1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
/*
* Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017,
* 2018, 2019
* Jonathan Schleifer <js@heap.zone>
*
* All rights reserved.
*
* This file is part of ObjFW. It may be distributed under the terms of the
* Q Public License 1.0, which can be found in the file LICENSE.QPL included in
* the packaging of this file.
*
* Alternatively, it may be distributed under the terms of the GNU General
* Public License, either version 2 or 3, which can be found in the file
* LICENSE.GPLv2 or LICENSE.GPLv3 respectively included in the packaging of this
* file.
*/
#include "config.h"
#import "OFHMAC.h"
#import "OFSHA256Hash.h"
#import "OFInvalidArgumentException.h"
#import "OFOutOfMemoryException.h"
#import "OFOutOfRangeException.h"
#import "scrypt.h"
#import "pbkdf2.h"
|
|
|
>
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
|
/*
* Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017,
* 2018, 2019, 2020
* Jonathan Schleifer <js@nil.im>
*
* All rights reserved.
*
* This file is part of ObjFW. It may be distributed under the terms of the
* Q Public License 1.0, which can be found in the file LICENSE.QPL included in
* the packaging of this file.
*
* Alternatively, it may be distributed under the terms of the GNU General
* Public License, either version 2 or 3, which can be found in the file
* LICENSE.GPLv2 or LICENSE.GPLv3 respectively included in the packaging of this
* file.
*/
#include "config.h"
#import "OFHMAC.h"
#import "OFSHA256Hash.h"
#import "OFSecureData.h"
#import "OFInvalidArgumentException.h"
#import "OFOutOfMemoryException.h"
#import "OFOutOfRangeException.h"
#import "scrypt.h"
#import "pbkdf2.h"
|
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
|
memcpy(tmp, buffer, 128 * blockSize);
}
}
void of_scrypt(size_t blockSize, size_t costFactor,
size_t parallelization, const unsigned char *salt, size_t saltLength,
const char *password, size_t passwordLength,
unsigned char *key, size_t keyLength)
{
uint32_t *tmp = NULL, *buffer = NULL;
OFHMAC *HMAC = nil;
if (blockSize == 0 || costFactor <= 1 ||
(costFactor & (costFactor - 1)) != 0 || parallelization == 0)
@throw [OFInvalidArgumentException exception];
/*
* These are defined by the functions above. They are defined there so
* that the check is next to the code and easy to verify, but actually
* checked here for performance.
*/
OVERFLOW_CHECK_1
OVERFLOW_CHECK_2
@try {
if (costFactor > SIZE_MAX - 1 ||
(costFactor + 1) > SIZE_MAX / 128 ||
(costFactor + 1) * 128 > SIZE_MAX / blockSize)
@throw [OFOutOfRangeException exception];
if ((tmp = malloc((costFactor + 1) * 128 * blockSize)) == NULL)
@throw [OFOutOfMemoryException
exceptionWithRequestedSize: (blockSize +
costFactor) * 128];
if (parallelization > SIZE_MAX / 128 ||
parallelization * 128 > SIZE_MAX / blockSize)
@throw [OFOutOfRangeException exception];
if ((buffer = malloc(parallelization * 128 *
blockSize)) == NULL)
@throw [OFOutOfMemoryException
exceptionWithRequestedSize: parallelization * 128 *
blockSize];
HMAC = [[OFHMAC alloc] initWithHashClass: [OFSHA256Hash class]];
of_pbkdf2(HMAC, 1, salt, saltLength, password, passwordLength,
(unsigned char *)buffer, parallelization * 128 * blockSize);
for (size_t i = 0; i < parallelization; i++)
of_scrypt_romix(buffer + i * 32 * blockSize, blockSize,
costFactor, tmp);
of_pbkdf2(HMAC, 1, (unsigned char *)buffer, parallelization *
128 * blockSize, password, passwordLength, key, keyLength);
} @finally {
of_explicit_memset(tmp, 0, (costFactor + 1) * blockSize * 128);
free(tmp);
of_explicit_memset(buffer, 0,
parallelization * 128 * blockSize);
free(buffer);
|
|
|
>
>
|
<
|
<
|
|
>
>
|
<
|
|
<
|
|
>
|
>
>
|
>
|
|
|
|
>
<
<
|
<
<
|
<
|
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
|
memcpy(tmp, buffer, 128 * blockSize);
}
}
void of_scrypt(size_t blockSize, size_t costFactor,
size_t parallelization, const unsigned char *salt, size_t saltLength,
const char *password, size_t passwordLength,
unsigned char *key, size_t keyLength, bool allowsSwappableMemory)
{
OFSecureData *tmp = nil, *buffer = nil;
OFHMAC *HMAC = nil;
if (blockSize == 0 || costFactor <= 1 ||
(costFactor & (costFactor - 1)) != 0 || parallelization == 0)
@throw [OFInvalidArgumentException exception];
/*
* These are defined by the functions above. They are defined there so
* that the check is next to the code and easy to verify, but actually
* checked here for performance.
*/
OVERFLOW_CHECK_1
OVERFLOW_CHECK_2
@try {
uint32_t *tmpItems, *bufferItems;
if (costFactor > SIZE_MAX - 1 ||
(costFactor + 1) > SIZE_MAX / 128)
@throw [OFOutOfRangeException exception];
tmp = [[OFSecureData alloc]
initWithItemSize: blockSize
count: (costFactor + 1) * 128
allowsSwappableMemory: allowsSwappableMemory];
tmpItems = tmp.mutableItems;
if (parallelization > SIZE_MAX / 128)
@throw [OFOutOfRangeException exception];
buffer = [[OFSecureData alloc]
initWithItemSize: blockSize
count: parallelization * 128
allowsSwappableMemory: allowsSwappableMemory];
bufferItems = buffer.mutableItems;
HMAC = [[OFHMAC alloc]
initWithHashClass: [OFSHA256Hash class]
allowsSwappableMemory: allowsSwappableMemory];
of_pbkdf2(HMAC, 1, salt, saltLength, password, passwordLength,
(unsigned char *)bufferItems,
parallelization * 128 * blockSize, allowsSwappableMemory);
for (size_t i = 0; i < parallelization; i++)
of_scrypt_romix(bufferItems + i * 32 * blockSize,
blockSize, costFactor, tmpItems);
of_pbkdf2(HMAC, 1, (unsigned char *)bufferItems,
parallelization * 128 * blockSize, password, passwordLength,
key, keyLength, allowsSwappableMemory);
} @finally {
[tmp release];
[buffer release];
[HMAC release];
}
}
|