35 #include <openssl/sha.h>
37 #if defined(USE_SSE2) && !defined(USE_SSE2_ALWAYS)
47 static inline uint32_t be32dec(
const void *pp)
54 static inline void be32enc(
void *pp,
uint32_t x)
58 p[2] = (x >> 8) & 0xff;
59 p[1] = (x >> 16) & 0xff;
60 p[0] = (x >> 24) & 0xff;
72 unsigned char pad[64];
73 unsigned char khash[32];
74 const unsigned char *K = (
const unsigned char *)_K;
79 SHA256_Init(&ctx->
ictx);
80 SHA256_Update(&ctx->
ictx, K, Klen);
81 SHA256_Final(khash, &ctx->
ictx);
87 SHA256_Init(&ctx->
ictx);
88 memset(pad, 0x36, 64);
89 for (i = 0; i < Klen; i++)
91 SHA256_Update(&ctx->
ictx, pad, 64);
94 SHA256_Init(&ctx->
octx);
95 memset(pad, 0x5c, 64);
96 for (i = 0; i < Klen; i++)
98 SHA256_Update(&ctx->
octx, pad, 64);
101 memset(khash, 0, 32);
109 SHA256_Update(&ctx->
ictx, in, len);
116 unsigned char ihash[32];
119 SHA256_Final(ihash, &ctx->
ictx);
122 SHA256_Update(&ctx->
octx, ihash, 32);
125 SHA256_Final(digest, &ctx->
octx);
128 memset(ihash, 0, 32);
150 HMAC_SHA256_Init(&PShctx, passwd, passwdlen);
151 HMAC_SHA256_Update(&PShctx, salt, saltlen);
154 for (i = 0; i * 32 < dkLen; i++) {
160 HMAC_SHA256_Update(&hctx, ivec, 4);
161 HMAC_SHA256_Final(U, &hctx);
166 for (j = 2; j <= c; j++) {
168 HMAC_SHA256_Init(&hctx, passwd, passwdlen);
169 HMAC_SHA256_Update(&hctx, U, 32);
170 HMAC_SHA256_Final(U, &hctx);
173 for (k = 0; k < 32; k++)
178 clen = dkLen - i * 32;
181 memcpy(&buf[i * 32], T, clen);
188 #define ROTL(a, b) (((a) << (b)) | ((a) >> (32 - (b))))
192 uint32_t x00,x01,x02,x03,x04,x05,x06,x07,x08,x09,x10,x11,x12,x13,x14,x15;
195 x00 = (B[ 0] ^= Bx[ 0]);
196 x01 = (B[ 1] ^= Bx[ 1]);
197 x02 = (B[ 2] ^= Bx[ 2]);
198 x03 = (B[ 3] ^= Bx[ 3]);
199 x04 = (B[ 4] ^= Bx[ 4]);
200 x05 = (B[ 5] ^= Bx[ 5]);
201 x06 = (B[ 6] ^= Bx[ 6]);
202 x07 = (B[ 7] ^= Bx[ 7]);
203 x08 = (B[ 8] ^= Bx[ 8]);
204 x09 = (B[ 9] ^= Bx[ 9]);
205 x10 = (B[10] ^= Bx[10]);
206 x11 = (B[11] ^= Bx[11]);
207 x12 = (B[12] ^= Bx[12]);
208 x13 = (B[13] ^= Bx[13]);
209 x14 = (B[14] ^= Bx[14]);
210 x15 = (B[15] ^= Bx[15]);
211 for (i = 0; i < 8; i += 2) {
213 x04 ^=
ROTL(x00 + x12, 7); x09 ^=
ROTL(x05 + x01, 7);
214 x14 ^=
ROTL(x10 + x06, 7); x03 ^=
ROTL(x15 + x11, 7);
216 x08 ^=
ROTL(x04 + x00, 9); x13 ^=
ROTL(x09 + x05, 9);
217 x02 ^=
ROTL(x14 + x10, 9); x07 ^=
ROTL(x03 + x15, 9);
219 x12 ^=
ROTL(x08 + x04, 13); x01 ^=
ROTL(x13 + x09, 13);
220 x06 ^=
ROTL(x02 + x14, 13); x11 ^=
ROTL(x07 + x03, 13);
222 x00 ^=
ROTL(x12 + x08, 18); x05 ^=
ROTL(x01 + x13, 18);
223 x10 ^=
ROTL(x06 + x02, 18); x15 ^=
ROTL(x11 + x07, 18);
226 x01 ^=
ROTL(x00 + x03, 7); x06 ^=
ROTL(x05 + x04, 7);
227 x11 ^=
ROTL(x10 + x09, 7); x12 ^=
ROTL(x15 + x14, 7);
229 x02 ^=
ROTL(x01 + x00, 9); x07 ^=
ROTL(x06 + x05, 9);
230 x08 ^=
ROTL(x11 + x10, 9); x13 ^=
ROTL(x12 + x15, 9);
232 x03 ^=
ROTL(x02 + x01, 13); x04 ^=
ROTL(x07 + x06, 13);
233 x09 ^=
ROTL(x08 + x11, 13); x14 ^=
ROTL(x13 + x12, 13);
235 x00 ^=
ROTL(x03 + x02, 18); x05 ^=
ROTL(x04 + x07, 18);
236 x10 ^=
ROTL(x09 + x08, 18); x15 ^=
ROTL(x14 + x13, 18);
263 V = (
uint32_t *)(((uintptr_t)(scratchpad) + 63) & ~ (uintptr_t)(63));
267 for (k = 0; k < 32; k++)
268 X[k] = le32dec(&B[4 * k]);
270 for (i = 0; i < 1024; i++) {
271 memcpy(&V[i * 32], X, 128);
272 xor_salsa8(&X[0], &X[16]);
273 xor_salsa8(&X[16], &X[0]);
275 for (i = 0; i < 1024; i++) {
276 j = 32 * (X[16] & 1023);
277 for (k = 0; k < 32; k++)
279 xor_salsa8(&X[0], &X[16]);
280 xor_salsa8(&X[16], &X[0]);
283 for (k = 0; k < 32; k++)
284 le32enc(&B[4 * k], X[k]);
289 #if defined(USE_SSE2)
293 void scrypt_detect_sse2()
295 #if defined(USE_SSE2_ALWAYS)
296 printf(
"scrypt: using scrypt-sse2 as built.\n");
297 #else // USE_SSE2_ALWAYS
299 unsigned int cpuid_edx=0;
300 #if defined(_MSC_VER)
303 __cpuid(x86cpuid, 1);
304 cpuid_edx = (
unsigned int)buffer[3];
307 unsigned int eax, ebx, ecx;
308 __get_cpuid(1, &eax, &ebx, &ecx, &cpuid_edx);
311 if (cpuid_edx & 1<<26)
314 printf(
"scrypt: using scrypt-sse2 as detected.\n");
319 printf(
"scrypt: using scrypt-generic, SSE2 unavailable.\n");
321 #endif // USE_SSE2_ALWAYS
327 char scratchpad[SCRYPT_SCRATCHPAD_SIZE];
void PBKDF2_SHA256(const uint8_t *passwd, size_t passwdlen, const uint8_t *salt, size_t saltlen, uint64_t c, uint8_t *buf, size_t dkLen)
PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, c, buf, dkLen): Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-SHA256 as the PRF, and write the output to buf.
#define scrypt_1024_1_1_256_sp(input, output, scratchpad)
struct HMAC_SHA256Context HMAC_SHA256_CTX
void scrypt_1024_1_1_256_sp_generic(const char *input, char *output, char *scratchpad)
unsigned long long uint64_t
void scrypt_1024_1_1_256(const char *input, char *output)
void scrypt_1024_1_1_256_sp_sse2(const char *input, char *output, char *scratchpad)