diff options
| author | Jack Lloyd <[email protected]> | 2018-05-22 22:43:45 -0400 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2018-05-22 23:26:49 -0400 |
| commit | f87b9e4128698951c10e47dca01811a677577ca0 (patch) | |
| tree | 0923ea1d3dc2bba07445d3af5916fea7398a5fdd /src/lib/pbkdf/scrypt/scrypt.cpp | |
| parent | 5df1042ea95e27b58c2a4a96d036a9492e22ef67 (diff) | |
Support scrypt for encrypting private keys
Diffstat (limited to 'src/lib/pbkdf/scrypt/scrypt.cpp')
| -rw-r--r-- | src/lib/pbkdf/scrypt/scrypt.cpp | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/src/lib/pbkdf/scrypt/scrypt.cpp b/src/lib/pbkdf/scrypt/scrypt.cpp index 81170bf89..e258f391d 100644 --- a/src/lib/pbkdf/scrypt/scrypt.cpp +++ b/src/lib/pbkdf/scrypt/scrypt.cpp @@ -60,6 +60,79 @@ void scryptROMmix(size_t r, size_t N, uint8_t* B, secure_vector<uint8_t>& V) } +Scrypt_Params::Scrypt_Params(size_t N, size_t r, size_t p) : + m_N(N), m_r(r), m_p(p) + { + BOTAN_ARG_CHECK(p <= 128, "Invalid scrypt p"); + BOTAN_ARG_CHECK(N <= 4194304 && is_power_of_2(N), "Invalid scrypt N"); + BOTAN_ARG_CHECK(r <= 64, "Invalid scrypt r"); + } + +Scrypt_Params::Scrypt_Params(std::chrono::milliseconds msec) + { + /* + This mapping is highly subjective and machine specific + For simplicity we fix r=8 and p=4 + */ + m_r = 8; + m_p = 4; + + if(msec.count() <= 10) + { + m_N = 4096; + m_p = 1; + } + else if(msec.count() <= 50) + { + m_N = 8192; + } + else if(msec.count() <= 100) + { + m_N = 16384; + } + else if(msec.count() <= 500) + { + m_N = 32768; + } + else + { + m_N = 65536; + } + } + +Scrypt_Params::Scrypt_Params(size_t iterations) + { + // This mapping is highly subjective and machine specific + m_r = 8; + m_p = 4; + + if(iterations < 1000) + { + m_N = 8192; + } + else if(iterations < 5000) + { + m_N = 16384; + } + else if(iterations < 10000) + { + m_N = 32768; + } + else + { + m_N = 65536; + } + } + +void scrypt(uint8_t output[], size_t output_len, + const std::string& password, + const uint8_t salt[], size_t salt_len, + const Scrypt_Params& params) + { + scrypt(output, output_len, password, salt, salt_len, + params.N(), params.r(), params.p()); + } + void scrypt(uint8_t output[], size_t output_len, const std::string& password, const uint8_t salt[], size_t salt_len, |