2 * Copyright 2009 Colin Percival, 2011 ArtForz, 2011 pooler, 2013 Balthazar
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * This file was originally written by Colin Percival as part of the Tarsnap
27 * online backup system.
39 #define SCRYPT_BUFFER_SIZE (131072 + 63)
41 #if defined (__x86_64__) || defined (__i386__)
42 extern "C" void scrypt_core(uint32_t *X, uint32_t *V);
44 // TODO: Add cross-platform scrypt_core implementation
47 /* cpu and memory intensive function to transform a 80 byte buffer into a 32 byte output
48 scratchpad size needs to be at least 63 + (128 * r * p) + (256 * r + 64) + (128 * r * N) bytes
49 r = 1, p = 1, N = 1024
52 uint256 scrypt_nosalt(const void* input, size_t inputlen, void *scratchpad)
57 V = (uint32_t *)(((uintptr_t)(scratchpad) + 63) & ~ (uintptr_t)(63));
59 PBKDF2_SHA256((const uint8_t*)input, inputlen, (const uint8_t*)input, inputlen, 1, (uint8_t *)X, 128);
61 PBKDF2_SHA256((const uint8_t*)input, inputlen, (uint8_t *)X, 128, 1, (uint8_t*)&result, 32);
66 uint256 scrypt(const void* data, size_t datalen, const void* salt, size_t saltlen, void *scratchpad)
71 V = (uint32_t *)(((uintptr_t)(scratchpad) + 63) & ~ (uintptr_t)(63));
73 PBKDF2_SHA256((const uint8_t*)data, datalen, (const uint8_t*)salt, saltlen, 1, (uint8_t *)X, 128);
75 PBKDF2_SHA256((const uint8_t*)data, datalen, (uint8_t *)X, 128, 1, (uint8_t*)&result, 32);
80 uint256 scrypt_hash(const void* input, size_t inputlen)
82 unsigned char scratchpad[SCRYPT_BUFFER_SIZE];
83 return scrypt_nosalt(input, inputlen, scratchpad);
86 uint256 scrypt_salted_hash(const void* input, size_t inputlen, const void* salt, size_t saltlen)
88 unsigned char scratchpad[SCRYPT_BUFFER_SIZE];
89 return scrypt(input, inputlen, salt, saltlen, scratchpad);
92 uint256 scrypt_salted_multiround_hash(const void* input, size_t inputlen, const void* salt, size_t saltlen, const unsigned int nRounds)
94 uint256 resultHash = scrypt_salted_hash(input, inputlen, salt, saltlen);
95 uint256 transitionalHash = resultHash;
97 for(unsigned int i = 1; i < nRounds; i++)
99 resultHash = scrypt_salted_hash(input, inputlen, (const void*)&transitionalHash, 32);
100 transitionalHash = resultHash;
106 uint256 scrypt_blockhash(const void* input)
108 unsigned char scratchpad[SCRYPT_BUFFER_SIZE];
109 return scrypt_nosalt(input, 80, scratchpad);