Jeffrey Walton
parent
129d65d987
commit
2e8ccc7777
11
scrypt.cpp
11
scrypt.cpp
|
|
@ -4,6 +4,7 @@
|
|||
#include "pch.h"
|
||||
|
||||
#include "scrypt.h"
|
||||
#include "algparam.h"
|
||||
#include "argnames.h"
|
||||
#include "pwdbased.h"
|
||||
#include "stdcpp.h"
|
||||
|
|
@ -11,12 +12,12 @@
|
|||
#include "misc.h"
|
||||
#include "sha.h"
|
||||
|
||||
#include <sstream>
|
||||
|
||||
#ifdef _OPENMP
|
||||
# include <omp.h>
|
||||
#endif
|
||||
|
||||
#include <sstream>
|
||||
|
||||
ANONYMOUS_NAMESPACE_BEGIN
|
||||
|
||||
using CryptoPP::byte;
|
||||
|
|
@ -197,6 +198,7 @@ static inline void Smix(byte * B, size_t r, word64 N, byte * V, byte * XY)
|
|||
// 10: B' <-- X
|
||||
BlockCopy(B, X, 128 * r);
|
||||
}
|
||||
|
||||
ANONYMOUS_NAMESPACE_END
|
||||
|
||||
NAMESPACE_BEGIN(CryptoPP)
|
||||
|
|
@ -242,17 +244,16 @@ void Scrypt::ValidateParameters(size_t derivedLen, word64 cost, word64 blockSize
|
|||
bool bLimit = (maxElems >= static_cast<word128>(cost) * blockSize * 128U);
|
||||
bool xyLimit = (maxElems >= static_cast<word128>(parallelization) * blockSize * 128U);
|
||||
bool vLimit = (maxElems >= static_cast<word128>(blockSize) * 256U + 64U);
|
||||
if (!bLimit || !xyLimit || !vLimit)
|
||||
throw std::bad_alloc();
|
||||
#else
|
||||
const word64 maxElems = static_cast<word64>(SIZE_MAX);
|
||||
bool bLimit = (blockSize < maxElems / 128U / cost);
|
||||
bool xyLimit = (blockSize < maxElems / 128U / parallelization);
|
||||
bool vLimit = (blockSize < (maxElems - 64U) / 256U);
|
||||
#endif
|
||||
|
||||
CRYPTOPP_ASSERT(bLimit); CRYPTOPP_ASSERT(xyLimit); CRYPTOPP_ASSERT(vLimit);
|
||||
if (!bLimit || !xyLimit || !vLimit)
|
||||
throw std::bad_alloc();
|
||||
#endif
|
||||
}
|
||||
|
||||
size_t Scrypt::DeriveKey(byte *derived, size_t derivedLen,
|
||||
|
|
|
|||
8
scrypt.h
8
scrypt.h
|
|
@ -15,12 +15,13 @@
|
|||
|
||||
#include "cryptlib.h"
|
||||
#include "secblock.h"
|
||||
#include "algparam.h"
|
||||
|
||||
NAMESPACE_BEGIN(CryptoPP)
|
||||
|
||||
/// \brief Scrypt key derivation function
|
||||
/// \sa <A HREF="https://www.tarsnap.com/scrypt.html">The scrypt key derivation function</A>
|
||||
/// \sa <A HREF="https://www.tarsnap.com/scrypt/scrypt.pdf">Stronger Key Derivation via
|
||||
/// Sequential Memory-Hard Functions</a>,
|
||||
/// <A HREF="https://www.tarsnap.com/scrypt.html">The scrypt key derivation function</A>
|
||||
/// and <A HREF="https://tools.ietf.org/html/rfc7914">RFC 7914, The scrypt Password-Based
|
||||
/// Key Derivation Function</A>
|
||||
/// \since Crypto++ 6.2
|
||||
|
|
@ -71,9 +72,6 @@ public:
|
|||
/// size.
|
||||
/// \details The <tt>parallelization</tt> parameter ("p" in the documents) is a positive
|
||||
/// integer less than or equal to <tt>((2^32-1) * 32) / (128 * r)</tt>.
|
||||
/// \details Crypto++ uses <tt>size_t</tt> for its size datatype, and limits are
|
||||
/// based on the 32-bit version of <tt>size_t</tt>. For example, <tt>cost</tt> is
|
||||
/// limited to <tt>0xffffffff</tt> instead of <tt>2^(128 * r / 8)</tt>.
|
||||
/// \details Scrypt always returns 1 because it only performs 1 iteration. Other
|
||||
/// derivation functions, like PBKDF's, will return more interesting values.
|
||||
size_t DeriveKey(byte *derived, size_t derivedLen, const byte *secret, size_t secretLen,
|
||||
|
|
|
|||
Loading…
Reference in New Issue