This commit is contained in:
Frank Denis 2014-05-07 00:08:47 -07:00
parent 19da370866
commit 688e724dfb

View File

@ -34,14 +34,15 @@
static const char * const itoa64 =
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
static uint8_t * encode64_uint32(uint8_t * dst, size_t dstlen,
uint32_t src, uint32_t srcbits)
static uint8_t *
encode64_uint32(uint8_t * dst, size_t dstlen, uint32_t src, uint32_t srcbits)
{
uint32_t bit;
for (bit = 0; bit < srcbits; bit += 6) {
if (dstlen < 1)
if (dstlen < 1) {
return NULL;
}
*dst++ = itoa64[src & 0x3f];
dstlen--;
src >>= 6;
@ -50,8 +51,8 @@ static uint8_t * encode64_uint32(uint8_t * dst, size_t dstlen,
return dst;
}
static uint8_t * encode64(uint8_t * dst, size_t dstlen,
const uint8_t * src, size_t srclen)
static uint8_t *
encode64(uint8_t * dst, size_t dstlen, const uint8_t * src, size_t srclen)
{
size_t i;
@ -63,8 +64,9 @@ static uint8_t * encode64(uint8_t * dst, size_t dstlen,
bits += 8;
} while (bits < 24 && i < srclen);
dnext = encode64_uint32(dst, dstlen, value, bits);
if (!dnext)
if (!dnext) {
return NULL;
}
dstlen -= dnext - dst;
dst = dnext;
}
@ -72,9 +74,11 @@ static uint8_t * encode64(uint8_t * dst, size_t dstlen,
return dst;
}
static int decode64_one(uint32_t * dst, uint8_t src)
static int
decode64_one(uint32_t * dst, uint8_t src)
{
const char *ptr = strchr(itoa64, src);
if (ptr) {
*dst = ptr - itoa64;
return 0;
@ -83,8 +87,8 @@ static int decode64_one(uint32_t * dst, uint8_t src)
return -1;
}
static const uint8_t * decode64_uint32(uint32_t * dst, uint32_t dstbits,
const uint8_t * src)
static const uint8_t *
decode64_uint32(uint32_t * dst, uint32_t dstbits, const uint8_t * src)
{
uint32_t bit;
uint32_t value;
@ -105,52 +109,54 @@ static const uint8_t * decode64_uint32(uint32_t * dst, uint32_t dstbits,
}
uint8_t *
escrypt_r(escrypt_local_t * local,
const uint8_t * passwd, size_t passwdlen,
const uint8_t * setting,
uint8_t * buf, size_t buflen)
escrypt_r(escrypt_local_t * local, const uint8_t * passwd, size_t passwdlen,
const uint8_t * setting, uint8_t * buf, size_t buflen)
{
uint8_t hash[HASH_SIZE];
escrypt_kdf_t escrypt_kdf;
const uint8_t * src, * salt;
const uint8_t *src;
const uint8_t *salt;
uint8_t *dst;
size_t prefixlen, saltlen, need;
size_t prefixlen;
size_t saltlen;
size_t need;
uint64_t N;
uint32_t r, p;
uint32_t N_log2;
uint32_t r;
uint32_t p;
if (setting[0] != '$' || setting[1] != '7' || setting[2] != '$')
if (setting[0] != '$' || setting[1] != '7' || setting[2] != '$') {
return NULL;
}
src = setting + 3;
{
uint32_t N_log2;
if (decode64_one(&N_log2, *src))
if (decode64_one(&N_log2, *src)) {
return NULL;
}
src++;
N = (uint64_t)1 << N_log2;
}
src = decode64_uint32(&r, 30, src);
if (!src)
if (!src) {
return NULL;
}
src = decode64_uint32(&p, 30, src);
if (!src)
if (!src) {
return NULL;
}
prefixlen = src - setting;
salt = src;
src = (uint8_t *) strrchr((char *)salt, '$');
if (src)
if (src) {
saltlen = src - salt;
else
} else {
saltlen = strlen((char *)salt);
}
need = prefixlen + saltlen + 1 + HASH_LEN + 1;
if (need > buflen || need < saltlen)
if (need > buflen || need < saltlen) {
return NULL;
}
escrypt_kdf =
sodium_runtime_has_sse2() ? escrypt_kdf_sse : escrypt_kdf_nosse;
if (escrypt_kdf(local, passwd, passwdlen, salt, saltlen,
@ -166,9 +172,9 @@ escrypt_r(escrypt_local_t * local,
dst = encode64(dst, buflen - (dst - buf), hash, sizeof(hash));
/* Could zeroize hash[] here, but escrypt_kdf() doesn't zeroize its
* memory allocations yet anyway. */
if (!dst || dst >= buf + buflen) /* Can't happen */
if (!dst || dst >= buf + buflen) { /* Can't happen */
return NULL;
}
*dst = 0; /* NUL termination */
return buf;
@ -185,12 +191,12 @@ escrypt_gensalt_r(uint32_t N_log2, uint32_t r, uint32_t p,
size_t need;
need = prefixlen + saltlen + 1;
if (need > buflen || need < saltlen || saltlen < srclen)
if (need > buflen || need < saltlen || saltlen < srclen) {
return NULL;
if (N_log2 > 63 || ((uint64_t)r * (uint64_t)p >= (1U << 30)))
}
if (N_log2 > 63 || ((uint64_t)r * (uint64_t)p >= (1U << 30))) {
return NULL;
}
dst = buf;
*dst++ = '$';
*dst++ = '7';
@ -199,17 +205,17 @@ escrypt_gensalt_r(uint32_t N_log2, uint32_t r, uint32_t p,
*dst++ = itoa64[N_log2];
dst = encode64_uint32(dst, buflen - (dst - buf), r, 30);
if (!dst) /* Can't happen */
if (!dst) { /* Can't happen */
return NULL;
}
dst = encode64_uint32(dst, buflen - (dst - buf), p, 30);
if (!dst) /* Can't happen */
if (!dst) { /* Can't happen */
return NULL;
}
dst = encode64(dst, buflen - (dst - buf), src, srclen);
if (!dst || dst >= buf + buflen) /* Can't happen */
if (!dst || dst >= buf + buflen) { /* Can't happen */
return NULL;
}
*dst = 0; /* NUL termination */
return buf;
@ -217,20 +223,25 @@ escrypt_gensalt_r(uint32_t N_log2, uint32_t r, uint32_t p,
int
crypto_scrypt_compat(const uint8_t * passwd, size_t passwdlen,
const uint8_t * salt, size_t saltlen, uint64_t N, uint32_t r, uint32_t p,
const uint8_t * salt, size_t saltlen,
uint64_t N, uint32_t r, uint32_t p,
uint8_t * buf, size_t buflen)
{
escrypt_kdf_t escrypt_kdf;
escrypt_local_t local;
int retval;
if (escrypt_init_local(&local))
if (escrypt_init_local(&local)) {
return -1;
}
escrypt_kdf =
sodium_runtime_has_sse2() ? escrypt_kdf_sse : escrypt_kdf_nosse;
retval = escrypt_kdf(&local,
passwd, passwdlen, salt, saltlen, N, r, p, buf, buflen);
if (escrypt_free_local(&local))
passwd, passwdlen, salt, saltlen,
N, r, p, buf, buflen);
if (escrypt_free_local(&local)) {
return -1;
}
return retval;
}