• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..03-May-2022-

.gitignoreH A D09-Jul-201549 87

LICENSEH A D09-Jul-20151.3 KiB106

MakefileH A D03-May-20222.1 KiB5845

README.mdH A D09-Jul-20154.5 KiB10869

b64.cH A D09-Jul-201510.1 KiB314153

b64.hH A D09-Jul-2015406 117

crypto-mcf.cH A D09-Jul-20151.4 KiB7450

crypto-scrypt-saltgen.cH A D09-Jul-2015803 4936

crypto_scrypt-check.cH A D09-Jul-20151.9 KiB10668

crypto_scrypt-hash.cH A D09-Jul-2015945 4535

crypto_scrypt-hexconvert.cH A D09-Jul-2015904 3617

crypto_scrypt-hexconvert.hH A D09-Jul-2015249 104

crypto_scrypt-nosse.cH A D09-Jul-20158.8 KiB343207

libscrypt.hH A D09-Jul-20152.5 KiB7829

libscrypt.versionH A D09-Jul-2015125 98

main.cH A D03-May-20227.1 KiB245157

sha256.cH A D09-Jul-201511.1 KiB412257

sha256.hH A D09-Jul-20152.6 KiB7122

slowequals.cH A D09-Jul-2015459 2720

slowequals.hH A D09-Jul-2015159 61

sysendian.hH A D09-Jul-20153.8 KiB14592

README.md

1libscrypt
2=========
3Linux scrypt shared library.
4
5Full credit to algorithm designer and example code from Colin Percival here:
6http://www.tarsnap.com/scrypt.html
7
8Utilises BASE64 encoding library from ISC.
9
10Official project page, including stable tarballs found here:
11http://www.lolware.net/libscrypt.html
12
13Simple hashing interface
14
15The (reference) internal hashing function can be directly called as follows:
16
17    int libscrypt_scrypt(const uint8_t *passwd, size_t passwdlen,
18            const uint8_t *salt, size_t saltlen, uint64_t N, uint32_t r,
19            uint32_t p, /*@out@*/ uint8_t *buf, size_t buflen);
20
21Libscrypt's easier to use interface wraps this up to deal with the salt and produce BASE64 output as so:
22
23    int libscrypt_hash(char *dst, char *passphrase, uint32_t N, uint8_t r, uint8_t p);
24
25Sane constants have been created for N, r and p so you can create a hash like this:
26
27    libscrypt_hash(outbuf, "My cats's breath smells like cat food", SCRYPT_N, SCRYPT_r, SCRYPT_p);
28
29This function sets errno as required for any error conditions.
30
31Output stored in "outbuf" is stored in a standardised MCF form, which means includes the randomly created, 128 bit salt, all N, r and p values, and a BASE64 encoded version of the hash. The entire MCF can be stored in a database, and compared for use as below:
32
33    retval = libscrypt_check(mcf, "pleasefailme");
34    retval < 0 error
35    retval = 0 password incorrect
36    retval > 0 pass
37
38mcf should be defined as at least SCRYPT_MCF_LEN in size.
39
40Note that libscrypt_check needs to modify the mcf string and will not return it
41to the original state. Pass it a copy if you need to keep the original mcf.
42
43A number of internal functions are exposed, and users wishing to create more complex use cases should consult the header file, which is aimed at documenting the API fully.
44
45The test reference is also aimed at providing a well documented use case.
46Building
47--------
48    make
49    make check
50Check the Makefile for advice on linking against your application.
51
52OSX
53-----
54Please compile and install with:
55
56    make LDFLAGS= CFLAGS_EXTRA=
57    make install-osx
58
59
60BUGS
61----
62SCRYPT_* constants are probably a little high for something like a Raspberry pi. Using '1' as SCRYPT_p is acceptable from a security and performance standpoint if needed.
63Experiments were performed with using memset() to zero out passwords as they were checked. This often caused issues with calling applications where the password based have been passed as a const*. We highly recommend implementing your own zeroing function the moment this library is called.
64
65Notes on Code Development
66------------------------
67
68Code is now declared "stable", the master branch will always be "stable" and development will be done on branches.
69The reference machines are Fedora, CentOS, FreeBSD and Raspbian, and the code is expected to compile and run on all of these before being moved to stable branch.
70Full transparancy on the regular application of thorough testing can be found by reviewing recent test harness results here:
71http://www.lolware.net/libscrypttesting.txt
72
73Please, no more pull requests for Windows compatibility. If it's important to you - fork the project. I have no intention of pulling an OpenSSL and becoming a maze of ifdefs for platforms I don't even have a build environment for.
74
75I utilise Facebook's "infer" static analyser, in addition to clang's analyzer. Command to run is:
76
77    infer -- make
78
79Contact
80-------
81I can be contacted at: technion@lolware.net
82
83If required, my GPG key can be found at: https://lolware.net/technion-GPG-KEY
84
85Future releases will have the Git tag signed.
86
87
88Changenotes
89-----------
90v1.1a: Single Makefile line change. I wouldn't ordinarily tag this as a new "release", but the purpose here is to assist with packaging in distributions.
91
92v1.12: The static library is built, but no longer installed by default. You can install it with "make install-static". This is because static libraries are not typically bundled in packages.
93
94v1.13: Minor packaging related update
95
96v1.15: Replaced the b64 libraries with more portable one from ISC. Now tested and verified on a wider variety of architectures. Note, libscrypt_b64_encrypt was originally an exported function. This is no longer the case as it is considered an internal function only.
97
98v1.18: God damnit Apple
99
100v1.19: Code safety cleanups. Now running Coverity.
101
102v1.20: Bigfixes involving large N values, return values on error
103
104<a href="https://scan.coverity.com/projects/2173">
105  <img alt="Coverity Scan Build Status"
106         src="https://scan.coverity.com/projects/2173/badge.svg"/>
107 </a>
108