libscrypt-kdf

BUILDING

@@ -15,6 +15,15 @@ Official scrypt tarball releases should build and run on any IEEE Std 1003.1
   3. Provides /dev/urandom.
 
 
+libscrypt-kdf
+-------------
+
+To install the development library, run:
+
+    ./configure --enable-libscrypt-kdf
+    make install
+
+
 Platform-specific notes
 -----------------------
 

Makefile.am

@@ -107,6 +107,31 @@ libscrypt_sse2_la_SOURCES=	lib/crypto/crypto_scrypt_smix_sse2.c
 nodist_libscrypt_sse2_la_SOURCES=	cpusupport-config.h
 libscrypt_sse2_la_CFLAGS=`. ./cpusupport-config.h; echo $${CFLAGS_X86_SSE2}`
 
+# Install libscrypt-kdf?
+if LIBSCRYPT_KDF
+lib_LTLIBRARIES=		libscrypt-kdf.la
+libscrypt_kdf_la_LDFLAGS=	-version-info 0
+include_HEADERS=		libscrypt-kdf/scrypt-kdf.h
+noinst_PROGRAMS+=		tests/libscrypt/sample-libscrypt-kdf
+else
+# Allow the user to get a usable library even if they didn't run configure
+# with --enable-libscrypt-kdf.  If we didn't include this, they would get
+# empty libraries if they ran `make libscrypt-kdf.la`.
+EXTRA_LTLIBRARIES=		libscrypt-kdf.la
+endif
+
+# Shared definitions for libscrypt-kdf.
+libscrypt_kdf_la_SOURCES=	$(crypto_scrypt_files)
+libscrypt_kdf_la_LIBADD=	libcperciva_shani.la libscrypt_sse2.la
+# Workaround for "created with both libtool and without"
+libscrypt_kdf_la_CFLAGS=	$(AM_CFLAGS)
+
+# Test libscrypt-kdf compile
+tests_libscrypt_sample_libscrypt_kdf_SOURCES=	\
+	tests/libscrypt-kdf/sample-libscrypt-kdf.c
+tests_libscrypt_sample_libscrypt_kdf_CPPFLAGS=	-I$(srcdir)/libscrypt-kdf/
+tests_libscrypt_sample_libscrypt_kdf_LDADD=		libscrypt-kdf.la
+
 EXTRA_DIST = \
 	COPYRIGHT						\
 	FORMAT							\

README.md

@@ -113,6 +113,17 @@ int crypto_scrypt(const uint8_t *, size_t, const uint8_t *, size_t, uint64_t,
     uint32_t, uint32_t, uint8_t *, size_t);
 ```
 
+The same function is provided in the optional `libscrypt-kdf` library; there
+is a sample of using it in `tests/libscrypt-kdf`.  If you installed the
+library, you can compile that file and run the binary:
+
+```
+$ cd tests/libscrypt-kdf/
+$ c99 sample-libscrypt-kdf.c -lscrypt-kdf
+$ ./a.out
+crypto_scrypt(): success
+```
+
 
 Building
 --------

configure.ac

@@ -69,6 +69,11 @@ AC_SUBST([LDADD_POSIX])
 AC_SUBST([CFLAGS_POSIX])
 AC_MSG_RESULT([... done checking POSIX compatibility])
 
+# Check whether the user wants to install libscrypt-kdf
+AC_ARG_ENABLE(libscrypt-kdf, AS_HELP_STRING([--enable-libscrypt-kdf],
+    [Install libscrypt-kdf and development headers.]))
+AM_CONDITIONAL([LIBSCRYPT_KDF], [test "x${enable_libscrypt_kdf}" = "xyes"])
+
 AC_CONFIG_HEADERS([config.h])
 AC_CONFIG_FILES([Makefile])
 AC_OUTPUT

libscrypt-kdf/scrypt-kdf.h

@@ -0,0 +1,50 @@
+/*-
+ * Copyright 2009 Colin Percival
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * This file was originally written by Colin Percival as part of the Tarsnap
+ * online backup system.
+ */
+#ifndef SCRYPT_KDF_H
+#define SCRYPT_KDF_H
+
+#include <stddef.h>
+#include <stdint.h>
+
+/* Internal name of function. */
+#define scrypt_kdf crypto_scrypt
+
+/**
+ * scrypt_kdf(passwd, passwdlen, salt, saltlen, N, r, p, buf, buflen):
+ * Compute scrypt(passwd[0 .. passwdlen - 1], salt[0 .. saltlen - 1], N, r,
+ * p, buflen) and write the result into buf.  The parameters r, p, and buflen
+ * must satisfy r * p < 2^30 and buflen <= (2^32 - 1) * 32.  The parameter N
+ * must be a power of 2 greater than 1.
+ *
+ * Return 0 on success; or -1 on error.
+ */
+int scrypt_kdf(const uint8_t *, size_t, const uint8_t *, size_t, uint64_t,
+    uint32_t, uint32_t, uint8_t *, size_t);
+
+#endif /* !SCRYPT_KDF_H */

tests/libscrypt-kdf/sample-libscrypt-kdf.c

@@ -0,0 +1,34 @@
+#include <stdint.h>
+#include <stdio.h>
+#include <string.h>
+
+#include "scrypt-kdf.h"
+
+/* Parameters controlling memory usage and CPU time. */
+#define N 16384
+#define r 8
+#define p 1
+
+/* How much data should scrypt return? */
+#define OUTPUT_BUFLEN 8
+
+int main()
+{
+	const char * passwd = "hunter2";
+	const char * salt = "DANGER -- this should be a random salt -- DANGER";
+	uint8_t output[OUTPUT_BUFLEN];
+	int exitcode;
+
+	/* Perform hashing. */
+	exitcode = scrypt_kdf((const uint8_t *)passwd, strlen(passwd),
+	    (const uint8_t*)salt, strlen(salt), N, r, p,
+	    output, OUTPUT_BUFLEN);
+
+	/* Notify user of success / failure. */
+	if (exitcode == 0)
+		printf("scrypt(): success\n");
+	else
+		printf("scrypt(): failure %i\n", exitcode);
+
+	return (exitcode);
+}