8#include <botan/scrypt.h>
10#include <botan/exceptn.h>
11#include <botan/pbkdf2.h>
12#include <botan/internal/bit_ops.h>
13#include <botan/internal/fmt.h>
14#include <botan/internal/loadstor.h>
15#include <botan/internal/salsa20.h>
16#include <botan/internal/timer.h>
22size_t scrypt_memory_usage(
size_t N,
size_t r,
size_t p) {
23 return 128 * r * (N + p);
33 return std::make_unique<Scrypt>(32768, 8, 1);
37 std::chrono::milliseconds msec,
38 size_t max_memory_usage_mb,
39 std::chrono::milliseconds tune_time)
const {
58 const size_t max_memory_usage = max_memory_usage_mb * 1024 * 1024 + 512;
64 Timer timer(
"Scrypt");
69 uint8_t output[32] = {0};
70 pwdhash->derive_key(output,
sizeof(output),
"test", 4,
nullptr, 0);
80 const uint64_t measured_time = timer.
value() / timer.
events();
82 const uint64_t target_nsec = msec.count() *
static_cast<uint64_t
>(1000000);
84 uint64_t est_nsec = measured_time;
88 if(max_memory_usage == 0 || scrypt_memory_usage(N, r * 8, p) <= max_memory_usage) {
89 if(target_nsec / est_nsec >= 5) {
97 while(max_memory_usage == 0 || scrypt_memory_usage(N * 2, r, p) <= max_memory_usage) {
98 if(target_nsec / est_nsec >= 2) {
108 if(target_nsec / est_nsec > 2) {
109 p *= std::min<size_t>(1024,
static_cast<size_t>(target_nsec / est_nsec));
112 return std::make_unique<Scrypt>(N, r, p);
116 return std::make_unique<Scrypt>(N, r, p);
135 return std::make_unique<Scrypt>(N, r, p);
143 if(p == 0 || p > 1024) {
146 if(r == 0 || r > 256) {
149 if(N < 1 || N > 4194304) {
155 return fmt(
"Scrypt({},{},{})", m_N, m_r, m_p);
163 return scrypt_memory_usage(N, r, p);
168void scryptBlockMix(
size_t r, uint8_t* B, uint8_t*
Y) {
171 copy_mem(
X.data(), &B[(2 * r - 1) * 64], 64);
173 for(
size_t i = 0; i != 2 * r; i++) {
175 load_le<uint32_t>(B32,
X.data(), 16);
180 for(
size_t i = 0; i < r; ++i) {
181 copy_mem(&B[i * 64], &
Y[(i * 2) * 64], 64);
184 for(
size_t i = 0; i < r; ++i) {
185 copy_mem(&B[(i + r) * 64], &
Y[(i * 2 + 1) * 64], 64);
189void scryptROMmix(
size_t r,
size_t N, uint8_t* B, secure_vector<uint8_t>& V) {
190 const size_t S = 128 * r;
192 for(
size_t i = 0; i != N; ++i) {
194 scryptBlockMix(r, B, &V[N * S]);
197 for(
size_t i = 0; i != N; ++i) {
199 const size_t j = load_le<uint32_t>(&B[(2 * r - 1) * 64], 0) & (N - 1);
201 scryptBlockMix(r, B, &V[N * S]);
209 const char* password,
211 const uint8_t salt[],
212 size_t salt_len)
const {
217 const size_t S = 128 * r;
227 throw Invalid_Argument(
"Scrypt cannot accept passphrases of the provided length");
230 pbkdf2(*hmac_sha256, B.data(), B.size(), salt, salt_len, 1);
233 for(
size_t i = 0; i != p; ++i) {
234 scryptROMmix(r, N, &B[128 * r * i], V);
237 pbkdf2(*hmac_sha256, output, output_len, B.data(), B.size(), 1);
static std::unique_ptr< MessageAuthenticationCode > create_or_throw(std::string_view algo_spec, std::string_view provider="")
static void salsa_core(uint8_t output[64], const uint32_t input[16], size_t rounds)
std::unique_ptr< PasswordHash > from_params(size_t N, size_t r, size_t p) const override
std::unique_ptr< PasswordHash > tune(size_t output_length, std::chrono::milliseconds msec, size_t max_memory, std::chrono::milliseconds tune_msec) const override
std::unique_ptr< PasswordHash > from_iterations(size_t iter) const override
std::string name() const override
std::unique_ptr< PasswordHash > default_params() const override
std::string to_string() const override
size_t memory_param() const override
size_t iterations() const override
size_t parallelism() const override
size_t total_memory_usage() const override
Scrypt(size_t N, size_t r, size_t p)
void derive_key(uint8_t out[], size_t out_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len) const override
void run_until_elapsed(std::chrono::milliseconds msec, F f)
constexpr bool is_power_of_2(T arg)
std::string fmt(std::string_view format, const T &... args)
constexpr void xor_buf(ranges::contiguous_output_range< uint8_t > auto &&out, ranges::contiguous_range< uint8_t > auto &&in)
std::vector< T, secure_allocator< T > > secure_vector
size_t pbkdf2(MessageAuthenticationCode &prf, uint8_t out[], size_t out_len, std::string_view password, const uint8_t salt[], size_t salt_len, size_t iterations, std::chrono::milliseconds msec)
constexpr void copy_mem(T *out, const T *in, size_t n)
const uint8_t * cast_char_ptr_to_uint8(const char *s)