Coverage Report

Created: 2024-11-21 07:03

/src/cryptopp/scrypt.h
Line
Count
Source (jump to first uncovered line)
1
// scrypt.h - written and placed in public domain by Jeffrey Walton.
2
//            Based on reference source code by Colin Percival.
3
4
/// \file scrypt.h
5
/// \brief Classes for Scrypt from RFC 7914
6
/// \sa <A HREF="https://www.tarsnap.com/scrypt/scrypt.pdf">Stronger Key Derivation via
7
///   Sequential Memory-Hard Functions</a>,
8
///   <A HREF="https://www.tarsnap.com/scrypt.html">The scrypt key derivation function</A>
9
///   and <A HREF="https://tools.ietf.org/html/rfc7914">RFC 7914, The scrypt Password-Based
10
///   Key Derivation Function</A>
11
/// \since Crypto++ 7.0
12
13
#ifndef CRYPTOPP_SCRYPT_H
14
#define CRYPTOPP_SCRYPT_H
15
16
#include "cryptlib.h"
17
#include "secblock.h"
18
19
NAMESPACE_BEGIN(CryptoPP)
20
21
/// \brief Scrypt key derivation function
22
/// \details The Crypto++ implementation uses OpenMP to accelerate the derivation when
23
///   available.
24
/// \details The Crypto++ implementation of Scrypt is limited by C++ datatypes. For
25
///   example, the library is limited to a derived key length of <tt>SIZE_MAX</tt>,
26
///   and not <tt>(2^32 - 1) * 32</tt>.
27
/// \sa <A HREF="https://www.tarsnap.com/scrypt/scrypt.pdf">Stronger Key Derivation via
28
///   Sequential Memory-Hard Functions</A>,
29
///   <A HREF="https://www.tarsnap.com/scrypt.html">The scrypt key derivation function</A>
30
///   and <A HREF="https://tools.ietf.org/html/rfc7914">RFC 7914, The scrypt Password-Based
31
///   Key Derivation Function</A>
32
/// \since Crypto++ 7.0
33
class Scrypt : public KeyDerivationFunction
34
{
35
public:
36
0
    virtual ~Scrypt() {}
37
38
0
    static std::string StaticAlgorithmName () {
39
0
        return "scrypt";
40
0
    }
41
42
    // KeyDerivationFunction interface
43
0
    std::string AlgorithmName() const {
44
0
        return StaticAlgorithmName();
45
0
    }
46
47
    // KeyDerivationFunction interface
48
581
    size_t MaxDerivedKeyLength() const {
49
581
        return static_cast<size_t>(0)-1;
50
581
    }
51
52
    // KeyDerivationFunction interface
53
    size_t GetValidDerivedLength(size_t keylength) const;
54
55
    // KeyDerivationFunction interface
56
    size_t DeriveKey(byte *derived, size_t derivedLen, const byte *secret, size_t secretLen,
57
        const NameValuePairs& params) const;
58
59
    /// \brief Derive a key from a seed
60
    /// \param derived the derived output buffer
61
    /// \param derivedLen the size of the derived buffer, in bytes
62
    /// \param secret the seed input buffer
63
    /// \param secretLen the size of the secret buffer, in bytes
64
    /// \param salt the salt input buffer
65
    /// \param saltLen the size of the salt buffer, in bytes
66
    /// \param cost the CPU/memory cost factor
67
    /// \param blockSize the block size
68
    /// \param parallelization the parallelization factor
69
    /// \return the number of iterations performed
70
    /// \throw InvalidDerivedKeyLength if <tt>derivedLen</tt> is invalid for the scheme
71
    /// \details DeriveKey() provides a standard interface to derive a key from
72
    ///   a seed and other parameters. Each class that derives from KeyDerivationFunction
73
    ///   provides an overload that accepts most parameters used by the derivation function.
74
    /// \details The CPU/Memory <tt>cost</tt> parameter ("N" in the documents) must be
75
    ///   larger than 1, a power of 2, and less than <tt>2^(128 * r / 8)</tt>.
76
    /// \details The parameter <tt>blockSize</tt> ("r" in the documents) specifies the block
77
    ///   size.
78
    /// \details The <tt>parallelization</tt> parameter ("p" in the documents) is a positive
79
    ///   integer less than or equal to <tt>((2^32-1) * 32) / (128 * r)</tt>. Due to Microsoft
80
    ///   and its OpenMP 2.0 implementation <tt>parallelization</tt> is limited to
81
    ///   <tt>std::numeric_limits<int>::max()</tt>.
82
    /// \details Scrypt always returns 1 because it only performs 1 iteration. Other
83
    ///   derivation functions, like PBKDF's, will return more interesting values.
84
    /// \details The Crypto++ implementation of Scrypt is limited by C++ datatypes. For
85
    ///   example, the library is limited to a derived key length of <tt>SIZE_MAX</tt>,
86
    ///   and not <tt>(2^32 - 1) * 32</tt>.
87
    size_t DeriveKey(byte *derived, size_t derivedLen, const byte *secret, size_t secretLen,
88
        const byte *salt, size_t saltLen, word64 cost=2, word64 blockSize=8, word64 parallelization=1) const;
89
90
protected:
91
    enum {defaultCost=2, defaultBlockSize=8, defaultParallelization=1};
92
93
    // KeyDerivationFunction interface
94
0
    const Algorithm & GetAlgorithm() const {
95
0
        return *this;
96
0
    }
97
98
    inline void ValidateParameters(size_t derivedlen, word64 cost, word64 blockSize, word64 parallelization) const;
99
};
100
101
NAMESPACE_END
102
103
#endif // CRYPTOPP_SCRYPT_H