scrypt 3.0.6 → 3.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 27fb084e997c8f5ef6c5eabc8c9823c62b9beb54be2297818ca70c47137b6b12
-  data.tar.gz: d37621255d1c455593543773f887ac00b12d8040664d886ed5838a5435c0b1c0
+  metadata.gz: dc64f3f7f338072fc62985fc8aeb406dd88659018f4d52adbe5f6c76e16bcf83
+  data.tar.gz: 832a0fb1e6137422a9de7497f6d17fcb7feab3d1b0c76cdea57a86bfeca0b08a
 SHA512:
-  metadata.gz: 706b757097bbca08633e852dce8ac3e1e90f8eb1d82e4833ad9f2beefa9e50b3ccc304357b7a55d7cbfe8cfcaca31605bfbf4f28c68661f59e17f978073134be
-  data.tar.gz: 08de38a6a613855792aafc026df7320e67e2512b76f71231b2a5d46fb56e27c9d99d194435d23507e9d5ea4d3105840cbc7a619746fb523587b7a455bf4cd94d
+  metadata.gz: 1ae13fbf6b63924096d36990f87d0244d8d6442400f7aeb27f0571bf8eed7f036fb934ec49e69e8472bc653616c4bbaf161c721d974e06ef602d4ec8d1831019
+  data.tar.gz: f619909e8e6e011e59b2a7102d5684910cbb1e028b51bc5a08225d35e1d04810348be17b95d3e59cf2b354f1677dd64e0952873db472846c7ea960a388649c04

data/README.md

@@ -1,79 +1,205 @@
-scrypt [![Build Status](https://secure.travis-ci.org/pbhogan/scrypt.svg)](http://travis-ci.org/pbhogan/scrypt)
-======
+# scrypt
 
-The scrypt key derivation function is designed to be far more secure against hardware brute-force attacks than alternative functions such as PBKDF2 or bcrypt.
+A Ruby library providing a secure password hashing solution using the scrypt key derivation function.
 
-* http://www.tarsnap.com/scrypt.html
-* http://github.com/pbhogan/scrypt
+[![Gem Version](https://badge.fury.io/rb/scrypt.svg)](https://badge.fury.io/rb/scrypt) [![Ruby](https://github.com/pbhogan/scrypt/actions/workflows/ruby.yml/badge.svg)](https://github.com/pbhogan/scrypt/actions/workflows/ruby.yml)
+
+## About scrypt
+
+The scrypt key derivation function is designed to be far more secure against hardware brute-force attacks than alternative functions such as PBKDF2 or bcrypt. It accomplishes this by being deliberately memory-intensive, making it expensive to implement in hardware.
+
+**Key Features:**
+- Memory-hard function that resists ASIC and FPGA attacks
+- Configurable computational cost, memory usage, and parallelization
+- Drop-in replacement for bcrypt in most applications
+- Production-ready and battle-tested
+
+**Resources:**
+- [Original scrypt paper](http://www.tarsnap.com/scrypt.html)
+- [GitHub repository](http://github.com/pbhogan/scrypt)
 
 ## Why you should use scrypt
 
 ![KDF comparison](https://github.com/tarcieri/scrypt/raw/modern-readme/kdf-comparison.png)
 
-The designers of scrypt estimate that on modern (2009) hardware, if 5 seconds are spent computing a derived key, the cost of a hardware brute-force attack against scrypt is roughly 4000 times greater than the cost of a similar attack against bcrypt (to find the same password), and 20000 times greater than a similar attack against PBKDF2.
+The designers of scrypt estimate that on modern (2009) hardware, if 5 seconds are spent computing a derived key, the cost of a hardware brute-force attack against scrypt is roughly 4,000 times greater than the cost of a similar attack against bcrypt (to find the same password), and 20,000 times greater than a similar attack against PBKDF2.
+
+## Installation
 
-## How to install scrypt
+Add this line to your application's Gemfile:
 
+```ruby
+gem 'scrypt'
 ```
+
+And then execute:
+
+```bash
+bundle install
+```
+
+Or install it yourself as:
+
+```bash
 gem install scrypt
 ```
 
-## How to use scrypt
+## Basic Usage
 
-It works pretty similarly to ruby-bcrypt with a few minor differences, especially where the cost factor is concerned.
+The scrypt gem works similarly to ruby-bcrypt with a few minor differences, especially regarding the cost factor configuration.
 
 ```ruby
 require "scrypt"
 
-# hash a user's password
+# Hash a user's password
 password = SCrypt::Password.create("my grand secret")
 # => "400$8$36$78f4ae6983f76119$37ec6ce55a2b928dc56ff9a7d0cdafbd7dbde49d9282c38a40b1434e88f24cf5"
 
-# compare to strings
+# Compare passwords
 password == "my grand secret" # => true
 password == "a paltry guess"  # => false
 ```
 
-Password.create takes five options which will determine the key length and salt size, as well as the cost limits of the computation:
+### Configuration Options
 
-* `:key_len` specifies the length in bytes of the key you want to generate. The default is 32 bytes (256 bits). Minimum is 16 bytes (128 bits). Maximum is 512 bytes (4096 bits).
-* `:salt_size` specifies the size in bytes of the random salt you want to generate. The default and maximum is 32 bytes (256 bits). Minimum is 8 bytes (64 bits).
-* `:max_time` specifies the maximum number of seconds the computation should take.
-* `:max_mem` specifies the maximum number of bytes the computation should take. A value of 0 specifies no upper limit. The minimum is always 1 MB.
-* `:max_memfrac` specifies the maximum memory in a fraction of available resources to use. Any value equal to 0 or greater than 0.5 will result in 0.5 being used.
-* `:cost` specifies a cost string (e.g. `'400$8$19$'`) from the `calibrate` method.  The `:max_*` options will be ignored if this option is given, or if `calibrate!` has been called.
+`Password.create` accepts several options to customize the key length, salt size, and computational cost limits:
 
-Default options will result in calculation time of approx. 200 ms with 16 MB memory use.
+* **`:key_len`** - Length in bytes of the generated key. Default: 32 bytes (256 bits). Range: 16-512 bytes.
+* **`:salt_size`** - Size in bytes of the random salt. Default: 32 bytes (256 bits). Range: 8-32 bytes.
+* **`:max_time`** - Maximum computation time in seconds. Default: 0.2 seconds.
+* **`:max_mem`** - Maximum memory usage in bytes. Default: 16 MB. Set to 0 for no limit (minimum 1 MB).
+* **`:max_memfrac`** - Maximum memory as a fraction of available resources. Default: 0.5. Range: 0-0.5.
+* **`:cost`** - Explicit cost string from `calibrate` method (e.g., `'400$8$19$'`). When provided, `max_*` options are ignored.
 
-## Other things you can do
+**Note:** Default options result in approximately 200ms computation time with 16 MB memory usage.
+
+## Advanced Usage
+
+### Engine Methods
+
+The scrypt gem provides low-level access to the scrypt algorithm through the `SCrypt::Engine` class:
 
 ```ruby
 require "scrypt"
 
+# Calibrate scrypt parameters for your system
 SCrypt::Engine.calibrate
 # => "400$8$25$"
 
+# Generate a salt with default parameters
 salt = SCrypt::Engine.generate_salt
 # => "400$8$26$b62e0f787a5fc373"
 
-SCrypt::Engine.hash_secret "my grand secret", salt
+# Hash a secret with a specific salt
+SCrypt::Engine.hash_secret("my grand secret", salt)
 # => "400$8$26$b62e0f787a5fc373$0399ccd4fa26642d92741b17c366b7f6bd12ccea5214987af445d2bed97bc6a2"
 
+# Calibrate with custom memory limits and save for future use
 SCrypt::Engine.calibrate!(max_mem: 16 * 1024 * 1024)
 # => "4000$8$4$"
 
+# Subsequent salt generation will use the calibrated parameters
 SCrypt::Engine.generate_salt
 # => "4000$8$4$c6d101522d3cb045"
 ```
 
+### Password Creation with Custom Options
+
+```ruby
+# Create password with custom parameters
+password = SCrypt::Password.create("my secret", {
+  key_len: 64,
+  salt_size: 16,
+  max_time: 0.5,
+  max_mem: 32 * 1024 * 1024
+})
+
+# Create password with pre-calibrated cost
+cost = SCrypt::Engine.calibrate(max_time: 0.1)
+password = SCrypt::Password.create("my secret", cost: cost)
+```
+
 ## Usage in Rails (and the like)
 
 ```ruby
-# store it safely in the user model
+## Usage in Rails (and similar frameworks)
+
+# Store password safely in the user model
 user.update_attribute(:password, SCrypt::Password.create("my grand secret"))
 
-# read it back later
+# Read it back later
 user.reload!
 password = SCrypt::Password.new(user.password)
 password == "my grand secret" # => true
 ```
+
+## Security Considerations
+
+* **Memory Safety**: The scrypt algorithm requires significant memory, making it resistant to hardware-based attacks
+* **Time-Memory Trade-off**: Higher memory requirements make it expensive to parallelize attacks
+* **Parameter Selection**: Use `calibrate` to find optimal parameters for your system's performance requirements
+* **Salt Generation**: Always use cryptographically secure random salts (handled automatically)
+
+## Performance Tuning
+
+The scrypt parameters can be tuned based on your security and performance requirements:
+
+```ruby
+# For high-security applications (slower)
+password = SCrypt::Password.create("secret", max_time: 1.0, max_mem: 64 * 1024 * 1024)
+
+# For faster authentication (less secure)
+password = SCrypt::Password.create("secret", max_time: 0.1, max_mem: 8 * 1024 * 1024)
+
+# Calibrate once and reuse parameters
+SCrypt::Engine.calibrate!(max_time: 0.5)
+# All subsequent Password.create calls will use these parameters
+```
+
+## Error Handling
+
+The library raises specific exceptions for different error conditions:
+
+```ruby
+begin
+  SCrypt::Password.new("invalid_hash_format")
+rescue SCrypt::Errors::InvalidHash => e
+  puts "Invalid hash format: #{e.message}"
+end
+
+begin
+  SCrypt::Engine.hash_secret(nil, "salt")
+rescue SCrypt::Errors::InvalidSecret => e
+  puts "Invalid secret: #{e.message}"
+end
+```
+
+## Contributing
+
+1. Fork the repository
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request
+
+## Acknowledgments
+
+### Original scrypt Algorithm
+- **Colin Percival** and **Tarsnap** for creating the scrypt key derivation function and providing the reference implementation
+- The original scrypt paper: [Stronger Key Derivation via Sequential Memory-Hard Functions](http://www.tarsnap.com/scrypt.html)
+
+### Core Collaborators
+
+- **Patrick Hogan** ([@pbhogan](https://github.com/pbhogan))
+- **Stephen von Takach** ([@stakach](https://github.com/stakach))
+- **Rene van Paassen** ([@repagh](https://github.com/repagh))
+- **Johanns Gregorian** ([@johanns](https://github.com/johanns))
+
+### Special Thanks
+- The Ruby community for testing and feedback
+- Contributors who have submitted bug reports, feature requests, and patches
+- The cryptography community for security reviews and recommendations
+
+## License
+
+This project is licensed under the BSD-3-Clause License - see the [COPYING](COPYING) file for details.

data/Rakefile

@@ -1,46 +1,60 @@
+# frozen_string_literal: true
+
 require 'bundler/setup'
 require 'bundler/gem_tasks'
+require 'digest/sha2'
+
+require 'ffi'
+require 'ffi-compiler/compile_task'
 
+require 'fileutils'
 require 'rake'
 require 'rake/clean'
+require 'rdoc/task'
 
 require 'rspec/core/rake_task'
 
-require 'ffi'
-require 'ffi-compiler/compile_task'
-
-require 'digest/sha2'
-require './lib/scrypt/version'
-
 require 'rubygems'
 require 'rubygems/package_task'
 
-require 'rdoc/task'
+require './lib/scrypt/version'
 
-task :default => [:clean, :compile_ffi, :spec]
+task default: %i[clean compile_ffi spec]
 
-desc 'clean, make and run specs'
-task :spec do
-  RSpec::Core::RakeTask.new
+desc 'Run all specs'
+RSpec::Core::RakeTask.new(:spec) do |t|
+  t.rspec_opts = ['--color', '--backtrace', '--format', 'documentation']
 end
 
-desc 'generate checksum'
+desc 'Generate checksum for built gem'
 task :checksum do
   built_gem_path = "pkg/scrypt-#{SCrypt::VERSION}.gem"
+
+  unless File.exist?(built_gem_path)
+    puts "Gem file not found: #{built_gem_path}"
+    puts "Run 'rake build' first to create the gem."
+    exit 1
+  end
+
   checksum = Digest::SHA512.new.hexdigest(File.read(built_gem_path))
   checksum_path = "checksum/scrypt-#{SCrypt::VERSION}.gem.sha512"
-  File.open(checksum_path, 'w' ) {|f| f.write(checksum) }
+
+  # Ensure checksum directory exists
+  FileUtils.mkdir_p(File.dirname(checksum_path))
+
+  File.write(checksum_path, checksum)
+  puts "Checksum written to: #{checksum_path}"
 end
 
-desc 'FFI compiler'
-namespace 'ffi-compiler' do
+desc 'Compile FFI extension'
+namespace :ffi_compiler do
   FFI::Compiler::CompileTask.new('ext/scrypt/scrypt_ext') do |t|
     target_cpu = RbConfig::CONFIG['target_cpu']
 
     t.cflags << '-Wall -std=c99'
-    t.cflags << '-msse -msse2' if t.platform.arch.include? '86'
+    t.cflags << '-msse -msse2' if t.platform.arch.include?('86')
     t.cflags << '-D_GNU_SOURCE=1' if RbConfig::CONFIG['host_os'].downcase =~ /mingw/
-    t.cflags << '-D_POSIX_C_SOURCE=199309L' if RbConfig::CONFIG['host_os'].downcase =~ /linux/
+    t.cflags << '-D_POSIX_C_SOURCE=200809L' if RbConfig::CONFIG['host_os'].downcase =~ /linux/
 
     if 1.size == 4 && target_cpu =~ /i386|x86_32/ && t.platform.mac?
       t.cflags << '-arch i386'
@@ -53,22 +67,23 @@ namespace 'ffi-compiler' do
     t.add_define 'WINDOWS_OS' if FFI::Platform.windows?
   end
 end
-task :compile_ffi => ['ffi-compiler:default']
+task compile_ffi: ['ffi_compiler:default']
 
 CLEAN.include('ext/scrypt/*{.o,.log,.so,.bundle}')
 CLEAN.include('lib/**/*{.o,.log,.so,.bundle}')
 
-desc 'Generate RDoc'
-rd = Rake::RDocTask.new do |rdoc|
+desc 'Generate RDoc documentation'
+RDoc::Task.new(:rdoc) do |rdoc|
   rdoc.rdoc_dir = 'doc/rdoc'
-  rdoc.options << '--title' << 'scrypt-ruby' << '--line-numbers' << '--inline-source' << '--main' << 'README'
+  rdoc.options << '--force-update'
+  rdoc.options << '-V'
+
   rdoc.template = ENV['TEMPLATE'] if ENV['TEMPLATE']
-  rdoc.rdoc_files.include('COPYING', 'lib/**/*.rb')
 end
 
 desc 'Run all specs'
 RSpec::Core::RakeTask.new do |_t|
-  rspec_opts = ['--colour', '--backtrace']
+  # Task automatically runs specs based on RSpec defaults
 end
 
 def gem_spec
@@ -80,4 +95,3 @@ Gem::PackageTask.new(gem_spec) do |pkg|
   pkg.need_tar = true
   pkg.package_dir = 'pkg'
 end
-

data/ext/scrypt/Rakefile

@@ -6,7 +6,7 @@ FFI::Compiler::CompileTask.new('scrypt_ext') do |t|
   t.cflags << '-Wall -std=c99'
   t.cflags << '-msse -msse2' if t.platform.arch.include? '86'
   t.cflags << '-D_GNU_SOURCE=1' if RbConfig::CONFIG['host_os'].downcase =~ /mingw/
-  t.cflags << '-D_POSIX_C_SOURCE=199309L' if RbConfig::CONFIG['host_os'].downcase =~ /linux/
+  t.cflags << '-D_POSIX_C_SOURCE=200809L' if RbConfig::CONFIG['host_os'].downcase =~ /linux/
 
   if 1.size == 4 && target_cpu =~ /i386|x86_32/ && t.platform.mac?
     t.cflags << '-arch i386'

data/ext/scrypt/warnp.c

@@ -36,7 +36,13 @@ warnp_setprogname(const char * progname)
 			p = progname + 1;
 
 	/* Copy the name string. */
-	name = strdup(p);
+	name = malloc(strlen(p) + 1);
+	if (name == NULL) {
+		/* No cleanup handler needs to be registered on failure. */
+		return;
+	}
+	strncpy(name, p, strlen(p) + 1);
+	name[strlen(p)] = '\0';  /* Ensure null termination */
 
 	/* If we haven't already done so, register our exit handler. */
 	if (initialized == 0) {

data/lib/scrypt/engine.rb

@@ -0,0 +1,227 @@
+# frozen_string_literal: true
+
+require 'ffi'
+require 'openssl'
+
+module SCrypt
+  module Ext
+    # Bind the external functions
+    attach_function :sc_calibrate,
+                    %i[size_t double double pointer],
+                    :int,
+                    blocking: true
+
+    attach_function :crypto_scrypt,
+                    %i[pointer size_t pointer size_t uint64 uint32 uint32 pointer size_t],
+                    :int,
+                    blocking: true # Use blocking: true for CPU-intensive operations to avoid GIL issues
+  end
+
+  class Engine
+    # Regular expressions for validation
+    COST_PATTERN = /^[0-9a-z]+\$[0-9a-z]+\$[0-9a-z]+\$$/.freeze
+    SALT_PATTERN = /^[0-9a-z]+\$[0-9a-z]+\$[0-9a-z]+\$[A-Za-z0-9]{16,64}$/.freeze
+    HASH_PATTERN = /^[0-9a-z]+\$[0-9a-z]+\$[0-9a-z]+\$[A-Za-z0-9]{16,64}\$[A-Za-z0-9]{32,1024}$/.freeze
+
+    # Constants for salt handling
+    OLD_STYLE_SALT_LENGTH = 40
+    SALT_MIN_LENGTH = 16
+
+    DEFAULTS = {
+      key_len: 32,
+      salt_size: 32,
+      max_mem: 16 * 1024 * 1024,
+      max_memfrac: 0.5,
+      max_time: 0.2,
+      cost: nil
+    }.freeze
+
+    # Class variable to store calibrated cost, separate from defaults
+    @calibrated_cost = nil
+
+    class << self
+      attr_accessor :calibrated_cost
+    end
+
+    class Calibration < FFI::Struct
+      layout  :n, :uint64,
+              :r, :uint32,
+              :p, :uint32
+    end
+
+    class << self
+      def scrypt(secret, salt, *args)
+        case args.length
+        when 2
+          # args is [cost_string, key_len]
+          cost_string, key_len = args
+          cpu_cost, memory_cost, parallelization = parse_cost_string(cost_string)
+          __sc_crypt(secret, salt, cpu_cost, memory_cost, parallelization, key_len)
+        when 4
+          # args is [n, r, p, key_len]
+          cpu_cost, memory_cost, parallelization, key_len = args
+          __sc_crypt(secret, salt, cpu_cost, memory_cost, parallelization, key_len)
+        else
+          raise ArgumentError, 'invalid number of arguments (4 or 6)'
+        end
+      end
+
+      # Given a secret and a valid salt (see SCrypt::Engine.generate_salt) calculates an scrypt password hash.
+      def hash_secret(secret, salt, key_len = DEFAULTS[:key_len])
+        raise Errors::InvalidSecret, 'invalid secret' unless valid_secret?(secret)
+        raise Errors::InvalidSalt, 'invalid salt' unless valid_salt?(salt)
+
+        cost = autodetect_cost(salt)
+        salt_only = extract_salt_from_string(salt)
+
+        if old_style_hash?(salt_only)
+          generate_old_style_hash(secret, salt, cost)
+        else
+          generate_new_style_hash(secret, salt, salt_only, cost, key_len)
+        end
+      end
+
+      # Generates a random salt with a given computational cost.  Uses a saved
+      # cost if SCrypt::Engine.calibrate! has been called.
+      #
+      # Options:
+      # <tt>:cost</tt> is a cost string returned by SCrypt::Engine.calibrate
+      def generate_salt(options = {})
+        options = DEFAULTS.merge(options)
+        cost = options[:cost] || @calibrated_cost || calibrate(options)
+        salt = OpenSSL::Random.random_bytes(options[:salt_size]).unpack('H*').first.rjust(SALT_MIN_LENGTH, '0')
+
+        salt = avoid_old_style_collision(salt)
+        cost + salt
+      end
+
+      # Returns true if +cost+ is a valid cost, false if not.
+      def valid_cost?(cost)
+        !COST_PATTERN.match(cost).nil?
+      end
+
+      # Returns true if +salt+ is a valid salt, false if not.
+      def valid_salt?(salt)
+        !SALT_PATTERN.match(salt).nil?
+      end
+
+      # Returns true if +secret+ is a valid secret, false if not.
+      def valid_secret?(secret)
+        secret.respond_to?(:to_s)
+      end
+
+      # Returns the cost value which will result in computation limits less than the given options.
+      #
+      # Options:
+      # <tt>:max_time</tt> specifies the maximum number of seconds the computation should take.
+      # <tt>:max_mem</tt> specifies the maximum number of bytes the computation should take.
+      # A value of 0 specifies no upper limit. The minimum is always 1 MB.
+      # <tt>:max_memfrac</tt> specifies the maximum memory in a fraction of available resources to use.
+      # Any value equal to 0 or greater than 0.5 will result in 0.5 being used.
+      #
+      # Example:
+      #
+      #   # should take less than 200ms
+      #   SCrypt::Engine.calibrate(:max_time => 0.2)
+      #
+      def calibrate(options = {})
+        options = DEFAULTS.merge(options)
+        '%x$%x$%x$' % __sc_calibrate(options[:max_mem], options[:max_memfrac], options[:max_time])
+      end
+
+      # Calls SCrypt::Engine.calibrate and saves the cost string for future calls to
+      # SCrypt::Engine.generate_salt.
+      def calibrate!(options = {})
+        @calibrated_cost = calibrate(options)
+      end
+
+      # Computes the memory use of the given +cost+
+      def memory_use(cost)
+        cpu_cost, memory_cost, parallelization = parse_cost_string(cost)
+        (128 * memory_cost * parallelization) + (256 * memory_cost) + (128 * memory_cost * cpu_cost)
+      end
+
+      # Autodetects the cost from the salt string.
+      def autodetect_cost(salt)
+        salt[/^[0-9a-z]+\$[0-9a-z]+\$[0-9a-z]+\$/]
+      end
+
+      private
+
+      # Extracts the salt portion from a salt string
+      def extract_salt_from_string(salt)
+        salt[/\$([A-Za-z0-9]{16,64})$/, 1]
+      end
+
+      # Checks if this is an old-style hash based on salt length
+      def old_style_hash?(salt_only)
+        salt_only.length == OLD_STYLE_SALT_LENGTH
+      end
+
+      # Generates old-style hash with SHA1
+      def generate_old_style_hash(secret, salt, cost)
+        "#{salt}$#{Digest::SHA1.hexdigest(scrypt(secret.to_s, salt, cost, 256))}"
+      end
+
+      # Generates new-style hash
+      def generate_new_style_hash(secret, salt, salt_only, cost, key_len)
+        processed_salt = [salt_only.sub(/^(00)+/, '')].pack('H*')
+        hash_bytes = scrypt(secret.to_s, processed_salt, cost, key_len)
+        "#{salt}$#{hash_bytes.unpack('H*').first.rjust(key_len * 2, '0')}"
+      end
+
+      # Avoids collision with old-style hash detection
+      def avoid_old_style_collision(salt)
+        if salt.length == OLD_STYLE_SALT_LENGTH
+          # If salt is 40 characters, the regexp will think that it is an old-style hash, so add a '0'.
+          "0#{salt}"
+        else
+          salt
+        end
+      end
+
+      # Parses a cost string into its component values
+      def parse_cost_string(cost_string)
+        cost_string.split('$').map { |component| component.to_i(16) }
+      end
+
+      def __sc_calibrate(max_mem, max_memfrac, max_time)
+        raise ArgumentError, 'max_mem must be non-negative' if max_mem.negative?
+        raise ArgumentError, 'max_memfrac must be between 0 and 1' unless (0..1).cover?(max_memfrac)
+        raise ArgumentError, 'max_time must be positive' if max_time <= 0
+
+        calibration = Calibration.new
+        ret_val = SCrypt::Ext.sc_calibrate(max_mem, max_memfrac, max_time, calibration)
+
+        raise "calibration error: return value #{ret_val}" unless ret_val.zero?
+
+        [calibration[:n], calibration[:r], calibration[:p]]
+      end
+
+      def __sc_crypt(secret, salt, cpu_cost, memory_cost, parallelization, key_len)
+        raise ArgumentError, 'secret cannot be nil' if secret.nil?
+        raise ArgumentError, 'salt cannot be nil' if salt.nil?
+        raise ArgumentError, 'key_len must be positive' if key_len <= 0
+        raise ArgumentError, 'cpu_cost must be positive' if cpu_cost <= 0
+        raise ArgumentError, 'memory_cost must be positive' if memory_cost <= 0
+        raise ArgumentError, 'parallelization must be positive' if parallelization <= 0
+
+        result = nil
+
+        FFI::MemoryPointer.new(:char, key_len) do |buffer|
+          ret_val = SCrypt::Ext.crypto_scrypt(
+            secret, secret.bytesize, salt, salt.bytesize,
+            cpu_cost, memory_cost, parallelization,
+            buffer, key_len
+          )
+
+          raise "scrypt error: return value #{ret_val}" unless ret_val.zero?
+
+          result = buffer.read_string(key_len)
+        end
+
+        result
+      end
+    end
+  end
+end

data/lib/scrypt/errors.rb

@@ -0,0 +1,14 @@
+# frozen_string_literal: true
+
+module SCrypt
+  module Errors
+    # The salt parameter provided is invalid.
+    class InvalidSalt   < StandardError; end
+
+    # The hash parameter provided is invalid.
+    class InvalidHash   < StandardError; end
+
+    # The secret parameter provided is invalid.
+    class InvalidSecret < StandardError; end
+  end
+end