-
Notifications
You must be signed in to change notification settings - Fork 88
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Source tree from which scrypt-1.0 release was built.
- Loading branch information
0 parents
commit 9ce716b
Showing
16 changed files
with
2,911 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
scrypt encrypted data format | ||
---------------------------- | ||
|
||
offset length | ||
0 6 "scrypt" | ||
6 1 scrypt data file version number (== 0) | ||
7 1 log2(N) (must be between 1 and 63 inclusive) | ||
8 4 r (big-endian integer; must satisfy r * p < 2^30) | ||
12 4 p (big-endian integer; must satisfy r * p < 2^30) | ||
16 32 salt | ||
48 16 first 16 bytes of SHA256(bytes 0 .. 47) | ||
64 32 HMAC-SHA256(bytes 0 .. 63) | ||
96 X data xor AES256-CTR key stream generated with nonce == 0 | ||
96+X 32 HMAC-SHA256(bytes 96 .. 96 + (X - 1)) | ||
|
||
AES256-CTR is computed with a 256-bit AES key key_enc, and HMAC-SHA256 is | ||
computed with a 256-bit key key_hmac, where | ||
scrypt(password, salt, N, r, p, 64) == [key_enc][key_hmac] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
PROG= scrypt | ||
VER?= nosse | ||
SRCS= main.c sha256.c scrypt-${VER}.c scryptenc.c crypto_aesctr.c | ||
LDADD+= -lcrypto | ||
WARNS?= 6 | ||
NO_MAN= yes | ||
|
||
# We have a config file for FreeBSD | ||
CFLAGS += -DCONFIG_H_FILE=\"config_freebsd.h\" | ||
|
||
# Include all possible object files containing built scrypt code. | ||
CLEANFILES += scrypt-ref.o scrypt-sse.o scrypt-nosse.o | ||
|
||
.include <bsd.prog.mk> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
/* A default configuration for FreeBSD, used if there is no config.h. */ | ||
|
||
#define HAVE_SYS_ENDIAN_H 1 | ||
#define HAVE_POSIX_MEMALIGN 1 | ||
#define HAVE_SYSCTL_HW_USERMEM_ULONG 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,124 @@ | ||
/*- | ||
* Copyright 2007-2009 Colin Percival | ||
* All rights reserved. | ||
* | ||
* Redistribution and use in source and binary forms, with or without | ||
* modification, are permitted provided that the following conditions | ||
* are met: | ||
* 1. Redistributions of source code must retain the above copyright | ||
* notice, this list of conditions and the following disclaimer. | ||
* 2. Redistributions in binary form must reproduce the above copyright | ||
* notice, this list of conditions and the following disclaimer in the | ||
* documentation and/or other materials provided with the distribution. | ||
* | ||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND | ||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
* SUCH DAMAGE. | ||
* | ||
* This file was originally written by Colin Percival as part of the Tarsnap | ||
* online backup system. | ||
*/ | ||
#include "scrypt_platform.h" | ||
|
||
#include <stdint.h> | ||
#include <stdlib.h> | ||
|
||
#include <openssl/aes.h> | ||
|
||
#include "sysendian.h" | ||
|
||
#include "crypto_aesctr.h" | ||
|
||
struct crypto_aesctr { | ||
AES_KEY * key; | ||
uint64_t nonce; | ||
uint64_t bytectr; | ||
uint8_t buf[16]; | ||
}; | ||
|
||
/** | ||
* crypto_aesctr_init(key, nonce): | ||
* Prepare to encrypt/decrypt data with AES in CTR mode, using the provided | ||
* expanded key and nonce. The key provided must remain valid for the | ||
* lifetime of the stream. | ||
*/ | ||
struct crypto_aesctr * | ||
crypto_aesctr_init(AES_KEY * key, uint64_t nonce) | ||
{ | ||
struct crypto_aesctr * stream; | ||
|
||
/* Allocate memory. */ | ||
if ((stream = malloc(sizeof(struct crypto_aesctr))) == NULL) | ||
goto err0; | ||
|
||
/* Initialize values. */ | ||
stream->key = key; | ||
stream->nonce = nonce; | ||
stream->bytectr = 0; | ||
|
||
/* Success! */ | ||
return (stream); | ||
|
||
err0: | ||
/* Failure! */ | ||
return (NULL); | ||
} | ||
|
||
/** | ||
* crypto_aesctr_stream(stream, inbuf, outbuf, buflen): | ||
* Generate the next ${buflen} bytes of the AES-CTR stream and xor them with | ||
* bytes from ${inbuf}, writing the result into ${outbuf}. If the buffers | ||
* ${inbuf} and ${outbuf} overlap, they must be identical. | ||
*/ | ||
void | ||
crypto_aesctr_stream(struct crypto_aesctr * stream, const uint8_t * inbuf, | ||
uint8_t * outbuf, size_t buflen) | ||
{ | ||
uint8_t pblk[16]; | ||
size_t pos; | ||
int bytemod; | ||
|
||
for (pos = 0; pos < buflen; pos++) { | ||
/* How far through the buffer are we? */ | ||
bytemod = stream->bytectr % 16; | ||
|
||
/* Generate a block of cipherstream if needed. */ | ||
if (bytemod == 0) { | ||
be64enc(pblk, stream->nonce); | ||
be64enc(pblk + 8, stream->bytectr / 16); | ||
AES_encrypt(pblk, stream->buf, stream->key); | ||
} | ||
|
||
/* Encrypt a byte. */ | ||
outbuf[pos] = inbuf[pos] ^ stream->buf[bytemod]; | ||
|
||
/* Move to the next byte of cipherstream. */ | ||
stream->bytectr += 1; | ||
} | ||
} | ||
|
||
/** | ||
* crypto_aesctr_free(stream): | ||
* Free the provided stream object. | ||
*/ | ||
void | ||
crypto_aesctr_free(struct crypto_aesctr * stream) | ||
{ | ||
int i; | ||
|
||
/* Zero potentially sensitive information. */ | ||
for (i = 0; i < 16; i++) | ||
stream->buf[i] = 0; | ||
stream->bytectr = stream->nonce = 0; | ||
|
||
/* Free the stream. */ | ||
free(stream); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
/*- | ||
* Copyright 2009 Colin Percival | ||
* All rights reserved. | ||
* | ||
* Redistribution and use in source and binary forms, with or without | ||
* modification, are permitted provided that the following conditions | ||
* are met: | ||
* 1. Redistributions of source code must retain the above copyright | ||
* notice, this list of conditions and the following disclaimer. | ||
* 2. Redistributions in binary form must reproduce the above copyright | ||
* notice, this list of conditions and the following disclaimer in the | ||
* documentation and/or other materials provided with the distribution. | ||
* | ||
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND | ||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
* SUCH DAMAGE. | ||
* | ||
* This file was originally written by Colin Percival as part of the Tarsnap | ||
* online backup system. | ||
*/ | ||
#ifndef _CRYPTO_AESCTR_H_ | ||
#define _CRYPTO_AESCTR_H_ | ||
|
||
#include <stdint.h> | ||
|
||
#include <openssl/aes.h> | ||
|
||
/** | ||
* crypto_aesctr_init(key, nonce): | ||
* Prepare to encrypt/decrypt data with AES in CTR mode, using the provided | ||
* expanded key and nonce. The key provided must remain valid for the | ||
* lifetime of the stream. | ||
*/ | ||
struct crypto_aesctr * crypto_aesctr_init(AES_KEY *, uint64_t); | ||
|
||
/** | ||
* crypto_aesctr_stream(stream, inbuf, outbuf, buflen): | ||
* Generate the next ${buflen} bytes of the AES-CTR stream and xor them with | ||
* bytes from ${inbuf}, writing the result into ${outbuf}. If the buffers | ||
* ${inbuf} and ${outbuf} overlap, they must be identical. | ||
*/ | ||
void crypto_aesctr_stream(struct crypto_aesctr *, const uint8_t *, | ||
uint8_t *, size_t); | ||
|
||
/** | ||
* crypto_aesctr_free(stream): | ||
* Free the provided stream object. | ||
*/ | ||
void crypto_aesctr_free(struct crypto_aesctr *); | ||
|
||
#endif /* !_CRYPTO_AESCTR_H_ */ |
Oops, something went wrong.