ObjFW  Diff

Differences From Artifact [ec228bf0de]:

To Artifact [1e18b4aacd]:

  • File src/scrypt.m — part of check-in [e629dc83a9] at 2019-12-27 00:41:54 on branch trunk — OFSecureData: Add allowsSwappableMemory property

    With this property, it's possible to specify whether the memory should
    be protected from swapping or not. This makes it easier for e.g. the
    crypto hash classes: They can now just always use OFSecureData without
    wasting unswappable memory if it's not needed. (user: js, size: 6194) [annotate] [blame] [check-ins using]


15
16
17
18
19
20
21

22
23
24
25
26
27
28
 * file.
 */

#include "config.h"

#import "OFHMAC.h"
#import "OFSHA256Hash.h"


#import "OFInvalidArgumentException.h"
#import "OFOutOfMemoryException.h"
#import "OFOutOfRangeException.h"

#import "scrypt.h"
#import "pbkdf2.h"







>







15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
 * file.
 */

#include "config.h"

#import "OFHMAC.h"
#import "OFSHA256Hash.h"
#import "OFSecureData.h"

#import "OFInvalidArgumentException.h"
#import "OFOutOfMemoryException.h"
#import "OFOutOfRangeException.h"

#import "scrypt.h"
#import "pbkdf2.h"
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161


162
163
164
165
166
167
168
169
170


171
172
173
174
175
176
177
178
179
180

181
182


183
184
185

186
187
188
189
190
191
192

193
194
195
196
197
198
199
200
201
202
203
			memcpy(tmp, buffer, 128 * blockSize);
	}
}

void of_scrypt(size_t blockSize, size_t costFactor,
    size_t parallelization, const unsigned char *salt, size_t saltLength,
    const char *password, size_t passwordLength,
    unsigned char *key, size_t keyLength)
{
	uint32_t *tmp = NULL, *buffer = NULL;
	OFHMAC *HMAC = nil;

	if (blockSize == 0 || costFactor <= 1 ||
	    (costFactor & (costFactor - 1)) != 0 || parallelization == 0)
		@throw [OFInvalidArgumentException exception];

	/*
	 * These are defined by the functions above. They are defined there so
	 * that the check is next to the code and easy to verify, but actually
	 * checked here for performance.
	 */
	OVERFLOW_CHECK_1
	OVERFLOW_CHECK_2

	@try {


		if (costFactor > SIZE_MAX - 1 ||
		    (costFactor + 1) > SIZE_MAX / 128 ||
		    (costFactor + 1) * 128 > SIZE_MAX / blockSize)
			@throw [OFOutOfRangeException exception];

		if ((tmp = malloc((costFactor + 1) * 128 * blockSize)) == NULL)
			@throw [OFOutOfMemoryException
			    exceptionWithRequestedSize: (blockSize +
							costFactor) * 128];



		if (parallelization > SIZE_MAX / 128 ||
		    parallelization * 128 > SIZE_MAX / blockSize)
			@throw [OFOutOfRangeException exception];

		if ((buffer = malloc(parallelization * 128 *
		    blockSize)) == NULL)
			@throw [OFOutOfMemoryException
			    exceptionWithRequestedSize: parallelization * 128 *
							blockSize];


		HMAC = [[OFHMAC alloc] initWithHashClass: [OFSHA256Hash class]];



		of_pbkdf2(HMAC, 1, salt, saltLength, password, passwordLength,
		    (unsigned char *)buffer, parallelization * 128 * blockSize);


		for (size_t i = 0; i < parallelization; i++)
			of_scrypt_romix(buffer + i * 32 * blockSize, blockSize,
			    costFactor, tmp);

		of_pbkdf2(HMAC, 1, (unsigned char *)buffer, parallelization *
		    128 * blockSize, password, passwordLength, key, keyLength);

	} @finally {
		of_explicit_memset(tmp, 0, (costFactor + 1) * blockSize * 128);
		free(tmp);

		of_explicit_memset(buffer, 0,
		    parallelization * 128 * blockSize);
		free(buffer);

		[HMAC release];
	}
}







|

|















>
>

|
<


|
<
|
|
>
>

|
<


|
|
<
|
|
>

|
>
>


|
>


|
|

|
|
>

<
<
|
<
<
|
<



138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166

167
168
169

170
171
172
173
174
175

176
177
178
179

180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199


200


201

202
203
204
			memcpy(tmp, buffer, 128 * blockSize);
	}
}

void of_scrypt(size_t blockSize, size_t costFactor,
    size_t parallelization, const unsigned char *salt, size_t saltLength,
    const char *password, size_t passwordLength,
    unsigned char *key, size_t keyLength, bool allowsSwappableMemory)
{
	OFSecureData *tmp = nil, *buffer = nil;
	OFHMAC *HMAC = nil;

	if (blockSize == 0 || costFactor <= 1 ||
	    (costFactor & (costFactor - 1)) != 0 || parallelization == 0)
		@throw [OFInvalidArgumentException exception];

	/*
	 * These are defined by the functions above. They are defined there so
	 * that the check is next to the code and easy to verify, but actually
	 * checked here for performance.
	 */
	OVERFLOW_CHECK_1
	OVERFLOW_CHECK_2

	@try {
		uint32_t *tmpItems, *bufferItems;

		if (costFactor > SIZE_MAX - 1 ||
		    (costFactor + 1) > SIZE_MAX / 128)

			@throw [OFOutOfRangeException exception];

		tmp = [[OFSecureData alloc]

			 initWithItemSize: blockSize
				    count: (costFactor + 1) * 128
		    allowsSwappableMemory: allowsSwappableMemory];
		tmpItems = tmp.mutableItems;

		if (parallelization > SIZE_MAX / 128)

			@throw [OFOutOfRangeException exception];

		buffer = [[OFSecureData alloc]
			 initWithItemSize: blockSize

				    count: parallelization * 128
		    allowsSwappableMemory: allowsSwappableMemory];
		bufferItems = buffer.mutableItems;

		HMAC = [[OFHMAC alloc]
			initWithHashClass: [OFSHA256Hash class]
		    allowsSwappableMemory: allowsSwappableMemory];

		of_pbkdf2(HMAC, 1, salt, saltLength, password, passwordLength,
		    (unsigned char *)bufferItems,
		    parallelization * 128 * blockSize, allowsSwappableMemory);

		for (size_t i = 0; i < parallelization; i++)
			of_scrypt_romix(bufferItems + i * 32 * blockSize,
			    blockSize, costFactor, tmpItems);

		of_pbkdf2(HMAC, 1, (unsigned char *)bufferItems,
		    parallelization * 128 * blockSize, password, passwordLength,
		    key, keyLength, allowsSwappableMemory);
	} @finally {


		[tmp release];


		[buffer release];

		[HMAC release];
	}
}