diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2025-07-07 10:39:14 +0200 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2025-07-07 10:39:14 +0200 |
| commit | f464be22bd63bf0326bc14a755cbac282fad159a (patch) | |
| tree | f384bb17c188c8c9a945ab1d187d2fecea50a112 /libbb | |
| parent | c11730490ad68737120d569b9760e2c35e28977e (diff) | |
| download | busybox-w32-f464be22bd63bf0326bc14a755cbac282fad159a.tar.gz busybox-w32-f464be22bd63bf0326bc14a755cbac282fad159a.tar.bz2 busybox-w32-f464be22bd63bf0326bc14a755cbac282fad159a.zip | |
libbb/yescrypt: make it possible to set constant parameters, and set YESCRYPT_RW
function old new delta
yescrypt_kdf32_body 1052 1420 +368
yescrypt_r 1133 1084 -49
static.smix 762 - -762
------------------------------------------------------------------------------
(add/remove: 0/1 grow/shrink: 1/1 up/down: 368/-811) Total: -443 bytes
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'libbb')
| -rw-r--r-- | libbb/yescrypt/alg-yescrypt-common.c | 61 | ||||
| -rw-r--r-- | libbb/yescrypt/alg-yescrypt-kdf.c | 58 | ||||
| -rw-r--r-- | libbb/yescrypt/alg-yescrypt.h | 117 |
3 files changed, 141 insertions, 95 deletions
diff --git a/libbb/yescrypt/alg-yescrypt-common.c b/libbb/yescrypt/alg-yescrypt-common.c index 5bdf1893e..db6e098c7 100644 --- a/libbb/yescrypt/alg-yescrypt-common.c +++ b/libbb/yescrypt/alg-yescrypt-common.c | |||
| @@ -144,7 +144,7 @@ char *yescrypt_r( | |||
| 144 | char *dst; | 144 | char *dst; |
| 145 | const uint8_t *src, *saltstr, *saltend; | 145 | const uint8_t *src, *saltstr, *saltend; |
| 146 | size_t need, prefixlen, saltstrlen; | 146 | size_t need, prefixlen, saltstrlen; |
| 147 | uint32_t flavor, N_log2; | 147 | uint32_t u32; |
| 148 | 148 | ||
| 149 | memset(yctx, 0, sizeof(yctx)); | 149 | memset(yctx, 0, sizeof(yctx)); |
| 150 | yctx->param.p = 1; | 150 | yctx->param.p = 1; |
| @@ -152,43 +152,34 @@ char *yescrypt_r( | |||
| 152 | /* we assume setting starts with "$y$" (caller must ensure this) */ | 152 | /* we assume setting starts with "$y$" (caller must ensure this) */ |
| 153 | src = setting + 3; | 153 | src = setting + 3; |
| 154 | 154 | ||
| 155 | src = decode64_uint32(&flavor, src, 0); | 155 | src = decode64_uint32(&yctx->param.flags, src, 0); |
| 156 | /* "j9T" returns: 0x2f */ | 156 | /* "j9T" returns: 0x2f */ |
| 157 | dbg("yescrypt flavor=0x%x YESCRYPT_RW:%u", (unsigned)flavor, !!(flavor & YESCRYPT_RW)); | ||
| 158 | //if (!src) | 157 | //if (!src) |
| 159 | // goto fail; | 158 | // goto fail; |
| 160 | 159 | ||
| 161 | if (flavor < YESCRYPT_RW) { | 160 | if (yctx->param.flags < YESCRYPT_RW) { |
| 162 | yctx->param.flags = flavor; | 161 | dbg("yctx->param.flags=0x%x", (unsigned)yctx->param.flags); |
| 163 | } else if (flavor <= YESCRYPT_RW + (YESCRYPT_RW_FLAVOR_MASK >> 2)) { | 162 | goto fail; // bbox: we don't support scrypt - only yescrypt |
| 163 | } else if (yctx->param.flags <= YESCRYPT_RW + (YESCRYPT_RW_FLAVOR_MASK >> 2)) { | ||
| 164 | /* "j9T" sets flags to 0xb6 */ | 164 | /* "j9T" sets flags to 0xb6 */ |
| 165 | yctx->param.flags = YESCRYPT_RW + ((flavor - YESCRYPT_RW) << 2); | 165 | yctx->param.flags = YESCRYPT_RW + ((yctx->param.flags - YESCRYPT_RW) << 2); |
| 166 | dbg("yctx->param.flags=0x%x", (unsigned)yctx->param.flags); | 166 | dbg("yctx->param.flags=0x%x", (unsigned)yctx->param.flags); |
| 167 | dbg(" YESCRYPT_RW:%u" , !!(yctx->param.flags & YESCRYPT_RW )); | 167 | dbg(" YESCRYPT_RW:%u", !!(yctx->param.flags & YESCRYPT_RW)); |
| 168 | dbg(" YESCRYPT_ROUNDS_6:%u" , !!(yctx->param.flags & YESCRYPT_ROUNDS_6 )); | 168 | dbg((yctx->param.flags & YESCRYPT_RW_FLAVOR_MASK) == |
| 169 | dbg(" YESCRYPT_GATHER_2:%u" , !!(yctx->param.flags & YESCRYPT_GATHER_2 )); | 169 | (YESCRYPT_ROUNDS_6 | YESCRYPT_GATHER_4 | YESCRYPT_SIMPLE_2 | YESCRYPT_SBOX_12K) |
| 170 | dbg(" YESCRYPT_GATHER_4:%u" , !!(yctx->param.flags & YESCRYPT_GATHER_4 )); | 170 | ? " YESCRYPT_ROUNDS_6 | YESCRYPT_GATHER_4 | YESCRYPT_SIMPLE_2 | YESCRYPT_SBOX_12K" |
| 171 | dbg(" YESCRYPT_GATHER_8:%u" , !!(yctx->param.flags & YESCRYPT_GATHER_8 )); | 171 | : " flags are not standard" |
| 172 | dbg(" YESCRYPT_SIMPLE_2:%u" , !!(yctx->param.flags & YESCRYPT_SIMPLE_2 )); | 172 | ); |
| 173 | dbg(" YESCRYPT_SIMPLE_4:%u" , !!(yctx->param.flags & YESCRYPT_SIMPLE_4 )); | ||
| 174 | dbg(" YESCRYPT_SIMPLE_8:%u" , !!(yctx->param.flags & YESCRYPT_SIMPLE_8 )); | ||
| 175 | dbg(" YESCRYPT_SBOX_12K:%u" , !!(yctx->param.flags & YESCRYPT_SBOX_12K )); | ||
| 176 | dbg(" YESCRYPT_SBOX_24K:%u" , !!(yctx->param.flags & YESCRYPT_SBOX_24K )); | ||
| 177 | dbg(" YESCRYPT_SBOX_48K:%u" , !!(yctx->param.flags & YESCRYPT_SBOX_48K )); | ||
| 178 | dbg(" YESCRYPT_SBOX_96K:%u" , !!(yctx->param.flags & YESCRYPT_SBOX_96K )); | ||
| 179 | dbg(" YESCRYPT_SBOX_192K:%u", !!(yctx->param.flags & YESCRYPT_SBOX_192K)); | ||
| 180 | dbg(" YESCRYPT_SBOX_384K:%u", !!(yctx->param.flags & YESCRYPT_SBOX_384K)); | ||
| 181 | dbg(" YESCRYPT_SBOX_768K:%u", !!(yctx->param.flags & YESCRYPT_SBOX_768K)); | ||
| 182 | } else { | 173 | } else { |
| 183 | goto fail; | 174 | goto fail; |
| 184 | } | 175 | } |
| 185 | 176 | ||
| 186 | src = decode64_uint32(&N_log2, src, 1); | 177 | src = decode64_uint32(&u32, src, 1); |
| 187 | if (/*!src ||*/ N_log2 > 63) | 178 | if (/*!src ||*/ u32 > 63) |
| 188 | goto fail; | 179 | goto fail; |
| 189 | yctx->param.N = (uint64_t)1 << N_log2; | 180 | yctx->param.N = (uint64_t)1 << u32; |
| 190 | /* "j9T" sets to 4096 (1<<12) */ | 181 | /* "j9T" sets to 4096 (1<<12) */ |
| 191 | dbg("yctx->param.N=%llu (1<<%u)", (unsigned long long)yctx->param.N, (unsigned)N_log2); | 182 | dbg("yctx->param.N=%llu (1<<%u)", (unsigned long long)yctx->param.N, (unsigned)u32); |
| 192 | 183 | ||
| 193 | src = decode64_uint32(&yctx->param.r, src, 1); | 184 | src = decode64_uint32(&yctx->param.r, src, 1); |
| 194 | /* "j9T" sets to 32 */ | 185 | /* "j9T" sets to 32 */ |
| @@ -197,21 +188,19 @@ char *yescrypt_r( | |||
| 197 | if (!src) | 188 | if (!src) |
| 198 | goto fail; | 189 | goto fail; |
| 199 | if (*src != '$') { | 190 | if (*src != '$') { |
| 200 | uint32_t have; | 191 | src = decode64_uint32(&u32, src, 1); |
| 201 | src = decode64_uint32(&have, src, 1); | ||
| 202 | dbg("yescrypt has extended params:0x%x", (unsigned)have); | 192 | dbg("yescrypt has extended params:0x%x", (unsigned)have); |
| 203 | if (have & 1) | 193 | if (u32 & 1) |
| 204 | src = decode64_uint32(&yctx->param.p, src, 2); | 194 | src = decode64_uint32(&yctx->param.p, src, 2); |
| 205 | if (have & 2) | 195 | if (u32 & 2) |
| 206 | src = decode64_uint32(&yctx->param.t, src, 1); | 196 | src = decode64_uint32(&yctx->param.t, src, 1); |
| 207 | if (have & 4) | 197 | if (u32 & 4) |
| 208 | src = decode64_uint32(&yctx->param.g, src, 1); | 198 | src = decode64_uint32(&yctx->param.g, src, 1); |
| 209 | if (have & 8) { | 199 | if (u32 & 8) { |
| 210 | uint32_t NROM_log2; | 200 | src = decode64_uint32(&u32, src, 1); |
| 211 | src = decode64_uint32(&NROM_log2, src, 1); | 201 | if (/*!src ||*/ u32 > 63) |
| 212 | if (/*!src ||*/ NROM_log2 > 63) | ||
| 213 | goto fail; | 202 | goto fail; |
| 214 | yctx->param.NROM = (uint64_t)1 << NROM_log2; | 203 | yctx->param.NROM = (uint64_t)1 << u32; |
| 215 | } | 204 | } |
| 216 | if (!src) | 205 | if (!src) |
| 217 | goto fail; | 206 | goto fail; |
diff --git a/libbb/yescrypt/alg-yescrypt-kdf.c b/libbb/yescrypt/alg-yescrypt-kdf.c index f1f06621e..13ae62b7c 100644 --- a/libbb/yescrypt/alg-yescrypt-kdf.c +++ b/libbb/yescrypt/alg-yescrypt-kdf.c | |||
| @@ -460,7 +460,7 @@ static inline uint32_t integerify(const salsa20_blk_t *B, size_t r) | |||
| 460 | * to a multiple of at least 16 bytes. | 460 | * to a multiple of at least 16 bytes. |
| 461 | */ | 461 | */ |
| 462 | static void smix1(uint8_t *B, size_t r, uint32_t N, | 462 | static void smix1(uint8_t *B, size_t r, uint32_t N, |
| 463 | yescrypt_flags_t flags, | 463 | uint32_t flags, |
| 464 | salsa20_blk_t *V, | 464 | salsa20_blk_t *V, |
| 465 | uint32_t NROM, const salsa20_blk_t *VROM, | 465 | uint32_t NROM, const salsa20_blk_t *VROM, |
| 466 | salsa20_blk_t *XY, | 466 | salsa20_blk_t *XY, |
| @@ -513,6 +513,7 @@ static void smix1(uint8_t *B, size_t r, uint32_t N, | |||
| 513 | V_j = &VROM[j * s]; | 513 | V_j = &VROM[j * s]; |
| 514 | blockmix_xor(Y, V_j, XY, r, ctx); | 514 | blockmix_xor(Y, V_j, XY, r, ctx); |
| 515 | } else if (flags & YESCRYPT_RW) { | 515 | } else if (flags & YESCRYPT_RW) { |
| 516 | //can't use flags___YESCRYPT_RW, smix1() may be called with flags = 0 | ||
| 516 | uint32_t n; | 517 | uint32_t n; |
| 517 | salsa20_blk_t *V_j; | 518 | salsa20_blk_t *V_j; |
| 518 | 519 | ||
| @@ -580,7 +581,7 @@ static void smix1(uint8_t *B, size_t r, uint32_t N, | |||
| 580 | * 64 bytes, and arrays B and XY to a multiple of at least 16 bytes. | 581 | * 64 bytes, and arrays B and XY to a multiple of at least 16 bytes. |
| 581 | */ | 582 | */ |
| 582 | static void smix2(uint8_t *B, size_t r, uint32_t N, uint64_t Nloop, | 583 | static void smix2(uint8_t *B, size_t r, uint32_t N, uint64_t Nloop, |
| 583 | yescrypt_flags_t flags, | 584 | uint32_t flags, |
| 584 | salsa20_blk_t *V, | 585 | salsa20_blk_t *V, |
| 585 | uint32_t NROM, const salsa20_blk_t *VROM, | 586 | uint32_t NROM, const salsa20_blk_t *VROM, |
| 586 | salsa20_blk_t *XY, | 587 | salsa20_blk_t *XY, |
| @@ -610,6 +611,7 @@ static void smix2(uint8_t *B, size_t r, uint32_t N, uint64_t Nloop, | |||
| 610 | * because our SMix resets YESCRYPT_RW for the smix2() calls operating on the | 611 | * because our SMix resets YESCRYPT_RW for the smix2() calls operating on the |
| 611 | * entire V when p > 1. | 612 | * entire V when p > 1. |
| 612 | */ | 613 | */ |
| 614 | //and this is why bbox can't use flags___YESCRYPT_RW in this function | ||
| 613 | if (VROM && (flags & YESCRYPT_RW)) { | 615 | if (VROM && (flags & YESCRYPT_RW)) { |
| 614 | do { | 616 | do { |
| 615 | salsa20_blk_t *V_j = &V[j * s]; | 617 | salsa20_blk_t *V_j = &V[j * s]; |
| @@ -683,7 +685,7 @@ static uint64_t p2floor(uint64_t x) | |||
| 683 | * might also result in cache bank conflicts). | 685 | * might also result in cache bank conflicts). |
| 684 | */ | 686 | */ |
| 685 | static void smix(uint8_t *B, size_t r, uint32_t N, uint32_t p, uint32_t t, | 687 | static void smix(uint8_t *B, size_t r, uint32_t N, uint32_t p, uint32_t t, |
| 686 | yescrypt_flags_t flags, | 688 | uint32_t flags, |
| 687 | salsa20_blk_t *V, | 689 | salsa20_blk_t *V, |
| 688 | uint32_t NROM, const salsa20_blk_t *VROM, | 690 | uint32_t NROM, const salsa20_blk_t *VROM, |
| 689 | salsa20_blk_t *XY, | 691 | salsa20_blk_t *XY, |
| @@ -696,7 +698,7 @@ static void smix(uint8_t *B, size_t r, uint32_t N, uint32_t p, uint32_t t, | |||
| 696 | 698 | ||
| 697 | Nchunk = N / p; | 699 | Nchunk = N / p; |
| 698 | Nloop_all = Nchunk; | 700 | Nloop_all = Nchunk; |
| 699 | if (flags & YESCRYPT_RW) { | 701 | if (flags___YESCRYPT_RW) { |
| 700 | if (t <= 1) { | 702 | if (t <= 1) { |
| 701 | if (t) | 703 | if (t) |
| 702 | Nloop_all *= 2; /* 2/3 */ | 704 | Nloop_all *= 2; /* 2/3 */ |
| @@ -711,7 +713,7 @@ static void smix(uint8_t *B, size_t r, uint32_t N, uint32_t p, uint32_t t, | |||
| 711 | } | 713 | } |
| 712 | 714 | ||
| 713 | Nloop_rw = 0; | 715 | Nloop_rw = 0; |
| 714 | if (flags & YESCRYPT_RW) | 716 | if (flags___YESCRYPT_RW) |
| 715 | Nloop_rw = Nloop_all / p; | 717 | Nloop_rw = Nloop_all / p; |
| 716 | 718 | ||
| 717 | Nchunk &= ~(uint32_t)1; /* round down to even */ | 719 | Nchunk &= ~(uint32_t)1; /* round down to even */ |
| @@ -725,7 +727,7 @@ static void smix(uint8_t *B, size_t r, uint32_t N, uint32_t p, uint32_t t, | |||
| 725 | salsa20_blk_t *Vp = &V[Vchunk * s]; | 727 | salsa20_blk_t *Vp = &V[Vchunk * s]; |
| 726 | salsa20_blk_t *XYp = XY; | 728 | salsa20_blk_t *XYp = XY; |
| 727 | pwxform_ctx_t *ctx_i = NULL; | 729 | pwxform_ctx_t *ctx_i = NULL; |
| 728 | if (flags & YESCRYPT_RW) { | 730 | if (flags___YESCRYPT_RW) { |
| 729 | uint8_t *Si = S + i * Salloc; | 731 | uint8_t *Si = S + i * Salloc; |
| 730 | smix1(Bp, 1, Sbytes / 128, 0 /* no flags */, | 732 | smix1(Bp, 1, Sbytes / 128, 0 /* no flags */, |
| 731 | (salsa20_blk_t *)Si, 0, NULL, XYp, NULL); | 733 | (salsa20_blk_t *)Si, 0, NULL, XYp, NULL); |
| @@ -752,12 +754,12 @@ static void smix(uint8_t *B, size_t r, uint32_t N, uint32_t p, uint32_t t, | |||
| 752 | uint8_t *Bp = &B[128 * r * i]; | 754 | uint8_t *Bp = &B[128 * r * i]; |
| 753 | salsa20_blk_t *XYp = XY; | 755 | salsa20_blk_t *XYp = XY; |
| 754 | pwxform_ctx_t *ctx_i = NULL; | 756 | pwxform_ctx_t *ctx_i = NULL; |
| 755 | if (flags & YESCRYPT_RW) { | 757 | if (flags___YESCRYPT_RW) { |
| 756 | uint8_t *Si = S + i * Salloc; | 758 | uint8_t *Si = S + i * Salloc; |
| 757 | ctx_i = (pwxform_ctx_t *)(Si + Sbytes); | 759 | ctx_i = (pwxform_ctx_t *)(Si + Sbytes); |
| 758 | } | 760 | } |
| 759 | smix2(Bp, r, N, Nloop_all - Nloop_rw, | 761 | smix2(Bp, r, N, Nloop_all - Nloop_rw, |
| 760 | flags & (yescrypt_flags_t)~YESCRYPT_RW, | 762 | flags & (uint32_t)~YESCRYPT_RW, |
| 761 | V, NROM, VROM, XYp, ctx_i); | 763 | V, NROM, VROM, XYp, ctx_i); |
| 762 | } | 764 | } |
| 763 | } | 765 | } |
| @@ -812,7 +814,7 @@ static void free_region(yescrypt_region_t *region) | |||
| 812 | static int yescrypt_kdf32_body( | 814 | static int yescrypt_kdf32_body( |
| 813 | yescrypt_ctx_t *yctx, | 815 | yescrypt_ctx_t *yctx, |
| 814 | const uint8_t *passwd, size_t passwdlen, | 816 | const uint8_t *passwd, size_t passwdlen, |
| 815 | yescrypt_flags_t flags, uint64_t N, uint32_t t, | 817 | uint32_t flags, uint64_t N, uint32_t t, |
| 816 | uint8_t *buf32) | 818 | uint8_t *buf32) |
| 817 | { | 819 | { |
| 818 | const salsa20_blk_t *VROM; | 820 | const salsa20_blk_t *VROM; |
| @@ -823,13 +825,13 @@ static int yescrypt_kdf32_body( | |||
| 823 | uint8_t dk[sizeof(sha256)], *dkp = buf32; | 825 | uint8_t dk[sizeof(sha256)], *dkp = buf32; |
| 824 | 826 | ||
| 825 | /* Sanity-check parameters */ | 827 | /* Sanity-check parameters */ |
| 826 | switch (flags & YESCRYPT_MODE_MASK) { | 828 | switch (flags___YESCRYPT_MODE_MASK) { |
| 827 | case 0: /* classic scrypt - can't have anything non-standard */ | 829 | case 0: /* classic scrypt - can't have anything non-standard */ |
| 828 | if (flags || t || yctx->param.NROM) | 830 | if (flags || t || YCTX_param_NROM) |
| 829 | goto out_EINVAL; | 831 | goto out_EINVAL; |
| 830 | break; | 832 | break; |
| 831 | case YESCRYPT_WORM: | 833 | case YESCRYPT_WORM: |
| 832 | if (flags != YESCRYPT_WORM || yctx->param.NROM) | 834 | if (flags != YESCRYPT_WORM || YCTX_param_NROM) |
| 833 | goto out_EINVAL; | 835 | goto out_EINVAL; |
| 834 | break; | 836 | break; |
| 835 | case YESCRYPT_RW: | 837 | case YESCRYPT_RW: |
| @@ -852,8 +854,8 @@ static int yescrypt_kdf32_body( | |||
| 852 | goto out_EINVAL; | 854 | goto out_EINVAL; |
| 853 | #endif | 855 | #endif |
| 854 | { | 856 | { |
| 855 | const uint32_t r = yctx->param.r; | 857 | const uint32_t r = YCTX_param_r; |
| 856 | const uint32_t p = yctx->param.p; | 858 | const uint32_t p = YCTX_param_p; |
| 857 | if ((uint64_t)r * (uint64_t)p >= 1 << 30) | 859 | if ((uint64_t)r * (uint64_t)p >= 1 << 30) |
| 858 | goto out_EINVAL; | 860 | goto out_EINVAL; |
| 859 | if (N > UINT32_MAX) | 861 | if (N > UINT32_MAX) |
| @@ -863,7 +865,7 @@ static int yescrypt_kdf32_body( | |||
| 863 | if (r > SIZE_MAX / 256 / p || | 865 | if (r > SIZE_MAX / 256 / p || |
| 864 | N > SIZE_MAX / 128 / r) | 866 | N > SIZE_MAX / 128 / r) |
| 865 | goto out_EINVAL; | 867 | goto out_EINVAL; |
| 866 | if (flags & YESCRYPT_RW) { | 868 | if (flags___YESCRYPT_RW) { |
| 867 | /* p cannot be greater than SIZE_MAX/Salloc on 64-bit systems, | 869 | /* p cannot be greater than SIZE_MAX/Salloc on 64-bit systems, |
| 868 | but it can on 32-bit systems. */ | 870 | but it can on 32-bit systems. */ |
| 869 | #pragma GCC diagnostic push | 871 | #pragma GCC diagnostic push |
| @@ -874,7 +876,7 @@ static int yescrypt_kdf32_body( | |||
| 874 | } | 876 | } |
| 875 | 877 | ||
| 876 | VROM = NULL; | 878 | VROM = NULL; |
| 877 | if (yctx->param.NROM) | 879 | if (YCTX_param_NROM) |
| 878 | goto out_EINVAL; | 880 | goto out_EINVAL; |
| 879 | 881 | ||
| 880 | /* Allocate memory */ | 882 | /* Allocate memory */ |
| @@ -889,7 +891,7 @@ static int yescrypt_kdf32_body( | |||
| 889 | need += XY_size; | 891 | need += XY_size; |
| 890 | if (need < XY_size) | 892 | if (need < XY_size) |
| 891 | goto out_EINVAL; | 893 | goto out_EINVAL; |
| 892 | if (flags & YESCRYPT_RW) { | 894 | if (flags___YESCRYPT_RW) { |
| 893 | size_t S_size = (size_t)Salloc * p; | 895 | size_t S_size = (size_t)Salloc * p; |
| 894 | need += S_size; | 896 | need += S_size; |
| 895 | if (need < S_size) | 897 | if (need < S_size) |
| @@ -907,7 +909,7 @@ static int yescrypt_kdf32_body( | |||
| 907 | V = (salsa20_blk_t *)((uint8_t *)B + B_size); | 909 | V = (salsa20_blk_t *)((uint8_t *)B + B_size); |
| 908 | XY = (salsa20_blk_t *)((uint8_t *)V + V_size); | 910 | XY = (salsa20_blk_t *)((uint8_t *)V + V_size); |
| 909 | S = NULL; | 911 | S = NULL; |
| 910 | if (flags & YESCRYPT_RW) | 912 | if (flags___YESCRYPT_RW) |
| 911 | S = (uint8_t *)XY + XY_size; | 913 | S = (uint8_t *)XY + XY_size; |
| 912 | 914 | ||
| 913 | if (flags) { | 915 | if (flags) { |
| @@ -926,13 +928,13 @@ static int yescrypt_kdf32_body( | |||
| 926 | if (flags) | 928 | if (flags) |
| 927 | memcpy(sha256, B, sizeof(sha256)); | 929 | memcpy(sha256, B, sizeof(sha256)); |
| 928 | 930 | ||
| 929 | if (p == 1 || (flags & YESCRYPT_RW)) { | 931 | if (p == 1 || (flags___YESCRYPT_RW)) { |
| 930 | smix(B, r, N, p, t, flags, V, yctx->param.NROM, VROM, XY, S, sha256); | 932 | smix(B, r, N, p, t, flags, V, YCTX_param_NROM, VROM, XY, S, sha256); |
| 931 | } else { | 933 | } else { |
| 932 | uint32_t i; | 934 | uint32_t i; |
| 933 | for (i = 0; i < p; i++) { | 935 | for (i = 0; i < p; i++) { |
| 934 | smix(&B[(size_t)128 * r * i], r, N, 1, t, flags, V, | 936 | smix(&B[(size_t)128 * r * i], r, N, 1, t, flags, V, |
| 935 | yctx->param.NROM, VROM, XY, NULL, NULL); | 937 | YCTX_param_NROM, VROM, XY, NULL, NULL); |
| 936 | } | 938 | } |
| 937 | } | 939 | } |
| 938 | 940 | ||
| @@ -996,12 +998,12 @@ int yescrypt_kdf32( | |||
| 996 | const uint8_t *passwd, size_t passwdlen, | 998 | const uint8_t *passwd, size_t passwdlen, |
| 997 | uint8_t *buf32) | 999 | uint8_t *buf32) |
| 998 | { | 1000 | { |
| 999 | yescrypt_flags_t flags = yctx->param.flags; | 1001 | uint32_t flags = YCTX_param_flags; |
| 1000 | uint64_t N = yctx->param.N; | 1002 | uint64_t N = YCTX_param_N; |
| 1001 | uint32_t r = yctx->param.r; | 1003 | uint32_t r = YCTX_param_r; |
| 1002 | uint32_t p = yctx->param.p; | 1004 | uint32_t p = YCTX_param_p; |
| 1003 | uint32_t t = yctx->param.t; | 1005 | uint32_t t = YCTX_param_t; |
| 1004 | uint32_t g = yctx->param.g; | 1006 | uint32_t g = YCTX_param_g; |
| 1005 | uint8_t dk32[32]; | 1007 | uint8_t dk32[32]; |
| 1006 | int retval; | 1008 | int retval; |
| 1007 | 1009 | ||
| @@ -1011,7 +1013,7 @@ int yescrypt_kdf32( | |||
| 1011 | return -1; | 1013 | return -1; |
| 1012 | } | 1014 | } |
| 1013 | 1015 | ||
| 1014 | if ((flags & YESCRYPT_RW) | 1016 | if ((flags___YESCRYPT_RW) |
| 1015 | && p >= 1 | 1017 | && p >= 1 |
| 1016 | && N / p >= 0x100 | 1018 | && N / p >= 0x100 |
| 1017 | && N / p * r >= 0x20000 | 1019 | && N / p * r >= 0x20000 |
diff --git a/libbb/yescrypt/alg-yescrypt.h b/libbb/yescrypt/alg-yescrypt.h index 996af333f..97475d89f 100644 --- a/libbb/yescrypt/alg-yescrypt.h +++ b/libbb/yescrypt/alg-yescrypt.h | |||
| @@ -42,28 +42,32 @@ | |||
| 42 | * Please refer to the description of yescrypt_kdf() below for the meaning of | 42 | * Please refer to the description of yescrypt_kdf() below for the meaning of |
| 43 | * these flags. | 43 | * these flags. |
| 44 | */ | 44 | */ |
| 45 | typedef uint32_t yescrypt_flags_t; | 45 | /* yescrypt flags: |
| 46 | * bits pos: 7654321076543210 | ||
| 47 | * ss r w | ||
| 48 | * sbox gg y | ||
| 49 | */ | ||
| 46 | /* Public */ | 50 | /* Public */ |
| 47 | #define YESCRYPT_WORM 1 | 51 | #define YESCRYPT_WORM 1 |
| 48 | #define YESCRYPT_RW 0x002 | 52 | #define YESCRYPT_RW 0x002 |
| 49 | #define YESCRYPT_ROUNDS_3 0x000 | 53 | #define YESCRYPT_ROUNDS_3 0x000 //r=0 |
| 50 | #define YESCRYPT_ROUNDS_6 0x004 | 54 | #define YESCRYPT_ROUNDS_6 0x004 //r=1 |
| 51 | #define YESCRYPT_GATHER_1 0x000 | 55 | #define YESCRYPT_GATHER_1 0x000 //gg=00 |
| 52 | #define YESCRYPT_GATHER_2 0x008 | 56 | #define YESCRYPT_GATHER_2 0x008 //gg=01 |
| 53 | #define YESCRYPT_GATHER_4 0x010 | 57 | #define YESCRYPT_GATHER_4 0x010 //gg=10 |
| 54 | #define YESCRYPT_GATHER_8 0x018 | 58 | #define YESCRYPT_GATHER_8 0x018 //gg=11 |
| 55 | #define YESCRYPT_SIMPLE_1 0x000 | 59 | #define YESCRYPT_SIMPLE_1 0x000 //ss=00 |
| 56 | #define YESCRYPT_SIMPLE_2 0x020 | 60 | #define YESCRYPT_SIMPLE_2 0x020 //ss=01 |
| 57 | #define YESCRYPT_SIMPLE_4 0x040 | 61 | #define YESCRYPT_SIMPLE_4 0x040 //ss=11 |
| 58 | #define YESCRYPT_SIMPLE_8 0x060 | 62 | #define YESCRYPT_SIMPLE_8 0x060 //ss=11 |
| 59 | #define YESCRYPT_SBOX_6K 0x000 | 63 | #define YESCRYPT_SBOX_6K 0x000 //sbox=0000 |
| 60 | #define YESCRYPT_SBOX_12K 0x080 | 64 | #define YESCRYPT_SBOX_12K 0x080 //sbox=0001 |
| 61 | #define YESCRYPT_SBOX_24K 0x100 | 65 | #define YESCRYPT_SBOX_24K 0x100 //sbox=0010 |
| 62 | #define YESCRYPT_SBOX_48K 0x180 | 66 | #define YESCRYPT_SBOX_48K 0x180 //sbox=0011 |
| 63 | #define YESCRYPT_SBOX_96K 0x200 | 67 | #define YESCRYPT_SBOX_96K 0x200 //sbox=0100 |
| 64 | #define YESCRYPT_SBOX_192K 0x280 | 68 | #define YESCRYPT_SBOX_192K 0x280 //sbox=0101 |
| 65 | #define YESCRYPT_SBOX_384K 0x300 | 69 | #define YESCRYPT_SBOX_384K 0x300 //sbox=0110 |
| 66 | #define YESCRYPT_SBOX_768K 0x380 | 70 | #define YESCRYPT_SBOX_768K 0x380 //sbox=0111 |
| 67 | 71 | ||
| 68 | #ifdef YESCRYPT_INTERNAL | 72 | #ifdef YESCRYPT_INTERNAL |
| 69 | /* Private */ | 73 | /* Private */ |
| @@ -86,6 +90,19 @@ typedef uint32_t yescrypt_flags_t; | |||
| 86 | YESCRYPT_ALLOC_ONLY | YESCRYPT_PREHASH) | 90 | YESCRYPT_ALLOC_ONLY | YESCRYPT_PREHASH) |
| 87 | #endif | 91 | #endif |
| 88 | 92 | ||
| 93 | /* How many chars base-64 encoded bytes require? */ | ||
| 94 | #define YESCRYPT_BYTES2CHARS(bytes) ((((bytes) * 8) + 5) / 6) | ||
| 95 | /* The /etc/passwd-style hash is "<prefix>$<hash><NUL>" */ | ||
| 96 | /* | ||
| 97 | * "$y$", up to 8 params of up to 6 chars each, '$', salt | ||
| 98 | * Alternatively, but that's smaller: | ||
| 99 | * "$7$", 3 params encoded as 1+5+5 chars, salt | ||
| 100 | */ | ||
| 101 | #define YESCRYPT_PREFIX_LEN (3 + 8 * 6 + 1 + YESCRYPT_BYTES2CHARS(32)) | ||
| 102 | |||
| 103 | #define YESCRYPT_HASH_SIZE 32 | ||
| 104 | #define YESCRYPT_HASH_LEN YESCRYPT_BYTES2CHARS(YESCRYPT_HASH_SIZE) | ||
| 105 | |||
| 89 | /** | 106 | /** |
| 90 | * Internal type used by the memory allocator. Please do not use it directly. | 107 | * Internal type used by the memory allocator. Please do not use it directly. |
| 91 | * Use yescrypt_shared_t and yescrypt_local_t as appropriate instead, since | 108 | * Use yescrypt_shared_t and yescrypt_local_t as appropriate instead, since |
| @@ -104,7 +121,7 @@ typedef struct { | |||
| 104 | * set. flags, t, g, NROM are special to yescrypt. | 121 | * set. flags, t, g, NROM are special to yescrypt. |
| 105 | */ | 122 | */ |
| 106 | typedef struct { | 123 | typedef struct { |
| 107 | yescrypt_flags_t flags; | 124 | uint32_t flags; |
| 108 | uint64_t N; | 125 | uint64_t N; |
| 109 | uint32_t r, p, t, g; | 126 | uint32_t r, p, t, g; |
| 110 | uint64_t NROM; | 127 | uint64_t NROM; |
| @@ -123,18 +140,56 @@ typedef struct { | |||
| 123 | yescrypt_region_t local[1]; | 140 | yescrypt_region_t local[1]; |
| 124 | } yescrypt_ctx_t; | 141 | } yescrypt_ctx_t; |
| 125 | 142 | ||
| 126 | /* How many chars base-64 encoded bytes require? */ | 143 | // How much can save by forcing "standard" value by commenting the next line: |
| 127 | #define YESCRYPT_BYTES2CHARS(bytes) ((((bytes) * 8) + 5) / 6) | 144 | // 160 bytes |
| 128 | /* The /etc/passwd-style hash is "<prefix>$<hash><NUL>" */ | 145 | //#define YCTX_param_flags yctx->param.flags |
| 129 | /* | 146 | // 260 bytes |
| 130 | * "$y$", up to 8 params of up to 6 chars each, '$', salt | 147 | //#define flags___YESCRYPT_RW (flags & YESCRYPT_RW) |
| 131 | * Alternatively, but that's smaller: | 148 | // 140 bytes |
| 132 | * "$7$", 3 params encoded as 1+5+5 chars, salt | 149 | //#define flags___YESCRYPT_MODE_MASK (flags & YESCRYPT_MODE_MASK) |
| 133 | */ | 150 | // ^^^^ forcing the above since the code already requires (checks for) this |
| 134 | #define YESCRYPT_PREFIX_LEN (3 + 8 * 6 + 1 + YESCRYPT_BYTES2CHARS(32)) | 151 | // 50 bytes |
| 152 | #define YCTX_param_N yctx->param.N | ||
| 153 | // -100 bytes (negative!!!) | ||
| 154 | #define YCTX_param_r yctx->param.r | ||
| 155 | // 400 bytes | ||
| 156 | #define YCTX_param_p yctx->param.p | ||
| 157 | // 130 bytes | ||
| 158 | #define YCTX_param_t yctx->param.t | ||
| 159 | // 2 bytes | ||
| 160 | #define YCTX_param_g yctx->param.g | ||
| 161 | // 1 bytes | ||
| 162 | // ^^^^ this looks wrong, compiler should be able to constant-propagate the fact that NROM code is dead | ||
| 163 | #define YCTX_param_NROM yctx->param.NROM | ||
| 135 | 164 | ||
| 136 | #define YESCRYPT_HASH_SIZE 32 | 165 | // standard ("j9T") values: |
| 137 | #define YESCRYPT_HASH_LEN YESCRYPT_BYTES2CHARS(YESCRYPT_HASH_SIZE) | 166 | #ifndef YCTX_param_flags |
| 167 | #define YCTX_param_flags (YESCRYPT_RW | YESCRYPT_ROUNDS_6 | YESCRYPT_GATHER_4 | YESCRYPT_SIMPLE_2 | YESCRYPT_SBOX_12K) | ||
| 168 | #endif | ||
| 169 | #ifndef flags___YESCRYPT_RW | ||
| 170 | #define flags___YESCRYPT_RW ((void)flags, YESCRYPT_RW) | ||
| 171 | #endif | ||
| 172 | #ifndef flags___YESCRYPT_MODE_MASK | ||
| 173 | #define flags___YESCRYPT_MODE_MASK ((void)flags, YESCRYPT_RW) | ||
| 174 | #endif | ||
| 175 | #ifndef YCTX_param_N | ||
| 176 | #define YCTX_param_N 4096 | ||
| 177 | #endif | ||
| 178 | #ifndef YCTX_param_r | ||
| 179 | #define YCTX_param_r 32 | ||
| 180 | #endif | ||
| 181 | #ifndef YCTX_param_p | ||
| 182 | #define YCTX_param_p 1 | ||
| 183 | #endif | ||
| 184 | #ifndef YCTX_param_t | ||
| 185 | #define YCTX_param_t 0 | ||
| 186 | #endif | ||
| 187 | #ifndef YCTX_param_g | ||
| 188 | #define YCTX_param_g 0 | ||
| 189 | #endif | ||
| 190 | #ifndef YCTX_param_NROM | ||
| 191 | #define YCTX_param_NROM 0 | ||
| 192 | #endif | ||
| 138 | 193 | ||
| 139 | /** | 194 | /** |
| 140 | * yescrypt_r(shared, local, passwd, passwdlen, setting, key, buf, buflen): | 195 | * yescrypt_r(shared, local, passwd, passwdlen, setting, key, buf, buflen): |