ruby-fastpbkdf2 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +7 -0
- data/CHANGELOG.md +43 -0
- data/LICENSE.txt +21 -0
- data/README.md +314 -0
- data/ext/fastpbkdf2/endian.h +71 -0
- data/ext/fastpbkdf2/extconf.rb +59 -0
- data/ext/fastpbkdf2/fastpbkdf2.c +402 -0
- data/ext/fastpbkdf2/fastpbkdf2.h +71 -0
- data/ext/fastpbkdf2/fastpbkdf2_ruby.c +142 -0
- data/ext/fastpbkdf2/fastpbkdf2_ruby.o +0 -0
- data/ext/fastpbkdf2/fastpbkdf2_wrapper.c +16 -0
- data/ext/fastpbkdf2/fastpbkdf2_wrapper.h +48 -0
- data/ext/fastpbkdf2/fastpbkdf2_wrapper.o +0 -0
- data/lib/fastpbkdf2/fastpbkdf2.bundle +0 -0
- data/lib/fastpbkdf2/version.rb +3 -0
- data/lib/fastpbkdf2.rb +31 -0
- data/vendor/fastpbkdf2/LICENSE +117 -0
- data/vendor/fastpbkdf2/fastpbkdf2.c +402 -0
- data/vendor/fastpbkdf2/fastpbkdf2.h +71 -0
- metadata +107 -0
data/lib/fastpbkdf2.rb
ADDED
|
@@ -0,0 +1,31 @@
|
|
|
1
|
+
require_relative 'fastpbkdf2/version'
|
|
2
|
+
|
|
3
|
+
# Load the C extension first which defines FastPBKDF2
|
|
4
|
+
require 'fastpbkdf2/fastpbkdf2'
|
|
5
|
+
|
|
6
|
+
# Ensure FastPBKDF2 is available at top level
|
|
7
|
+
unless defined?(::FastPBKDF2)
|
|
8
|
+
raise LoadError, "FastPBKDF2 C extension did not load properly"
|
|
9
|
+
end
|
|
10
|
+
|
|
11
|
+
# Add shorter aliases using class << syntax
|
|
12
|
+
class << FastPBKDF2
|
|
13
|
+
def pbkdf2_hmac(algorithm, password, salt, iterations, dklen = nil)
|
|
14
|
+
case algorithm.to_s.downcase
|
|
15
|
+
when 'sha1'
|
|
16
|
+
dklen ||= 20
|
|
17
|
+
sha1(password, salt, iterations, dklen)
|
|
18
|
+
when 'sha256'
|
|
19
|
+
dklen ||= 32
|
|
20
|
+
sha256(password, salt, iterations, dklen)
|
|
21
|
+
when 'sha512'
|
|
22
|
+
dklen ||= 64
|
|
23
|
+
sha512(password, salt, iterations, dklen)
|
|
24
|
+
else
|
|
25
|
+
raise ArgumentError, "Unsupported algorithm: #{algorithm}"
|
|
26
|
+
end
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
# Create alias for backward compatibility (lowercase version)
|
|
31
|
+
Fastpbkdf2 = ::FastPBKDF2
|
|
@@ -0,0 +1,117 @@
|
|
|
1
|
+
CC0 1.0 Universal
|
|
2
|
+
|
|
3
|
+
Statement of Purpose
|
|
4
|
+
|
|
5
|
+
The laws of most jurisdictions throughout the world automatically confer
|
|
6
|
+
exclusive Copyright and Related Rights (defined below) upon the creator and
|
|
7
|
+
subsequent owner(s) (each and all, an "owner") of an original work of
|
|
8
|
+
authorship and/or a database (each, a "Work").
|
|
9
|
+
|
|
10
|
+
Certain owners wish to permanently relinquish those rights to a Work for the
|
|
11
|
+
purpose of contributing to a commons of creative, cultural and scientific
|
|
12
|
+
works ("Commons") that the public can reliably and without fear of later
|
|
13
|
+
claims of infringement build upon, modify, incorporate in other works, reuse
|
|
14
|
+
and redistribute as freely as possible in any form whatsoever and for any
|
|
15
|
+
purposes, including without limitation commercial purposes. These owners may
|
|
16
|
+
contribute to the Commons to promote the ideal of a free culture and the
|
|
17
|
+
further production of creative, cultural and scientific works, or to gain
|
|
18
|
+
reputation or greater distribution for their Work in part through the use and
|
|
19
|
+
efforts of others.
|
|
20
|
+
|
|
21
|
+
For these and/or other purposes and motivations, and without any expectation
|
|
22
|
+
of additional consideration or compensation, the person associating CC0 with a
|
|
23
|
+
Work (the "Affirmer"), to the extent that he or she is an owner of Copyright
|
|
24
|
+
and Related Rights in the Work, voluntarily elects to apply CC0 to the Work
|
|
25
|
+
and publicly distribute the Work under its terms, with knowledge of his or her
|
|
26
|
+
Copyright and Related Rights in the Work and the meaning and intended legal
|
|
27
|
+
effect of CC0 on those rights.
|
|
28
|
+
|
|
29
|
+
1. Copyright and Related Rights. A Work made available under CC0 may be
|
|
30
|
+
protected by copyright and related or neighboring rights ("Copyright and
|
|
31
|
+
Related Rights"). Copyright and Related Rights include, but are not limited
|
|
32
|
+
to, the following:
|
|
33
|
+
|
|
34
|
+
i. the right to reproduce, adapt, distribute, perform, display, communicate,
|
|
35
|
+
and translate a Work;
|
|
36
|
+
|
|
37
|
+
ii. moral rights retained by the original author(s) and/or performer(s);
|
|
38
|
+
|
|
39
|
+
iii. publicity and privacy rights pertaining to a person's image or likeness
|
|
40
|
+
depicted in a Work;
|
|
41
|
+
|
|
42
|
+
iv. rights protecting against unfair competition in regards to a Work,
|
|
43
|
+
subject to the limitations in paragraph 4(a), below;
|
|
44
|
+
|
|
45
|
+
v. rights protecting the extraction, dissemination, use and reuse of data in
|
|
46
|
+
a Work;
|
|
47
|
+
|
|
48
|
+
vi. database rights (such as those arising under Directive 96/9/EC of the
|
|
49
|
+
European Parliament and of the Council of 11 March 1996 on the legal
|
|
50
|
+
protection of databases, and under any national implementation thereof,
|
|
51
|
+
including any amended or successor version of such directive); and
|
|
52
|
+
|
|
53
|
+
vii. other similar, equivalent or corresponding rights throughout the world
|
|
54
|
+
based on applicable law or treaty, and any national implementations thereof.
|
|
55
|
+
|
|
56
|
+
2. Waiver. To the greatest extent permitted by, but not in contravention of,
|
|
57
|
+
applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and
|
|
58
|
+
unconditionally waives, abandons, and surrenders all of Affirmer's Copyright
|
|
59
|
+
and Related Rights and associated claims and causes of action, whether now
|
|
60
|
+
known or unknown (including existing as well as future claims and causes of
|
|
61
|
+
action), in the Work (i) in all territories worldwide, (ii) for the maximum
|
|
62
|
+
duration provided by applicable law or treaty (including future time
|
|
63
|
+
extensions), (iii) in any current or future medium and for any number of
|
|
64
|
+
copies, and (iv) for any purpose whatsoever, including without limitation
|
|
65
|
+
commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes
|
|
66
|
+
the Waiver for the benefit of each member of the public at large and to the
|
|
67
|
+
detriment of Affirmer's heirs and successors, fully intending that such Waiver
|
|
68
|
+
shall not be subject to revocation, rescission, cancellation, termination, or
|
|
69
|
+
any other legal or equitable action to disrupt the quiet enjoyment of the Work
|
|
70
|
+
by the public as contemplated by Affirmer's express Statement of Purpose.
|
|
71
|
+
|
|
72
|
+
3. Public License Fallback. Should any part of the Waiver for any reason be
|
|
73
|
+
judged legally invalid or ineffective under applicable law, then the Waiver
|
|
74
|
+
shall be preserved to the maximum extent permitted taking into account
|
|
75
|
+
Affirmer's express Statement of Purpose. In addition, to the extent the Waiver
|
|
76
|
+
is so judged Affirmer hereby grants to each affected person a royalty-free,
|
|
77
|
+
non transferable, non sublicensable, non exclusive, irrevocable and
|
|
78
|
+
unconditional license to exercise Affirmer's Copyright and Related Rights in
|
|
79
|
+
the Work (i) in all territories worldwide, (ii) for the maximum duration
|
|
80
|
+
provided by applicable law or treaty (including future time extensions), (iii)
|
|
81
|
+
in any current or future medium and for any number of copies, and (iv) for any
|
|
82
|
+
purpose whatsoever, including without limitation commercial, advertising or
|
|
83
|
+
promotional purposes (the "License"). The License shall be deemed effective as
|
|
84
|
+
of the date CC0 was applied by Affirmer to the Work. Should any part of the
|
|
85
|
+
License for any reason be judged legally invalid or ineffective under
|
|
86
|
+
applicable law, such partial invalidity or ineffectiveness shall not
|
|
87
|
+
invalidate the remainder of the License, and in such case Affirmer hereby
|
|
88
|
+
affirms that he or she will not (i) exercise any of his or her remaining
|
|
89
|
+
Copyright and Related Rights in the Work or (ii) assert any associated claims
|
|
90
|
+
and causes of action with respect to the Work, in either case contrary to
|
|
91
|
+
Affirmer's express Statement of Purpose.
|
|
92
|
+
|
|
93
|
+
4. Limitations and Disclaimers.
|
|
94
|
+
|
|
95
|
+
a. No trademark or patent rights held by Affirmer are waived, abandoned,
|
|
96
|
+
surrendered, licensed or otherwise affected by this document.
|
|
97
|
+
|
|
98
|
+
b. Affirmer offers the Work as-is and makes no representations or warranties
|
|
99
|
+
of any kind concerning the Work, express, implied, statutory or otherwise,
|
|
100
|
+
including without limitation warranties of title, merchantability, fitness
|
|
101
|
+
for a particular purpose, non infringement, or the absence of latent or
|
|
102
|
+
other defects, accuracy, or the present or absence of errors, whether or not
|
|
103
|
+
discoverable, all to the greatest extent permissible under applicable law.
|
|
104
|
+
|
|
105
|
+
c. Affirmer disclaims responsibility for clearing rights of other persons
|
|
106
|
+
that may apply to the Work or any use thereof, including without limitation
|
|
107
|
+
any person's Copyright and Related Rights in the Work. Further, Affirmer
|
|
108
|
+
disclaims responsibility for obtaining any necessary consents, permissions
|
|
109
|
+
or other rights required for any use of the Work.
|
|
110
|
+
|
|
111
|
+
d. Affirmer understands and acknowledges that Creative Commons is not a
|
|
112
|
+
party to this document and has no duty or obligation with respect to this
|
|
113
|
+
CC0 or use of the Work.
|
|
114
|
+
|
|
115
|
+
For more information, please see
|
|
116
|
+
<http://creativecommons.org/publicdomain/zero/1.0/>
|
|
117
|
+
|
|
@@ -0,0 +1,402 @@
|
|
|
1
|
+
/*
|
|
2
|
+
* fast-pbkdf2 - Optimal PBKDF2-HMAC calculation
|
|
3
|
+
* Written in 2015 by Joseph Birr-Pixton <jpixton@gmail.com>
|
|
4
|
+
*
|
|
5
|
+
* To the extent possible under law, the author(s) have dedicated all
|
|
6
|
+
* copyright and related and neighboring rights to this software to the
|
|
7
|
+
* public domain worldwide. This software is distributed without any
|
|
8
|
+
* warranty.
|
|
9
|
+
*
|
|
10
|
+
* You should have received a copy of the CC0 Public Domain Dedication
|
|
11
|
+
* along with this software. If not, see
|
|
12
|
+
* <http://creativecommons.org/publicdomain/zero/1.0/>.
|
|
13
|
+
*/
|
|
14
|
+
|
|
15
|
+
#include "fastpbkdf2.h"
|
|
16
|
+
|
|
17
|
+
#include <assert.h>
|
|
18
|
+
#include <string.h>
|
|
19
|
+
#if defined(__GNUC__)
|
|
20
|
+
#include <endian.h>
|
|
21
|
+
#endif
|
|
22
|
+
|
|
23
|
+
#include <openssl/sha.h>
|
|
24
|
+
|
|
25
|
+
/* --- MSVC doesn't support C99 --- */
|
|
26
|
+
#ifdef _MSC_VER
|
|
27
|
+
#define restrict
|
|
28
|
+
#define _Pragma __pragma
|
|
29
|
+
#endif
|
|
30
|
+
|
|
31
|
+
/* --- Common useful things --- */
|
|
32
|
+
#define MIN(a, b) ((a) > (b)) ? (b) : (a)
|
|
33
|
+
|
|
34
|
+
static inline void write32_be(uint32_t n, uint8_t out[4])
|
|
35
|
+
{
|
|
36
|
+
#if defined(__GNUC__) && __GNUC__ >= 4 && __BYTE_ORDER == __LITTLE_ENDIAN
|
|
37
|
+
*(uint32_t *)(out) = __builtin_bswap32(n);
|
|
38
|
+
#else
|
|
39
|
+
out[0] = (n >> 24) & 0xff;
|
|
40
|
+
out[1] = (n >> 16) & 0xff;
|
|
41
|
+
out[2] = (n >> 8) & 0xff;
|
|
42
|
+
out[3] = n & 0xff;
|
|
43
|
+
#endif
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
static inline void write64_be(uint64_t n, uint8_t out[8])
|
|
47
|
+
{
|
|
48
|
+
#if defined(__GNUC__) && __GNUC__ >= 4 && __BYTE_ORDER == __LITTLE_ENDIAN
|
|
49
|
+
*(uint64_t *)(out) = __builtin_bswap64(n);
|
|
50
|
+
#else
|
|
51
|
+
write32_be((n >> 32) & 0xffffffff, out);
|
|
52
|
+
write32_be(n & 0xffffffff, out + 4);
|
|
53
|
+
#endif
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
/* --- Optional OpenMP parallelisation of consecutive blocks --- */
|
|
57
|
+
#ifdef WITH_OPENMP
|
|
58
|
+
# define OPENMP_PARALLEL_FOR _Pragma("omp parallel for")
|
|
59
|
+
#else
|
|
60
|
+
# define OPENMP_PARALLEL_FOR
|
|
61
|
+
#endif
|
|
62
|
+
|
|
63
|
+
/* Prepare block (of blocksz bytes) to contain md padding denoting a msg-size
|
|
64
|
+
* message (in bytes). block has a prefix of used bytes.
|
|
65
|
+
*
|
|
66
|
+
* Message length is expressed in 32 bits (so suitable for sha1, sha256, sha512). */
|
|
67
|
+
static inline void md_pad(uint8_t *block, size_t blocksz, size_t used, size_t msg)
|
|
68
|
+
{
|
|
69
|
+
memset(block + used, 0, blocksz - used - 4);
|
|
70
|
+
block[used] = 0x80;
|
|
71
|
+
block += blocksz - 4;
|
|
72
|
+
write32_be((uint32_t) (msg * 8), block);
|
|
73
|
+
}
|
|
74
|
+
|
|
75
|
+
/* Internal function/type names for hash-specific things. */
|
|
76
|
+
#define HMAC_CTX(_name) HMAC_ ## _name ## _ctx
|
|
77
|
+
#define HMAC_INIT(_name) HMAC_ ## _name ## _init
|
|
78
|
+
#define HMAC_UPDATE(_name) HMAC_ ## _name ## _update
|
|
79
|
+
#define HMAC_FINAL(_name) HMAC_ ## _name ## _final
|
|
80
|
+
|
|
81
|
+
#define PBKDF2_F(_name) pbkdf2_f_ ## _name
|
|
82
|
+
#define PBKDF2(_name) pbkdf2_ ## _name
|
|
83
|
+
|
|
84
|
+
/* This macro expands to decls for the whole implementation for a given
|
|
85
|
+
* hash function. Arguments are:
|
|
86
|
+
*
|
|
87
|
+
* _name like 'sha1', added to symbol names
|
|
88
|
+
* _blocksz block size, in bytes
|
|
89
|
+
* _hashsz digest output, in bytes
|
|
90
|
+
* _ctx hash context type
|
|
91
|
+
* _init hash context initialisation function
|
|
92
|
+
* args: (_ctx *c)
|
|
93
|
+
* _update hash context update function
|
|
94
|
+
* args: (_ctx *c, const void *data, size_t ndata)
|
|
95
|
+
* _final hash context finish function
|
|
96
|
+
* args: (void *out, _ctx *c)
|
|
97
|
+
* _xform hash context raw block update function
|
|
98
|
+
* args: (_ctx *c, const void *data)
|
|
99
|
+
* _xcpy hash context raw copy function (only need copy hash state)
|
|
100
|
+
* args: (_ctx * restrict out, const _ctx *restrict in)
|
|
101
|
+
* _xtract hash context state extraction
|
|
102
|
+
* args: args (_ctx *restrict c, uint8_t *restrict out)
|
|
103
|
+
* _xxor hash context xor function (only need xor hash state)
|
|
104
|
+
* args: (_ctx *restrict out, const _ctx *restrict in)
|
|
105
|
+
*
|
|
106
|
+
* The resulting function is named PBKDF2(_name).
|
|
107
|
+
*/
|
|
108
|
+
#define DECL_PBKDF2(_name, _blocksz, _hashsz, _ctx, \
|
|
109
|
+
_init, _update, _xform, _final, _xcpy, _xtract, _xxor) \
|
|
110
|
+
typedef struct { \
|
|
111
|
+
_ctx inner; \
|
|
112
|
+
_ctx outer; \
|
|
113
|
+
} HMAC_CTX(_name); \
|
|
114
|
+
\
|
|
115
|
+
static inline void HMAC_INIT(_name)(HMAC_CTX(_name) *ctx, \
|
|
116
|
+
const uint8_t *key, size_t nkey) \
|
|
117
|
+
{ \
|
|
118
|
+
/* Prepare key: */ \
|
|
119
|
+
uint8_t k[_blocksz]; \
|
|
120
|
+
\
|
|
121
|
+
/* Shorten long keys. */ \
|
|
122
|
+
if (nkey > _blocksz) \
|
|
123
|
+
{ \
|
|
124
|
+
_init(&ctx->inner); \
|
|
125
|
+
_update(&ctx->inner, key, nkey); \
|
|
126
|
+
_final(k, &ctx->inner); \
|
|
127
|
+
\
|
|
128
|
+
key = k; \
|
|
129
|
+
nkey = _hashsz; \
|
|
130
|
+
} \
|
|
131
|
+
\
|
|
132
|
+
/* Standard doesn't cover case where blocksz < hashsz. */ \
|
|
133
|
+
assert(nkey <= _blocksz); \
|
|
134
|
+
\
|
|
135
|
+
/* Right zero-pad short keys. */ \
|
|
136
|
+
if (k != key) \
|
|
137
|
+
memcpy(k, key, nkey); \
|
|
138
|
+
if (_blocksz > nkey) \
|
|
139
|
+
memset(k + nkey, 0, _blocksz - nkey); \
|
|
140
|
+
\
|
|
141
|
+
/* Start inner hash computation */ \
|
|
142
|
+
uint8_t blk_inner[_blocksz]; \
|
|
143
|
+
uint8_t blk_outer[_blocksz]; \
|
|
144
|
+
\
|
|
145
|
+
for (size_t i = 0; i < _blocksz; i++) \
|
|
146
|
+
{ \
|
|
147
|
+
blk_inner[i] = 0x36 ^ k[i]; \
|
|
148
|
+
blk_outer[i] = 0x5c ^ k[i]; \
|
|
149
|
+
} \
|
|
150
|
+
\
|
|
151
|
+
_init(&ctx->inner); \
|
|
152
|
+
_update(&ctx->inner, blk_inner, sizeof blk_inner); \
|
|
153
|
+
\
|
|
154
|
+
/* And outer. */ \
|
|
155
|
+
_init(&ctx->outer); \
|
|
156
|
+
_update(&ctx->outer, blk_outer, sizeof blk_outer); \
|
|
157
|
+
} \
|
|
158
|
+
\
|
|
159
|
+
static inline void HMAC_UPDATE(_name)(HMAC_CTX(_name) *ctx, \
|
|
160
|
+
const void *data, size_t ndata) \
|
|
161
|
+
{ \
|
|
162
|
+
_update(&ctx->inner, data, ndata); \
|
|
163
|
+
} \
|
|
164
|
+
\
|
|
165
|
+
static inline void HMAC_FINAL(_name)(HMAC_CTX(_name) *ctx, \
|
|
166
|
+
uint8_t out[_hashsz]) \
|
|
167
|
+
{ \
|
|
168
|
+
_final(out, &ctx->inner); \
|
|
169
|
+
_update(&ctx->outer, out, _hashsz); \
|
|
170
|
+
_final(out, &ctx->outer); \
|
|
171
|
+
} \
|
|
172
|
+
\
|
|
173
|
+
\
|
|
174
|
+
/* --- PBKDF2 --- */ \
|
|
175
|
+
static inline void PBKDF2_F(_name)(const HMAC_CTX(_name) *startctx, \
|
|
176
|
+
uint32_t counter, \
|
|
177
|
+
const uint8_t *salt, size_t nsalt, \
|
|
178
|
+
uint32_t iterations, \
|
|
179
|
+
uint8_t *out) \
|
|
180
|
+
{ \
|
|
181
|
+
uint8_t countbuf[4]; \
|
|
182
|
+
write32_be(counter, countbuf); \
|
|
183
|
+
\
|
|
184
|
+
/* Prepare loop-invariant padding block. */ \
|
|
185
|
+
uint8_t Ublock[_blocksz]; \
|
|
186
|
+
md_pad(Ublock, _blocksz, _hashsz, _blocksz + _hashsz); \
|
|
187
|
+
\
|
|
188
|
+
/* First iteration: \
|
|
189
|
+
* U_1 = PRF(P, S || INT_32_BE(i)) \
|
|
190
|
+
*/ \
|
|
191
|
+
HMAC_CTX(_name) ctx = *startctx; \
|
|
192
|
+
HMAC_UPDATE(_name)(&ctx, salt, nsalt); \
|
|
193
|
+
HMAC_UPDATE(_name)(&ctx, countbuf, sizeof countbuf); \
|
|
194
|
+
HMAC_FINAL(_name)(&ctx, Ublock); \
|
|
195
|
+
_ctx result = ctx.outer; \
|
|
196
|
+
\
|
|
197
|
+
/* Subsequent iterations: \
|
|
198
|
+
* U_c = PRF(P, U_{c-1}) \
|
|
199
|
+
*/ \
|
|
200
|
+
for (uint32_t i = 1; i < iterations; i++) \
|
|
201
|
+
{ \
|
|
202
|
+
/* Complete inner hash with previous U */ \
|
|
203
|
+
_xcpy(&ctx.inner, &startctx->inner); \
|
|
204
|
+
_xform(&ctx.inner, Ublock); \
|
|
205
|
+
_xtract(&ctx.inner, Ublock); \
|
|
206
|
+
/* Complete outer hash with inner output */ \
|
|
207
|
+
_xcpy(&ctx.outer, &startctx->outer); \
|
|
208
|
+
_xform(&ctx.outer, Ublock); \
|
|
209
|
+
_xtract(&ctx.outer, Ublock); \
|
|
210
|
+
_xxor(&result, &ctx.outer); \
|
|
211
|
+
} \
|
|
212
|
+
\
|
|
213
|
+
/* Reform result into output buffer. */ \
|
|
214
|
+
_xtract(&result, out); \
|
|
215
|
+
} \
|
|
216
|
+
\
|
|
217
|
+
static inline void PBKDF2(_name)(const uint8_t *pw, size_t npw, \
|
|
218
|
+
const uint8_t *salt, size_t nsalt, \
|
|
219
|
+
uint32_t iterations, \
|
|
220
|
+
uint8_t *out, size_t nout) \
|
|
221
|
+
{ \
|
|
222
|
+
assert(iterations); \
|
|
223
|
+
assert(out && nout); \
|
|
224
|
+
\
|
|
225
|
+
/* Starting point for inner loop. */ \
|
|
226
|
+
HMAC_CTX(_name) ctx; \
|
|
227
|
+
HMAC_INIT(_name)(&ctx, pw, npw); \
|
|
228
|
+
\
|
|
229
|
+
/* How many blocks do we need? */ \
|
|
230
|
+
uint32_t blocks_needed = (uint32_t)(nout + _hashsz - 1) / _hashsz; \
|
|
231
|
+
\
|
|
232
|
+
OPENMP_PARALLEL_FOR \
|
|
233
|
+
for (uint32_t counter = 1; counter <= blocks_needed; counter++) \
|
|
234
|
+
{ \
|
|
235
|
+
uint8_t block[_hashsz]; \
|
|
236
|
+
PBKDF2_F(_name)(&ctx, counter, salt, nsalt, iterations, block); \
|
|
237
|
+
\
|
|
238
|
+
size_t offset = (counter - 1) * _hashsz; \
|
|
239
|
+
size_t taken = MIN(nout - offset, _hashsz); \
|
|
240
|
+
memcpy(out + offset, block, taken); \
|
|
241
|
+
} \
|
|
242
|
+
}
|
|
243
|
+
|
|
244
|
+
static inline void sha1_extract(SHA_CTX *restrict ctx, uint8_t *restrict out)
|
|
245
|
+
{
|
|
246
|
+
write32_be(ctx->h0, out);
|
|
247
|
+
write32_be(ctx->h1, out + 4);
|
|
248
|
+
write32_be(ctx->h2, out + 8);
|
|
249
|
+
write32_be(ctx->h3, out + 12);
|
|
250
|
+
write32_be(ctx->h4, out + 16);
|
|
251
|
+
}
|
|
252
|
+
|
|
253
|
+
static inline void sha1_cpy(SHA_CTX *restrict out, const SHA_CTX *restrict in)
|
|
254
|
+
{
|
|
255
|
+
out->h0 = in->h0;
|
|
256
|
+
out->h1 = in->h1;
|
|
257
|
+
out->h2 = in->h2;
|
|
258
|
+
out->h3 = in->h3;
|
|
259
|
+
out->h4 = in->h4;
|
|
260
|
+
}
|
|
261
|
+
|
|
262
|
+
static inline void sha1_xor(SHA_CTX *restrict out, const SHA_CTX *restrict in)
|
|
263
|
+
{
|
|
264
|
+
out->h0 ^= in->h0;
|
|
265
|
+
out->h1 ^= in->h1;
|
|
266
|
+
out->h2 ^= in->h2;
|
|
267
|
+
out->h3 ^= in->h3;
|
|
268
|
+
out->h4 ^= in->h4;
|
|
269
|
+
}
|
|
270
|
+
|
|
271
|
+
DECL_PBKDF2(sha1,
|
|
272
|
+
SHA_CBLOCK,
|
|
273
|
+
SHA_DIGEST_LENGTH,
|
|
274
|
+
SHA_CTX,
|
|
275
|
+
SHA1_Init,
|
|
276
|
+
SHA1_Update,
|
|
277
|
+
SHA1_Transform,
|
|
278
|
+
SHA1_Final,
|
|
279
|
+
sha1_cpy,
|
|
280
|
+
sha1_extract,
|
|
281
|
+
sha1_xor)
|
|
282
|
+
|
|
283
|
+
static inline void sha256_extract(SHA256_CTX *restrict ctx, uint8_t *restrict out)
|
|
284
|
+
{
|
|
285
|
+
write32_be(ctx->h[0], out);
|
|
286
|
+
write32_be(ctx->h[1], out + 4);
|
|
287
|
+
write32_be(ctx->h[2], out + 8);
|
|
288
|
+
write32_be(ctx->h[3], out + 12);
|
|
289
|
+
write32_be(ctx->h[4], out + 16);
|
|
290
|
+
write32_be(ctx->h[5], out + 20);
|
|
291
|
+
write32_be(ctx->h[6], out + 24);
|
|
292
|
+
write32_be(ctx->h[7], out + 28);
|
|
293
|
+
}
|
|
294
|
+
|
|
295
|
+
static inline void sha256_cpy(SHA256_CTX *restrict out, const SHA256_CTX *restrict in)
|
|
296
|
+
{
|
|
297
|
+
out->h[0] = in->h[0];
|
|
298
|
+
out->h[1] = in->h[1];
|
|
299
|
+
out->h[2] = in->h[2];
|
|
300
|
+
out->h[3] = in->h[3];
|
|
301
|
+
out->h[4] = in->h[4];
|
|
302
|
+
out->h[5] = in->h[5];
|
|
303
|
+
out->h[6] = in->h[6];
|
|
304
|
+
out->h[7] = in->h[7];
|
|
305
|
+
}
|
|
306
|
+
|
|
307
|
+
static inline void sha256_xor(SHA256_CTX *restrict out, const SHA256_CTX *restrict in)
|
|
308
|
+
{
|
|
309
|
+
out->h[0] ^= in->h[0];
|
|
310
|
+
out->h[1] ^= in->h[1];
|
|
311
|
+
out->h[2] ^= in->h[2];
|
|
312
|
+
out->h[3] ^= in->h[3];
|
|
313
|
+
out->h[4] ^= in->h[4];
|
|
314
|
+
out->h[5] ^= in->h[5];
|
|
315
|
+
out->h[6] ^= in->h[6];
|
|
316
|
+
out->h[7] ^= in->h[7];
|
|
317
|
+
}
|
|
318
|
+
|
|
319
|
+
DECL_PBKDF2(sha256,
|
|
320
|
+
SHA256_CBLOCK,
|
|
321
|
+
SHA256_DIGEST_LENGTH,
|
|
322
|
+
SHA256_CTX,
|
|
323
|
+
SHA256_Init,
|
|
324
|
+
SHA256_Update,
|
|
325
|
+
SHA256_Transform,
|
|
326
|
+
SHA256_Final,
|
|
327
|
+
sha256_cpy,
|
|
328
|
+
sha256_extract,
|
|
329
|
+
sha256_xor)
|
|
330
|
+
|
|
331
|
+
static inline void sha512_extract(SHA512_CTX *restrict ctx, uint8_t *restrict out)
|
|
332
|
+
{
|
|
333
|
+
write64_be(ctx->h[0], out);
|
|
334
|
+
write64_be(ctx->h[1], out + 8);
|
|
335
|
+
write64_be(ctx->h[2], out + 16);
|
|
336
|
+
write64_be(ctx->h[3], out + 24);
|
|
337
|
+
write64_be(ctx->h[4], out + 32);
|
|
338
|
+
write64_be(ctx->h[5], out + 40);
|
|
339
|
+
write64_be(ctx->h[6], out + 48);
|
|
340
|
+
write64_be(ctx->h[7], out + 56);
|
|
341
|
+
}
|
|
342
|
+
|
|
343
|
+
static inline void sha512_cpy(SHA512_CTX *restrict out, const SHA512_CTX *restrict in)
|
|
344
|
+
{
|
|
345
|
+
out->h[0] = in->h[0];
|
|
346
|
+
out->h[1] = in->h[1];
|
|
347
|
+
out->h[2] = in->h[2];
|
|
348
|
+
out->h[3] = in->h[3];
|
|
349
|
+
out->h[4] = in->h[4];
|
|
350
|
+
out->h[5] = in->h[5];
|
|
351
|
+
out->h[6] = in->h[6];
|
|
352
|
+
out->h[7] = in->h[7];
|
|
353
|
+
}
|
|
354
|
+
|
|
355
|
+
static inline void sha512_xor(SHA512_CTX *restrict out, const SHA512_CTX *restrict in)
|
|
356
|
+
{
|
|
357
|
+
out->h[0] ^= in->h[0];
|
|
358
|
+
out->h[1] ^= in->h[1];
|
|
359
|
+
out->h[2] ^= in->h[2];
|
|
360
|
+
out->h[3] ^= in->h[3];
|
|
361
|
+
out->h[4] ^= in->h[4];
|
|
362
|
+
out->h[5] ^= in->h[5];
|
|
363
|
+
out->h[6] ^= in->h[6];
|
|
364
|
+
out->h[7] ^= in->h[7];
|
|
365
|
+
}
|
|
366
|
+
|
|
367
|
+
DECL_PBKDF2(sha512,
|
|
368
|
+
SHA512_CBLOCK,
|
|
369
|
+
SHA512_DIGEST_LENGTH,
|
|
370
|
+
SHA512_CTX,
|
|
371
|
+
SHA512_Init,
|
|
372
|
+
SHA512_Update,
|
|
373
|
+
SHA512_Transform,
|
|
374
|
+
SHA512_Final,
|
|
375
|
+
sha512_cpy,
|
|
376
|
+
sha512_extract,
|
|
377
|
+
sha512_xor)
|
|
378
|
+
|
|
379
|
+
void fastpbkdf2_hmac_sha1(const uint8_t *pw, size_t npw,
|
|
380
|
+
const uint8_t *salt, size_t nsalt,
|
|
381
|
+
uint32_t iterations,
|
|
382
|
+
uint8_t *out, size_t nout)
|
|
383
|
+
{
|
|
384
|
+
PBKDF2(sha1)(pw, npw, salt, nsalt, iterations, out, nout);
|
|
385
|
+
}
|
|
386
|
+
|
|
387
|
+
void fastpbkdf2_hmac_sha256(const uint8_t *pw, size_t npw,
|
|
388
|
+
const uint8_t *salt, size_t nsalt,
|
|
389
|
+
uint32_t iterations,
|
|
390
|
+
uint8_t *out, size_t nout)
|
|
391
|
+
{
|
|
392
|
+
PBKDF2(sha256)(pw, npw, salt, nsalt, iterations, out, nout);
|
|
393
|
+
}
|
|
394
|
+
|
|
395
|
+
void fastpbkdf2_hmac_sha512(const uint8_t *pw, size_t npw,
|
|
396
|
+
const uint8_t *salt, size_t nsalt,
|
|
397
|
+
uint32_t iterations,
|
|
398
|
+
uint8_t *out, size_t nout)
|
|
399
|
+
{
|
|
400
|
+
PBKDF2(sha512)(pw, npw, salt, nsalt, iterations, out, nout);
|
|
401
|
+
}
|
|
402
|
+
|
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
/*
|
|
2
|
+
* fastpbkdf2 - Faster PBKDF2-HMAC calculation
|
|
3
|
+
* Written in 2015 by Joseph Birr-Pixton <jpixton@gmail.com>
|
|
4
|
+
*
|
|
5
|
+
* To the extent possible under law, the author(s) have dedicated all
|
|
6
|
+
* copyright and related and neighboring rights to this software to the
|
|
7
|
+
* public domain worldwide. This software is distributed without any
|
|
8
|
+
* warranty.
|
|
9
|
+
*
|
|
10
|
+
* You should have received a copy of the CC0 Public Domain Dedication
|
|
11
|
+
* along with this software. If not, see
|
|
12
|
+
* <http://creativecommons.org/publicdomain/zero/1.0/>.
|
|
13
|
+
*/
|
|
14
|
+
|
|
15
|
+
#ifndef FASTPBKDF2_H
|
|
16
|
+
#define FASTPBKDF2_H
|
|
17
|
+
|
|
18
|
+
#include <stdlib.h>
|
|
19
|
+
#include <stdint.h>
|
|
20
|
+
|
|
21
|
+
#ifdef __cplusplus
|
|
22
|
+
extern "C" {
|
|
23
|
+
#endif
|
|
24
|
+
|
|
25
|
+
/** Calculates PBKDF2-HMAC-SHA1.
|
|
26
|
+
*
|
|
27
|
+
* @p npw bytes at @p pw are the password input.
|
|
28
|
+
* @p nsalt bytes at @p salt are the salt input.
|
|
29
|
+
* @p iterations is the PBKDF2 iteration count and must be non-zero.
|
|
30
|
+
* @p nout bytes of output are written to @p out. @p nout must be non-zero.
|
|
31
|
+
*
|
|
32
|
+
* This function cannot fail; it does not report errors.
|
|
33
|
+
*/
|
|
34
|
+
void fastpbkdf2_hmac_sha1(const uint8_t *pw, size_t npw,
|
|
35
|
+
const uint8_t *salt, size_t nsalt,
|
|
36
|
+
uint32_t iterations,
|
|
37
|
+
uint8_t *out, size_t nout);
|
|
38
|
+
|
|
39
|
+
/** Calculates PBKDF2-HMAC-SHA256.
|
|
40
|
+
*
|
|
41
|
+
* @p npw bytes at @p pw are the password input.
|
|
42
|
+
* @p nsalt bytes at @p salt are the salt input.
|
|
43
|
+
* @p iterations is the PBKDF2 iteration count and must be non-zero.
|
|
44
|
+
* @p nout bytes of output are written to @p out. @p nout must be non-zero.
|
|
45
|
+
*
|
|
46
|
+
* This function cannot fail; it does not report errors.
|
|
47
|
+
*/
|
|
48
|
+
void fastpbkdf2_hmac_sha256(const uint8_t *pw, size_t npw,
|
|
49
|
+
const uint8_t *salt, size_t nsalt,
|
|
50
|
+
uint32_t iterations,
|
|
51
|
+
uint8_t *out, size_t nout);
|
|
52
|
+
|
|
53
|
+
/** Calculates PBKDF2-HMAC-SHA512.
|
|
54
|
+
*
|
|
55
|
+
* @p npw bytes at @p pw are the password input.
|
|
56
|
+
* @p nsalt bytes at @p salt are the salt input.
|
|
57
|
+
* @p iterations is the PBKDF2 iteration count and must be non-zero.
|
|
58
|
+
* @p nout bytes of output are written to @p out. @p nout must be non-zero.
|
|
59
|
+
*
|
|
60
|
+
* This function cannot fail; it does not report errors.
|
|
61
|
+
*/
|
|
62
|
+
void fastpbkdf2_hmac_sha512(const uint8_t *pw, size_t npw,
|
|
63
|
+
const uint8_t *salt, size_t nsalt,
|
|
64
|
+
uint32_t iterations,
|
|
65
|
+
uint8_t *out, size_t nout);
|
|
66
|
+
|
|
67
|
+
#ifdef __cplusplus
|
|
68
|
+
}
|
|
69
|
+
#endif
|
|
70
|
+
|
|
71
|
+
#endif
|