len, int prot, int flags, int fildes, off_t off); 47 | int munmap(void *addr, size_t len); 48 | int mprotect(void *addr, size_t len, int prot); 49 | int msync(void *addr, size_t len, int flags); 50 | int mlock(const void *addr, size_t len); 51 | int munlock(const void *addr, size_t len); 52 | 53 | #ifdef __cplusplus 54 | }; 55 | #endif 56 | 57 | #endif /* _SYS_MMAN_H_ */ 58 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/autocrap/configure.ac: -------------------------------------------------------------------------------- 1 | m4_define([SCRYPT_VERS],m4_include([scrypt-version])) 2 | AC_INIT([scrypt],SCRYPT_VERS()) 3 | AC_CONFIG_AUX_DIR([config.aux]) 4 | AM_INIT_AUTOMAKE() 5 | AC_PROG_CC 6 | AC_PROG_RANLIB 7 | 8 | # Don't rebuild the configure script. I'm distributing a perfectly good one. 9 | AM_MAINTAINER_MODE 10 | 11 | # Check for clock_gettime. On some systems, this is provided via librt. 12 | AC_CHECK_LIB(rt, clock_gettime) 13 | AC_CHECK_FUNCS([clock_gettime]) 14 | 15 | # Check for a linuxy sysinfo syscall; and while we're doing that, check if 16 | # struct sysinfo is the old version (total RAM == totalmem) or the new 17 | # version (total RAM == totalmem * mem_unit). 18 | AC_CHECK_HEADERS([sys/sysinfo.h]) 19 | AC_CHECK_FUNCS([sysinfo]) 20 | AC_CHECK_TYPES([struct sysinfo], [], [], [[#include ]]) 21 | AC_CHECK_MEMBERS([struct sysinfo.totalram, struct sysinfo.mem_unit], [], [], 22 | [[#include ]]) 23 | 24 | # Check if we have , since some systems require it for sysctl 25 | # to work. 26 | AC_CHECK_HEADERS([sys/param.h]) 27 | 28 | # Check for . If it exists and it defines HW_USERMEM 29 | # and/or HW_MEMSIZE, we'll try using those as memory limits. 30 | AC_CHECK_HEADERS([sys/sysctl.h]) 31 | 32 | # Check for posix_memalign 33 | AC_CHECK_FUNCS([posix_memalign]) 34 | 35 | # Check for mmap so we can work around its absence on Minix 36 | AC_CHECK_FUNCS([mmap]) 37 | 38 | AC_SYS_LARGEFILE 39 | 40 | AC_CONFIG_HEADERS([config.h]) 41 | AC_CONFIG_FILES([Makefile]) 42 | AC_OUTPUT 43 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/COPYRIGHT: -------------------------------------------------------------------------------- 1 | The code and documentation in this directory ("libcperciva") is distributed 2 | under the following terms: 3 | 4 | Copyright 2005-2014 Colin Percival. All rights reserved. 5 | Copyright 2014 Sean Kelly. All rights reserved. 6 | 7 | Redistribution and use in source and binary forms, with or without 8 | modification, are permitted provided that the following conditions 9 | are met: 10 | 1. Redistributions of source code must retain the above copyright 11 | notice, this list of conditions and the following disclaimer. 12 | 2. Redistributions in binary form must reproduce the above copyright 13 | notice, this list of conditions and the following disclaimer in the 14 | documentation and/or other materials provided with the distribution. 15 | 16 | THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 | ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22 | OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23 | HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24 | LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25 | OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 | SUCH DAMAGE. 27 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/hash.c: -------------------------------------------------------------------------------- 1 | /* 2 | hash.c 3 | 4 | Copyright (C) 2013 Barry Steyn (http://doctrina.org/Scrypt-Authentication-For-Node.html) 5 | 6 | This source code is provided 'as-is', without any express or implied 7 | warranty. In no event will the author be held liable for any damages 8 | arising from the use of this software. 9 | 10 | Permission is granted to anyone to use this software for any purpose, 11 | including commercial applications, and to alter it and redistribute it 12 | freely, subject to the following restrictions: 13 | 14 | 1. The origin of this source code must not be misrepresented; you must not 15 | claim that you wrote the original source code. If you use this source code 16 | in a product, an acknowledgment in the product documentation would be 17 | appreciated but is not required. 18 | 19 | 2. Altered source versions must be plainly marked as such, and must not be 20 | misrepresented as being the original source code. 21 | 22 | 3. This notice may not be removed or altered from any source distribution. 23 | 24 | Barry Steyn barry.steyn@gmail.com 25 | */ 26 | 27 | #include 28 | #include "crypto_scrypt.h" 29 | 30 | // 31 | // This is the actual key derivation function. 32 | // It is binary safe and is exposed to this module for 33 | // access to the underlying key derivation function of Scrypt 34 | // 35 | int 36 | ScryptHashFunction(const uint8_t* key, size_t keylen, const uint8_t *salt, size_t saltlen, uint64_t N, uint32_t r, uint32_t p,uint8_t *buf, size_t buflen) { 37 | if (crypto_scrypt(key, keylen, salt, saltlen, N, r, p, buf, buflen)) 38 | return (3); 39 | 40 | return 0; //success 41 | } 42 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/util/warnp.h: -------------------------------------------------------------------------------- 1 | #ifndef _WARNP_H_ 2 | #define _WARNP_H_ 3 | 4 | #include 5 | 6 | /* Avoid namespace collisions with BSD . */ 7 | #define warn libcperciva_warn 8 | #define warnx libcperciva_warnx 9 | 10 | /** 11 | * warnp_setprogname(progname): 12 | * Set the program name to be used by warn() and warnx() to ${progname}. 13 | */ 14 | void warnp_setprogname(const char *); 15 | #define WARNP_INIT do { \ 16 | if (argv[0] != NULL) \ 17 | warnp_setprogname(argv[0]); \ 18 | } while (0) 19 | 20 | /* As in BSD . */ 21 | void warn(const char *, ...); 22 | void warnx(const char *, ...); 23 | 24 | /* 25 | * If compiled with DEBUG defined, print __FILE__ and __LINE__. 26 | */ 27 | #ifdef DEBUG 28 | #define warnline do { \ 29 | warnx("%s, %d", __FILE__, __LINE__); \ 30 | } while (0) 31 | #else 32 | #define warnline 33 | #endif 34 | 35 | /* 36 | * Call warn(3) or warnx(3) depending upon whether errno == 0; and clear 37 | * errno (so that the standard error message isn't repeated later). 38 | */ 39 | #define warnp(...) do { \ 40 | warnline; \ 41 | if (errno != 0) { \ 42 | warn(__VA_ARGS__); \ 43 | errno = 0; \ 44 | } else \ 45 | warnx(__VA_ARGS__); \ 46 | } while (0) 47 | 48 | /* 49 | * Call warnx(3) and set errno == 0. Unlike warnp, this should be used 50 | * in cases where we're reporting a problem which we discover ourselves 51 | * rather than one which is reported to us from a library or the kernel. 52 | */ 53 | #define warn0(...) do { \ 54 | warnline; \ 55 | warnx(__VA_ARGS__); \ 56 | errno = 0; \ 57 | } while (0) 58 | 59 | #endif /* !_WARNP_H_ */ 60 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/util/insecure_memzero.h: -------------------------------------------------------------------------------- 1 | #ifndef _INSECURE_MEMZERO_H_ 2 | #define _INSECURE_MEMZERO_H_ 3 | 4 | #include 5 | 6 | /* Pointer to memory-zeroing function. */ 7 | extern void (* volatile insecure_memzero_ptr)(volatile void *, size_t); 8 | 9 | /** 10 | * insecure_memzero(buf, len): 11 | * Attempt to zero ${len} bytes at ${buf} in spite of optimizing compilers' 12 | * best (standards-compliant) attempts to remove the buffer-zeroing. In 13 | * particular, to avoid performing the zeroing, a compiler would need to 14 | * use optimistic devirtualization; recognize that non-volatile objects do not 15 | * need to be treated as volatile, even if they are accessed via volatile 16 | * qualified pointers; and perform link-time optimization; in addition to the 17 | * dead-code elimination which often causes buffer-zeroing to be elided. 18 | * 19 | * Note however that zeroing a buffer does not guarantee that the data held 20 | * in the buffer is not stored elsewhere; in particular, there may be copies 21 | * held in CPU registers or in anonymous allocations on the stack, even if 22 | * every named variable is successfully sanitized. Solving the "wipe data 23 | * from the system" problem will require a C language extension which does not 24 | * yet exist. 25 | * 26 | * For more information, see: 27 | * http://www.daemonology.net/blog/2014-09-04-how-to-zero-a-buffer.html 28 | * http://www.daemonology.net/blog/2014-09-06-zeroing-buffers-is-insufficient.html 29 | */ 30 | static inline void 31 | insecure_memzero(volatile void * buf, size_t len) 32 | { 33 | 34 | (insecure_memzero_ptr)(buf, len); 35 | } 36 | 37 | #endif /* !_INSECURE_MEMZERO_H_ */ 38 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/util/warnp.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | #include "warnp.h" 8 | 9 | static int initialized = 0; 10 | static char * name = NULL; 11 | 12 | /* Free the name string. */ 13 | static void 14 | done(void) 15 | { 16 | 17 | free(name); 18 | name = NULL; 19 | } 20 | 21 | /** 22 | * warnp_setprogname(progname): 23 | * Set the program name to be used by warn() and warnx() to ${progname}. 24 | */ 25 | void 26 | warnp_setprogname(const char * progname) 27 | { 28 | const char * p; 29 | 30 | /* Free the name if we already have one. */ 31 | free(name); 32 | 33 | /* Find the last segment of the program name. */ 34 | for (p = progname; progname[0] != '\0'; progname++) 35 | if (progname[0] == '/') 36 | p = progname + 1; 37 | 38 | /* Copy the name string. */ 39 | name = strdup(p); 40 | 41 | /* If we haven't already done so, register our exit handler. */ 42 | if (initialized == 0) { 43 | atexit(done); 44 | initialized = 1; 45 | } 46 | } 47 | 48 | void 49 | warn(const char * fmt, ...) 50 | { 51 | va_list ap; 52 | 53 | va_start(ap, fmt); 54 | fprintf(stderr, "%s", (name != NULL) ? name : "(unknown)"); 55 | if (fmt != NULL) { 56 | fprintf(stderr, ": "); 57 | vfprintf(stderr, fmt, ap); 58 | } 59 | fprintf(stderr, ": %s\n", strerror(errno)); 60 | va_end(ap); 61 | } 62 | 63 | void 64 | warnx(const char * fmt, ...) 65 | { 66 | va_list ap; 67 | 68 | va_start(ap, fmt); 69 | fprintf(stderr, "%s", (name != NULL) ? name : "(unknown)"); 70 | if (fmt != NULL) { 71 | fprintf(stderr, ": "); 72 | vfprintf(stderr, fmt, ap); 73 | } 74 | fprintf(stderr, "\n"); 75 | va_end(ap); 76 | } 77 | -------------------------------------------------------------------------------- /src/util/memlimit.c: -------------------------------------------------------------------------------- 1 | /* 2 | memlimit.c 3 | 4 | Copyright (C) 2013 Barry Steyn (http://doctrina.org/Scrypt-Authentication-For-Node.html) 5 | 6 | This source code is provided 'as-is', without any express or implied 7 | warranty. In no event will the author be held liable for any damages 8 | arising from the use of this software. 9 | 10 | Permission is granted to anyone to use this software for any purpose, 11 | including commercial applications, and to alter it and redistribute it 12 | freely, subject to the following restrictions: 13 | 14 | 1. The origin of this source code must not be misrepresented; you must not 15 | claim that you wrote the original source code. If you use this source code 16 | in a product, an acknowledgment in the product documentation would be 17 | appreciated but is not required. 18 | 19 | 2. Altered source versions must be plainly marked as such, and must not be 20 | misrepresented as being the original source code. 21 | 22 | 3. This notice may not be removed or altered from any source distribution. 23 | 24 | Barry Steyn barry.steyn@gmail.com 25 | */ 26 | 27 | #include 28 | 29 | int 30 | memtouse(size_t maxmem, double maxmemfrac, size_t memlimit_min, size_t * memlimit) 31 | { 32 | size_t memavail; 33 | 34 | /* Only use the specified fraction of the available memory. */ 35 | if ((maxmemfrac > 0.5) || (maxmemfrac == 0.0)) 36 | maxmemfrac = 0.5; 37 | memavail = (size_t)(maxmemfrac * (double)memlimit_min); 38 | 39 | /* Don't use more than the specified maximum. */ 40 | if ((maxmem > 0) && (memavail > maxmem)) 41 | memavail = maxmem; 42 | 43 | /* But always allow at least 1 MiB. */ 44 | if (memavail < 1048576) 45 | memavail = 1048576; 46 | 47 | /* Return limit via the provided pointer. */ 48 | *memlimit = memavail; 49 | return (0); 50 | } 51 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/util/entropy.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | #include "warnp.h" 7 | 8 | #include "entropy.h" 9 | 10 | /** 11 | * XXX Portability 12 | * XXX We obtain random bytes from the operating system by opening 13 | * XXX /dev/urandom and reading them from that device; this works on 14 | * XXX modern UNIX-like operating systems but not on systems like 15 | * XXX win32 where there is no concept of /dev/urandom. 16 | */ 17 | 18 | /** 19 | * entropy_read(buf, buflen): 20 | * Fill the given buffer with random bytes provided by the operating system. 21 | */ 22 | int 23 | entropy_read(uint8_t * buf, size_t buflen) 24 | { 25 | int fd; 26 | ssize_t lenread; 27 | 28 | /* Sanity-check the buffer size. */ 29 | if (buflen > SSIZE_MAX) { 30 | warn0("Programmer error: " 31 | "Trying to read insane amount of random data: %zu", 32 | buflen); 33 | goto err0; 34 | } 35 | 36 | /* Open /dev/urandom. */ 37 | if ((fd = open("/dev/urandom", O_RDONLY)) == -1) { 38 | warnp("open(/dev/urandom)"); 39 | goto err0; 40 | } 41 | 42 | /* Read bytes until we have filled the buffer. */ 43 | while (buflen > 0) { 44 | if ((lenread = read(fd, buf, buflen)) == -1) { 45 | warnp("read(/dev/urandom)"); 46 | goto err1; 47 | } 48 | 49 | /* The random device should never EOF. */ 50 | if (lenread == 0) { 51 | warn0("EOF on /dev/urandom?"); 52 | goto err1; 53 | } 54 | 55 | /* We've filled a portion of the buffer. */ 56 | buf += lenread; 57 | buflen -= lenread; 58 | } 59 | 60 | /* Close the device. */ 61 | while (close(fd) == -1) { 62 | if (errno != EINTR) { 63 | warnp("close(/dev/urandom)"); 64 | goto err0; 65 | } 66 | } 67 | 68 | /* Success! */ 69 | return (0); 70 | 71 | err1: 72 | close(fd); 73 | err0: 74 | /* Failure! */ 75 | return (-1); 76 | } 77 | -------------------------------------------------------------------------------- /src/node-boilerplate/inc/scrypt_common.h: -------------------------------------------------------------------------------- 1 | /* 2 | scrypt_common.h 3 | 4 | Copyright (C) 2013 Barry Steyn (http://doctrina.org/Scrypt-Authentication-For-Node.html) 5 | 6 | This source code is provided 'as-is', without any express or implied 7 | warranty. In no event will the author be held liable for any damages 8 | arising from the use of this software. 9 | 10 | Permission is granted to anyone to use this software for any purpose, 11 | including commercial applications, and to alter it and redistribute it 12 | freely, subject to the following restrictions: 13 | 14 | 1. The origin of this source code must not be misrepresented; you must not 15 | claim that you wrote the original source code. If you use this source code 16 | in a product, an acknowledgment in the product documentation would be 17 | appreciated but is not required. 18 | 2. Altered source versions must be plainly marked as such, and must not be 19 | misrepresented as being the original source code. 20 | 3. This notice may not be removed or altered from any source distribution. 21 | 22 | Barry Steyn barry.steyn@gmail.com 23 | */ 24 | 25 | #ifndef _SCRYPTCOMMON_H_ 26 | #define _SCRYPTCOMMON_H_ 27 | 28 | namespace NodeScrypt { 29 | 30 | // 31 | // Holds N,r and p parameters 32 | // 33 | struct Params { 34 | const uint32_t N; 35 | const uint32_t r; 36 | const uint32_t p; 37 | 38 | Params(const v8::Local &obj) : 39 | N(Nan::To(Nan::Get(obj, Nan::New("N").ToLocalChecked()).ToLocalChecked()).ToChecked()), 40 | r(Nan::To(Nan::Get(obj, Nan::New("r").ToLocalChecked()).ToLocalChecked()).ToChecked()), 41 | p(Nan::To(Nan::Get(obj, Nan::New("p").ToLocalChecked()).ToLocalChecked()).ToChecked()) {} 42 | }; 43 | 44 | // 45 | // Create a Scrypt error 46 | // 47 | v8::Local ScryptError(const unsigned int error); 48 | }; 49 | 50 | #endif /* _SCRYPTCOMMON_H_ */ 51 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/lib/scryptenc/scryptenc_cpuperf.h: -------------------------------------------------------------------------------- 1 | /*- 2 | * Copyright 2009 Colin Percival 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 | * SUCH DAMAGE. 25 | * 26 | * This file was originally written by Colin Percival as part of the Tarsnap 27 | * online backup system. 28 | */ 29 | #ifndef _SCRYPTENC_CPUPERF_H_ 30 | #define _SCRYPTENC_CPUPERF_H_ 31 | 32 | /** 33 | * scryptenc_cpuperf(opps): 34 | * Estimate the number of salsa20/8 cores which can be executed per second, 35 | * and return the value via opps. 36 | */ 37 | int scryptenc_cpuperf(double *); 38 | 39 | #endif /* !_SCRYPTENC_CPUPERF_H_ */ 40 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/lib/util/memlimit.h: -------------------------------------------------------------------------------- 1 | /*- 2 | * Copyright 2009 Colin Percival 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 | * SUCH DAMAGE. 25 | * 26 | * This file was originally written by Colin Percival as part of the Tarsnap 27 | * online backup system. 28 | */ 29 | #ifndef _MEMLIMIT_H_ 30 | #define _MEMLIMIT_H_ 31 | 32 | #include 33 | 34 | /** 35 | * memtouse(maxmem, maxmemfrac, memlimit): 36 | * Examine the system and return via memlimit the amount of RAM which should 37 | * be used -- the specified fraction of the available RAM, but no more than 38 | * maxmem, and no less than 1MiB. 39 | */ 40 | int memtouse(size_t, double, size_t *); 41 | 42 | #endif /* !_MEMLIMIT_H_ */ 43 | -------------------------------------------------------------------------------- /src/node-boilerplate/scrypt_hash_async.cc: -------------------------------------------------------------------------------- 1 | /* 2 | scrypt_hash_async.cc 3 | 4 | Copyright (C) 2013 Barry Steyn (http://doctrina.org/Scrypt-Authentication-For-Node.html) 5 | 6 | This source code is provided 'as-is', without any express or implied 7 | warranty. In no event will the author be held liable for any damages 8 | arising from the use of this software. 9 | 10 | Permission is granted to anyone to use this software for any purpose, 11 | including commercial applications, and to alter it and redistribute it 12 | freely, subject to the following restrictions: 13 | 14 | 1. The origin of this source code must not be misrepresented; you must not 15 | claim that you wrote the original source code. If you use this source code 16 | in a product, an acknowledgment in the product documentation would be 17 | appreciated but is not required. 18 | 2. Altered source versions must be plainly marked as such, and must not be 19 | misrepresented as being the original source code. 20 | 3. This notice may not be removed or altered from any source distribution. 21 | 22 | Barry Steyn barry.steyn@gmail.com 23 | */ 24 | 25 | #include 26 | #include 27 | 28 | #include "scrypt_hash_async.h" 29 | 30 | //C linkings needed for Scrypt 31 | extern "C" { 32 | #include "hash.h" 33 | } 34 | 35 | using namespace v8; 36 | 37 | // 38 | // Scrypt Hash Function 39 | // 40 | void ScryptHashAsyncWorker::Execute() { 41 | result = Hash(key_ptr, key_size, salt_ptr, salt_size, params.N, params.r, params.p, hash_ptr, hash_size); 42 | } 43 | 44 | void ScryptHashAsyncWorker::HandleOKCallback() { 45 | Nan::HandleScope scope; 46 | 47 | Local argv[] = { 48 | Nan::Null(), 49 | Nan::Get(Nan::To(GetFromPersistent("ScryptPeristentObject")).ToLocalChecked(), Nan::New("HashBuffer").ToLocalChecked()).ToLocalChecked() 50 | }; 51 | 52 | callback->Call(2, argv, async_resource); 53 | } 54 | 55 | // 56 | // Asynchronous Scrypt Params 57 | // 58 | NAN_METHOD(hash) { 59 | Nan::AsyncQueueWorker(new ScryptHashAsyncWorker(info)); 60 | } 61 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/autocrap/Makefile.am: -------------------------------------------------------------------------------- 1 | AUTOMAKE_OPTIONS= foreign subdir-objects 2 | 3 | bin_PROGRAMS= scrypt 4 | dist_man_MANS=$(scrypt_man_MANS) 5 | 6 | scrypt_SOURCES= main.c \ 7 | libcperciva/alg/sha256.c \ 8 | libcperciva/cpusupport/cpusupport_x86_aesni.c \ 9 | libcperciva/cpusupport/cpusupport_x86_sse2.c \ 10 | libcperciva/crypto/crypto_aes.c \ 11 | libcperciva/crypto/crypto_aesctr.c \ 12 | libcperciva/crypto/crypto_entropy.c \ 13 | libcperciva/util/entropy.c \ 14 | libcperciva/util/insecure_memzero.c \ 15 | libcperciva/util/readpass.c \ 16 | libcperciva/util/warnp.c \ 17 | lib/crypto/crypto_scrypt.c \ 18 | lib/crypto/crypto_scrypt_smix.c \ 19 | lib/scryptenc/scryptenc.c \ 20 | lib/scryptenc/scryptenc_cpuperf.c \ 21 | lib/util/memlimit.c \ 22 | cpusupport-config.h 23 | scrypt_CFLAGS= -I $(srcdir)/libcperciva/alg \ 24 | -I $(srcdir)/libcperciva/cpusupport \ 25 | -I $(srcdir)/libcperciva/crypto \ 26 | -I $(srcdir)/libcperciva/util \ 27 | -I $(srcdir)/lib/crypto \ 28 | -I $(srcdir)/lib/scryptenc \ 29 | -I $(srcdir)/lib/util \ 30 | -I . -D CPUSUPPORT_CONFIG_FILE=\"cpusupport-config.h\" 31 | scrypt_LDADD= -lcrypto libcperciva_aesni.a libscrypt_sse2.a 32 | scrypt_man_MANS= scrypt.1 33 | 34 | cpusupport-config.h: 35 | ( export CC="${CC}"; export CFLAGS="${CFLAGS}"; command -p sh $(srcdir)/libcperciva/cpusupport/Build/cpusupport.sh ) > cpusupport-config.h.tmp && command -p mv cpusupport-config.h.tmp cpusupport-config.h 36 | BUILT_SOURCES= cpusupport-config.h 37 | CLEANFILES= cpusupport-config.h cpusupport-config.h.tmp 38 | 39 | noinst_LIBRARIES= libcperciva_aesni.a 40 | libcperciva_aesni_a_SOURCES= libcperciva/crypto/crypto_aes_aesni.c 41 | libcperciva_aesni_a_CFLAGS= $(scrypt_CFLAGS) \ 42 | `. ./cpusupport-config.h; echo $${CFLAGS_X86_AESNI}` 43 | 44 | noinst_LIBRARIES+= libscrypt_sse2.a 45 | libscrypt_sse2_a_SOURCES= lib/crypto/crypto_scrypt_smix_sse2.c 46 | libscrypt_sse2_a_CFLAGS= $(scrypt_CFLAGS) \ 47 | `. ./cpusupport-config.h; echo $${CFLAGS_X86_SSE2}` 48 | -------------------------------------------------------------------------------- /src/node-boilerplate/inc/scrypt_params_async.h: -------------------------------------------------------------------------------- 1 | /* 2 | scrypt_params_async.h 3 | 4 | Copyright (C) 2013 Barry Steyn (http://doctrina.org/Scrypt-Authentication-For-Node.html) 5 | 6 | This source code is provided 'as-is', without any express or implied 7 | warranty. In no event will the author be held liable for any damages 8 | arising from the use of this software. 9 | 10 | Permission is granted to anyone to use this software for any purpose, 11 | including commercial applications, and to alter it and redistribute it 12 | freely, subject to the following restrictions: 13 | 14 | 1. The origin of this source code must not be misrepresented; you must not 15 | claim that you wrote the original source code. If you use this source code 16 | in a product, an acknowledgment in the product documentation would be 17 | appreciated but is not required. 18 | 2. Altered source versions must be plainly marked as such, and must not be 19 | misrepresented as being the original source code. 20 | 3. This notice may not be removed or altered from any source distribution. 21 | 22 | Barry Steyn barry.steyn@gmail.com 23 | */ 24 | 25 | #ifndef _SCRYPT_PARAMS_ASYNC_H 26 | #define _SCRYPT_PARAMS_ASYNC_H 27 | 28 | #include "scrypt_async.h" 29 | 30 | // Async class 31 | class ScryptParamsAsyncWorker : public ScryptAsyncWorker { 32 | public: 33 | ScryptParamsAsyncWorker(Nan::NAN_METHOD_ARGS_TYPE info) : 34 | ScryptAsyncWorker(new Nan::Callback(info[4].As())), 35 | maxtime(Nan::To(info[0]).ToChecked()), 36 | maxmemfrac(Nan::To(info[1]).ToChecked()), 37 | maxmem(Nan::To(info[2]).ToChecked()), 38 | osfreemem(Nan::To(info[3]).ToChecked()) 39 | { 40 | logN = 0; 41 | r = 0; 42 | p = 0; 43 | }; 44 | 45 | void Execute(); 46 | void HandleOKCallback(); 47 | 48 | private: 49 | const double maxtime; 50 | const double maxmemfrac; 51 | const size_t maxmem; 52 | const size_t osfreemem; 53 | 54 | int logN; 55 | uint32_t r; 56 | uint32_t p; 57 | }; 58 | 59 | #endif /* _SCRYPT_PARAMS_ASYNC_H */ 60 | -------------------------------------------------------------------------------- /scrypt/win/gettimeofday.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copied from PostgreSQL source: 3 | * http://doxygen.postgresql.org/gettimeofday_8c_source.html 4 | * 5 | */ 6 | 7 | /* 8 | * gettimeofday.c 9 | * Win32 gettimeofday() replacement 10 | * 11 | * src/port/gettimeofday.c 12 | * 13 | * Copyright (c) 2003 SRA, Inc. 14 | * Copyright (c) 2003 SKC, Inc. 15 | * 16 | * Permission to use, copy, modify, and distribute this software and 17 | * its documentation for any purpose, without fee, and without a 18 | * written agreement is hereby granted, provided that the above 19 | * copyright notice and this paragraph and the following two 20 | * paragraphs appear in all copies. 21 | * 22 | * IN NO EVENT SHALL THE AUTHOR BE LIABLE TO ANY PARTY FOR DIRECT, 23 | * INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING 24 | * LOST PROFITS, ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS 25 | * DOCUMENTATION, EVEN IF THE UNIVERSITY OF CALIFORNIA HAS BEEN ADVISED 26 | * OF THE POSSIBILITY OF SUCH DAMAGE. 27 | * 28 | * THE AUTHOR SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING, BUT NOT 29 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 30 | * A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS ON AN "AS 31 | * IS" BASIS, AND THE AUTHOR HAS NO OBLIGATIONS TO PROVIDE MAINTENANCE, 32 | * SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. 33 | */ 34 | 35 | #include 36 | 37 | /* FILETIME of Jan 1 1970 00:00:00. */ 38 | static const unsigned __int64 epoch = 116444736000000000Ui64; 39 | 40 | /* 41 | * timezone information is stored outside the kernel so tzp isn't used anymore. 42 | * 43 | * Note: this function is not for Win32 high precision timing purpose. See 44 | * elapsed_time(). 45 | */ 46 | int 47 | gettimeofday(struct timeval * tp, struct timezone * tzp) 48 | { 49 | FILETIME file_time; 50 | SYSTEMTIME system_time; 51 | ULARGE_INTEGER ularge; 52 | 53 | GetSystemTime(&system_time); 54 | SystemTimeToFileTime(&system_time, &file_time); 55 | ularge.LowPart = file_time.dwLowDateTime; 56 | ularge.HighPart = file_time.dwHighDateTime; 57 | 58 | tp->tv_sec = (long) ((ularge.QuadPart - epoch) / 10000000L); 59 | tp->tv_usec = (long) (system_time.wMilliseconds * 1000); 60 | 61 | return 0; 62 | } 63 | -------------------------------------------------------------------------------- /src/node-boilerplate/inc/scrypt_kdf-verify_async.h: -------------------------------------------------------------------------------- 1 | /* 2 | scrypt_kdf_verify_async.h 3 | 4 | Copyright (C) 2013 Barry Steyn (http://doctrina.org/Scrypt-Authentication-For-Node.html) 5 | 6 | This source code is provided 'as-is', without any express or implied 7 | warranty. In no event will the author be held liable for any damages 8 | arising from the use of this software. 9 | 10 | Permission is granted to anyone to use this software for any purpose, 11 | including commercial applications, and to alter it and redistribute it 12 | freely, subject to the following restrictions: 13 | 14 | 1. The origin of this source code must not be misrepresented; you must not 15 | claim that you wrote the original source code. If you use this source code 16 | in a product, an acknowledgment in the product documentation would be 17 | appreciated but is not required. 18 | 2. Altered source versions must be plainly marked as such, and must not be 19 | misrepresented as being the original source code. 20 | 3. This notice may not be removed or altered from any source distribution. 21 | 22 | Barry Steyn barry.steyn@gmail.com 23 | */ 24 | 25 | #ifndef _KDF_VERIFY_ASYNC_H 26 | #define _KDF_VERIFY_ASYNC_H 27 | 28 | #include "scrypt_async.h" 29 | 30 | class ScryptKDFVerifyAsyncWorker : public ScryptAsyncWorker { 31 | public: 32 | ScryptKDFVerifyAsyncWorker(Nan::NAN_METHOD_ARGS_TYPE info) : 33 | ScryptAsyncWorker(new Nan::Callback(info[2].As())), 34 | kdf_ptr(reinterpret_cast(node::Buffer::Data(info[0]))), 35 | key_ptr(reinterpret_cast(node::Buffer::Data(info[1]))), 36 | key_size(node::Buffer::Length(info[1])), 37 | match(false) 38 | { 39 | ScryptPeristentObject = Nan::New(); 40 | Nan::Set(ScryptPeristentObject, Nan::New("KDFBuffer").ToLocalChecked(), info[0]); 41 | Nan::Set(ScryptPeristentObject, Nan::New("KeyBuffer").ToLocalChecked(), info[1]); 42 | SaveToPersistent("ScryptPeristentObject", ScryptPeristentObject); 43 | }; 44 | 45 | void Execute(); 46 | void HandleOKCallback(); 47 | 48 | private: 49 | const uint8_t* kdf_ptr; 50 | const uint8_t* key_ptr; 51 | const size_t key_size; 52 | bool match; 53 | }; 54 | 55 | #endif /* _KDF_VERIFY_ASYNC_H */ 56 | -------------------------------------------------------------------------------- /src/scryptwrapper/hash.c: -------------------------------------------------------------------------------- 1 | /* 2 | hash.c 3 | 4 | Copyright (C) 2013 Barry Steyn (http://doctrina.org/Scrypt-Authentication-For-Node.html) 5 | 6 | This source code is provided 'as-is', without any express or implied 7 | warranty. In no event will the author be held liable for any damages 8 | arising from the use of this software. 9 | 10 | Permission is granted to anyone to use this software for any purpose, 11 | including commercial applications, and to alter it and redistribute it 12 | freely, subject to the following restrictions: 13 | 14 | 1. The origin of this source code must not be misrepresented; you must not 15 | claim that you wrote the original source code. If you use this source code 16 | in a product, an acknowledgment in the product documentation would be 17 | appreciated but is not required. 18 | 19 | 2. Altered source versions must be plainly marked as such, and must not be 20 | misrepresented as being the original source code. 21 | 22 | 3. This notice may not be removed or altered from any source distribution. 23 | 24 | Barry Steyn barry.steyn@gmail.com 25 | */ 26 | 27 | #include 28 | 29 | #include 30 | #include 31 | #include "crypto_scrypt.h" 32 | #include "pickparams.h" 33 | #include "hash.h" 34 | 35 | // 36 | // This is the function that the hash and hashSync api functions use. 37 | // Does final modifications to parameters 38 | // 39 | unsigned int 40 | Hash(const uint8_t* key, size_t keylen, const uint8_t *salt, size_t saltlen, uint64_t logN, uint32_t r, uint32_t p, uint8_t *buf, size_t buflen) { 41 | uint64_t N=1; 42 | 43 | N <<= logN; 44 | return (ScryptHashFunction(key, keylen, salt, saltlen, N, r, p, buf, buflen)); 45 | } 46 | 47 | // 48 | // This is the actual key derivation function. 49 | // It is binary safe and is exposed to this module for 50 | // access to the underlying key derivation function of Scrypt 51 | // 52 | unsigned int 53 | ScryptHashFunction(const uint8_t* key, size_t keylen, const uint8_t *salt, size_t saltlen, uint64_t N, uint32_t r, uint32_t p,uint8_t *buf, size_t buflen) { 54 | int rc = crypto_scrypt(key, keylen, salt, saltlen, N, r, p, buf, buflen); 55 | unsigned int error = (rc == 0) ? 0 : 3; 56 | 57 | if (error && errno) { 58 | error |= (errno << 16); 59 | } 60 | 61 | return (error); 62 | } 63 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/lib/crypto/crypto_scrypt.h: -------------------------------------------------------------------------------- 1 | /*- 2 | * Copyright 2009 Colin Percival 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 | * SUCH DAMAGE. 25 | * 26 | * This file was originally written by Colin Percival as part of the Tarsnap 27 | * online backup system. 28 | */ 29 | #ifndef _CRYPTO_SCRYPT_H_ 30 | #define _CRYPTO_SCRYPT_H_ 31 | 32 | #include 33 | #include 34 | 35 | /** 36 | * crypto_scrypt(passwd, passwdlen, salt, saltlen, N, r, p, buf, buflen): 37 | * Compute scrypt(passwd[0 .. passwdlen - 1], salt[0 .. saltlen - 1], N, r, 38 | * p, buflen) and write the result into buf. The parameters r, p, and buflen 39 | * must satisfy r * p < 2^30 and buflen <= (2^32 - 1) * 32. The parameter N 40 | * must be a power of 2 greater than 1. 41 | * 42 | * Return 0 on success; or -1 on error. 43 | */ 44 | int crypto_scrypt(const uint8_t *, size_t, const uint8_t *, size_t, uint64_t, 45 | uint32_t, uint32_t, uint8_t *, size_t); 46 | 47 | #endif /* !_CRYPTO_SCRYPT_H_ */ 48 | -------------------------------------------------------------------------------- /src/node-boilerplate/inc/scrypt_kdf_async.h: -------------------------------------------------------------------------------- 1 | /* 2 | scrypt_kdf_async.h 3 | 4 | Copyright (C) 2013 Barry Steyn (http://doctrina.org/Scrypt-Authentication-For-Node.html) 5 | 6 | This source code is provided 'as-is', without any express or implied 7 | warranty. In no event will the author be held liable for any damages 8 | arising from the use of this software. 9 | 10 | Permission is granted to anyone to use this software for any purpose, 11 | including commercial applications, and to alter it and redistribute it 12 | freely, subject to the following restrictions: 13 | 14 | 1. The origin of this source code must not be misrepresented; you must not 15 | claim that you wrote the original source code. If you use this source code 16 | in a product, an acknowledgment in the product documentation would be 17 | appreciated but is not required. 18 | 2. Altered source versions must be plainly marked as such, and must not be 19 | misrepresented as being the original source code. 20 | 3. This notice may not be removed or altered from any source distribution. 21 | 22 | Barry Steyn barry.steyn@gmail.com 23 | */ 24 | 25 | #ifndef _SCRYPT_KDF_ASYNC_H 26 | #define _SCRYPT_KDF_ASYNC_H 27 | 28 | #include "scrypt_async.h" 29 | 30 | class ScryptKDFAsyncWorker : public ScryptAsyncWorker { 31 | public: 32 | ScryptKDFAsyncWorker(Nan::NAN_METHOD_ARGS_TYPE args) : 33 | ScryptAsyncWorker(new Nan::Callback(args[3].As())), 34 | key_ptr(reinterpret_cast(node::Buffer::Data(args[0]))), 35 | key_size(node::Buffer::Length(args[0])), 36 | params(Nan::To(args[1]).ToLocalChecked()), 37 | salt_ptr(reinterpret_cast(node::Buffer::Data(args[2]))) 38 | { 39 | ScryptPeristentObject = Nan::New(); 40 | Nan::Set(ScryptPeristentObject, Nan::New("keyBuffer").ToLocalChecked(), args[0]); 41 | Nan::Set(ScryptPeristentObject, Nan::New("KDFResult").ToLocalChecked(), Nan::NewBuffer(96).ToLocalChecked()); 42 | Nan::Set(ScryptPeristentObject, Nan::New("salt").ToLocalChecked(), args[2]); 43 | SaveToPersistent("ScryptPeristentObject", ScryptPeristentObject); 44 | 45 | KDFResult_ptr = reinterpret_cast(node::Buffer::Data(Nan::Get(ScryptPeristentObject, Nan::New("KDFResult").ToLocalChecked()).ToLocalChecked())); 46 | }; 47 | 48 | void Execute(); 49 | void HandleOKCallback(); 50 | 51 | private: 52 | uint8_t* KDFResult_ptr; 53 | const uint8_t* key_ptr; 54 | const size_t key_size; 55 | const NodeScrypt::Params params; 56 | const uint8_t* salt_ptr; 57 | }; 58 | 59 | #endif /* _SCRYPT_KDF_ASYNC_H */ 60 | -------------------------------------------------------------------------------- /src/node-boilerplate/inc/scrypt_async.h: -------------------------------------------------------------------------------- 1 | /* 2 | scrypt_async.h 3 | 4 | Copyright (C) 2013 Barry Steyn (http://doctrina.org/Scrypt-Authentication-For-Node.html) 5 | 6 | This source code is provided 'as-is', without any express or implied 7 | warranty. In no event will the author be held liable for any damages 8 | arising from the use of this software. 9 | 10 | Permission is granted to anyone to use this software for any purpose, 11 | including commercial applications, and to alter it and redistribute it 12 | freely, subject to the following restrictions: 13 | 14 | 1. The origin of this source code must not be misrepresented; you must not 15 | claim that you wrote the original source code. If you use this source code 16 | in a product, an acknowledgment in the product documentation would be 17 | appreciated but is not required. 18 | 2. Altered source versions must be plainly marked as such, and must not be 19 | misrepresented as being the original source code. 20 | 3. This notice may not be removed or altered from any source distribution. 21 | 22 | Barry Steyn barry.steyn@gmail.com 23 | */ 24 | 25 | #ifndef _SCRYPTASYNC_H_ 26 | #define _SCRYPTASYNC_H_ 27 | 28 | #include "scrypt_common.h" 29 | 30 | // 31 | // Scrypt Async Worker 32 | // 33 | 34 | //Note: This class is implemented for common async 35 | // class properties that applies to Scrypt functionality 36 | // only. These properties are: 37 | // (1) Creation of Scrypt specific Error Object 38 | // (2) result integer that denotes the response from the Scrypt C library 39 | // (3) ScryptPeristentObject that holds input arguments from JS land 40 | class ScryptAsyncWorker : public Nan::AsyncWorker { 41 | public: 42 | ScryptAsyncWorker(Nan::Callback* callback) : Nan::AsyncWorker(callback), result(0) {}; 43 | 44 | // 45 | // Overrides Nan, needed for creating Scrypt Error 46 | // 47 | void HandleErrorCallback() { 48 | Nan::HandleScope scope; 49 | 50 | v8::Local argv[] = { 51 | NodeScrypt::ScryptError(result) 52 | }; 53 | callback->Call(1, argv, async_resource); 54 | } 55 | 56 | // 57 | // Overrides Nan, needed for checking result 58 | // 59 | void WorkComplete() { 60 | Nan::HandleScope scope; 61 | 62 | if (result == 0) 63 | HandleOKCallback(); 64 | else 65 | HandleErrorCallback(); 66 | 67 | delete callback; 68 | callback = NULL; 69 | } 70 | 71 | protected: 72 | // 73 | // Scrypt specific state 74 | // 75 | v8::Local ScryptPeristentObject; // Anything persistent stored here 76 | unsigned int result; // Result of Scrypt functions 77 | }; 78 | 79 | #endif /* _SCRYPTASYNC_H_ */ 80 | -------------------------------------------------------------------------------- /scrypt_node.cc: -------------------------------------------------------------------------------- 1 | /* 2 | scrypt_node.cc 3 | 4 | Copyright (C) 2013 Barry Steyn (http://doctrina.org/Scrypt-Authentication-For-Node.html) 5 | 6 | This source code is provided 'as-is', without any express or implied 7 | warranty. In no event will the author be held liable for any damages 8 | arising from the use of this software. 9 | 10 | Permission is granted to anyone to use this software for any purpose, 11 | including commercial applications, and to alter it and redistribute it 12 | freely, subject to the following restrictions: 13 | 14 | 1. The origin of this source code must not be misrepresented; you must not 15 | claim that you wrote the original source code. If you use this source code 16 | in a product, an acknowledgment in the product documentation would be 17 | appreciated but is not required. 18 | 19 | 2. Altered source versions must be plainly marked as such, and must not be 20 | misrepresented as being the original source code. 21 | 22 | 3. This notice may not be removed or altered from any source distribution. 23 | 24 | Barry Steyn barry.steyn@gmail.com 25 | 26 | */ 27 | #include 28 | #include 29 | #include 30 | 31 | using namespace v8; 32 | 33 | // 34 | // Forward declarations 35 | // 36 | NAN_METHOD(paramsSync); 37 | NAN_METHOD(params); 38 | NAN_METHOD(kdfSync); 39 | NAN_METHOD(kdf); 40 | NAN_METHOD(kdfVerifySync); 41 | NAN_METHOD(kdfVerify); 42 | NAN_METHOD(hashSync); 43 | NAN_METHOD(hash); 44 | 45 | // 46 | // Module initialisation 47 | // 48 | NAN_MODULE_INIT(InitAll) { 49 | 50 | Nan::Set(target, Nan::New("paramsSync").ToLocalChecked(), 51 | Nan::GetFunction(Nan::New(paramsSync)).ToLocalChecked()); 52 | 53 | Nan::Set(target, Nan::New("params").ToLocalChecked(), 54 | Nan::GetFunction(Nan::New(params)).ToLocalChecked()); 55 | 56 | Nan::Set(target, Nan::New("kdfSync").ToLocalChecked(), 57 | Nan::GetFunction(Nan::New(kdfSync)).ToLocalChecked()); 58 | 59 | Nan::Set(target, Nan::New("kdf").ToLocalChecked(), 60 | Nan::GetFunction(Nan::New(kdf)).ToLocalChecked()); 61 | 62 | Nan::Set(target, Nan::New("verifySync").ToLocalChecked(), 63 | Nan::GetFunction(Nan::New(kdfVerifySync)).ToLocalChecked()); 64 | 65 | Nan::Set(target, Nan::New("verify").ToLocalChecked(), 66 | Nan::GetFunction(Nan::New(kdfVerify)).ToLocalChecked()); 67 | 68 | Nan::Set(target, Nan::New("hashSync").ToLocalChecked(), 69 | Nan::GetFunction(Nan::New(hashSync)).ToLocalChecked()); 70 | 71 | Nan::Set(target, Nan::New("hash").ToLocalChecked(), 72 | Nan::GetFunction(Nan::New(hash)).ToLocalChecked()); 73 | } 74 | 75 | NODE_MODULE(scrypt, InitAll) 76 | -------------------------------------------------------------------------------- /src/node-boilerplate/inc/scrypt_hash_async.h: -------------------------------------------------------------------------------- 1 | /* 2 | scrypt_hash_async.h 3 | 4 | Copyright (C) 2013 Barry Steyn (http://doctrina.org/Scrypt-Authentication-For-Node.html) 5 | 6 | This source code is provided 'as-is', without any express or implied 7 | warranty. In no event will the author be held liable for any damages 8 | arising from the use of this software. 9 | 10 | Permission is granted to anyone to use this software for any purpose, 11 | including commercial applications, and to alter it and redistribute it 12 | freely, subject to the following restrictions: 13 | 14 | 1. The origin of this source code must not be misrepresented; you must not 15 | claim that you wrote the original source code. If you use this source code 16 | in a product, an acknowledgment in the product documentation would be 17 | appreciated but is not required. 18 | 2. Altered source versions must be plainly marked as such, and must not be 19 | misrepresented as being the original source code. 20 | 3. This notice may not be removed or altered from any source distribution. 21 | 22 | Barry Steyn barry.steyn@gmail.com 23 | */ 24 | 25 | #ifndef _SCRYPTHASHASYNC_ 26 | #define _SCRYPTHASHASYNC_ 27 | 28 | #include "scrypt_async.h" 29 | 30 | class ScryptHashAsyncWorker : public ScryptAsyncWorker { 31 | public: 32 | ScryptHashAsyncWorker(Nan::NAN_METHOD_ARGS_TYPE info) : 33 | ScryptAsyncWorker(new Nan::Callback(info[4].As())), 34 | key_ptr(reinterpret_cast(node::Buffer::Data(info[0]))), 35 | key_size(node::Buffer::Length(info[0])), 36 | params(Nan::To(info[1]).ToLocalChecked()), 37 | hash_size(Nan::To(info[2]).ToChecked()), 38 | salt_ptr(reinterpret_cast(node::Buffer::Data(info[3]))), 39 | salt_size(static_cast(node::Buffer::Length(info[3]))) 40 | { 41 | ScryptPeristentObject = Nan::New(); 42 | Nan::Set(ScryptPeristentObject, Nan::New("KeyBuffer").ToLocalChecked(), info[0]); 43 | Nan::Set(ScryptPeristentObject, Nan::New("HashBuffer").ToLocalChecked(), Nan::NewBuffer(static_cast(hash_size)).ToLocalChecked()); 44 | Nan::Set(ScryptPeristentObject, Nan::New("SaltBuffer").ToLocalChecked(), info[3]); 45 | SaveToPersistent("ScryptPeristentObject", ScryptPeristentObject); 46 | 47 | hash_ptr = reinterpret_cast(node::Buffer::Data(Nan::Get(ScryptPeristentObject, Nan::New("HashBuffer").ToLocalChecked()).ToLocalChecked())); 48 | }; 49 | 50 | void Execute(); 51 | void HandleOKCallback(); 52 | 53 | private: 54 | const uint8_t* key_ptr; 55 | const size_t key_size; 56 | const NodeScrypt::Params params; 57 | const size_t hash_size; 58 | const uint8_t* salt_ptr; 59 | const size_t salt_size; 60 | uint8_t* hash_ptr; 61 | }; 62 | 63 | #endif /* _SCRYPTHASHASYNC_ */ 64 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/cpusupport/cpusupport.h: -------------------------------------------------------------------------------- 1 | #ifndef _CPUSUPPORT_H_ 2 | #define _CPUSUPPORT_H_ 3 | 4 | /* 5 | * To enable support for non-portable CPU features at compile time, one or 6 | * more CPUSUPPORT_ARCH_FEATURE macros should be defined. This can be done 7 | * directly on the compiler command line; or a file can be created with the 8 | * necessary #define lines and then -D CPUSUPPORT_CONFIG_FILE=cpuconfig.h 9 | * (or similar) can be provided to include that file here. 10 | */ 11 | #ifdef CPUSUPPORT_CONFIG_FILE 12 | #include CPUSUPPORT_CONFIG_FILE 13 | #endif 14 | 15 | /* 16 | * The CPUSUPPORT_FEATURE macro declares the necessary variables and 17 | * functions for detecting CPU feature support at run time. The function 18 | * defined in the macro acts to cache the result of the ..._detect function 19 | * using the ..._present and ..._init variables. 20 | */ 21 | #define CPUSUPPORT_FEATURE(arch, feature) \ 22 | extern int cpusupport_ ## arch ## _ ## feature ## _present; \ 23 | extern int cpusupport_ ## arch ## _ ## feature ## _init; \ 24 | int cpusupport_ ## arch ## _ ## feature ## _detect(void); \ 25 | \ 26 | static inline int \ 27 | cpusupport_ ## arch ## _ ## feature(void) \ 28 | { \ 29 | \ 30 | if (cpusupport_ ## arch ## _ ## feature ## _present) \ 31 | return (1); \ 32 | else if (cpusupport_ ## arch ## _ ## feature ## _init) \ 33 | return (0); \ 34 | cpusupport_ ## arch ## _ ## feature ## _present = \ 35 | cpusupport_ ## arch ##_ ## feature ## _detect(); \ 36 | cpusupport_ ## arch ## _ ## feature ## _init = 1; \ 37 | return (cpusupport_ ## arch ## _ ## feature ## _present); \ 38 | } \ 39 | struct cpusupport_ ## arch ## _ ## feature ## _dummy 40 | 41 | /* 42 | * CPUSUPPORT_FEATURE_DECL(arch, feature): 43 | * Macro which defines variables and provides a function declaration for 44 | * detecting the presence of "feature" on the "arch" architecture. The 45 | * function body following this macro expansion must return nonzero if the 46 | * feature is present, or zero if the feature is not present or the detection 47 | * fails for any reason. 48 | */ 49 | #define CPUSUPPORT_FEATURE_DECL(arch, feature) \ 50 | int cpusupport_ ## arch ## _ ## feature ## _present = 0; \ 51 | int cpusupport_ ## arch ## _ ## feature ## _init = 0; \ 52 | int \ 53 | cpusupport_ ## arch ## _ ## feature ## _detect(void) 54 | 55 | /* 56 | * Any features listed here must have associated C files compiled and linked 57 | * in, since the macro references symbols which must be defined. Projects 58 | * which do not need to detect certain CPU features may wish to remove lines 59 | * from this list so that the associated C files can be omitted. 60 | */ 61 | CPUSUPPORT_FEATURE(x86, aesni); 62 | CPUSUPPORT_FEATURE(x86, sse2); 63 | 64 | #endif /* !_CPUSUPPORT_H_ */ 65 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/alg/sha256.h: -------------------------------------------------------------------------------- 1 | #ifndef _SHA256_H_ 2 | #define _SHA256_H_ 3 | 4 | #include 5 | #include 6 | 7 | /* 8 | * Use #defines in order to avoid namespace collisions with anyone else's 9 | * SHA256 code (e.g., the code in OpenSSL). 10 | */ 11 | #define SHA256_Init libcperciva_SHA256_Init 12 | #define SHA256_Update libcperciva_SHA256_Update 13 | #define SHA256_Final libcperciva_SHA256_Final 14 | #define SHA256_Buf libcperciva_SHA256_Buf 15 | #define SHA256_CTX libcperciva_SHA256_CTX 16 | #define HMAC_SHA256_Init libcperciva_HMAC_SHA256_Init 17 | #define HMAC_SHA256_Update libcperciva_HMAC_SHA256_Update 18 | #define HMAC_SHA256_Final libcperciva_HMAC_SHA256_Final 19 | #define HMAC_SHA256_Buf libcperciva_HMAC_SHA256_Buf 20 | #define HMAC_SHA256_CTX libcperciva_HMAC_SHA256_CTX 21 | 22 | /* Context structure for SHA256 operations. */ 23 | typedef struct { 24 | uint32_t state[8]; 25 | uint64_t count; 26 | uint8_t buf[64]; 27 | } SHA256_CTX; 28 | 29 | /** 30 | * SHA256_Init(ctx): 31 | * Initialize the SHA256 context ${ctx}. 32 | */ 33 | void SHA256_Init(SHA256_CTX *); 34 | 35 | /** 36 | * SHA256_Update(ctx, in, len): 37 | * Input ${len} bytes from ${in} into the SHA256 context ${ctx}. 38 | */ 39 | void SHA256_Update(SHA256_CTX *, const void *, size_t); 40 | 41 | /** 42 | * SHA256_Final(digest, ctx): 43 | * Output the SHA256 hash of the data input to the context ${ctx} into the 44 | * buffer ${digest}. 45 | */ 46 | void SHA256_Final(uint8_t[32], SHA256_CTX *); 47 | 48 | /** 49 | * SHA256_Buf(in, len, digest): 50 | * Compute the SHA256 hash of ${len} bytes from $in} and write it to ${digest}. 51 | */ 52 | void SHA256_Buf(const void *, size_t, uint8_t[32]); 53 | 54 | /* Context structure for HMAC-SHA256 operations. */ 55 | typedef struct { 56 | SHA256_CTX ictx; 57 | SHA256_CTX octx; 58 | } HMAC_SHA256_CTX; 59 | 60 | /** 61 | * HMAC_SHA256_Init(ctx, K, Klen): 62 | * Initialize the HMAC-SHA256 context ${ctx} with ${Klen} bytes of key from 63 | * ${K}. 64 | */ 65 | void HMAC_SHA256_Init(HMAC_SHA256_CTX *, const void *, size_t); 66 | 67 | /** 68 | * HMAC_SHA256_Update(ctx, in, len): 69 | * Input ${len} bytes from ${in} into the HMAC-SHA256 context ${ctx}. 70 | */ 71 | void HMAC_SHA256_Update(HMAC_SHA256_CTX *, const void *, size_t); 72 | 73 | /** 74 | * HMAC_SHA256_Final(digest, ctx): 75 | * Output the HMAC-SHA256 of the data input to the context ${ctx} into the 76 | * buffer ${digest}. 77 | */ 78 | void HMAC_SHA256_Final(uint8_t[32], HMAC_SHA256_CTX *); 79 | 80 | /** 81 | * HMAC_SHA256_Buf(K, Klen, in, len, digest): 82 | * Compute the HMAC-SHA256 of ${len} bytes from ${in} using the key ${K} of 83 | * length ${Klen}, and write the result to ${digest}. 84 | */ 85 | void HMAC_SHA256_Buf(const void *, size_t, const void *, size_t, uint8_t[32]); 86 | 87 | /** 88 | * PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, c, buf, dkLen): 89 | * Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-SHA256 as the PRF, and 90 | * write the output to buf. The value dkLen must be at most 32 * (2^32 - 1). 91 | */ 92 | void PBKDF2_SHA256(const uint8_t *, size_t, const uint8_t *, size_t, 93 | uint64_t, uint8_t *, size_t); 94 | 95 | #endif /* !_SHA256_H_ */ 96 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/config.h.in: -------------------------------------------------------------------------------- 1 | /* config.h.in. Generated from configure.ac by autoheader. */ 2 | 3 | /* Define to 1 if you have the `clock_gettime' function. */ 4 | #undef HAVE_CLOCK_GETTIME 5 | 6 | /* Define to 1 if you have the header file. */ 7 | #undef HAVE_INTTYPES_H 8 | 9 | /* Define to 1 if you have the `rt' library (-lrt). */ 10 | #undef HAVE_LIBRT 11 | 12 | /* Define to 1 if you have the header file. */ 13 | #undef HAVE_MEMORY_H 14 | 15 | /* Define to 1 if you have the `mmap' function. */ 16 | #undef HAVE_MMAP 17 | 18 | /* Define to 1 if you have the `posix_memalign' function. */ 19 | #undef HAVE_POSIX_MEMALIGN 20 | 21 | /* Define to 1 if you have the header file. */ 22 | #undef HAVE_STDINT_H 23 | 24 | /* Define to 1 if you have the header file. */ 25 | #undef HAVE_STDLIB_H 26 | 27 | /* Define to 1 if you have the header file. */ 28 | #undef HAVE_STRINGS_H 29 | 30 | /* Define to 1 if you have the header file. */ 31 | #undef HAVE_STRING_H 32 | 33 | /* Define to 1 if the system has the type `struct sysinfo'. */ 34 | #undef HAVE_STRUCT_SYSINFO 35 | 36 | /* Define to 1 if `mem_unit' is a member of `struct sysinfo'. */ 37 | #undef HAVE_STRUCT_SYSINFO_MEM_UNIT 38 | 39 | /* Define to 1 if `totalram' is a member of `struct sysinfo'. */ 40 | #undef HAVE_STRUCT_SYSINFO_TOTALRAM 41 | 42 | /* Define to 1 if you have the `sysinfo' function. */ 43 | #undef HAVE_SYSINFO 44 | 45 | /* Define to 1 if you have the header file. */ 46 | #undef HAVE_SYS_PARAM_H 47 | 48 | /* Define to 1 if you have the header file. */ 49 | #undef HAVE_SYS_STAT_H 50 | 51 | /* Define to 1 if you have the header file. */ 52 | #undef HAVE_SYS_SYSCTL_H 53 | 54 | /* Define to 1 if you have the header file. */ 55 | #undef HAVE_SYS_SYSINFO_H 56 | 57 | /* Define to 1 if you have the header file. */ 58 | #undef HAVE_SYS_TYPES_H 59 | 60 | /* Define to 1 if you have the header file. */ 61 | #undef HAVE_UNISTD_H 62 | 63 | /* Name of package */ 64 | #undef PACKAGE 65 | 66 | /* Define to the address where bug reports for this package should be sent. */ 67 | #undef PACKAGE_BUGREPORT 68 | 69 | /* Define to the full name of this package. */ 70 | #undef PACKAGE_NAME 71 | 72 | /* Define to the full name and version of this package. */ 73 | #undef PACKAGE_STRING 74 | 75 | /* Define to the one symbol short name of this package. */ 76 | #undef PACKAGE_TARNAME 77 | 78 | /* Define to the home page for this package. */ 79 | #undef PACKAGE_URL 80 | 81 | /* Define to the version of this package. */ 82 | #undef PACKAGE_VERSION 83 | 84 | /* Define to 1 if you have the ANSI C header files. */ 85 | #undef STDC_HEADERS 86 | 87 | /* Version number of package */ 88 | #undef VERSION 89 | 90 | /* Enable large inode numbers on Mac OS X 10.5. */ 91 | #ifndef _DARWIN_USE_64_BIT_INODE 92 | # define _DARWIN_USE_64_BIT_INODE 1 93 | #endif 94 | 95 | /* Number of bits in a file offset, on hosts where this is settable. */ 96 | #undef _FILE_OFFSET_BITS 97 | 98 | /* Define for large files, on AIX-style hosts. */ 99 | #undef _LARGE_FILES 100 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/config.h: -------------------------------------------------------------------------------- 1 | /* Config.h altered for windows platform */ 2 | 3 | /* Define to 1 if you have the `clock_gettime' function. */ 4 | /* #undef HAVE_CLOCK_GETTIME */ 5 | 6 | /* Define to 1 if you have the declaration of `be64enc', and to 0 if you 7 | don't. */ 8 | #define HAVE_DECL_BE64ENC 0 9 | 10 | /* Define to 1 if you have the header file. */ 11 | /* #define HAVE_ERR_H 1 */ 12 | 13 | /* Define to 1 if you have the header file. */ 14 | #define HAVE_INTTYPES_H 1 15 | 16 | /* Define to 1 if you have the `rt' library (-lrt). */ 17 | /* #undef HAVE_LIBRT */ 18 | 19 | /* Define to 1 if you have the header file. */ 20 | #define HAVE_MEMORY_H 1 21 | 22 | /* Define to 1 if you have the `posix_memalign' function. */ 23 | /* #undef HAVE_POSIX_MEMALIGN */ 24 | 25 | /* Define to 1 if you have the header file. */ 26 | #define HAVE_STDINT_H 1 27 | 28 | /* Define to 1 if you have the header file. */ 29 | #define HAVE_STDLIB_H 1 30 | 31 | /* Define to 1 if you have the header file. */ 32 | #define HAVE_STRINGS_H 1 33 | 34 | /* Define to 1 if you have the header file. */ 35 | #define HAVE_STRING_H 1 36 | 37 | /* Define to 1 if the system has the type `struct sysinfo'. */ 38 | /* #undef HAVE_STRUCT_SYSINFO */ 39 | 40 | /* Define to 1 if `mem_unit' is member of `struct sysinfo'. */ 41 | /* #undef HAVE_STRUCT_SYSINFO_MEM_UNIT */ 42 | 43 | /* Define to 1 if `totalram' is member of `struct sysinfo'. */ 44 | /* #undef HAVE_STRUCT_SYSINFO_TOTALRAM */ 45 | 46 | /* Define to 1 if the OS has a hw.usermem sysctl */ 47 | /* #undef HAVE_SYSCTL_HW_USERMEM */ 48 | 49 | /* Define to 1 if you have the `sysinfo' function. */ 50 | /* #undef HAVE_SYSINFO */ 51 | 52 | /* Define to 1 if you have the header file. */ 53 | /* #undef HAVE_SYS_ENDIAN_H */ 54 | 55 | /* Define to 1 if you have the header file. */ 56 | /* #define HAVE_SYS_PARAM_H 1 */ 57 | 58 | /* Define to 1 if you have the header file. */ 59 | #define HAVE_SYS_STAT_H 1 60 | 61 | /* Define to 1 if you have the header file. */ 62 | /* #undef HAVE_SYS_SYSINFO_H */ 63 | 64 | /* Define to 1 if you have the header file. */ 65 | /* #define HAVE_SYS_TYPES_H 1 */ 66 | 67 | /* Define to 1 if you have the header file. */ 68 | #define HAVE_UNISTD_H 1 69 | 70 | /* Name of package */ 71 | #define PACKAGE "scrypt" 72 | 73 | /* Define to the address where bug reports for this package should be sent. */ 74 | #define PACKAGE_BUGREPORT "" 75 | 76 | /* Define to the full name of this package. */ 77 | #define PACKAGE_NAME "scrypt" 78 | 79 | /* Define to the full name and version of this package. */ 80 | #define PACKAGE_STRING "scrypt 1.1.6" 81 | 82 | /* Define to the one symbol short name of this package. */ 83 | #define PACKAGE_TARNAME "scrypt" 84 | 85 | /* Define to the version of this package. */ 86 | #define PACKAGE_VERSION "1.1.6" 87 | 88 | /* Define to 1 if you have the ANSI C header files. */ 89 | #define STDC_HEADERS 1 90 | 91 | /* Version number of package */ 92 | #define VERSION "1.1.6" 93 | 94 | /* Number of bits in a file offset, on hosts where this is settable. */ 95 | /* #undef _FILE_OFFSET_BITS */ 96 | 97 | /* Define for large files, on AIX-style hosts. */ 98 | /* #undef _LARGE_FILES */ -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/crypto/crypto_aesctr.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | #include "crypto_aes.h" 5 | #include "sysendian.h" 6 | 7 | #include "crypto_aesctr.h" 8 | 9 | struct crypto_aesctr { 10 | const struct crypto_aes_key * key; 11 | uint64_t nonce; 12 | uint64_t bytectr; 13 | uint8_t buf[16]; 14 | }; 15 | 16 | /** 17 | * crypto_aesctr_init(key, nonce): 18 | * Prepare to encrypt/decrypt data with AES in CTR mode, using the provided 19 | * expanded key and nonce. The key provided must remain valid for the 20 | * lifetime of the stream. 21 | */ 22 | struct crypto_aesctr * 23 | crypto_aesctr_init(const struct crypto_aes_key * key, uint64_t nonce) 24 | { 25 | struct crypto_aesctr * stream; 26 | 27 | /* Allocate memory. */ 28 | if ((stream = malloc(sizeof(struct crypto_aesctr))) == NULL) 29 | goto err0; 30 | 31 | /* Initialize values. */ 32 | stream->key = key; 33 | stream->nonce = nonce; 34 | stream->bytectr = 0; 35 | 36 | /* Success! */ 37 | return (stream); 38 | 39 | err0: 40 | /* Failure! */ 41 | return (NULL); 42 | } 43 | 44 | /** 45 | * crypto_aesctr_stream(stream, inbuf, outbuf, buflen): 46 | * Generate the next ${buflen} bytes of the AES-CTR stream and xor them with 47 | * bytes from ${inbuf}, writing the result into ${outbuf}. If the buffers 48 | * ${inbuf} and ${outbuf} overlap, they must be identical. 49 | */ 50 | void 51 | crypto_aesctr_stream(struct crypto_aesctr * stream, const uint8_t * inbuf, 52 | uint8_t * outbuf, size_t buflen) 53 | { 54 | uint8_t pblk[16]; 55 | size_t pos; 56 | int bytemod; 57 | 58 | for (pos = 0; pos < buflen; pos++) { 59 | /* How far through the buffer are we? */ 60 | bytemod = stream->bytectr % 16; 61 | 62 | /* Generate a block of cipherstream if needed. */ 63 | if (bytemod == 0) { 64 | be64enc(pblk, stream->nonce); 65 | be64enc(pblk + 8, stream->bytectr / 16); 66 | crypto_aes_encrypt_block(pblk, stream->buf, 67 | stream->key); 68 | } 69 | 70 | /* Encrypt a byte. */ 71 | outbuf[pos] = inbuf[pos] ^ stream->buf[bytemod]; 72 | 73 | /* Move to the next byte of cipherstream. */ 74 | stream->bytectr += 1; 75 | } 76 | } 77 | 78 | /** 79 | * crypto_aesctr_free(stream): 80 | * Free the provided stream object. 81 | */ 82 | void 83 | crypto_aesctr_free(struct crypto_aesctr * stream) 84 | { 85 | int i; 86 | 87 | /* Be compatible with free(NULL). */ 88 | if (stream == NULL) 89 | return; 90 | 91 | /* Zero potentially sensitive information. */ 92 | for (i = 0; i < 16; i++) 93 | stream->buf[i] = 0; 94 | stream->bytectr = stream->nonce = 0; 95 | 96 | /* Free the stream. */ 97 | free(stream); 98 | } 99 | 100 | /** 101 | * crypto_aesctr_buf(key, nonce, inbuf, outbuf, buflen): 102 | * Equivalent to init(key, nonce); stream(inbuf, outbuf, buflen); free. 103 | */ 104 | void 105 | crypto_aesctr_buf(const struct crypto_aes_key * key, uint64_t nonce, 106 | const uint8_t * inbuf, uint8_t * outbuf, size_t buflen) 107 | { 108 | struct crypto_aesctr stream_rec; 109 | struct crypto_aesctr * stream = &stream_rec; 110 | int i; 111 | 112 | /* Initialize values. */ 113 | stream->key = key; 114 | stream->nonce = nonce; 115 | stream->bytectr = 0; 116 | 117 | /* Perform the encryption. */ 118 | crypto_aesctr_stream(stream, inbuf, outbuf, buflen); 119 | 120 | /* Zero potentially sensitive information. */ 121 | for (i = 0; i < 16; i++) 122 | stream->buf[i] = 0; 123 | stream->bytectr = stream->nonce = 0; 124 | } 125 | -------------------------------------------------------------------------------- /src/node-boilerplate/scrypt_common.cc: -------------------------------------------------------------------------------- 1 | /* 2 | scrypt_common.cc 3 | 4 | Copyright (C) 2013 Barry Steyn (http://doctrina.org/Scrypt-Authentication-For-Node.html) 5 | 6 | This source code is provided 'as-is', without any express or implied 7 | warranty. In no event will the author be held liable for any damages 8 | arising from the use of this software. 9 | 10 | Permission is granted to anyone to use this software for any purpose, 11 | including commercial applications, and to alter it and redistribute it 12 | freely, subject to the following restrictions: 13 | 14 | 1. The origin of this source code must not be misrepresented; you must not 15 | claim that you wrote the original source code. If you use this source code 16 | in a product, an acknowledgment in the product documentation would be 17 | appreciated but is not required. 18 | 2. Altered source versions must be plainly marked as such, and must not be 19 | misrepresented as being the original source code. 20 | 3. This notice may not be removed or altered from any source distribution. 21 | 22 | Barry Steyn barry.steyn@gmail.com 23 | */ 24 | 25 | 26 | #include 27 | 28 | #include 29 | 30 | extern "C" { 31 | #include 32 | } 33 | 34 | #include 35 | #include 36 | 37 | #include 38 | #include 39 | 40 | #include 41 | 42 | // 43 | // Anonymous namespace 44 | // 45 | namespace { 46 | // 47 | // Returns error descriptions as generated by Scrypt 48 | // 49 | const char* InternalErrorDescr(const unsigned int error) { 50 | switch(error) { 51 | case 0: 52 | return "success"; 53 | case 1: 54 | return "getrlimit or sysctl(hw.usermem) failed"; 55 | case 2: 56 | return "clock_getres or clock_gettime failed"; 57 | case 3: 58 | return "error computing derived key"; 59 | case 4: 60 | return "could not read salt from /dev/urandom"; 61 | case 5: 62 | return "error in OpenSSL"; 63 | case 6: 64 | return "malloc failed"; 65 | case 7: 66 | return "data is not a valid scrypt-encrypted block"; 67 | case 8: 68 | return "unrecognized scrypt format"; 69 | case 9: 70 | return "decrypting file would take too much memory"; 71 | case 10: 72 | return "decrypting file would take too long"; 73 | case 11: 74 | return "password is incorrect"; 75 | case 12: 76 | return "error writing output file"; 77 | case 13: 78 | return "error reading input file"; 79 | default: 80 | return "error unkown"; 81 | } 82 | } 83 | 84 | // 85 | // Returns error descriptions as generated by Scrypt 86 | // 87 | const char* ScryptErrorDescr(const unsigned int error) { 88 | 89 | unsigned int mask = -1, 90 | base_error = (mask >> 16) & error, 91 | sub_error = (((mask << 16) & error) >> 16); 92 | std::string scrypt_err_description = InternalErrorDescr(base_error); 93 | 94 | if (sub_error) { 95 | scrypt_err_description += " - " + std::string(strerror(sub_error)); 96 | } 97 | 98 | return scrypt_err_description.c_str(); 99 | } 100 | } /* end anonymous namespace */ 101 | 102 | namespace NodeScrypt { 103 | 104 | // 105 | // Creates a Scrypt specific JavaScript Error object 106 | // 107 | v8::Local ScryptError(const unsigned int error) { 108 | Nan::EscapableHandleScope scope; 109 | v8::Local scryptError = Nan::Error(ScryptErrorDescr(error)); 110 | return scope.Escape(scryptError); 111 | } 112 | } //end Scrypt namespace 113 | -------------------------------------------------------------------------------- /src/scryptwrapper/keyderivation.c: -------------------------------------------------------------------------------- 1 | /* 2 | keyderivation.c 3 | 4 | Copyright (C) 2013 Barry Steyn (http://doctrina.org/Scrypt-Authentication-For-Node.html) 5 | 6 | This source code is provided 'as-is', without any express or implied 7 | warranty. In no event will the author be held liable for any damages 8 | arising from the use of this software. 9 | 10 | Permission is granted to anyone to use this software for any purpose, 11 | including commercial applications, and to alter it and redistribute it 12 | freely, subject to the following restrictions: 13 | 14 | 1. The origin of this source code must not be misrepresented; you must not 15 | claim that you wrote the original source code. If you use this source code 16 | in a product, an acknowledgment in the product documentation would be 17 | appreciated but is not required. 18 | 19 | 2. Altered source versions must be plainly marked as such, and must not be 20 | misrepresented as being the original source code. 21 | 22 | 3. This notice may not be removed or altered from any source distribution. 23 | 24 | Barry Steyn barry.steyn@gmail.com 25 | */ 26 | 27 | #include "sha256.h" 28 | #include "hash.h" 29 | #include "pickparams.h" 30 | #include "sysendian.h" 31 | 32 | #include 33 | #include 34 | 35 | // 36 | // Creates a password hash. This is the actual key derivation function 37 | // 38 | unsigned int 39 | KDF(const uint8_t* passwd, size_t passwdSize, uint8_t* kdf, uint32_t logN, uint32_t r, uint32_t p, const uint8_t* salt) { 40 | uint64_t N=1; 41 | uint8_t dk[64], 42 | hbuf[32]; 43 | uint8_t *key_hmac = &dk[32]; 44 | SHA256_CTX ctx; 45 | HMAC_SHA256_CTX hctx; 46 | 47 | /* Generate the derived keys. */ 48 | N <<= logN; 49 | if (ScryptHashFunction(passwd, passwdSize, salt, 32, N, r, p, dk, 64)) 50 | return (3); 51 | 52 | /* Construct the hash. */ 53 | memcpy(kdf, "scrypt", 6); //Sticking with Colin Percival's format of putting scrypt at the beginning 54 | kdf[6] = 0; 55 | kdf[7] = logN; 56 | be32enc(&kdf[8], r); 57 | be32enc(&kdf[12], p); 58 | memcpy(&kdf[16], salt, 32); 59 | 60 | /* Add hash checksum. */ 61 | SHA256_Init(&ctx); 62 | SHA256_Update(&ctx, kdf, 48); 63 | SHA256_Final(hbuf, &ctx); 64 | memcpy(&kdf[48], hbuf, 16); 65 | 66 | /* Add hash signature (used for verifying password). */ 67 | HMAC_SHA256_Init(&hctx, key_hmac, 32); 68 | HMAC_SHA256_Update(&hctx, kdf, 64); 69 | HMAC_SHA256_Final(hbuf, &hctx); 70 | memcpy(&kdf[64], hbuf, 32); 71 | 72 | return 0; //success 73 | } 74 | 75 | // 76 | // Verifies password hash (also ensures hash integrity at same time) 77 | // 78 | int 79 | Verify(const uint8_t* kdf, const uint8_t* passwd, size_t passwdSize) { 80 | uint64_t N=0; 81 | uint32_t r=0, p=0; 82 | uint8_t dk[64], 83 | salt[32], 84 | hbuf[32]; 85 | uint8_t * key_hmac = &dk[32]; 86 | HMAC_SHA256_CTX hctx; 87 | SHA256_CTX ctx; 88 | 89 | /* Parse N, r, p, salt. */ 90 | N = (uint64_t)1 << kdf[7]; //Remember, kdf[7] is actually LogN 91 | r = be32dec(&kdf[8]); 92 | p = be32dec(&kdf[12]); 93 | memcpy(salt, &kdf[16], 32); 94 | 95 | /* Verify hash checksum. */ 96 | SHA256_Init(&ctx); 97 | SHA256_Update(&ctx, kdf, 48); 98 | SHA256_Final(hbuf, &ctx); 99 | if (memcmp(&kdf[48], hbuf, 16)) 100 | return (7); 101 | 102 | /* Compute Derived Key */ 103 | if (ScryptHashFunction(passwd, passwdSize, salt, 32, N, r, p, dk, 64)) 104 | return (3); 105 | 106 | /* Check hash signature (i.e., verify password). */ 107 | HMAC_SHA256_Init(&hctx, key_hmac, 32); 108 | HMAC_SHA256_Update(&hctx, kdf, 64); 109 | HMAC_SHA256_Final(hbuf, &hctx); 110 | if (memcmp(hbuf, &kdf[64], 32)) 111 | return (11); 112 | 113 | return (0); //Success 114 | } 115 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/keyderivation.c: -------------------------------------------------------------------------------- 1 | /* 2 | keyderivation.c 3 | 4 | Copyright (C) 2013 Barry Steyn (http://doctrina.org/Scrypt-Authentication-For-Node.html) 5 | 6 | This source code is provided 'as-is', without any express or implied 7 | warranty. In no event will the author be held liable for any damages 8 | arising from the use of this software. 9 | 10 | Permission is granted to anyone to use this software for any purpose, 11 | including commercial applications, and to alter it and redistribute it 12 | freely, subject to the following restrictions: 13 | 14 | 1. The origin of this source code must not be misrepresented; you must not 15 | claim that you wrote the original source code. If you use this source code 16 | in a product, an acknowledgment in the product documentation would be 17 | appreciated but is not required. 18 | 19 | 2. Altered source versions must be plainly marked as such, and must not be 20 | misrepresented as being the original source code. 21 | 22 | 3. This notice may not be removed or altered from any source distribution. 23 | 24 | Barry Steyn barry.steyn@gmail.com 25 | */ 26 | 27 | #include "sha256.h" 28 | #include "hash.h" 29 | #include "pickparams.h" 30 | #include "sysendian.h" 31 | #include "salt.h" 32 | 33 | #include 34 | #include 35 | 36 | // 37 | // Creates a password hash. This is the actual key derivation function 38 | // 39 | int 40 | KDF(const uint8_t* passwd, size_t passwdSize, uint8_t* kdf, uint32_t logN, uint32_t r, uint32_t p) { 41 | uint64_t N=1; 42 | uint8_t dk[64], 43 | salt[32], 44 | hbuf[32]; 45 | uint8_t *key_hmac = &dk[32]; 46 | SHA256_CTX ctx; 47 | HMAC_SHA256_CTX hctx; 48 | int rc; 49 | 50 | /* Get Some Salt */ 51 | if ((rc = getsalt(salt, 32)) != 0) 52 | return (rc); 53 | 54 | /* Generate the derived keys. */ 55 | N <<= logN; 56 | if (ScryptHashFunction(passwd, passwdSize, salt, 32, N, r, p, dk, 64)) 57 | return (3); 58 | 59 | /* Construct the hash. */ 60 | memcpy(kdf, "scrypt", 6); //Sticking with Colin Percival's format of putting scrypt at the beginning 61 | kdf[6] = 0; 62 | kdf[7] = logN; 63 | be32enc(&kdf[8], r); 64 | be32enc(&kdf[12], p); 65 | memcpy(&kdf[16], salt, 32); 66 | 67 | /* Add hash checksum. */ 68 | SHA256_Init(&ctx); 69 | scrypt_SHA256_Update(&ctx, kdf, 48); 70 | scrypt_SHA256_Final(hbuf, &ctx); 71 | memcpy(&kdf[48], hbuf, 16); 72 | 73 | /* Add hash signature (used for verifying password). */ 74 | HMAC_SHA256_Init(&hctx, key_hmac, 32); 75 | HMAC_SHA256_Update(&hctx, kdf, 64); 76 | HMAC_SHA256_Final(hbuf, &hctx); 77 | memcpy(&kdf[64], hbuf, 32); 78 | 79 | return 0; //success 80 | } 81 | 82 | // 83 | // Verifies password hash (also ensures hash integrity at same time) 84 | // 85 | int 86 | Verify(const uint8_t* kdf, const uint8_t* passwd, size_t passwdSize) { 87 | uint64_t N=0; 88 | uint32_t r=0, p=0; 89 | uint8_t dk[64], 90 | salt[32], 91 | hbuf[32]; 92 | uint8_t * key_hmac = &dk[32]; 93 | HMAC_SHA256_CTX hctx; 94 | SHA256_CTX ctx; 95 | 96 | /* Parse N, r, p, salt. */ 97 | N = (uint64_t)1 << kdf[7]; //Remember, kdf[7] is actually LogN 98 | r = be32dec(&kdf[8]); 99 | p = be32dec(&kdf[12]); 100 | memcpy(salt, &kdf[16], 32); 101 | 102 | /* Verify hash checksum. */ 103 | SHA256_Init(&ctx); 104 | scrypt_SHA256_Update(&ctx, kdf, 48); 105 | scrypt_SHA256_Final(hbuf, &ctx); 106 | if (memcmp(&kdf[48], hbuf, 16)) 107 | return (7); 108 | 109 | /* Compute Derived Key */ 110 | if (ScryptHashFunction(passwd, passwdSize, salt, 32, N, r, p, dk, 64)) 111 | return (3); 112 | 113 | /* Check hash signature (i.e., verify password). */ 114 | HMAC_SHA256_Init(&hctx, key_hmac, 32); 115 | HMAC_SHA256_Update(&hctx, kdf, 64); 116 | HMAC_SHA256_Final(hbuf, &hctx); 117 | if (memcmp(hbuf, &kdf[64], 32)) 118 | return (11); 119 | 120 | return (0); //Success 121 | } 122 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/util/sysendian.h: -------------------------------------------------------------------------------- 1 | #ifndef _SYSENDIAN_H_ 2 | #define _SYSENDIAN_H_ 3 | 4 | #include 5 | 6 | /* Avoid namespace collisions with BSD . */ 7 | #define be16dec libcperciva_be16dec 8 | #define be16enc libcperciva_be16enc 9 | #define be32dec libcperciva_be32dec 10 | #define be32enc libcperciva_be32enc 11 | #define be64dec libcperciva_be64dec 12 | #define be64enc libcperciva_be64enc 13 | #define le16dec libcperciva_le16dec 14 | #define le16enc libcperciva_le16enc 15 | #define le32dec libcperciva_le32dec 16 | #define le32enc libcperciva_le32enc 17 | #define le64dec libcperciva_le64dec 18 | #define le64enc libcperciva_le64enc 19 | 20 | static inline uint16_t 21 | be16dec(const void * pp) 22 | { 23 | const uint8_t * p = (uint8_t const *)pp; 24 | 25 | return ((uint16_t)(p[1]) + ((uint16_t)(p[0]) << 8)); 26 | } 27 | 28 | static inline void 29 | be16enc(void * pp, uint16_t x) 30 | { 31 | uint8_t * p = (uint8_t *)pp; 32 | 33 | p[1] = x & 0xff; 34 | p[0] = (x >> 8) & 0xff; 35 | } 36 | 37 | static inline uint32_t 38 | be32dec(const void * pp) 39 | { 40 | const uint8_t * p = (uint8_t const *)pp; 41 | 42 | return ((uint32_t)(p[3]) + ((uint32_t)(p[2]) << 8) + 43 | ((uint32_t)(p[1]) << 16) + ((uint32_t)(p[0]) << 24)); 44 | } 45 | 46 | static inline void 47 | be32enc(void * pp, uint32_t x) 48 | { 49 | uint8_t * p = (uint8_t *)pp; 50 | 51 | p[3] = x & 0xff; 52 | p[2] = (x >> 8) & 0xff; 53 | p[1] = (x >> 16) & 0xff; 54 | p[0] = (x >> 24) & 0xff; 55 | } 56 | 57 | static inline uint64_t 58 | be64dec(const void * pp) 59 | { 60 | const uint8_t * p = (uint8_t const *)pp; 61 | 62 | return ((uint64_t)(p[7]) + ((uint64_t)(p[6]) << 8) + 63 | ((uint64_t)(p[5]) << 16) + ((uint64_t)(p[4]) << 24) + 64 | ((uint64_t)(p[3]) << 32) + ((uint64_t)(p[2]) << 40) + 65 | ((uint64_t)(p[1]) << 48) + ((uint64_t)(p[0]) << 56)); 66 | } 67 | 68 | static inline void 69 | be64enc(void * pp, uint64_t x) 70 | { 71 | uint8_t * p = (uint8_t *)pp; 72 | 73 | p[7] = x & 0xff; 74 | p[6] = (x >> 8) & 0xff; 75 | p[5] = (x >> 16) & 0xff; 76 | p[4] = (x >> 24) & 0xff; 77 | p[3] = (x >> 32) & 0xff; 78 | p[2] = (x >> 40) & 0xff; 79 | p[1] = (x >> 48) & 0xff; 80 | p[0] = (x >> 56) & 0xff; 81 | } 82 | 83 | static inline uint16_t 84 | le16dec(const void * pp) 85 | { 86 | const uint8_t * p = (uint8_t const *)pp; 87 | 88 | return ((uint16_t)(p[0]) + ((uint16_t)(p[1]) << 8)); 89 | } 90 | 91 | static inline void 92 | le16enc(void * pp, uint16_t x) 93 | { 94 | uint8_t * p = (uint8_t *)pp; 95 | 96 | p[0] = x & 0xff; 97 | p[1] = (x >> 8) & 0xff; 98 | } 99 | 100 | static inline uint32_t 101 | le32dec(const void * pp) 102 | { 103 | const uint8_t * p = (uint8_t const *)pp; 104 | 105 | return ((uint32_t)(p[0]) + ((uint32_t)(p[1]) << 8) + 106 | ((uint32_t)(p[2]) << 16) + ((uint32_t)(p[3]) << 24)); 107 | } 108 | 109 | static inline void 110 | le32enc(void * pp, uint32_t x) 111 | { 112 | uint8_t * p = (uint8_t *)pp; 113 | 114 | p[0] = x & 0xff; 115 | p[1] = (x >> 8) & 0xff; 116 | p[2] = (x >> 16) & 0xff; 117 | p[3] = (x >> 24) & 0xff; 118 | } 119 | 120 | static inline uint64_t 121 | le64dec(const void * pp) 122 | { 123 | const uint8_t * p = (uint8_t const *)pp; 124 | 125 | return ((uint64_t)(p[0]) + ((uint64_t)(p[1]) << 8) + 126 | ((uint64_t)(p[2]) << 16) + ((uint64_t)(p[3]) << 24) + 127 | ((uint64_t)(p[4]) << 32) + ((uint64_t)(p[5]) << 40) + 128 | ((uint64_t)(p[6]) << 48) + ((uint64_t)(p[7]) << 56)); 129 | } 130 | 131 | static inline void 132 | le64enc(void * pp, uint64_t x) 133 | { 134 | uint8_t * p = (uint8_t *)pp; 135 | 136 | p[0] = x & 0xff; 137 | p[1] = (x >> 8) & 0xff; 138 | p[2] = (x >> 16) & 0xff; 139 | p[3] = (x >> 24) & 0xff; 140 | p[4] = (x >> 32) & 0xff; 141 | p[5] = (x >> 40) & 0xff; 142 | p[6] = (x >> 48) & 0xff; 143 | p[7] = (x >> 56) & 0xff; 144 | } 145 | 146 | #endif /* !_SYSENDIAN_H_ */ 147 | -------------------------------------------------------------------------------- /src/scryptwrapper/pickparams.c: -------------------------------------------------------------------------------- 1 | /* 2 | pickparams.c 3 | 4 | Copyright (C) 2013 Barry Steyn (http://doctrina.org/Scrypt-Authentication-For-Node.html) 5 | 6 | This source code is provided 'as-is', without any express or implied 7 | warranty. In no event will the author be held liable for any damages 8 | arising from the use of this software. 9 | 10 | Permission is granted to anyone to use this software for any purpose, 11 | including commercial applications, and to alter it and redistribute it 12 | freely, subject to the following restrictions: 13 | 14 | 1. The origin of this source code must not be misrepresented; you must not 15 | claim that you wrote the original source code. If you use this source code 16 | in a product, an acknowledgment in the product documentation would be 17 | appreciated but is not required. 18 | 19 | 2. Altered source versions must be plainly marked as such, and must not be 20 | misrepresented as being the original source code. 21 | 22 | 3. This notice may not be removed or altered from any source distribution. 23 | 24 | Barry Steyn barry.steyn@gmail.com 25 | */ 26 | 27 | #include 28 | #include 29 | 30 | #include "pickparams.h" 31 | #include "scryptenc_cpuperf.h" 32 | #include "util/memlimit.h" 33 | 34 | 35 | ///remove 36 | 37 | #include 38 | //end remove 39 | 40 | /* 41 | * Given maxmem, maxmemfrac and maxtime, this functions calculates the N,r,p variables. 42 | * Values for N,r,p are machine dependent. This is copied directly from Colin Percival's srypt reference code 43 | */ 44 | unsigned int 45 | pickparams(int *logN, uint32_t *r, uint32_t *p, double maxtime, size_t maxmem, double maxmemfrac, size_t osfreemem) { 46 | //Note: logN (as opposed to N) is calculated here. This is because it is compact (it can be represented by an int) 47 | // and it is easy (and quick) to convert to N by right shifting bits. Most importantly, using logN only requires 48 | // 32 bits to be stored. Seeing as it is embedded inside the hash, the smaller the better 49 | size_t memlimit; 50 | double opps; 51 | double opslimit; 52 | double maxN, maxrp; 53 | int rc; 54 | 55 | /* Figure out how much memory to use. */ 56 | if (memtouse(maxmem, maxmemfrac, osfreemem, &memlimit)) 57 | return (1); 58 | 59 | /* Figure out how fast the CPU is. */ 60 | if ((rc = scryptenc_cpuperf(&opps)) != 0) 61 | return ((unsigned int)(rc)); // type cast works since Colin is only using positive integers 62 | opslimit = opps * maxtime; 63 | 64 | /* Allow a minimum of 2^15 salsa20/8 cores. */ 65 | if (opslimit < 32768) 66 | opslimit = 32768; 67 | 68 | /* Set r to 8 */ 69 | *r = 8; // r is the underlying block size, Colin Percival defaults to 8 in his reference implementation 70 | 71 | /* 72 | * The memory limit requires that 128Nr <= memlimit, while the CPU 73 | * limit requires that 4Nrp <= opslimit. If opslimit < memlimit/32, 74 | * opslimit imposes the stronger limit on N. 75 | */ 76 | if (opslimit < memlimit/32) { 77 | /* Set p = 1 and choose N based on the CPU limit. */ 78 | *p = 1; 79 | maxN = opslimit / (*r * 4); 80 | for (*logN = 1; *logN < 63; *logN += 1) { 81 | if ((uint64_t)(1) << *logN > maxN / 2) 82 | break; 83 | } 84 | } else { 85 | /* Set N based on the memory limit. */ 86 | maxN = (double)(memlimit / (*r * 128)); 87 | for (*logN = 1; *logN < 63; *logN += 1) { 88 | if ((uint64_t)(1) << *logN > maxN / 2) 89 | break; 90 | } 91 | 92 | /* Choose p based on the CPU limit. */ 93 | maxrp = (opslimit / 4) / ((uint64_t)(1) << *logN); 94 | if (maxrp > 0x3fffffff) 95 | maxrp = 0x3fffffff; 96 | *p = (uint32_t)(maxrp) / *r; 97 | } 98 | 99 | /* Success! */ 100 | return (0); 101 | } 102 | -------------------------------------------------------------------------------- /binding.gyp: -------------------------------------------------------------------------------- 1 | { 2 | 'variables': { 3 | 'compiler-flags': [], 4 | 'scrypt_platform_specific_files': [], 5 | 'scrypt_platform_specific_includes': [], 6 | 'conditions': [ 7 | ['OS=="win"', { 8 | 'scrypt_platform_specific_files': [ 9 | 'scrypt/win/mman.c', 10 | 'scrypt/win/gettimeofday.c' 11 | ], 12 | 'scrypt_platform_specific_includes': [ 13 | 'scrypt/win/include', 14 | ], 15 | }], 16 | ['OS!="win"',{ 17 | 'compiler-flags': ['-std=c++11'] 18 | }], 19 | ['OS=="mac"', { 20 | 'xcode_settings': { 21 | 'OTHER_CPLUSPLUSFLAGS' : ['-stdlib=libc++'], 22 | }, 23 | }], 24 | ], 25 | }, 26 | 27 | 'target_defaults': { 28 | 'default_configuration': 'Release', 29 | 'msvs_settings': { 30 | 'VCCLCompilerTool': { 31 | 'RuntimeLibrary': 0, # static release 32 | 'ExceptionHandling': '2', 33 | 'AdditionalOptions': ['/EHsc'], 34 | 'DisableSpecificWarnings': ['4506'], 35 | }, 36 | }, 37 | }, 38 | 39 | 'targets': [ 40 | { 41 | 'target_name': 'copied_files', 42 | 'conditions': [ 43 | ['OS=="win"', { 44 | 'copies' : [{ 45 | 'destination':'scrypt/scrypt-1.2.0/', 46 | 'files' : [ 47 | 'scrypt/win/include/config.h' 48 | ] 49 | }], 50 | }] 51 | ] 52 | }, 53 | { 54 | 'target_name': 'scrypt_lib', 55 | 'type' : 'static_library', 56 | 'sources': [ 57 | 'scrypt/scrypt-1.2.0/lib/crypto/crypto_scrypt.c', 58 | 'scrypt/scrypt-1.2.0/lib/crypto/crypto_scrypt_smix.c', 59 | 'scrypt/scrypt-1.2.0/libcperciva/util/warnp.c', 60 | 'scrypt/scrypt-1.2.0/libcperciva/alg/sha256.c', 61 | 'scrypt/scrypt-1.2.0/libcperciva/util/insecure_memzero.c', 62 | 'scrypt/scrypt-1.2.0/lib/scryptenc/scryptenc_cpuperf.c', 63 | '<@(scrypt_platform_specific_files)', 64 | ], 65 | 'include_dirs': [ 66 | 'scrypt/scrypt-1.2.0/', 67 | 'scrypt/scrypt-1.2.0/libcperciva/cpusupport', 68 | 'scrypt/scrypt-1.2.0/libcperciva/alg', 69 | 'scrypt/scrypt-1.2.0/libcperciva/util', 70 | 'scrypt/scrypt-1.2.0/lib/crypto', 71 | '<@(scrypt_platform_specific_includes)', 72 | ], 73 | 'defines': [ 74 | 'HAVE_CONFIG_H' 75 | ], 76 | 'conditions': [ 77 | ['OS=="win"', { 'defines' : [ 'inline=__inline' ] }], 78 | ], 79 | 'dependencies': ['copied_files'], 80 | }, 81 | { 82 | 'target_name': 'scrypt_wrapper', 83 | 'type' : 'static_library', 84 | 'sources': [ 85 | 'src/util/memlimit.c', 86 | 'src/scryptwrapper/keyderivation.c', 87 | 'src/scryptwrapper/pickparams.c', 88 | 'src/scryptwrapper/hash.c' 89 | ], 90 | 'include_dirs': [ 91 | 'src/scryptwrapper/inc', 92 | 'src', 93 | 'scrypt/scrypt-1.2.0/libcperciva/alg', 94 | 'scrypt/scrypt-1.2.0/libcperciva/util', 95 | 'scrypt/scrypt-1.2.0/lib/crypto', 96 | 'scrypt/scrypt-1.2.0/lib/util/', 97 | 'scrypt/scrypt-1.2.0/lib/scryptenc/', 98 | '<@(scrypt_platform_specific_includes)', 99 | ], 100 | 'defines': [ 101 | 'HAVE_CONFIG_H' 102 | ], 103 | 'conditions': [ 104 | ['OS=="win"', { 'defines' : [ 'inline=__inline' ] }], 105 | ], 106 | }, 107 | { 108 | 'target_name': 'scrypt', 109 | 'sources': [ 110 | 'src/node-boilerplate/scrypt_common.cc', 111 | 'src/node-boilerplate/scrypt_params_async.cc', 112 | 'src/node-boilerplate/scrypt_params_sync.cc', 113 | 'src/node-boilerplate/scrypt_kdf_async.cc', 114 | 'src/node-boilerplate/scrypt_kdf_sync.cc', 115 | 'src/node-boilerplate/scrypt_kdf-verify_sync.cc', 116 | 'src/node-boilerplate/scrypt_kdf-verify_async.cc', 117 | 'src/node-boilerplate/scrypt_hash_sync.cc', 118 | 'src/node-boilerplate/scrypt_hash_async.cc', 119 | 'scrypt_node.cc' 120 | ], 121 | 'include_dirs': [ 122 | ' 2 | #include 3 | #include 4 | #include 5 | 6 | #include 7 | 8 | #include "cpusupport.h" 9 | #include "crypto_aes_aesni.h" 10 | #include "insecure_memzero.h" 11 | #include "warnp.h" 12 | 13 | #include "crypto_aes.h" 14 | 15 | /** 16 | * This represents either an AES_KEY or a struct crypto_aes_key_aesni; we 17 | * know which it is based on whether we're using AESNI code or not. As such, 18 | * it's just an opaque pointer; but declaring it as a named structure type 19 | * prevents type-mismatch bugs in upstream code. 20 | */ 21 | struct crypto_aes_key; 22 | 23 | #ifdef CPUSUPPORT_X86_AESNI 24 | /* Test whether OpenSSL and AESNI code produce the same AES ciphertext. */ 25 | static int 26 | aesnitest(uint8_t ptext[16], uint8_t * key, size_t keylen) 27 | { 28 | AES_KEY kexp_openssl; 29 | void * kexp_aesni; 30 | uint8_t ctext_openssl[16]; 31 | uint8_t ctext_aesni[16]; 32 | 33 | /* Expand the key. */ 34 | AES_set_encrypt_key(key, keylen * 8, &kexp_openssl); 35 | if ((kexp_aesni = crypto_aes_key_expand_aesni(key, keylen)) == NULL) 36 | goto err0; 37 | 38 | /* Encrypt the block. */ 39 | AES_encrypt(ptext, ctext_openssl, &kexp_openssl); 40 | crypto_aes_encrypt_block_aesni(ptext, ctext_aesni, kexp_aesni); 41 | 42 | /* Free the AESNI expanded key. */ 43 | crypto_aes_key_free_aesni(kexp_aesni); 44 | 45 | /* Do the outputs match? */ 46 | return (memcmp(ctext_openssl, ctext_aesni, 16)); 47 | 48 | err0: 49 | /* Failure! */ 50 | return (-1); 51 | } 52 | 53 | /* Should we use AESNI? */ 54 | static int 55 | useaesni(void) 56 | { 57 | static int aesnigood = -1; 58 | uint8_t key[32]; 59 | uint8_t ptext[16]; 60 | size_t i; 61 | 62 | /* If we haven't decided which code to use yet, decide now. */ 63 | while (aesnigood == -1) { 64 | /* Default to OpenSSL. */ 65 | aesnigood = 0; 66 | 67 | /* If the CPU doesn't claim to support AESNI, stop here. */ 68 | if (!cpusupport_x86_aesni()) 69 | break; 70 | 71 | /* Test cases: key is 0x00010203..., ptext is 0x00112233... */ 72 | for (i = 0; i < 16; i++) 73 | ptext[i] = 0x11 * i; 74 | for (i = 0; i < 32; i++) 75 | key[i] = i; 76 | 77 | /* Test that AESNI and OpenSSL produce the same results. */ 78 | if (aesnitest(ptext, key, 16) || aesnitest(ptext, key, 32)) { 79 | warn0("Disabling AESNI due to failed self-test"); 80 | break; 81 | } 82 | 83 | /* AESNI works; use it. */ 84 | aesnigood = 1; 85 | } 86 | 87 | return (aesnigood); 88 | } 89 | #endif /* CPUSUPPORT_X86_AESNI */ 90 | 91 | /** 92 | * crypto_aes_key_expand(key, len): 93 | * Expand the ${len}-byte AES key ${key} into a structure which can be passed 94 | * to crypto_aes_encrypt_block. The length must be 16 or 32. 95 | */ 96 | struct crypto_aes_key * 97 | crypto_aes_key_expand(const uint8_t * key, size_t len) 98 | { 99 | AES_KEY * kexp; 100 | 101 | /* Sanity-check. */ 102 | assert((len == 16) || (len == 32)); 103 | 104 | #ifdef CPUSUPPORT_X86_AESNI 105 | /* Use AESNI if we can. */ 106 | if (useaesni()) 107 | return (crypto_aes_key_expand_aesni(key, len)); 108 | #endif 109 | 110 | /* Allocate structure. */ 111 | if ((kexp = malloc(sizeof(AES_KEY))) == NULL) 112 | goto err0; 113 | 114 | /* Expand the key. */ 115 | AES_set_encrypt_key(key, len * 8, kexp); 116 | 117 | /* Success! */ 118 | return ((void *)kexp); 119 | 120 | err0: 121 | /* Failure! */ 122 | return (NULL); 123 | } 124 | 125 | /** 126 | * crypto_aes_encrypt_block(in, out, key): 127 | * Using the expanded AES key ${key}, encrypt the block ${in} and write the 128 | * resulting ciphertext to ${out}. 129 | */ 130 | void 131 | crypto_aes_encrypt_block(const uint8_t * in, uint8_t * out, 132 | const struct crypto_aes_key * key) 133 | { 134 | 135 | #ifdef CPUSUPPORT_X86_AESNI 136 | if (useaesni()) { 137 | crypto_aes_encrypt_block_aesni(in, out, (const void *)key); 138 | return; 139 | } 140 | #endif 141 | 142 | /* Get AES to do the work. */ 143 | AES_encrypt(in, out, (const void *)key); 144 | } 145 | 146 | /** 147 | * crypto_aes_key_free(key): 148 | * Free the expanded AES key ${key}. 149 | */ 150 | void 151 | crypto_aes_key_free(struct crypto_aes_key * key) 152 | { 153 | 154 | #ifdef CPUSUPPORT_X86_AESNI 155 | if (useaesni()) { 156 | crypto_aes_key_free_aesni((void *)key); 157 | return; 158 | } 159 | #endif 160 | 161 | /* Attempt to zero the expanded key. */ 162 | insecure_memzero(key, sizeof(AES_KEY)); 163 | 164 | /* Free the key. */ 165 | free(key); 166 | } 167 | -------------------------------------------------------------------------------- /scrypt/win/mman.c: -------------------------------------------------------------------------------- 1 | 2 | #include 3 | #include 4 | #include 5 | 6 | #include "sys/mman.h" 7 | 8 | #ifndef FILE_MAP_EXECUTE 9 | #define FILE_MAP_EXECUTE 0x0020 10 | #endif /* FILE_MAP_EXECUTE */ 11 | 12 | static int __map_mman_error(const DWORD err, const int deferr) 13 | { 14 | if (err == 0) 15 | return 0; 16 | //TODO: implement 17 | return err; 18 | } 19 | 20 | static DWORD __map_mmap_prot_page(const int prot) 21 | { 22 | DWORD protect = 0; 23 | 24 | if (prot == PROT_NONE) 25 | return protect; 26 | 27 | if ((prot & PROT_EXEC) != 0) 28 | { 29 | protect = ((prot & PROT_WRITE) != 0) ? 30 | PAGE_EXECUTE_READWRITE : PAGE_EXECUTE_READ; 31 | } 32 | else 33 | { 34 | protect = ((prot & PROT_WRITE) != 0) ? 35 | PAGE_READWRITE : PAGE_READONLY; 36 | } 37 | 38 | return protect; 39 | } 40 | 41 | static DWORD __map_mmap_prot_file(const int prot) 42 | { 43 | DWORD desiredAccess = 0; 44 | 45 | if (prot == PROT_NONE) 46 | return desiredAccess; 47 | 48 | if ((prot & PROT_READ) != 0) 49 | desiredAccess |= FILE_MAP_READ; 50 | if ((prot & PROT_WRITE) != 0) 51 | desiredAccess |= FILE_MAP_WRITE; 52 | if ((prot & PROT_EXEC) != 0) 53 | desiredAccess |= FILE_MAP_EXECUTE; 54 | 55 | return desiredAccess; 56 | } 57 | 58 | void* mmap(void *addr, size_t len, int prot, int flags, int fildes, off_t off) 59 | { 60 | HANDLE fm, h; 61 | 62 | void * map = MAP_FAILED; 63 | 64 | #ifdef _MSC_VER 65 | #pragma warning(push) 66 | #pragma warning(disable: 4293) 67 | #endif 68 | 69 | const DWORD dwFileOffsetLow = (sizeof(off_t) <= sizeof(DWORD)) ? 70 | (DWORD)off : (DWORD)(off & 0xFFFFFFFFL); 71 | const DWORD dwFileOffsetHigh = (sizeof(off_t) <= sizeof(DWORD)) ? 72 | (DWORD)0 : (DWORD)((off >> 32) & 0xFFFFFFFFL); 73 | const DWORD protect = __map_mmap_prot_page(prot); 74 | const DWORD desiredAccess = __map_mmap_prot_file(prot); 75 | 76 | const off_t maxSize = off + (off_t)len; 77 | 78 | const DWORD dwMaxSizeLow = (sizeof(off_t) <= sizeof(DWORD)) ? 79 | (DWORD)maxSize : (DWORD)(maxSize & 0xFFFFFFFFL); 80 | const DWORD dwMaxSizeHigh = (sizeof(off_t) <= sizeof(DWORD)) ? 81 | (DWORD)0 : (DWORD)((maxSize >> 32) & 0xFFFFFFFFL); 82 | 83 | #ifdef _MSC_VER 84 | #pragma warning(pop) 85 | #endif 86 | 87 | errno = 0; 88 | 89 | if (len == 0 90 | /* Unsupported flag combinations */ 91 | || (flags & MAP_FIXED) != 0 92 | /* Usupported protection combinations */ 93 | || prot == PROT_EXEC) 94 | { 95 | errno = EINVAL; 96 | return MAP_FAILED; 97 | } 98 | 99 | h = ((flags & MAP_ANONYMOUS) == 0) ? 100 | (HANDLE)_get_osfhandle(fildes) : INVALID_HANDLE_VALUE; 101 | 102 | if ((flags & MAP_ANONYMOUS) == 0 && h == INVALID_HANDLE_VALUE) 103 | { 104 | errno = EBADF; 105 | return MAP_FAILED; 106 | } 107 | 108 | fm = CreateFileMapping(h, NULL, protect, dwMaxSizeHigh, dwMaxSizeLow, NULL); 109 | 110 | if (fm == NULL) 111 | { 112 | errno = __map_mman_error(GetLastError(), EPERM); 113 | return MAP_FAILED; 114 | } 115 | 116 | map = MapViewOfFile(fm, desiredAccess, dwFileOffsetHigh, dwFileOffsetLow, len); 117 | 118 | CloseHandle(fm); 119 | 120 | if (map == NULL) 121 | { 122 | errno = __map_mman_error(GetLastError(), EPERM); 123 | return MAP_FAILED; 124 | } 125 | 126 | return map; 127 | } 128 | 129 | int munmap(void *addr, size_t len) 130 | { 131 | if (UnmapViewOfFile(addr)) 132 | return 0; 133 | 134 | errno = __map_mman_error(GetLastError(), EPERM); 135 | 136 | return -1; 137 | } 138 | 139 | int mprotect(void *addr, size_t len, int prot) 140 | { 141 | DWORD newProtect = __map_mmap_prot_page(prot); 142 | DWORD oldProtect = 0; 143 | 144 | if (VirtualProtect(addr, len, newProtect, &oldProtect)) 145 | return 0; 146 | 147 | errno = __map_mman_error(GetLastError(), EPERM); 148 | 149 | return -1; 150 | } 151 | 152 | int msync(void *addr, size_t len, int flags) 153 | { 154 | if (FlushViewOfFile(addr, len)) 155 | return 0; 156 | 157 | errno = __map_mman_error(GetLastError(), EPERM); 158 | 159 | return -1; 160 | } 161 | 162 | int mlock(const void *addr, size_t len) 163 | { 164 | if (VirtualLock((LPVOID)addr, len)) 165 | return 0; 166 | 167 | errno = __map_mman_error(GetLastError(), EPERM); 168 | 169 | return -1; 170 | } 171 | 172 | int munlock(const void *addr, size_t len) 173 | { 174 | if (VirtualUnlock((LPVOID)addr, len)) 175 | return 0; 176 | 177 | errno = __map_mman_error(GetLastError(), EPERM); 178 | 179 | return -1; 180 | } 181 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/lib/scryptenc/scryptenc_cpuperf.c: -------------------------------------------------------------------------------- 1 | /*- 2 | * Copyright 2009 Colin Percival 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 | * SUCH DAMAGE. 25 | * 26 | * This file was originally written by Colin Percival as part of the Tarsnap 27 | * online backup system. 28 | */ 29 | #include "scrypt_platform.h" 30 | 31 | #ifndef _MSC_VER 32 | #include 33 | #else /* For 'struct timeval' and custom gettimeofday() on windows */ 34 | #include 35 | #include "gettimeofday.h" 36 | #endif /* _MSC_VER */ 37 | 38 | #include 39 | #include 40 | #include 41 | 42 | #include "crypto_scrypt.h" 43 | 44 | #include "scryptenc_cpuperf.h" 45 | 46 | #ifdef HAVE_CLOCK_GETTIME 47 | 48 | static clock_t clocktouse; 49 | 50 | static int 51 | getclockres(double * resd) 52 | { 53 | struct timespec res; 54 | 55 | /* 56 | * Try clocks in order of preference until we find one which works. 57 | * (We assume that if clock_getres works, clock_gettime will, too.) 58 | * The use of if/else/if/else/if/else rather than if/elif/elif/else 59 | * is ugly but legal, and allows us to #ifdef things appropriately. 60 | */ 61 | #ifdef CLOCK_VIRTUAL 62 | if (clock_getres(CLOCK_VIRTUAL, &res) == 0) 63 | clocktouse = CLOCK_VIRTUAL; 64 | else 65 | #endif 66 | #ifdef CLOCK_MONOTONIC 67 | if (clock_getres(CLOCK_MONOTONIC, &res) == 0) 68 | clocktouse = CLOCK_MONOTONIC; 69 | else 70 | #endif 71 | if (clock_getres(CLOCK_REALTIME, &res) == 0) 72 | clocktouse = CLOCK_REALTIME; 73 | else 74 | return (-1); 75 | 76 | /* Convert clock resolution to a double. */ 77 | *resd = res.tv_sec + res.tv_nsec * 0.000000001; 78 | 79 | return (0); 80 | } 81 | 82 | static int 83 | getclocktime(struct timespec * ts) 84 | { 85 | 86 | if (clock_gettime(clocktouse, ts)) 87 | return (-1); 88 | 89 | return (0); 90 | } 91 | 92 | #else 93 | static int 94 | getclockres(double * resd) 95 | { 96 | 97 | *resd = 1.0 / CLOCKS_PER_SEC; 98 | 99 | return (0); 100 | } 101 | 102 | static int 103 | getclocktime(struct timespec * ts) 104 | { 105 | struct timeval tv; 106 | 107 | if (gettimeofday(&tv, NULL)) 108 | return (-1); 109 | ts->tv_sec = tv.tv_sec; 110 | ts->tv_nsec = tv.tv_usec * 1000; 111 | 112 | return (0); 113 | } 114 | #endif 115 | 116 | static int 117 | getclockdiff(struct timespec * st, double * diffd) 118 | { 119 | struct timespec en; 120 | 121 | if (getclocktime(&en)) 122 | return (1); 123 | *diffd = (en.tv_nsec - st->tv_nsec) * 0.000000001 + 124 | (en.tv_sec - st->tv_sec); 125 | 126 | return (0); 127 | } 128 | 129 | /** 130 | * scryptenc_cpuperf(opps): 131 | * Estimate the number of salsa20/8 cores which can be executed per second, 132 | * and return the value via opps. 133 | */ 134 | int 135 | scryptenc_cpuperf(double * opps) 136 | { 137 | struct timespec st; 138 | double resd, diffd; 139 | uint64_t i = 0; 140 | 141 | /* Get the clock resolution. */ 142 | if (getclockres(&resd)) 143 | return (2); 144 | 145 | #ifdef DEBUG 146 | fprintf(stderr, "Clock resolution is %f\n", resd); 147 | #endif 148 | 149 | /* Loop until the clock ticks. */ 150 | if (getclocktime(&st)) 151 | return (2); 152 | do { 153 | /* Do an scrypt. */ 154 | if (crypto_scrypt(NULL, 0, NULL, 0, 16, 1, 1, NULL, 0)) 155 | return (3); 156 | 157 | /* Has the clock ticked? */ 158 | if (getclockdiff(&st, &diffd)) 159 | return (2); 160 | if (diffd > 0) 161 | break; 162 | } while (1); 163 | 164 | /* Count how many scrypts we can do before the next tick. */ 165 | if (getclocktime(&st)) 166 | return (2); 167 | do { 168 | /* Do an scrypt. */ 169 | if (crypto_scrypt(NULL, 0, NULL, 0, 128, 1, 1, NULL, 0)) 170 | return (3); 171 | 172 | /* We invoked the salsa20/8 core 512 times. */ 173 | i += 512; 174 | 175 | /* Check if we have looped for long enough. */ 176 | if (getclockdiff(&st, &diffd)) 177 | return (2); 178 | if (diffd > resd) 179 | break; 180 | } while (1); 181 | 182 | #ifdef DEBUG 183 | fprintf(stderr, "%ju salsa20/8 cores performed in %f seconds\n", 184 | (uintmax_t)i, diffd); 185 | #endif 186 | 187 | /* We can do approximately i salsa20/8 cores per diffd seconds. */ 188 | *opps = i / diffd; 189 | return (0); 190 | } 191 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/lib/scryptenc/scryptenc.h: -------------------------------------------------------------------------------- 1 | /*- 2 | * Copyright 2009 Colin Percival 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 | * SUCH DAMAGE. 25 | * 26 | * This file was originally written by Colin Percival as part of the Tarsnap 27 | * online backup system. 28 | */ 29 | #ifndef _SCRYPTENC_H_ 30 | #define _SCRYPTENC_H_ 31 | 32 | #include 33 | #include 34 | 35 | /** 36 | * NOTE: This file provides prototypes for routines which encrypt/decrypt data 37 | * using a key derived from a password by using the scrypt key derivation 38 | * function. If you are just trying to "hash" a password for user logins, 39 | * this is not the code you are looking for. You want to use the crypt_scrypt 40 | * function directly. 41 | */ 42 | 43 | /** 44 | * The parameters maxmem, maxmemfrac, and maxtime used by all of these 45 | * functions are defined as follows: 46 | * maxmem - maximum number of bytes of storage to use for V array (which is 47 | * by far the largest consumer of memory). If this value is set to 0, no 48 | * maximum will be enforced; any other value less than 1 MiB will be 49 | * treated as 1 MiB. 50 | * maxmemfrac - maximum fraction of available storage to use for the V array, 51 | * where "available storage" is defined as the minimum out of the 52 | * RLIMIT_AS, RLIMIT_DATA. and RLIMIT_RSS resource limits (if any are 53 | * set). If this value is set to 0 or more than 0.5 it will be treated 54 | * as 0.5; and this value will never cause a limit of less than 1 MiB to 55 | * be enforced. 56 | * maxtime - maximum amount of CPU time to spend computing the derived keys, 57 | * in seconds. This limit is only approximately enforced; the CPU 58 | * performance is estimated and parameter limits are chosen accordingly. 59 | * For the encryption functions, the parameters to the scrypt key derivation 60 | * function are chosen to make the key as strong as possible subject to the 61 | * specified limits; for the decryption functions, the parameters used are 62 | * compared to the computed limits and an error is returned if decrypting 63 | * the data would take too much memory or CPU time. 64 | */ 65 | /** 66 | * Return codes from scrypt(enc|dec)_(buf|file): 67 | * 0 success 68 | * 1 getrlimit or sysctl(hw.usermem) failed 69 | * 2 clock_getres or clock_gettime failed 70 | * 3 error computing derived key 71 | * 4 could not read salt from /dev/urandom 72 | * 5 error in OpenSSL 73 | * 6 malloc failed 74 | * 7 data is not a valid scrypt-encrypted block 75 | * 8 unrecognized scrypt format 76 | * 9 decrypting file would take too much memory 77 | * 10 decrypting file would take too long 78 | * 11 password is incorrect 79 | * 12 error writing output file 80 | * 13 error reading input file 81 | */ 82 | 83 | /** 84 | * scryptenc_buf(inbuf, inbuflen, outbuf, passwd, passwdlen, 85 | * maxmem, maxmemfrac, maxtime): 86 | * Encrypt inbuflen bytes from inbuf, writing the resulting inbuflen + 128 87 | * bytes to outbuf. 88 | */ 89 | int scryptenc_buf(const uint8_t *, size_t, uint8_t *, 90 | const uint8_t *, size_t, size_t, double, double); 91 | 92 | /** 93 | * scryptdec_buf(inbuf, inbuflen, outbuf, outlen, passwd, passwdlen, 94 | * maxmem, maxmemfrac, maxtime): 95 | * Decrypt inbuflen bytes from inbuf, writing the result into outbuf and the 96 | * decrypted data length to outlen. The allocated length of outbuf must 97 | * be at least inbuflen. 98 | */ 99 | int scryptdec_buf(const uint8_t *, size_t, uint8_t *, size_t *, 100 | const uint8_t *, size_t, size_t, double, double); 101 | 102 | /** 103 | * scryptenc_file(infile, outfile, passwd, passwdlen, 104 | * maxmem, maxmemfrac, maxtime): 105 | * Read a stream from infile and encrypt it, writing the resulting stream to 106 | * outfile. 107 | */ 108 | int scryptenc_file(FILE *, FILE *, const uint8_t *, size_t, 109 | size_t, double, double); 110 | 111 | /** 112 | * scryptdec_file(infile, outfile, passwd, passwdlen, 113 | * maxmem, maxmemfrac, maxtime): 114 | * Read a stream from infile and decrypt it, writing the resulting stream to 115 | * outfile. 116 | */ 117 | int scryptdec_file(FILE *, FILE *, const uint8_t *, size_t, 118 | size_t, double, double); 119 | 120 | #endif /* !_SCRYPTENC_H_ */ 121 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/crypto/crypto_entropy.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | #include "entropy.h" 6 | #include "insecure_memzero.h" 7 | 8 | #include "sha256.h" 9 | 10 | #include "crypto_entropy.h" 11 | 12 | /** 13 | * This system implements the HMAC_DRBG pseudo-random number generator as 14 | * specified in section 10.1.2 of the NIST SP 800-90 standard. In this 15 | * implementation, the optional personalization_string and additional_input 16 | * specified in the standard are not implemented. 17 | */ 18 | 19 | /* Internal HMAC_DRBG state. */ 20 | static struct { 21 | uint8_t Key[32]; 22 | uint8_t V[32]; 23 | uint32_t reseed_counter; 24 | } drbg; 25 | 26 | /* Set to non-zero once the PRNG has been instantiated. */ 27 | static int instantiated = 0; 28 | 29 | /* Could be as high as 2^48 if we wanted... */ 30 | #define RESEED_INTERVAL 256 31 | 32 | /* Limited to 2^16 by specification. */ 33 | #define GENERATE_MAXLEN 65536 34 | 35 | static int instantiate(void); 36 | static void update(uint8_t *, size_t); 37 | static int reseed(void); 38 | static void generate(uint8_t *, size_t); 39 | 40 | /** 41 | * instantiate(void): 42 | * Initialize the DRBG state. (Section 10.1.2.3) 43 | */ 44 | static int 45 | instantiate(void) 46 | { 47 | uint8_t seed_material[48]; 48 | 49 | /* Obtain random seed_material = (entropy_input || nonce). */ 50 | if (entropy_read(seed_material, 48)) 51 | return (-1); 52 | 53 | /* Initialize Key, V, and reseed_counter. */ 54 | memset(drbg.Key, 0x00, 32); 55 | memset(drbg.V, 0x01, 32); 56 | drbg.reseed_counter = 1; 57 | 58 | /* Mix the random seed into the state. */ 59 | update(seed_material, 48); 60 | 61 | /* Clean the stack. */ 62 | insecure_memzero(seed_material, 48); 63 | 64 | /* Success! */ 65 | return (0); 66 | } 67 | 68 | /** 69 | * update(data, datalen): 70 | * Update the DRBG state using the provided data. (Section 10.1.2.2) 71 | */ 72 | static void 73 | update(uint8_t * data, size_t datalen) 74 | { 75 | HMAC_SHA256_CTX ctx; 76 | uint8_t K[32]; 77 | uint8_t Vx[33]; 78 | 79 | /* Load (Key, V) into (K, Vx). */ 80 | memcpy(K, drbg.Key, 32); 81 | memcpy(Vx, drbg.V, 32); 82 | 83 | /* K <- HMAC(K, V || 0x00 || data). */ 84 | Vx[32] = 0x00; 85 | HMAC_SHA256_Init(&ctx, K, 32); 86 | HMAC_SHA256_Update(&ctx, Vx, 33); 87 | HMAC_SHA256_Update(&ctx, data, datalen); 88 | HMAC_SHA256_Final(K, &ctx); 89 | 90 | /* V <- HMAC(K, V). */ 91 | HMAC_SHA256_Buf(K, 32, Vx, 32, Vx); 92 | 93 | /* If the provided data is non-Null, perform another mixing stage. */ 94 | if (datalen != 0) { 95 | /* K <- HMAC(K, V || 0x01 || data). */ 96 | Vx[32] = 0x01; 97 | HMAC_SHA256_Init(&ctx, K, 32); 98 | HMAC_SHA256_Update(&ctx, Vx, 33); 99 | HMAC_SHA256_Update(&ctx, data, datalen); 100 | HMAC_SHA256_Final(K, &ctx); 101 | 102 | /* V <- HMAC(K, V). */ 103 | HMAC_SHA256_Buf(K, 32, Vx, 32, Vx); 104 | } 105 | 106 | /* Copy (K, Vx) back to (Key, V). */ 107 | memcpy(drbg.Key, K, 32); 108 | memcpy(drbg.V, Vx, 32); 109 | 110 | /* Clean the stack. */ 111 | insecure_memzero(K, 32); 112 | insecure_memzero(Vx, 33); 113 | } 114 | 115 | /** 116 | * reseed(void): 117 | * Reseed the DRBG state (mix in new entropy). (Section 10.1.2.4) 118 | */ 119 | static int 120 | reseed(void) 121 | { 122 | uint8_t seed_material[32]; 123 | 124 | /* Obtain random seed_material = entropy_input. */ 125 | if (entropy_read(seed_material, 32)) 126 | return (-1); 127 | 128 | /* Mix the random seed into the state. */ 129 | update(seed_material, 32); 130 | 131 | /* Reset the reseed_counter. */ 132 | drbg.reseed_counter = 1; 133 | 134 | /* Clean the stack. */ 135 | insecure_memzero(seed_material, 32); 136 | 137 | /* Success! */ 138 | return (0); 139 | } 140 | 141 | /** 142 | * generate(buf, buflen): 143 | * Fill the provided buffer with random bits, assuming that reseed_counter 144 | * is less than RESEED_INTERVAL (the caller is responsible for calling 145 | * reseed() as needed) and ${buflen} is less than 2^16 (the caller is 146 | * responsible for splitting up larger requests). (Section 10.1.2.5) 147 | */ 148 | static void 149 | generate(uint8_t * buf, size_t buflen) 150 | { 151 | size_t bufpos; 152 | 153 | assert(buflen <= GENERATE_MAXLEN); 154 | assert(drbg.reseed_counter <= RESEED_INTERVAL); 155 | 156 | /* Iterate until we've filled the buffer. */ 157 | for (bufpos = 0; bufpos < buflen; bufpos += 32) { 158 | HMAC_SHA256_Buf(drbg.Key, 32, drbg.V, 32, drbg.V); 159 | if (buflen - bufpos >= 32) 160 | memcpy(&buf[bufpos], drbg.V, 32); 161 | else 162 | memcpy(&buf[bufpos], drbg.V, buflen - bufpos); 163 | } 164 | 165 | /* Mix up state. */ 166 | update(NULL, 0); 167 | 168 | /* We're one data-generation step closer to needing a reseed. */ 169 | drbg.reseed_counter += 1; 170 | } 171 | 172 | /** 173 | * crypto_entropy_read(buf, buflen): 174 | * Fill the buffer with unpredictable bits. 175 | */ 176 | int 177 | crypto_entropy_read(uint8_t * buf, size_t buflen) 178 | { 179 | size_t bytes_to_provide; 180 | 181 | /* Instantiate if needed. */ 182 | if (instantiated == 0) { 183 | /* Try to instantiate the PRNG. */ 184 | if (instantiate()) 185 | return (-1); 186 | 187 | /* We have instantiated the PRNG. */ 188 | instantiated = 1; 189 | } 190 | 191 | /* Loop until we've filled the buffer. */ 192 | while (buflen > 0) { 193 | /* Do we need to reseed? */ 194 | if (drbg.reseed_counter > RESEED_INTERVAL) { 195 | if (reseed()) 196 | return (-1); 197 | } 198 | 199 | /* How much data are we generating in this step? */ 200 | if (buflen > GENERATE_MAXLEN) 201 | bytes_to_provide = GENERATE_MAXLEN; 202 | else 203 | bytes_to_provide = buflen; 204 | 205 | /* Generate bytes. */ 206 | generate(buf, bytes_to_provide); 207 | 208 | /* We've done part of the buffer. */ 209 | buf += bytes_to_provide; 210 | buflen -= bytes_to_provide; 211 | } 212 | 213 | /* Success! */ 214 | return (0); 215 | } 216 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/libcperciva/util/readpass.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #include 7 | 8 | #include "insecure_memzero.h" 9 | #include "warnp.h" 10 | 11 | #include "readpass.h" 12 | 13 | #define MAXPASSLEN 2048 14 | 15 | /* Signals we need to block. */ 16 | static const int badsigs[] = { 17 | SIGALRM, SIGHUP, SIGINT, 18 | SIGPIPE, SIGQUIT, SIGTERM, 19 | SIGTSTP, SIGTTIN, SIGTTOU 20 | }; 21 | #define NSIGS sizeof(badsigs)/sizeof(badsigs[0]) 22 | 23 | /* Highest signal number we care about. */ 24 | #define MAX2(a, b) ((a) > (b) ? (a) : (b)) 25 | #define MAX4(a, b, c, d) MAX2(MAX2(a, b), MAX2(c, d)) 26 | #define MAX8(a, b, c, d, e, f, g, h) MAX2(MAX4(a, b, c, d), MAX4(e, f, g, h)) 27 | #define MAXBADSIG MAX2(SIGALRM, MAX8(SIGHUP, SIGINT, SIGPIPE, SIGQUIT, \ 28 | SIGTERM, SIGTSTP, SIGTTIN, SIGTTOU)) 29 | 30 | /* Has a signal of this type been received? */ 31 | static volatile sig_atomic_t gotsig[MAXBADSIG + 1]; 32 | 33 | /* Signal handler. */ 34 | static void 35 | handle(int sig) 36 | { 37 | 38 | gotsig[sig] = 1; 39 | } 40 | 41 | /** 42 | * readpass(passwd, prompt, confirmprompt, devtty) 43 | * If ${devtty} is non-zero, read a password from /dev/tty if possible; if 44 | * not, read from stdin. If reading from a tty (either /dev/tty or stdin), 45 | * disable echo and prompt the user by printing ${prompt} to stderr. If 46 | * ${confirmprompt} is non-NULL, read a second password (prompting if a 47 | * terminal is being used) and repeat until the user enters the same password 48 | * twice. Return the password as a malloced NUL-terminated string via 49 | * ${passwd}. 50 | */ 51 | int 52 | readpass(char ** passwd, const char * prompt, 53 | const char * confirmprompt, int devtty) 54 | { 55 | FILE * readfrom; 56 | char passbuf[MAXPASSLEN]; 57 | char confpassbuf[MAXPASSLEN]; 58 | struct sigaction sa, savedsa[NSIGS]; 59 | struct termios term, term_old; 60 | size_t i; 61 | int usingtty; 62 | 63 | /* 64 | * If devtty != 0, try to open /dev/tty; if that fails, or if devtty 65 | * is zero, we'll read the password from stdin instead. 66 | */ 67 | if ((devtty == 0) || ((readfrom = fopen("/dev/tty", "r")) == NULL)) 68 | readfrom = stdin; 69 | 70 | /* We have not received any signals yet. */ 71 | for (i = 0; i <= MAXBADSIG; i++) 72 | gotsig[i] = 0; 73 | 74 | /* 75 | * If we receive a signal while we're reading the password, we might 76 | * end up with echo disabled; to prevent this, we catch the signals 77 | * here, and we'll re-send them to ourselves later after we re-enable 78 | * terminal echo. 79 | */ 80 | sa.sa_handler = handle; 81 | sa.sa_flags = 0; 82 | sigemptyset(&sa.sa_mask); 83 | for (i = 0; i < NSIGS; i++) 84 | sigaction(badsigs[i], &sa, &savedsa[i]); 85 | 86 | /* If we're reading from a terminal, try to disable echo. */ 87 | if ((usingtty = isatty(fileno(readfrom))) != 0) { 88 | if (tcgetattr(fileno(readfrom), &term_old)) { 89 | warnp("Cannot read terminal settings"); 90 | goto err2; 91 | } 92 | memcpy(&term, &term_old, sizeof(struct termios)); 93 | term.c_lflag = (term.c_lflag & ~ECHO) | ECHONL; 94 | if (tcsetattr(fileno(readfrom), TCSANOW, &term)) { 95 | warnp("Cannot set terminal settings"); 96 | goto err2; 97 | } 98 | } 99 | 100 | retry: 101 | /* If we have a terminal, prompt the user to enter the password. */ 102 | if (usingtty) 103 | fprintf(stderr, "%s: ", prompt); 104 | 105 | /* Read the password. */ 106 | if (fgets(passbuf, MAXPASSLEN, readfrom) == NULL) { 107 | warnp("Cannot read password"); 108 | goto err3; 109 | } 110 | 111 | /* Confirm the password if necessary. */ 112 | if (confirmprompt != NULL) { 113 | if (usingtty) 114 | fprintf(stderr, "%s: ", confirmprompt); 115 | if (fgets(confpassbuf, MAXPASSLEN, readfrom) == NULL) { 116 | warnp("Cannot read password"); 117 | goto err3; 118 | } 119 | if (strcmp(passbuf, confpassbuf)) { 120 | fprintf(stderr, 121 | "Passwords mismatch, please try again\n"); 122 | goto retry; 123 | } 124 | } 125 | 126 | /* Terminate the string at the first "\r" or "\n" (if any). */ 127 | passbuf[strcspn(passbuf, "\r\n")] = '\0'; 128 | 129 | /* If we changed terminal settings, reset them. */ 130 | if (usingtty) 131 | tcsetattr(fileno(readfrom), TCSANOW, &term_old); 132 | 133 | /* Restore old signals. */ 134 | for (i = 0; i < NSIGS; i++) 135 | sigaction(badsigs[i], &savedsa[i], NULL); 136 | 137 | /* If we intercepted a signal, re-issue it. */ 138 | for (i = 0; i < NSIGS; i++) { 139 | if (gotsig[badsigs[i]]) 140 | raise(badsigs[i]); 141 | } 142 | 143 | /* Close /dev/tty if we opened it. */ 144 | if (readfrom != stdin) 145 | fclose(readfrom); 146 | 147 | /* Copy the password out. */ 148 | if ((*passwd = strdup(passbuf)) == NULL) { 149 | warnp("Cannot allocate memory"); 150 | goto err1; 151 | } 152 | 153 | /* 154 | * Zero any stored passwords. This is not guaranteed to work, since a 155 | * "sufficiently intelligent" compiler can optimize these out due to 156 | * the values not being accessed again; and even if we outwitted the 157 | * compiler, all we can do is ensure that *a* buffer is zeroed but 158 | * not that it is the only buffer containing the data in question. 159 | * Unfortunately the C standard does not provide any way to mark data 160 | * as "sensitive" in order to prevent extra copies being sprinkled 161 | * around the implementation address space. 162 | */ 163 | insecure_memzero(passbuf, MAXPASSLEN); 164 | insecure_memzero(confpassbuf, MAXPASSLEN); 165 | 166 | /* Success! */ 167 | return (0); 168 | 169 | err3: 170 | /* Reset terminal settings if necessary. */ 171 | if (usingtty) 172 | tcsetattr(fileno(readfrom), TCSAFLUSH, &term_old); 173 | err2: 174 | /* Close /dev/tty if we opened it. */ 175 | if (readfrom != stdin) 176 | fclose(readfrom); 177 | err1: 178 | /* Zero any stored passwords. */ 179 | insecure_memzero(passbuf, MAXPASSLEN); 180 | insecure_memzero(confpassbuf, MAXPASSLEN); 181 | 182 | /* Failure! */ 183 | return (-1); 184 | } 185 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/lib/crypto/crypto_scrypt_smix.c: -------------------------------------------------------------------------------- 1 | /*- 2 | * Copyright 2009 Colin Percival 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 | * SUCH DAMAGE. 25 | * 26 | * This file was originally written by Colin Percival as part of the Tarsnap 27 | * online backup system. 28 | */ 29 | #include 30 | #include 31 | 32 | #include "sha256.h" 33 | #include "sysendian.h" 34 | 35 | #include "crypto_scrypt_smix.h" 36 | 37 | static void blkcpy(void *, const void *, size_t); 38 | static void blkxor(void *, const void *, size_t); 39 | static void salsa20_8(uint32_t[16]); 40 | static void blockmix_salsa8(const uint32_t *, uint32_t *, uint32_t *, size_t); 41 | static uint64_t integerify(const void *, size_t); 42 | 43 | static void 44 | blkcpy(void * dest, const void * src, size_t len) 45 | { 46 | size_t * D = dest; 47 | const size_t * S = src; 48 | size_t L = len / sizeof(size_t); 49 | size_t i; 50 | 51 | for (i = 0; i < L; i++) 52 | D[i] = S[i]; 53 | } 54 | 55 | static void 56 | blkxor(void * dest, const void * src, size_t len) 57 | { 58 | size_t * D = dest; 59 | const size_t * S = src; 60 | size_t L = len / sizeof(size_t); 61 | size_t i; 62 | 63 | for (i = 0; i < L; i++) 64 | D[i] ^= S[i]; 65 | } 66 | 67 | /** 68 | * salsa20_8(B): 69 | * Apply the salsa20/8 core to the provided block. 70 | */ 71 | static void 72 | salsa20_8(uint32_t B[16]) 73 | { 74 | uint32_t x[16]; 75 | size_t i; 76 | 77 | blkcpy(x, B, 64); 78 | for (i = 0; i < 8; i += 2) { 79 | #define R(a,b) (((a) << (b)) | ((a) >> (32 - (b)))) 80 | /* Operate on columns. */ 81 | x[ 4] ^= R(x[ 0]+x[12], 7); x[ 8] ^= R(x[ 4]+x[ 0], 9); 82 | x[12] ^= R(x[ 8]+x[ 4],13); x[ 0] ^= R(x[12]+x[ 8],18); 83 | 84 | x[ 9] ^= R(x[ 5]+x[ 1], 7); x[13] ^= R(x[ 9]+x[ 5], 9); 85 | x[ 1] ^= R(x[13]+x[ 9],13); x[ 5] ^= R(x[ 1]+x[13],18); 86 | 87 | x[14] ^= R(x[10]+x[ 6], 7); x[ 2] ^= R(x[14]+x[10], 9); 88 | x[ 6] ^= R(x[ 2]+x[14],13); x[10] ^= R(x[ 6]+x[ 2],18); 89 | 90 | x[ 3] ^= R(x[15]+x[11], 7); x[ 7] ^= R(x[ 3]+x[15], 9); 91 | x[11] ^= R(x[ 7]+x[ 3],13); x[15] ^= R(x[11]+x[ 7],18); 92 | 93 | /* Operate on rows. */ 94 | x[ 1] ^= R(x[ 0]+x[ 3], 7); x[ 2] ^= R(x[ 1]+x[ 0], 9); 95 | x[ 3] ^= R(x[ 2]+x[ 1],13); x[ 0] ^= R(x[ 3]+x[ 2],18); 96 | 97 | x[ 6] ^= R(x[ 5]+x[ 4], 7); x[ 7] ^= R(x[ 6]+x[ 5], 9); 98 | x[ 4] ^= R(x[ 7]+x[ 6],13); x[ 5] ^= R(x[ 4]+x[ 7],18); 99 | 100 | x[11] ^= R(x[10]+x[ 9], 7); x[ 8] ^= R(x[11]+x[10], 9); 101 | x[ 9] ^= R(x[ 8]+x[11],13); x[10] ^= R(x[ 9]+x[ 8],18); 102 | 103 | x[12] ^= R(x[15]+x[14], 7); x[13] ^= R(x[12]+x[15], 9); 104 | x[14] ^= R(x[13]+x[12],13); x[15] ^= R(x[14]+x[13],18); 105 | #undef R 106 | } 107 | for (i = 0; i < 16; i++) 108 | B[i] += x[i]; 109 | } 110 | 111 | /** 112 | * blockmix_salsa8(Bin, Bout, X, r): 113 | * Compute Bout = BlockMix_{salsa20/8, r}(Bin). The input Bin must be 128r 114 | * bytes in length; the output Bout must also be the same size. The 115 | * temporary space X must be 64 bytes. 116 | */ 117 | static void 118 | blockmix_salsa8(const uint32_t * Bin, uint32_t * Bout, uint32_t * X, size_t r) 119 | { 120 | size_t i; 121 | 122 | /* 1: X <-- B_{2r - 1} */ 123 | blkcpy(X, &Bin[(2 * r - 1) * 16], 64); 124 | 125 | /* 2: for i = 0 to 2r - 1 do */ 126 | for (i = 0; i < 2 * r; i += 2) { 127 | /* 3: X <-- H(X \xor B_i) */ 128 | blkxor(X, &Bin[i * 16], 64); 129 | salsa20_8(X); 130 | 131 | /* 4: Y_i <-- X */ 132 | /* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */ 133 | blkcpy(&Bout[i * 8], X, 64); 134 | 135 | /* 3: X <-- H(X \xor B_i) */ 136 | blkxor(X, &Bin[i * 16 + 16], 64); 137 | salsa20_8(X); 138 | 139 | /* 4: Y_i <-- X */ 140 | /* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */ 141 | blkcpy(&Bout[i * 8 + r * 16], X, 64); 142 | } 143 | } 144 | 145 | /** 146 | * integerify(B, r): 147 | * Return the result of parsing B_{2r-1} as a little-endian integer. 148 | */ 149 | static uint64_t 150 | integerify(const void * B, size_t r) 151 | { 152 | const uint32_t * X = (const void *)((uintptr_t)(B) + (2 * r - 1) * 64); 153 | 154 | return (((uint64_t)(X[1]) << 32) + X[0]); 155 | } 156 | 157 | /** 158 | * crypto_scrypt_smix(B, r, N, V, XY): 159 | * Compute B = SMix_r(B, N). The input B must be 128r bytes in length; 160 | * the temporary storage V must be 128rN bytes in length; the temporary 161 | * storage XY must be 256r + 64 bytes in length. The value N must be a 162 | * power of 2 greater than 1. The arrays B, V, and XY must be aligned to a 163 | * multiple of 64 bytes. 164 | */ 165 | void 166 | crypto_scrypt_smix(uint8_t * B, size_t r, uint64_t N, void * _V, void * XY) 167 | { 168 | uint32_t * X = XY; 169 | uint32_t * Y = (void *)((uint8_t *)(XY) + 128 * r); 170 | uint32_t * Z = (void *)((uint8_t *)(XY) + 256 * r); 171 | uint32_t * V = _V; 172 | uint64_t i; 173 | uint64_t j; 174 | size_t k; 175 | 176 | /* 1: X <-- B */ 177 | for (k = 0; k < 32 * r; k++) 178 | X[k] = le32dec(&B[4 * k]); 179 | 180 | /* 2: for i = 0 to N - 1 do */ 181 | for (i = 0; i < N; i += 2) { 182 | /* 3: V_i <-- X */ 183 | blkcpy(&V[i * (32 * r)], X, 128 * r); 184 | 185 | /* 4: X <-- H(X) */ 186 | blockmix_salsa8(X, Y, Z, r); 187 | 188 | /* 3: V_i <-- X */ 189 | blkcpy(&V[(i + 1) * (32 * r)], Y, 128 * r); 190 | 191 | /* 4: X <-- H(X) */ 192 | blockmix_salsa8(Y, X, Z, r); 193 | } 194 | 195 | /* 6: for i = 0 to N - 1 do */ 196 | for (i = 0; i < N; i += 2) { 197 | /* 7: j <-- Integerify(X) mod N */ 198 | j = integerify(X, r) & (N - 1); 199 | 200 | /* 8: X <-- H(X \xor V_j) */ 201 | blkxor(X, &V[j * (32 * r)], 128 * r); 202 | blockmix_salsa8(X, Y, Z, r); 203 | 204 | /* 7: j <-- Integerify(X) mod N */ 205 | j = integerify(Y, r) & (N - 1); 206 | 207 | /* 8: X <-- H(X \xor V_j) */ 208 | blkxor(Y, &V[j * (32 * r)], 128 * r); 209 | blockmix_salsa8(Y, X, Z, r); 210 | } 211 | 212 | /* 10: B' <-- X */ 213 | for (k = 0; k < 32 * r; k++) 214 | le32enc(&B[4 * k], X[k]); 215 | } 216 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/config.aux/missing: -------------------------------------------------------------------------------- 1 | #! /bin/sh 2 | # Common wrapper for a few potentially missing GNU programs. 3 | 4 | scriptversion=2013-10-28.13; # UTC 5 | 6 | # Copyright (C) 1996-2014 Free Software Foundation, Inc. 7 | # Originally written by Fran,cois Pinard , 1996. 8 | 9 | # This program is free software; you can redistribute it and/or modify 10 | # it under the terms of the GNU General Public License as published by 11 | # the Free Software Foundation; either version 2, or (at your option) 12 | # any later version. 13 | 14 | # This program is distributed in the hope that it will be useful, 15 | # but WITHOUT ANY WARRANTY; without even the implied warranty of 16 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 | # GNU General Public License for more details. 18 | 19 | # You should have received a copy of the GNU General Public License 20 | # along with this program. If not, see . 21 | 22 | # As a special exception to the GNU General Public License, if you 23 | # distribute this file as part of a program that contains a 24 | # configuration script generated by Autoconf, you may include it under 25 | # the same distribution terms that you use for the rest of that program. 26 | 27 | if test $# -eq 0; then 28 | echo 1>&2 "Try '$0 --help' for more information" 29 | exit 1 30 | fi 31 | 32 | case $1 in 33 | 34 | --is-lightweight) 35 | # Used by our autoconf macros to check whether the available missing 36 | # script is modern enough. 37 | exit 0 38 | ;; 39 | 40 | --run) 41 | # Back-compat with the calling convention used by older automake. 42 | shift 43 | ;; 44 | 45 | -h|--h|--he|--hel|--help) 46 | echo "\ 47 | $0 [OPTION]... PROGRAM [ARGUMENT]... 48 | 49 | Run 'PROGRAM [ARGUMENT]...', returning a proper advice when this fails due 50 | to PROGRAM being missing or too old. 51 | 52 | Options: 53 | -h, --help display this help and exit 54 | -v, --version output version information and exit 55 | 56 | Supported PROGRAM values: 57 | aclocal autoconf autoheader autom4te automake makeinfo 58 | bison yacc flex lex help2man 59 | 60 | Version suffixes to PROGRAM as well as the prefixes 'gnu-', 'gnu', and 61 | 'g' are ignored when checking the name. 62 | 63 | Send bug reports to ." 64 | exit $? 65 | ;; 66 | 67 | -v|--v|--ve|--ver|--vers|--versi|--versio|--version) 68 | echo "missing $scriptversion (GNU Automake)" 69 | exit $? 70 | ;; 71 | 72 | -*) 73 | echo 1>&2 "$0: unknown '$1' option" 74 | echo 1>&2 "Try '$0 --help' for more information" 75 | exit 1 76 | ;; 77 | 78 | esac 79 | 80 | # Run the given program, remember its exit status. 81 | "$@"; st=$? 82 | 83 | # If it succeeded, we are done. 84 | test $st -eq 0 && exit 0 85 | 86 | # Also exit now if we it failed (or wasn't found), and '--version' was 87 | # passed; such an option is passed most likely to detect whether the 88 | # program is present and works. 89 | case $2 in --version|--help) exit $st;; esac 90 | 91 | # Exit code 63 means version mismatch. This often happens when the user 92 | # tries to use an ancient version of a tool on a file that requires a 93 | # minimum version. 94 | if test $st -eq 63; then 95 | msg="probably too old" 96 | elif test $st -eq 127; then 97 | # Program was missing. 98 | msg="missing on your system" 99 | else 100 | # Program was found and executed, but failed. Give up. 101 | exit $st 102 | fi 103 | 104 | perl_URL=http://www.perl.org/ 105 | flex_URL=http://flex.sourceforge.net/ 106 | gnu_software_URL=http://www.gnu.org/software 107 | 108 | program_details () 109 | { 110 | case $1 in 111 | aclocal|automake) 112 | echo "The '$1' program is part of the GNU Automake package:" 113 | echo "<$gnu_software_URL/automake>" 114 | echo "It also requires GNU Autoconf, GNU m4 and Perl in order to run:" 115 | echo "<$gnu_software_URL/autoconf>" 116 | echo "<$gnu_software_URL/m4/>" 117 | echo "<$perl_URL>" 118 | ;; 119 | autoconf|autom4te|autoheader) 120 | echo "The '$1' program is part of the GNU Autoconf package:" 121 | echo "<$gnu_software_URL/autoconf/>" 122 | echo "It also requires GNU m4 and Perl in order to run:" 123 | echo "<$gnu_software_URL/m4/>" 124 | echo "<$perl_URL>" 125 | ;; 126 | esac 127 | } 128 | 129 | give_advice () 130 | { 131 | # Normalize program name to check for. 132 | normalized_program=`echo "$1" | sed ' 133 | s/^gnu-//; t 134 | s/^gnu//; t 135 | s/^g//; t'` 136 | 137 | printf '%s\n' "'$1' is $msg." 138 | 139 | configure_deps="'configure.ac' or m4 files included by 'configure.ac'" 140 | case $normalized_program in 141 | autoconf*) 142 | echo "You should only need it if you modified 'configure.ac'," 143 | echo "or m4 files included by it." 144 | program_details 'autoconf' 145 | ;; 146 | autoheader*) 147 | echo "You should only need it if you modified 'acconfig.h' or" 148 | echo "$configure_deps." 149 | program_details 'autoheader' 150 | ;; 151 | automake*) 152 | echo "You should only need it if you modified 'Makefile.am' or" 153 | echo "$configure_deps." 154 | program_details 'automake' 155 | ;; 156 | aclocal*) 157 | echo "You should only need it if you modified 'acinclude.m4' or" 158 | echo "$configure_deps." 159 | program_details 'aclocal' 160 | ;; 161 | autom4te*) 162 | echo "You might have modified some maintainer files that require" 163 | echo "the 'autom4te' program to be rebuilt." 164 | program_details 'autom4te' 165 | ;; 166 | bison*|yacc*) 167 | echo "You should only need it if you modified a '.y' file." 168 | echo "You may want to install the GNU Bison package:" 169 | echo "<$gnu_software_URL/bison/>" 170 | ;; 171 | lex*|flex*) 172 | echo "You should only need it if you modified a '.l' file." 173 | echo "You may want to install the Fast Lexical Analyzer package:" 174 | echo "<$flex_URL>" 175 | ;; 176 | help2man*) 177 | echo "You should only need it if you modified a dependency" \ 178 | "of a man page." 179 | echo "You may want to install the GNU Help2man package:" 180 | echo "<$gnu_software_URL/help2man/>" 181 | ;; 182 | makeinfo*) 183 | echo "You should only need it if you modified a '.texi' file, or" 184 | echo "any other file indirectly affecting the aspect of the manual." 185 | echo "You might want to install the Texinfo package:" 186 | echo "<$gnu_software_URL/texinfo/>" 187 | echo "The spurious makeinfo call might also be the consequence of" 188 | echo "using a buggy 'make' (AIX, DU, IRIX), in which case you might" 189 | echo "want to install GNU make:" 190 | echo "<$gnu_software_URL/make/>" 191 | ;; 192 | *) 193 | echo "You might have modified some files without having the proper" 194 | echo "tools for further handling them. Check the 'README' file, it" 195 | echo "often tells you about the needed prerequisites for installing" 196 | echo "this package. You may also peek at any GNU archive site, in" 197 | echo "case some other package contains this missing '$1' program." 198 | ;; 199 | esac 200 | } 201 | 202 | give_advice "$1" | sed -e '1s/^/WARNING: /' \ 203 | -e '2,$s/^/ /' >&2 204 | 205 | # Propagate the correct exit status (expected to be 127 for a program 206 | # not found, 63 for a program that failed due to version mismatch). 207 | exit $st 208 | 209 | # Local variables: 210 | # eval: (add-hook 'write-file-hooks 'time-stamp) 211 | # time-stamp-start: "scriptversion=" 212 | # time-stamp-format: "%:y-%02m-%02d.%02H" 213 | # time-stamp-time-zone: "UTC" 214 | # time-stamp-end: "; # UTC" 215 | # End: 216 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/lib/crypto/crypto_scrypt_smix_sse2.c: -------------------------------------------------------------------------------- 1 | /*- 2 | * Copyright 2009 Colin Percival 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 | * SUCH DAMAGE. 25 | * 26 | * This file was originally written by Colin Percival as part of the Tarsnap 27 | * online backup system. 28 | */ 29 | #include "cpusupport.h" 30 | #ifdef CPUSUPPORT_X86_SSE2 31 | 32 | #include 33 | #include 34 | 35 | #include "sysendian.h" 36 | 37 | #include "crypto_scrypt_smix_sse2.h" 38 | 39 | static void blkcpy(void *, const void *, size_t); 40 | static void blkxor(void *, const void *, size_t); 41 | static void salsa20_8(__m128i *); 42 | static void blockmix_salsa8(const __m128i *, __m128i *, __m128i *, size_t); 43 | static uint64_t integerify(const void *, size_t); 44 | 45 | static void 46 | blkcpy(void * dest, const void * src, size_t len) 47 | { 48 | __m128i * D = dest; 49 | const __m128i * S = src; 50 | size_t L = len / 16; 51 | size_t i; 52 | 53 | for (i = 0; i < L; i++) 54 | D[i] = S[i]; 55 | } 56 | 57 | static void 58 | blkxor(void * dest, const void * src, size_t len) 59 | { 60 | __m128i * D = dest; 61 | const __m128i * S = src; 62 | size_t L = len / 16; 63 | size_t i; 64 | 65 | for (i = 0; i < L; i++) 66 | D[i] = _mm_xor_si128(D[i], S[i]); 67 | } 68 | 69 | /** 70 | * salsa20_8(B): 71 | * Apply the salsa20/8 core to the provided block. 72 | */ 73 | static void 74 | salsa20_8(__m128i B[4]) 75 | { 76 | __m128i X0, X1, X2, X3; 77 | __m128i T; 78 | size_t i; 79 | 80 | X0 = B[0]; 81 | X1 = B[1]; 82 | X2 = B[2]; 83 | X3 = B[3]; 84 | 85 | for (i = 0; i < 8; i += 2) { 86 | /* Operate on "columns". */ 87 | T = _mm_add_epi32(X0, X3); 88 | X1 = _mm_xor_si128(X1, _mm_slli_epi32(T, 7)); 89 | X1 = _mm_xor_si128(X1, _mm_srli_epi32(T, 25)); 90 | T = _mm_add_epi32(X1, X0); 91 | X2 = _mm_xor_si128(X2, _mm_slli_epi32(T, 9)); 92 | X2 = _mm_xor_si128(X2, _mm_srli_epi32(T, 23)); 93 | T = _mm_add_epi32(X2, X1); 94 | X3 = _mm_xor_si128(X3, _mm_slli_epi32(T, 13)); 95 | X3 = _mm_xor_si128(X3, _mm_srli_epi32(T, 19)); 96 | T = _mm_add_epi32(X3, X2); 97 | X0 = _mm_xor_si128(X0, _mm_slli_epi32(T, 18)); 98 | X0 = _mm_xor_si128(X0, _mm_srli_epi32(T, 14)); 99 | 100 | /* Rearrange data. */ 101 | X1 = _mm_shuffle_epi32(X1, 0x93); 102 | X2 = _mm_shuffle_epi32(X2, 0x4E); 103 | X3 = _mm_shuffle_epi32(X3, 0x39); 104 | 105 | /* Operate on "rows". */ 106 | T = _mm_add_epi32(X0, X1); 107 | X3 = _mm_xor_si128(X3, _mm_slli_epi32(T, 7)); 108 | X3 = _mm_xor_si128(X3, _mm_srli_epi32(T, 25)); 109 | T = _mm_add_epi32(X3, X0); 110 | X2 = _mm_xor_si128(X2, _mm_slli_epi32(T, 9)); 111 | X2 = _mm_xor_si128(X2, _mm_srli_epi32(T, 23)); 112 | T = _mm_add_epi32(X2, X3); 113 | X1 = _mm_xor_si128(X1, _mm_slli_epi32(T, 13)); 114 | X1 = _mm_xor_si128(X1, _mm_srli_epi32(T, 19)); 115 | T = _mm_add_epi32(X1, X2); 116 | X0 = _mm_xor_si128(X0, _mm_slli_epi32(T, 18)); 117 | X0 = _mm_xor_si128(X0, _mm_srli_epi32(T, 14)); 118 | 119 | /* Rearrange data. */ 120 | X1 = _mm_shuffle_epi32(X1, 0x39); 121 | X2 = _mm_shuffle_epi32(X2, 0x4E); 122 | X3 = _mm_shuffle_epi32(X3, 0x93); 123 | } 124 | 125 | B[0] = _mm_add_epi32(B[0], X0); 126 | B[1] = _mm_add_epi32(B[1], X1); 127 | B[2] = _mm_add_epi32(B[2], X2); 128 | B[3] = _mm_add_epi32(B[3], X3); 129 | } 130 | 131 | /** 132 | * blockmix_salsa8(Bin, Bout, X, r): 133 | * Compute Bout = BlockMix_{salsa20/8, r}(Bin). The input Bin must be 128r 134 | * bytes in length; the output Bout must also be the same size. The 135 | * temporary space X must be 64 bytes. 136 | */ 137 | static void 138 | blockmix_salsa8(const __m128i * Bin, __m128i * Bout, __m128i * X, size_t r) 139 | { 140 | size_t i; 141 | 142 | /* 1: X <-- B_{2r - 1} */ 143 | blkcpy(X, &Bin[8 * r - 4], 64); 144 | 145 | /* 2: for i = 0 to 2r - 1 do */ 146 | for (i = 0; i < r; i++) { 147 | /* 3: X <-- H(X \xor B_i) */ 148 | blkxor(X, &Bin[i * 8], 64); 149 | salsa20_8(X); 150 | 151 | /* 4: Y_i <-- X */ 152 | /* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */ 153 | blkcpy(&Bout[i * 4], X, 64); 154 | 155 | /* 3: X <-- H(X \xor B_i) */ 156 | blkxor(X, &Bin[i * 8 + 4], 64); 157 | salsa20_8(X); 158 | 159 | /* 4: Y_i <-- X */ 160 | /* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */ 161 | blkcpy(&Bout[(r + i) * 4], X, 64); 162 | } 163 | } 164 | 165 | /** 166 | * integerify(B, r): 167 | * Return the result of parsing B_{2r-1} as a little-endian integer. 168 | */ 169 | static uint64_t 170 | integerify(const void * B, size_t r) 171 | { 172 | const uint32_t * X = (const void *)((uintptr_t)(B) + (2 * r - 1) * 64); 173 | 174 | return (((uint64_t)(X[13]) << 32) + X[0]); 175 | } 176 | 177 | /** 178 | * crypto_scrypt_smix_sse2(B, r, N, V, XY): 179 | * Compute B = SMix_r(B, N). The input B must be 128r bytes in length; 180 | * the temporary storage V must be 128rN bytes in length; the temporary 181 | * storage XY must be 256r + 64 bytes in length. The value N must be a 182 | * power of 2 greater than 1. The arrays B, V, and XY must be aligned to a 183 | * multiple of 64 bytes. 184 | * 185 | * Use SSE2 instructions. 186 | */ 187 | void 188 | crypto_scrypt_smix_sse2(uint8_t * B, size_t r, uint64_t N, void * V, void * XY) 189 | { 190 | __m128i * X = XY; 191 | __m128i * Y = (void *)((uintptr_t)(XY) + 128 * r); 192 | __m128i * Z = (void *)((uintptr_t)(XY) + 256 * r); 193 | uint32_t * X32 = (void *)X; 194 | uint64_t i, j; 195 | size_t k; 196 | 197 | /* 1: X <-- B */ 198 | for (k = 0; k < 2 * r; k++) { 199 | for (i = 0; i < 16; i++) { 200 | X32[k * 16 + i] = 201 | le32dec(&B[(k * 16 + (i * 5 % 16)) * 4]); 202 | } 203 | } 204 | 205 | /* 2: for i = 0 to N - 1 do */ 206 | for (i = 0; i < N; i += 2) { 207 | /* 3: V_i <-- X */ 208 | blkcpy((void *)((uintptr_t)(V) + i * 128 * r), X, 128 * r); 209 | 210 | /* 4: X <-- H(X) */ 211 | blockmix_salsa8(X, Y, Z, r); 212 | 213 | /* 3: V_i <-- X */ 214 | blkcpy((void *)((uintptr_t)(V) + (i + 1) * 128 * r), 215 | Y, 128 * r); 216 | 217 | /* 4: X <-- H(X) */ 218 | blockmix_salsa8(Y, X, Z, r); 219 | } 220 | 221 | /* 6: for i = 0 to N - 1 do */ 222 | for (i = 0; i < N; i += 2) { 223 | /* 7: j <-- Integerify(X) mod N */ 224 | j = integerify(X, r) & (N - 1); 225 | 226 | /* 8: X <-- H(X \xor V_j) */ 227 | blkxor(X, (void *)((uintptr_t)(V) + j * 128 * r), 128 * r); 228 | blockmix_salsa8(X, Y, Z, r); 229 | 230 | /* 7: j <-- Integerify(X) mod N */ 231 | j = integerify(Y, r) & (N - 1); 232 | 233 | /* 8: X <-- H(X \xor V_j) */ 234 | blkxor(Y, (void *)((uintptr_t)(V) + j * 128 * r), 128 * r); 235 | blockmix_salsa8(Y, X, Z, r); 236 | } 237 | 238 | /* 10: B' <-- X */ 239 | for (k = 0; k < 2 * r; k++) { 240 | for (i = 0; i < 16; i++) { 241 | le32enc(&B[(k * 16 + (i * 5 % 16)) * 4], 242 | X32[k * 16 + i]); 243 | } 244 | } 245 | } 246 | 247 | #endif /* CPUSUPPORT_X86_SSE2 */ 248 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/lib/crypto/crypto_scrypt.c: -------------------------------------------------------------------------------- 1 | /*- 2 | * Copyright 2009 Colin Percival 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 | * SUCH DAMAGE. 25 | * 26 | * This file was originally written by Colin Percival as part of the Tarsnap 27 | * online backup system. 28 | */ 29 | #include "scrypt_platform.h" 30 | 31 | #include 32 | #include 33 | 34 | #include 35 | #include 36 | #include 37 | #include 38 | 39 | #include "cpusupport.h" 40 | #include "sha256.h" 41 | #include "warnp.h" 42 | 43 | #include "crypto_scrypt_smix.h" 44 | #include "crypto_scrypt_smix_sse2.h" 45 | 46 | #include "crypto_scrypt.h" 47 | 48 | static void (*smix_func)(uint8_t *, size_t, uint64_t, void *, void *) = NULL; 49 | 50 | /** 51 | * _crypto_scrypt(passwd, passwdlen, salt, saltlen, N, r, p, buf, buflen, smix): 52 | * Perform the requested scrypt computation, using ${smix} as the smix routine. 53 | */ 54 | static int 55 | _crypto_scrypt(const uint8_t * passwd, size_t passwdlen, 56 | const uint8_t * salt, size_t saltlen, uint64_t N, uint32_t _r, uint32_t _p, 57 | uint8_t * buf, size_t buflen, 58 | void (*smix)(uint8_t *, size_t, uint64_t, void *, void *)) 59 | { 60 | void * B0, * V0, * XY0; 61 | uint8_t * B; 62 | uint32_t * V; 63 | uint32_t * XY; 64 | size_t r = _r, p = _p; 65 | uint32_t i; 66 | 67 | /* Sanity-check parameters. */ 68 | #if SIZE_MAX > UINT32_MAX 69 | if (buflen > (((uint64_t)(1) << 32) - 1) * 32) { 70 | errno = EFBIG; 71 | goto err0; 72 | } 73 | #endif 74 | if ((uint64_t)(r) * (uint64_t)(p) >= (1 << 30)) { 75 | errno = EFBIG; 76 | goto err0; 77 | } 78 | if (((N & (N - 1)) != 0) || (N < 2)) { 79 | errno = EINVAL; 80 | goto err0; 81 | } 82 | if ((r > SIZE_MAX / 128 / p) || 83 | #if SIZE_MAX / 256 <= UINT32_MAX 84 | (r > (SIZE_MAX - 64) / 256) || 85 | #endif 86 | (N > SIZE_MAX / 128 / r)) { 87 | errno = ENOMEM; 88 | goto err0; 89 | } 90 | 91 | /* Allocate memory. */ 92 | #ifdef HAVE_POSIX_MEMALIGN 93 | if ((errno = posix_memalign(&B0, 64, 128 * r * p)) != 0) 94 | goto err0; 95 | B = (uint8_t *)(B0); 96 | if ((errno = posix_memalign(&XY0, 64, 256 * r + 64)) != 0) 97 | goto err1; 98 | XY = (uint32_t *)(XY0); 99 | #if !defined(MAP_ANON) || !defined(HAVE_MMAP) 100 | if ((errno = posix_memalign(&V0, 64, 128 * r * N)) != 0) 101 | goto err2; 102 | V = (uint32_t *)(V0); 103 | #endif 104 | #else 105 | if ((B0 = malloc(128 * r * p + 63)) == NULL) 106 | goto err0; 107 | B = (uint8_t *)(((uintptr_t)(B0) + 63) & ~ (uintptr_t)(63)); 108 | if ((XY0 = malloc(256 * r + 64 + 63)) == NULL) 109 | goto err1; 110 | XY = (uint32_t *)(((uintptr_t)(XY0) + 63) & ~ (uintptr_t)(63)); 111 | #if !defined(MAP_ANON) || !defined(HAVE_MMAP) 112 | if ((V0 = malloc(128 * r * N + 63)) == NULL) 113 | goto err2; 114 | V = (uint32_t *)(((uintptr_t)(V0) + 63) & ~ (uintptr_t)(63)); 115 | #endif 116 | #endif 117 | #if defined(MAP_ANON) && defined(HAVE_MMAP) 118 | if ((V0 = mmap(NULL, 128 * r * N, PROT_READ | PROT_WRITE, 119 | #ifdef MAP_NOCORE 120 | MAP_ANON | MAP_PRIVATE | MAP_NOCORE, 121 | #else 122 | MAP_ANON | MAP_PRIVATE, 123 | #endif 124 | -1, 0)) == MAP_FAILED) 125 | goto err2; 126 | V = (uint32_t *)(V0); 127 | #endif 128 | 129 | /* 1: (B_0 ... B_{p-1}) <-- PBKDF2(P, S, 1, p * MFLen) */ 130 | PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, 1, B, p * 128 * r); 131 | 132 | /* 2: for i = 0 to p - 1 do */ 133 | for (i = 0; i < p; i++) { 134 | /* 3: B_i <-- MF(B_i, N) */ 135 | (smix)(&B[i * 128 * r], r, N, V, XY); 136 | } 137 | 138 | /* 5: DK <-- PBKDF2(P, B, 1, dkLen) */ 139 | PBKDF2_SHA256(passwd, passwdlen, B, p * 128 * r, 1, buf, buflen); 140 | 141 | /* Free memory. */ 142 | #if defined(MAP_ANON) && defined(HAVE_MMAP) 143 | if (munmap(V0, 128 * r * N)) 144 | goto err2; 145 | #else 146 | free(V0); 147 | #endif 148 | free(XY0); 149 | free(B0); 150 | 151 | /* Success! */ 152 | return (0); 153 | 154 | err2: 155 | free(XY0); 156 | err1: 157 | free(B0); 158 | err0: 159 | /* Failure! */ 160 | return (-1); 161 | } 162 | 163 | #define TESTLEN 64 164 | static struct scrypt_test { 165 | const char * passwd; 166 | const char * salt; 167 | uint64_t N; 168 | uint32_t r; 169 | uint32_t p; 170 | uint8_t result[TESTLEN]; 171 | } testcase = { 172 | .passwd = "pleaseletmein", 173 | .salt = "SodiumChloride", 174 | .N = 16, 175 | .r = 8, 176 | .p = 1, 177 | .result = { 178 | 0x25, 0xa9, 0xfa, 0x20, 0x7f, 0x87, 0xca, 0x09, 179 | 0xa4, 0xef, 0x8b, 0x9f, 0x77, 0x7a, 0xca, 0x16, 180 | 0xbe, 0xb7, 0x84, 0xae, 0x18, 0x30, 0xbf, 0xbf, 181 | 0xd3, 0x83, 0x25, 0xaa, 0xbb, 0x93, 0x77, 0xdf, 182 | 0x1b, 0xa7, 0x84, 0xd7, 0x46, 0xea, 0x27, 0x3b, 183 | 0xf5, 0x16, 0xa4, 0x6f, 0xbf, 0xac, 0xf5, 0x11, 184 | 0xc5, 0xbe, 0xba, 0x4c, 0x4a, 0xb3, 0xac, 0xc7, 185 | 0xfa, 0x6f, 0x46, 0x0b, 0x6c, 0x0f, 0x47, 0x7b, 186 | } 187 | }; 188 | 189 | static int 190 | testsmix(void (*smix)(uint8_t *, size_t, uint64_t, void *, void *)) 191 | { 192 | uint8_t hbuf[TESTLEN]; 193 | 194 | /* Perform the computation. */ 195 | if (_crypto_scrypt( 196 | (const uint8_t *)testcase.passwd, strlen(testcase.passwd), 197 | (const uint8_t *)testcase.salt, strlen(testcase.salt), 198 | testcase.N, testcase.r, testcase.p, hbuf, TESTLEN, smix)) 199 | return (-1); 200 | 201 | /* Does it match? */ 202 | return (memcmp(testcase.result, hbuf, TESTLEN)); 203 | } 204 | 205 | static void 206 | selectsmix(void) 207 | { 208 | 209 | #ifdef CPUSUPPORT_X86_SSE2 210 | /* If we're running on an SSE2-capable CPU, try that code. */ 211 | if (cpusupport_x86_sse2()) { 212 | /* If SSE2ized smix works, use it. */ 213 | if (!testsmix(crypto_scrypt_smix_sse2)) { 214 | smix_func = crypto_scrypt_smix_sse2; 215 | return; 216 | } 217 | warn0("Disabling broken SSE2 scrypt support - please report bug!"); 218 | } 219 | #endif 220 | 221 | /* If generic smix works, use it. */ 222 | if (!testsmix(crypto_scrypt_smix)) { 223 | smix_func = crypto_scrypt_smix; 224 | return; 225 | } 226 | warn0("Generic scrypt code is broken - please report bug!"); 227 | 228 | /* If we get here, something really bad happened. */ 229 | abort(); 230 | } 231 | 232 | /** 233 | * crypto_scrypt(passwd, passwdlen, salt, saltlen, N, r, p, buf, buflen): 234 | * Compute scrypt(passwd[0 .. passwdlen - 1], salt[0 .. saltlen - 1], N, r, 235 | * p, buflen) and write the result into buf. The parameters r, p, and buflen 236 | * must satisfy r * p < 2^30 and buflen <= (2^32 - 1) * 32. The parameter N 237 | * must be a power of 2 greater than 1. 238 | * 239 | * Return 0 on success; or -1 on error. 240 | */ 241 | int 242 | crypto_scrypt(const uint8_t * passwd, size_t passwdlen, 243 | const uint8_t * salt, size_t saltlen, uint64_t N, uint32_t _r, uint32_t _p, 244 | uint8_t * buf, size_t buflen) 245 | { 246 | 247 | if (smix_func == NULL) 248 | selectsmix(); 249 | 250 | return (_crypto_scrypt(passwd, passwdlen, salt, saltlen, N, _r, _p, 251 | buf, buflen, smix_func)); 252 | } 253 | -------------------------------------------------------------------------------- /scrypt/win/memlimit.c: -------------------------------------------------------------------------------- 1 | /*- 2 | * Copyright 2009 Colin Percival 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 | * SUCH DAMAGE. 25 | * 26 | * This file was originally written by Colin Percival as part of the Tarsnap 27 | * online backup system. 28 | */ 29 | #include "scrypt_platform.h" 30 | #include 31 | #include 32 | 33 | #ifdef HAVE_SYS_PARAM_H 34 | #include 35 | #endif 36 | #ifdef HAVE_SYSCTL_HW_USERMEM 37 | #include 38 | #endif 39 | #ifdef HAVE_SYS_SYSINFO_H 40 | #include 41 | #endif 42 | 43 | #include 44 | #include 45 | #include 46 | #include 47 | 48 | #ifdef DEBUG 49 | #include 50 | #endif 51 | 52 | #include "memlimit.h" 53 | 54 | #ifdef HAVE_SYSCTL_HW_USERMEM 55 | static int 56 | memlimit_sysctl_hw_usermem(size_t * memlimit) 57 | { 58 | int mib[2]; 59 | uint8_t usermembuf[8]; 60 | size_t usermemlen = 8; 61 | uint64_t usermem; 62 | 63 | /* Ask the kernel how much RAM we have. */ 64 | mib[0] = CTL_HW; 65 | mib[1] = HW_USERMEM; 66 | if (sysctl(mib, 2, usermembuf, &usermemlen, NULL, 0)) 67 | return (1); 68 | 69 | /* 70 | * Parse as either a uint64_t or a uint32_t based on the length of 71 | * output the kernel reports having copied out. It appears that all 72 | * systems providing a sysctl interface for reading integers copy 73 | * them out as system-endian values, so we don't need to worry about 74 | * parsing them. 75 | */ 76 | if (usermemlen == sizeof(uint64_t)) 77 | usermem = *(uint64_t *)usermembuf; 78 | else if (usermemlen == sizeof(uint32_t)) 79 | usermem = *(uint32_t *)usermembuf; 80 | else 81 | return (1); 82 | 83 | /* Return the sysctl value, but clamp to SIZE_MAX if necessary. */ 84 | #if UINT64_MAX > SIZE_MAX 85 | if (usermem > SIZE_MAX) 86 | *memlimit = SIZE_MAX; 87 | else 88 | *memlimit = usermem; 89 | #else 90 | *memlimit = usermem; 91 | #endif 92 | 93 | /* Success! */ 94 | return (0); 95 | } 96 | #endif 97 | 98 | /* If we don't HAVE_STRUCT_SYSINFO, we can't use sysinfo. */ 99 | #ifndef HAVE_STRUCT_SYSINFO 100 | #undef HAVE_SYSINFO 101 | #endif 102 | 103 | /* If we don't HAVE_STRUCT_SYSINFO_TOTALRAM, we can't use sysinfo. */ 104 | #ifndef HAVE_STRUCT_SYSINFO_TOTALRAM 105 | #undef HAVE_SYSINFO 106 | #endif 107 | 108 | #ifdef HAVE_SYSINFO 109 | static int 110 | memlimit_sysinfo(size_t * memlimit) 111 | { 112 | struct sysinfo info; 113 | uint64_t totalmem; 114 | 115 | /* Get information from the kernel. */ 116 | if (sysinfo(&info)) 117 | return (1); 118 | totalmem = info.totalram; 119 | 120 | /* If we're on a modern kernel, adjust based on mem_unit. */ 121 | #ifdef HAVE_STRUCT_SYSINFO_MEM_UNIT 122 | totalmem = totalmem * info.mem_unit; 123 | #endif 124 | 125 | /* Return the value, but clamp to SIZE_MAX if necessary. */ 126 | #if UINT64_MAX > SIZE_MAX 127 | if (totalmem > SIZE_MAX) 128 | *memlimit = SIZE_MAX; 129 | else 130 | *memlimit = totalmem; 131 | #else 132 | *memlimit = totalmem; 133 | #endif 134 | 135 | /* Success! */ 136 | return (0); 137 | } 138 | #endif /* HAVE_SYSINFO */ 139 | 140 | static int 141 | memlimit_rlimit(size_t * memlimit) 142 | { 143 | SYSTEM_INFO sysinfo; 144 | HANDLE hproc; 145 | SIZE_T dwmin = 0; 146 | SIZE_T dwmax = 345; /* Seems like the default max from msdn */ 147 | 148 | sysinfo.dwPageSize = 4096; /* Default to 4K */ 149 | GetSystemInfo(&sysinfo); 150 | 151 | hproc = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, 152 | FALSE, _getpid()); 153 | if (!GetProcessWorkingSetSize(hproc, &dwmin, &dwmax)) { 154 | #ifdef DEBUG 155 | fprintf(stderr, "failed to get max working set size. E=%d\n", 156 | GetLastError()); 157 | #endif 158 | } 159 | CloseHandle(hproc); 160 | *memlimit = dwmax * sysinfo.dwPageSize; 161 | return (0); 162 | } 163 | 164 | #ifdef _SC_PHYS_PAGES 165 | 166 | /* Some systems define _SC_PAGESIZE instead of _SC_PAGE_SIZE. */ 167 | #ifndef _SC_PAGE_SIZE 168 | #define _SC_PAGE_SIZE _SC_PAGESIZE 169 | #endif 170 | 171 | static int 172 | memlimit_sysconf(size_t * memlimit) 173 | { 174 | long pagesize; 175 | long physpages; 176 | uint64_t totalmem; 177 | 178 | /* Set errno to 0 in order to distinguish "no limit" from "error". */ 179 | errno = 0; 180 | 181 | /* Read the two limits. */ 182 | if (((pagesize = sysconf(_SC_PAGE_SIZE)) == -1) || 183 | ((physpages = sysconf(_SC_PHYS_PAGES)) == -1)) { 184 | /* Did an error occur? */ 185 | if (errno != 0) 186 | return (1); 187 | 188 | /* If not, there is no limit. */ 189 | totalmem = (uint64_t)(-1); 190 | } else { 191 | /* Compute the limit. */ 192 | totalmem = (uint64_t)(pagesize) * (uint64_t)(physpages); 193 | } 194 | 195 | /* Return the value, but clamp to SIZE_MAX if necessary. */ 196 | #if UINT64_MAX > SIZE_MAX 197 | if (totalmem > SIZE_MAX) 198 | *memlimit = SIZE_MAX; 199 | else 200 | *memlimit = totalmem; 201 | #else 202 | *memlimit = totalmem; 203 | #endif 204 | 205 | /* Success! */ 206 | return (0); 207 | } 208 | #endif 209 | 210 | int 211 | memtouse(size_t maxmem, double maxmemfrac, size_t * memlimit) 212 | { 213 | size_t sysctl_memlimit, sysinfo_memlimit, rlimit_memlimit; 214 | size_t sysconf_memlimit; 215 | size_t memlimit_min; 216 | size_t memavail; 217 | 218 | /* Get memory limits. */ 219 | #ifdef HAVE_SYSCTL_HW_USERMEM 220 | if (memlimit_sysctl_hw_usermem(&sysctl_memlimit)) 221 | return (1); 222 | #else 223 | sysctl_memlimit = (size_t)(-1); 224 | #endif 225 | #ifdef HAVE_SYSINFO 226 | if (memlimit_sysinfo(&sysinfo_memlimit)) 227 | return (1); 228 | #else 229 | sysinfo_memlimit = (size_t)(-1); 230 | #endif 231 | if (memlimit_rlimit(&rlimit_memlimit)) 232 | return (1); 233 | #ifdef _SC_PHYS_PAGES 234 | if (memlimit_sysconf(&sysconf_memlimit)) 235 | return (1); 236 | #else 237 | sysconf_memlimit = (size_t)(-1); 238 | #endif 239 | 240 | #ifdef DEBUG 241 | fprintf(stderr, "Memory limits are %llu %llu %llu %llu\n", 242 | (unsigned long long) sysctl_memlimit, 243 | (unsigned long long) sysinfo_memlimit, 244 | (unsigned long long) rlimit_memlimit, 245 | (unsigned long long) sysconf_memlimit); 246 | #endif 247 | 248 | /* Find the smallest of them. */ 249 | memlimit_min = (size_t)(-1); 250 | if (memlimit_min > sysctl_memlimit) 251 | memlimit_min = sysctl_memlimit; 252 | if (memlimit_min > sysinfo_memlimit) 253 | memlimit_min = sysinfo_memlimit; 254 | if (memlimit_min > rlimit_memlimit) 255 | memlimit_min = rlimit_memlimit; 256 | if (memlimit_min > sysconf_memlimit) 257 | memlimit_min = sysconf_memlimit; 258 | 259 | /* Only use the specified fraction of the available memory. */ 260 | if ((maxmemfrac > 0.5) || (maxmemfrac == 0.0)) 261 | maxmemfrac = 0.5; 262 | 263 | memavail = (size_t)maxmemfrac * memlimit_min; 264 | 265 | /* Don't use more than the specified maximum. */ 266 | if ((maxmem > 0) && (memavail > maxmem)) 267 | memavail = maxmem; 268 | 269 | /* But always allow at least 1 MiB. */ 270 | if (memavail < 1048576) 271 | memavail = 1048576; 272 | 273 | #ifdef DEBUG 274 | fprintf(stderr, "Allowing up to %llu memory to be used\n", 275 | (unsigned long long) memavail); 276 | #endif 277 | 278 | /* Return limit via the provided pointer. */ 279 | *memlimit = memavail; 280 | return (0); 281 | } -------------------------------------------------------------------------------- /scrypt/win/include/stdint.h: -------------------------------------------------------------------------------- 1 | // ISO C9x compliant stdint.h for Microsoft Visual Studio 2 | // Based on ISO/IEC 9899:TC2 Committee draft (May 6, 2005) WG14/N1124 3 | // 4 | // Copyright (c) 2006-2008 Alexander Chemeris 5 | // 6 | // Redistribution and use in source and binary forms, with or without 7 | // modification, are permitted provided that the following conditions are met: 8 | // 9 | // 1. Redistributions of source code must retain the above copyright notice, 10 | // this list of conditions and the following disclaimer. 11 | // 12 | // 2. Redistributions in binary form must reproduce the above copyright 13 | // notice, this list of conditions and the following disclaimer in the 14 | // documentation and/or other materials provided with the distribution. 15 | // 16 | // 3. The name of the author may be used to endorse or promote products 17 | // derived from this software without specific prior written permission. 18 | // 19 | // THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED 20 | // WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF 21 | // MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO 22 | // EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 24 | // PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; 25 | // OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 26 | // WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 27 | // OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF 28 | // ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | // 30 | /////////////////////////////////////////////////////////////////////////////// 31 | 32 | #ifndef _MSC_VER // [ 33 | #error "Use this header only with Microsoft Visual C++ compilers!" 34 | #endif // _MSC_VER ] 35 | 36 | #ifndef _MSC_STDINT_H_ // [ 37 | #define _MSC_STDINT_H_ 38 | 39 | #if _MSC_VER > 1000 40 | #pragma once 41 | #endif 42 | 43 | #include 44 | 45 | // For Visual Studio 6 in C++ mode and for many Visual Studio versions when 46 | // compiling for ARM we should wrap include with 'extern "C++" {}' 47 | // or compiler give many errors like this: 48 | // error C2733: second C linkage of overloaded function 'wmemchr' not allowed 49 | #ifdef __cplusplus 50 | extern "C" { 51 | #endif 52 | # include 53 | #ifdef __cplusplus 54 | } 55 | #endif 56 | 57 | // Define _W64 macros to mark types changing their size, like intptr_t. 58 | #ifndef _W64 59 | # if !defined(__midl) && (defined(_X86_) || defined(_M_IX86)) && _MSC_VER >= 1300 60 | # define _W64 __w64 61 | # else 62 | # define _W64 63 | # endif 64 | #endif 65 | 66 | 67 | // 7.18.1 Integer types 68 | 69 | // 7.18.1.1 Exact-width integer types 70 | 71 | // Visual Studio 6 and Embedded Visual C++ 4 doesn't 72 | // realize that, e.g. char has the same size as __int8 73 | // so we give up on __intX for them. 74 | #if (_MSC_VER < 1300) 75 | typedef signed char int8_t; 76 | typedef signed short int16_t; 77 | typedef signed int int32_t; 78 | typedef unsigned char uint8_t; 79 | typedef unsigned short uint16_t; 80 | typedef unsigned int uint32_t; 81 | #else 82 | typedef signed __int8 int8_t; 83 | typedef signed __int16 int16_t; 84 | typedef signed __int32 int32_t; 85 | typedef unsigned __int8 uint8_t; 86 | typedef unsigned __int16 uint16_t; 87 | typedef unsigned __int32 uint32_t; 88 | #endif 89 | typedef signed __int64 int64_t; 90 | typedef unsigned __int64 uint64_t; 91 | 92 | 93 | // 7.18.1.2 Minimum-width integer types 94 | typedef int8_t int_least8_t; 95 | typedef int16_t int_least16_t; 96 | typedef int32_t int_least32_t; 97 | typedef int64_t int_least64_t; 98 | typedef uint8_t uint_least8_t; 99 | typedef uint16_t uint_least16_t; 100 | typedef uint32_t uint_least32_t; 101 | typedef uint64_t uint_least64_t; 102 | 103 | // 7.18.1.3 Fastest minimum-width integer types 104 | typedef int8_t int_fast8_t; 105 | typedef int16_t int_fast16_t; 106 | typedef int32_t int_fast32_t; 107 | typedef int64_t int_fast64_t; 108 | typedef uint8_t uint_fast8_t; 109 | typedef uint16_t uint_fast16_t; 110 | typedef uint32_t uint_fast32_t; 111 | typedef uint64_t uint_fast64_t; 112 | 113 | // 7.18.1.4 Integer types capable of holding object pointers 114 | #ifdef _WIN64 // [ 115 | typedef signed __int64 intptr_t; 116 | typedef unsigned __int64 uintptr_t; 117 | #else // _WIN64 ][ 118 | typedef _W64 signed int intptr_t; 119 | typedef _W64 unsigned int uintptr_t; 120 | #endif // _WIN64 ] 121 | 122 | // 7.18.1.5 Greatest-width integer types 123 | typedef int64_t intmax_t; 124 | typedef uint64_t uintmax_t; 125 | 126 | 127 | // 7.18.2 Limits of specified-width integer types 128 | 129 | #if !defined(__cplusplus) || defined(__STDC_LIMIT_MACROS) // [ See footnote 220 at page 257 and footnote 221 at page 259 130 | 131 | // 7.18.2.1 Limits of exact-width integer types 132 | #define INT8_MIN ((int8_t)_I8_MIN) 133 | #define INT8_MAX _I8_MAX 134 | #define INT16_MIN ((int16_t)_I16_MIN) 135 | #define INT16_MAX _I16_MAX 136 | #define INT32_MIN ((int32_t)_I32_MIN) 137 | #define INT32_MAX _I32_MAX 138 | #define INT64_MIN ((int64_t)_I64_MIN) 139 | #define INT64_MAX _I64_MAX 140 | #define UINT8_MAX _UI8_MAX 141 | #define UINT16_MAX _UI16_MAX 142 | #define UINT32_MAX _UI32_MAX 143 | #define UINT64_MAX _UI64_MAX 144 | 145 | // 7.18.2.2 Limits of minimum-width integer types 146 | #define INT_LEAST8_MIN INT8_MIN 147 | #define INT_LEAST8_MAX INT8_MAX 148 | #define INT_LEAST16_MIN INT16_MIN 149 | #define INT_LEAST16_MAX INT16_MAX 150 | #define INT_LEAST32_MIN INT32_MIN 151 | #define INT_LEAST32_MAX INT32_MAX 152 | #define INT_LEAST64_MIN INT64_MIN 153 | #define INT_LEAST64_MAX INT64_MAX 154 | #define UINT_LEAST8_MAX UINT8_MAX 155 | #define UINT_LEAST16_MAX UINT16_MAX 156 | #define UINT_LEAST32_MAX UINT32_MAX 157 | #define UINT_LEAST64_MAX UINT64_MAX 158 | 159 | // 7.18.2.3 Limits of fastest minimum-width integer types 160 | #define INT_FAST8_MIN INT8_MIN 161 | #define INT_FAST8_MAX INT8_MAX 162 | #define INT_FAST16_MIN INT16_MIN 163 | #define INT_FAST16_MAX INT16_MAX 164 | #define INT_FAST32_MIN INT32_MIN 165 | #define INT_FAST32_MAX INT32_MAX 166 | #define INT_FAST64_MIN INT64_MIN 167 | #define INT_FAST64_MAX INT64_MAX 168 | #define UINT_FAST8_MAX UINT8_MAX 169 | #define UINT_FAST16_MAX UINT16_MAX 170 | #define UINT_FAST32_MAX UINT32_MAX 171 | #define UINT_FAST64_MAX UINT64_MAX 172 | 173 | // 7.18.2.4 Limits of integer types capable of holding object pointers 174 | #ifdef _WIN64 // [ 175 | # define INTPTR_MIN INT64_MIN 176 | # define INTPTR_MAX INT64_MAX 177 | # define UINTPTR_MAX UINT64_MAX 178 | #else // _WIN64 ][ 179 | # define INTPTR_MIN INT32_MIN 180 | # define INTPTR_MAX INT32_MAX 181 | # define UINTPTR_MAX UINT32_MAX 182 | #endif // _WIN64 ] 183 | 184 | // 7.18.2.5 Limits of greatest-width integer types 185 | #define INTMAX_MIN INT64_MIN 186 | #define INTMAX_MAX INT64_MAX 187 | #define UINTMAX_MAX UINT64_MAX 188 | 189 | // 7.18.3 Limits of other integer types 190 | 191 | #ifdef _WIN64 // [ 192 | # define PTRDIFF_MIN _I64_MIN 193 | # define PTRDIFF_MAX _I64_MAX 194 | #else // _WIN64 ][ 195 | # define PTRDIFF_MIN _I32_MIN 196 | # define PTRDIFF_MAX _I32_MAX 197 | #endif // _WIN64 ] 198 | 199 | #define SIG_ATOMIC_MIN INT_MIN 200 | #define SIG_ATOMIC_MAX INT_MAX 201 | 202 | #ifndef SIZE_MAX // [ 203 | # ifdef _WIN64 // [ 204 | # define SIZE_MAX _UI64_MAX 205 | # else // _WIN64 ][ 206 | # define SIZE_MAX _UI32_MAX 207 | # endif // _WIN64 ] 208 | #endif // SIZE_MAX ] 209 | 210 | // WCHAR_MIN and WCHAR_MAX are also defined in 211 | #ifndef WCHAR_MIN // [ 212 | # define WCHAR_MIN 0 213 | #endif // WCHAR_MIN ] 214 | #ifndef WCHAR_MAX // [ 215 | # define WCHAR_MAX _UI16_MAX 216 | #endif // WCHAR_MAX ] 217 | 218 | #define WINT_MIN 0 219 | #define WINT_MAX _UI16_MAX 220 | 221 | #endif // __STDC_LIMIT_MACROS ] 222 | 223 | 224 | // 7.18.4 Limits of other integer types 225 | 226 | #if !defined(__cplusplus) || defined(__STDC_CONSTANT_MACROS) // [ See footnote 224 at page 260 227 | 228 | // 7.18.4.1 Macros for minimum-width integer constants 229 | 230 | #define INT8_C(val) val##i8 231 | #define INT16_C(val) val##i16 232 | #define INT32_C(val) val##i32 233 | #define INT64_C(val) val##i64 234 | 235 | #define UINT8_C(val) val##ui8 236 | #define UINT16_C(val) val##ui16 237 | #define UINT32_C(val) val##ui32 238 | #define UINT64_C(val) val##ui64 239 | 240 | // 7.18.4.2 Macros for greatest-width integer constants 241 | #define INTMAX_C INT64_C 242 | #define UINTMAX_C UINT64_C 243 | 244 | #endif // __STDC_CONSTANT_MACROS ] 245 | 246 | 247 | #endif // _MSC_STDINT_H_ ] 248 | -------------------------------------------------------------------------------- /scrypt/scrypt-1.2.0/lib/crypto/crypto_scrypt-ref.c: -------------------------------------------------------------------------------- 1 | /*- 2 | * Copyright 2009 Colin Percival 3 | * All rights reserved. 4 | * 5 | * Redistribution and use in source and binary forms, with or without 6 | * modification, are permitted provided that the following conditions 7 | * are met: 8 | * 1. Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * 2. Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in the 12 | * documentation and/or other materials provided with the distribution. 13 | * 14 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 15 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 16 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 17 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 18 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 19 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 20 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 21 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 22 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 23 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 24 | * SUCH DAMAGE. 25 | * 26 | * This file was originally written by Colin Percival as part of the Tarsnap 27 | * online backup system. 28 | */ 29 | #include "scrypt_platform.h" 30 | 31 | #include 32 | #include 33 | #include 34 | #include 35 | 36 | #include "sha256.h" 37 | #include "sysendian.h" 38 | 39 | #include "crypto_scrypt.h" 40 | 41 | static void blkcpy(uint8_t *, uint8_t *, size_t); 42 | static void blkxor(uint8_t *, uint8_t *, size_t); 43 | static void salsa20_8(uint8_t[64]); 44 | static void blockmix_salsa8(uint8_t *, uint8_t *, size_t); 45 | static uint64_t integerify(uint8_t *, size_t); 46 | static void smix(uint8_t *, size_t, uint64_t, uint8_t *, uint8_t *); 47 | 48 | static void 49 | blkcpy(uint8_t * dest, uint8_t * src, size_t len) 50 | { 51 | size_t i; 52 | 53 | for (i = 0; i < len; i++) 54 | dest[i] = src[i]; 55 | } 56 | 57 | static void 58 | blkxor(uint8_t * dest, uint8_t * src, size_t len) 59 | { 60 | size_t i; 61 | 62 | for (i = 0; i < len; i++) 63 | dest[i] ^= src[i]; 64 | } 65 | 66 | /** 67 | * salsa20_8(B): 68 | * Apply the salsa20/8 core to the provided block. 69 | */ 70 | static void 71 | salsa20_8(uint8_t B[64]) 72 | { 73 | uint32_t B32[16]; 74 | uint32_t x[16]; 75 | size_t i; 76 | 77 | /* Convert little-endian values in. */ 78 | for (i = 0; i < 16; i++) 79 | B32[i] = le32dec(&B[i * 4]); 80 | 81 | /* Compute x = doubleround^4(B32). */ 82 | for (i = 0; i < 16; i++) 83 | x[i] = B32[i]; 84 | for (i = 0; i < 8; i += 2) { 85 | #define R(a,b) (((a) << (b)) | ((a) >> (32 - (b)))) 86 | /* Operate on columns. */ 87 | x[ 4] ^= R(x[ 0]+x[12], 7); x[ 8] ^= R(x[ 4]+x[ 0], 9); 88 | x[12] ^= R(x[ 8]+x[ 4],13); x[ 0] ^= R(x[12]+x[ 8],18); 89 | 90 | x[ 9] ^= R(x[ 5]+x[ 1], 7); x[13] ^= R(x[ 9]+x[ 5], 9); 91 | x[ 1] ^= R(x[13]+x[ 9],13); x[ 5] ^= R(x[ 1]+x[13],18); 92 | 93 | x[14] ^= R(x[10]+x[ 6], 7); x[ 2] ^= R(x[14]+x[10], 9); 94 | x[ 6] ^= R(x[ 2]+x[14],13); x[10] ^= R(x[ 6]+x[ 2],18); 95 | 96 | x[ 3] ^= R(x[15]+x[11], 7); x[ 7] ^= R(x[ 3]+x[15], 9); 97 | x[11] ^= R(x[ 7]+x[ 3],13); x[15] ^= R(x[11]+x[ 7],18); 98 | 99 | /* Operate on rows. */ 100 | x[ 1] ^= R(x[ 0]+x[ 3], 7); x[ 2] ^= R(x[ 1]+x[ 0], 9); 101 | x[ 3] ^= R(x[ 2]+x[ 1],13); x[ 0] ^= R(x[ 3]+x[ 2],18); 102 | 103 | x[ 6] ^= R(x[ 5]+x[ 4], 7); x[ 7] ^= R(x[ 6]+x[ 5], 9); 104 | x[ 4] ^= R(x[ 7]+x[ 6],13); x[ 5] ^= R(x[ 4]+x[ 7],18); 105 | 106 | x[11] ^= R(x[10]+x[ 9], 7); x[ 8] ^= R(x[11]+x[10], 9); 107 | x[ 9] ^= R(x[ 8]+x[11],13); x[10] ^= R(x[ 9]+x[ 8],18); 108 | 109 | x[12] ^= R(x[15]+x[14], 7); x[13] ^= R(x[12]+x[15], 9); 110 | x[14] ^= R(x[13]+x[12],13); x[15] ^= R(x[14]+x[13],18); 111 | #undef R 112 | } 113 | 114 | /* Compute B32 = B32 + x. */ 115 | for (i = 0; i < 16; i++) 116 | B32[i] += x[i]; 117 | 118 | /* Convert little-endian values out. */ 119 | for (i = 0; i < 16; i++) 120 | le32enc(&B[4 * i], B32[i]); 121 | } 122 | 123 | /** 124 | * blockmix_salsa8(B, Y, r): 125 | * Compute B = BlockMix_{salsa20/8, r}(B). The input B must be 128r bytes in 126 | * length; the temporary space Y must also be the same size. 127 | */ 128 | static void 129 | blockmix_salsa8(uint8_t * B, uint8_t * Y, size_t r) 130 | { 131 | uint8_t X[64]; 132 | size_t i; 133 | 134 | /* 1: X <-- B_{2r - 1} */ 135 | blkcpy(X, &B[(2 * r - 1) * 64], 64); 136 | 137 | /* 2: for i = 0 to 2r - 1 do */ 138 | for (i = 0; i < 2 * r; i++) { 139 | /* 3: X <-- H(X \xor B_i) */ 140 | blkxor(X, &B[i * 64], 64); 141 | salsa20_8(X); 142 | 143 | /* 4: Y_i <-- X */ 144 | blkcpy(&Y[i * 64], X, 64); 145 | } 146 | 147 | /* 6: B' <-- (Y_0, Y_2 ... Y_{2r-2}, Y_1, Y_3 ... Y_{2r-1}) */ 148 | for (i = 0; i < r; i++) 149 | blkcpy(&B[i * 64], &Y[(i * 2) * 64], 64); 150 | for (i = 0; i < r; i++) 151 | blkcpy(&B[(i + r) * 64], &Y[(i * 2 + 1) * 64], 64); 152 | } 153 | 154 | /** 155 | * integerify(B, r): 156 | * Return the result of parsing B_{2r-1} as a little-endian integer. 157 | */ 158 | static uint64_t 159 | integerify(uint8_t * B, size_t r) 160 | { 161 | uint8_t * X = &B[(2 * r - 1) * 64]; 162 | 163 | return (le64dec(X)); 164 | } 165 | 166 | /** 167 | * smix(B, r, N, V, XY): 168 | * Compute B = SMix_r(B, N). The input B must be 128r bytes in length; the 169 | * temporary storage V must be 128rN bytes in length; the temporary storage 170 | * XY must be 256r bytes in length. The value N must be a power of 2. 171 | */ 172 | static void 173 | smix(uint8_t * B, size_t r, uint64_t N, uint8_t * V, uint8_t * XY) 174 | { 175 | uint8_t * X = XY; 176 | uint8_t * Y = &XY[128 * r]; 177 | uint64_t i; 178 | uint64_t j; 179 | 180 | /* 1: X <-- B */ 181 | blkcpy(X, B, 128 * r); 182 | 183 | /* 2: for i = 0 to N - 1 do */ 184 | for (i = 0; i < N; i++) { 185 | /* 3: V_i <-- X */ 186 | blkcpy(&V[i * (128 * r)], X, 128 * r); 187 | 188 | /* 4: X <-- H(X) */ 189 | blockmix_salsa8(X, Y, r); 190 | } 191 | 192 | /* 6: for i = 0 to N - 1 do */ 193 | for (i = 0; i < N; i++) { 194 | /* 7: j <-- Integerify(X) mod N */ 195 | j = integerify(X, r) & (N - 1); 196 | 197 | /* 8: X <-- H(X \xor V_j) */ 198 | blkxor(X, &V[j * (128 * r)], 128 * r); 199 | blockmix_salsa8(X, Y, r); 200 | } 201 | 202 | /* 10: B' <-- X */ 203 | blkcpy(B, X, 128 * r); 204 | } 205 | 206 | /** 207 | * crypto_scrypt(passwd, passwdlen, salt, saltlen, N, r, p, buf, buflen): 208 | * Compute scrypt(passwd[0 .. passwdlen - 1], salt[0 .. saltlen - 1], N, r, 209 | * p, buflen) and write the result into buf. The parameters r, p, and buflen 210 | * must satisfy r * p < 2^30 and buflen <= (2^32 - 1) * 32. The parameter N 211 | * must be a power of 2. 212 | * 213 | * Return 0 on success; or -1 on error. 214 | */ 215 | int 216 | crypto_scrypt(const uint8_t * passwd, size_t passwdlen, 217 | const uint8_t * salt, size_t saltlen, uint64_t N, uint32_t _r, uint32_t _p, 218 | uint8_t * buf, size_t buflen) 219 | { 220 | uint8_t * B; 221 | uint8_t * V; 222 | uint8_t * XY; 223 | size_t r = _r, p = _p; 224 | uint32_t i; 225 | 226 | /* Sanity-check parameters. */ 227 | #if SIZE_MAX > UINT32_MAX 228 | if (buflen > (((uint64_t)(1) << 32) - 1) * 32) { 229 | errno = EFBIG; 230 | goto err0; 231 | } 232 | #endif 233 | if ((uint64_t)(r) * (uint64_t)(p) >= (1 << 30)) { 234 | errno = EFBIG; 235 | goto err0; 236 | } 237 | if (((N & (N - 1)) != 0) || (N == 0)) { 238 | errno = EINVAL; 239 | goto err0; 240 | } 241 | if ((r > SIZE_MAX / 128 / p) || 242 | #if SIZE_MAX / 256 <= UINT32_MAX 243 | (r > SIZE_MAX / 256) || 244 | #endif 245 | (N > SIZE_MAX / 128 / r)) { 246 | errno = ENOMEM; 247 | goto err0; 248 | } 249 | 250 | /* Allocate memory. */ 251 | if ((B = malloc(128 * r * p)) == NULL) 252 | goto err0; 253 | if ((XY = malloc(256 * r)) == NULL) 254 | goto err1; 255 | if ((V = malloc(128 * r * N)) == NULL) 256 | goto err2; 257 | 258 | /* 1: (B_0 ... B_{p-1}) <-- PBKDF2(P, S, 1, p * MFLen) */ 259 | PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, 1, B, p * 128 * r); 260 | 261 | /* 2: for i = 0 to p - 1 do */ 262 | for (i = 0; i < p; i++) { 263 | /* 3: B_i <-- MF(B_i, N) */ 264 | smix(&B[i * 128 * r], r, N, V, XY); 265 | } 266 | 267 | /* 5: DK <-- PBKDF2(P, B, 1, dkLen) */ 268 | PBKDF2_SHA256(passwd, passwdlen, B, p * 128 * r, 1, buf, buflen); 269 | 270 | /* Free memory. */ 271 | free(V); 272 | free(XY); 273 | free(B); 274 | 275 | /* Success! */ 276 | return (0); 277 | 278 | err2: 279 | free(XY); 280 | err1: 281 | free(B); 282 | err0: 283 | /* Failure! */ 284 | return (-1); 285 | } 286 | --------------------------------------------------------------------------------