technion / libscrypt Goto Github PK

View Code? Open in Web Editor NEW

120.0 13.0 45.0 133 KB

A shared library that implements scrypt() functionality - a replacement for bcrypt()

License: BSD 2-Clause "Simplified" License

Makefile 3.98% C 96.02%

libscrypt's Introduction

libscrypt

Linux scrypt shared library.

Full credit to algorithm designer and example code from Colin Percival here: http://www.tarsnap.com/scrypt.html

Utilises BASE64 encoding library from ISC.

Official project page, including stable tarballs found here: http://www.lolware.net/libscrypt.html

Simple hashing interface

The (reference) internal hashing function can be directly called as follows:

int libscrypt_scrypt(const uint8_t *passwd, size_t passwdlen,
        const uint8_t *salt, size_t saltlen, uint64_t N, uint32_t r, 
        uint32_t p, /*@out@*/ uint8_t *buf, size_t buflen);

Libscrypt's easier to use interface wraps this up to deal with the salt and produce BASE64 output as so:

int libscrypt_hash(char *dst, char *passphrase, uint32_t N, uint8_t r, uint8_t p);

Sane constants have been created for N, r and p so you can create a hash like this:

libscrypt_hash(outbuf, "My cats's breath smells like cat food", SCRYPT_N, SCRYPT_r, SCRYPT_p);

This function sets errno as required for any error conditions.

Output stored in "outbuf" is stored in a standardised MCF form, which means includes the randomly created, 128 bit salt, all N, r and p values, and a BASE64 encoded version of the hash. The entire MCF can be stored in a database, and compared for use as below:

retval = libscrypt_check(mcf, "pleasefailme");
retval < 0 error
retval = 0 password incorrect
retval > 0 pass

mcf should be defined as at least SCRYPT_MCF_LEN in size.

Note that libscrypt_check needs to modify the mcf string and will not return it to the original state. Pass it a copy if you need to keep the original mcf.

A number of internal functions are exposed, and users wishing to create more complex use cases should consult the header file, which is aimed at documenting the API fully.

The test reference is also aimed at providing a well documented use case. Building

make
make check

Check the Makefile for advice on linking against your application.

OSX

Please compile and install with:

make LDFLAGS= CFLAGS_EXTRA=
make install-osx

BUGS

SCRYPT_* constants are probably a little high for something like a Raspberry pi. Using '1' as SCRYPT_p is acceptable from a security and performance standpoint if needed. Experiments were performed with using memset() to zero out passwords as they were checked. This often caused issues with calling applications where the password based have been passed as a const*. We highly recommend implementing your own zeroing function the moment this library is called.

There is apparently an issue when used on Samsung (and perhaps Android in general) devices. See this issue for more information.

Notes on Code Development

Code is now declared "stable", the master branch will always be "stable" and development will be done on branches. The reference machines are Fedora, CentOS, FreeBSD and Raspbian, and the code is expected to compile and run on all of these before being moved to stable branch. Full transparancy on the regular application of thorough testing can be found by reviewing recent test harness results here: http://www.lolware.net/libscrypttesting.txt

Please, no more pull requests for Windows compatibility. If it's important to you - fork the project. I have no intention of pulling an OpenSSL and becoming a maze of ifdefs for platforms I don't even have a build environment for.

I utilise Facebook's "infer" static analyser, in addition to clang's analyzer. Command to run is:

infer -- make

Contact

I can be contacted at: [email protected]

If required, my GPG key can be found at: https://lolware.net/technion-GPG-KEY

Future releases will have the Git tag signed.

Changenotes

v1.1a: Single Makefile line change. I wouldn't ordinarily tag this as a new "release", but the purpose here is to assist with packaging in distributions.

v1.12: The static library is built, but no longer installed by default. You can install it with "make install-static". This is because static libraries are not typically bundled in packages.

v1.13: Minor packaging related update

v1.15: Replaced the b64 libraries with more portable one from ISC. Now tested and verified on a wider variety of architectures. Note, libscrypt_b64_encrypt was originally an exported function. This is no longer the case as it is considered an internal function only.

v1.18: God damnit Apple

v1.19: Code safety cleanups. Now running Coverity.

v1.20: Bigfixes involving large N values, return values on error

libscrypt's People

Contributors

Stargazers

Watchers

libscrypt's Issues

Question for compilation on Windows

Will this work if I attempt to compile on Windows? Or is it Linux only as the README states?

Failure on Samsung6 device

Hi,
in the company I work for (Crypho A.S.) we developed
a scrypt plugin for usage with the apache cordova framework
(https://github.com/Crypho/com.crypho.plugins.scrypt) based on libscrypt.

Everything was smooth until we executed our tests on a Samsung6 mobile.
Libscrypt did not produce the expected results on any of the test cases.
After digging into the code I ended up pining the problem in the salsa20_8 method.
Just adding a printout of the x local variable "solved" the problem. Nasty, I know...
My next move was to declare the variable x as volatile and this also "solved" the issue.

I am not fully convinced that my solution makes sense so I would appreciate any feedback.

Generated shared object has nonstandard name on OS X

On OS X, instead of a .so extension, things usually use a .dylib one.

See: Homebrew/legacy-homebrew#27080

benchmarks and sse2 optimized version

Could you provide a benchmark of libscrypt vs. the reference implementation, like that of scrypt-jane: https://github.com/floodyberry/scrypt-jane

Could you also also consider adding an sse2 optimized version like the reference version has.

libscrypt_hash() return value not documented

Judging from the source, libscrypt_hash() returns 0 on failure and nonzero on success, which is the opposite of what the header file says for the reference function libscrypt_scrypt(). Perhaps the return of libscrypt_hash() should be documented in the header as well, at least for completeness's sake.

Release with a version number?

Would it be possible to make a github release with some version number? The person porting this thing to FreeBSD says there might be problems down the line if they invent an arbitrary version number for what's available now.

Redundancy in makefile

If you run a "make", then shortly after a "make check", the library is relinked. I've been unable to determine why this cosmetic bug exists.

snprintf() doesn't work the way you think it works

Hi,

On line 69 of crypto-mcf.c you compare the result value of calling snprintf:

    if (s > SCRYPT_MCF_LEN)
        return 0;

Sadly this doesn't match the manpage for snprintf which states: Thus, a return value of size or more means that the output was truncated

You had a fix which increased the define for the MCF length by 1 which masked this issue, but this is likely the underlying cause of confusion surrounding test thirteen's failure mode before that fix.

Coverity issue 56115

"Possible bad shift: Left shifting by more than 31 bits has undefined behaviour". Issue introduced by d14aa0e.

What are N, r and p?

Sorry if this is a stupid question, just trying to figure out what these values are in terms of the libscrypt_hash function.

Document how long outbuf needs to be

Right now the README doesn't explain how to know how much space to allocate for outbuf, it would be nice if it explained this.

The libscrypt_scrypt function takes 8 to 13 seconds to run.

On iPhone X.
Is that right ? please!

{n: 262144, r: 8, p: 1, dklen: 32}

make install does not work

It fails with:

==> make install PREFIX=/usr/local/Cellar/libscrypt/1.16 LDFLAGS= CFLAGS_EXTRA=
make: *** No rule to make target `library', needed by `install'.  Stop.

It appears to refer to a non-existant target?

can not be linked together with openssl

Some of the sha256 functions are also defined in openssl library.
So there is an "already defined in" error during linking.
Here is a patch to rename the functions:

diff --git a/crypto_scrypt-nosse.c b/crypto_scrypt-nosse.c
index 6d183ae..f54e42e 100644
--- a/crypto_scrypt-nosse.c
+++ b/crypto_scrypt-nosse.c
@@ -307,7 +307,7 @@ libscrypt_scrypt(const uint8_t * passwd, size_t passwdlen,
 #endif

    /* 1: (B_0 ... B_{p-1}) <-- PBKDF2(P, S, 1, p * MFLen) */
-   PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, 1, B, p * 128 * r);
+   libscrypt_PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, 1, B, p * 128 * r);

    /* 2: for i = 0 to p - 1 do */
    for (i = 0; i < p; i++) {
@@ -316,7 +316,7 @@ libscrypt_scrypt(const uint8_t * passwd, size_t passwdlen,
    }

    /* 5: DK <-- PBKDF2(P, B, 1, dkLen) */
-   PBKDF2_SHA256(passwd, passwdlen, B, p * 128 * r, 1, buf, buflen);
+   libscrypt_PBKDF2_SHA256(passwd, passwdlen, B, p * 128 * r, 1, buf, buflen);

    /* Free memory. */
 #ifdef MAP_ANON
diff --git a/sha256.c b/sha256.c
index d2f915f..279e3cf 100644
--- a/sha256.c
+++ b/sha256.c
@@ -203,15 +203,15 @@ SHA256_Pad(SHA256_CTX * ctx)
    /* Add 1--64 bytes so that the resulting length is 56 mod 64 */
    r = (ctx->count[1] >> 3) & 0x3f;
    plen = (r < 56) ? (56 - r) : (120 - r);
-   SHA256_Update(ctx, PAD, (size_t)plen);
+   libscrypt_SHA256_Update(ctx, PAD, (size_t)plen);

    /* Add the terminating bit-count */
-   SHA256_Update(ctx, len, 8);
+   libscrypt_SHA256_Update(ctx, len, 8);
 }

 /* SHA-256 initialization.  Begins a SHA-256 operation. */
 void
-SHA256_Init(SHA256_CTX * ctx)
+libscrypt_SHA256_Init(SHA256_CTX * ctx)
 {

    /* Zero bits processed so far */
@@ -230,7 +230,7 @@ SHA256_Init(SHA256_CTX * ctx)

 /* Add bytes into the hash */
 void
-SHA256_Update(SHA256_CTX * ctx, const void *in, size_t len)
+libscrypt_SHA256_Update(SHA256_CTX * ctx, const void *in, size_t len)
 {
    uint32_t bitlen[2];
    uint32_t r;
@@ -276,7 +276,7 @@ SHA256_Update(SHA256_CTX * ctx, const void *in, size_t len)
  * and clears the context state.
  */
 void
-SHA256_Final(unsigned char digest[32], SHA256_CTX * ctx)
+libscrypt_SHA256_Final(unsigned char digest[32], SHA256_CTX * ctx)
 {

    /* Add padding */
@@ -291,7 +291,7 @@ SHA256_Final(unsigned char digest[32], SHA256_CTX * ctx)

 /* Initialize an HMAC-SHA256 operation with the given key. */
 void
-HMAC_SHA256_Init(HMAC_SHA256_CTX * ctx, const void * _K, size_t Klen)
+libscrypt_HMAC_SHA256_Init(HMAC_SHA256_CTX * ctx, const void * _K, size_t Klen)
 {
    unsigned char pad[64];
    unsigned char khash[32];
@@ -300,26 +300,26 @@ HMAC_SHA256_Init(HMAC_SHA256_CTX * ctx, const void * _K, size_t Klen)

    /* If Klen > 64, the key is really SHA256(K). */
    if (Klen > 64) {
-       SHA256_Init(&ctx->ictx);
-       SHA256_Update(&ctx->ictx, K, Klen);
-       SHA256_Final(khash, &ctx->ictx);
+       libscrypt_SHA256_Init(&ctx->ictx);
+       libscrypt_SHA256_Update(&ctx->ictx, K, Klen);
+       libscrypt_SHA256_Final(khash, &ctx->ictx);
        K = khash;
        Klen = 32;
    }

    /* Inner SHA256 operation is SHA256(K xor [block of 0x36] || data). */
-   SHA256_Init(&ctx->ictx);
+   libscrypt_SHA256_Init(&ctx->ictx);
    memset(pad, 0x36, 64);
    for (i = 0; i < Klen; i++)
        pad[i] ^= K[i];
-   SHA256_Update(&ctx->ictx, pad, 64);
+   libscrypt_SHA256_Update(&ctx->ictx, pad, 64);

    /* Outer SHA256 operation is SHA256(K xor [block of 0x5c] || hash). */
-   SHA256_Init(&ctx->octx);
+   libscrypt_SHA256_Init(&ctx->octx);
    memset(pad, 0x5c, 64);
    for (i = 0; i < Klen; i++)
        pad[i] ^= K[i];
-   SHA256_Update(&ctx->octx, pad, 64);
+   libscrypt_SHA256_Update(&ctx->octx, pad, 64);

    /* Clean the stack. */
    memset(khash, 0, 32);
@@ -327,27 +327,27 @@ HMAC_SHA256_Init(HMAC_SHA256_CTX * ctx, const void * _K, size_t Klen)

 /* Add bytes to the HMAC-SHA256 operation. */
 void
-HMAC_SHA256_Update(HMAC_SHA256_CTX * ctx, const void *in, size_t len)
+libscrypt_HMAC_SHA256_Update(HMAC_SHA256_CTX * ctx, const void *in, size_t len)
 {

    /* Feed data to the inner SHA256 operation. */
-   SHA256_Update(&ctx->ictx, in, len);
+   libscrypt_SHA256_Update(&ctx->ictx, in, len);
 }

 /* Finish an HMAC-SHA256 operation. */
 void
-HMAC_SHA256_Final(unsigned char digest[32], HMAC_SHA256_CTX * ctx)
+libscrypt_HMAC_SHA256_Final(unsigned char digest[32], HMAC_SHA256_CTX * ctx)
 {
    unsigned char ihash[32];

    /* Finish the inner SHA256 operation. */
-   SHA256_Final(ihash, &ctx->ictx);
+   libscrypt_SHA256_Final(ihash, &ctx->ictx);

    /* Feed the inner hash to the outer SHA256 operation. */
-   SHA256_Update(&ctx->octx, ihash, 32);
+   libscrypt_SHA256_Update(&ctx->octx, ihash, 32);

    /* Finish the outer SHA256 operation. */
-   SHA256_Final(digest, &ctx->octx);
+   libscrypt_SHA256_Final(digest, &ctx->octx);

    /* Clean the stack. */
    memset(ihash, 0, 32);
@@ -359,7 +359,7 @@ HMAC_SHA256_Final(unsigned char digest[32], HMAC_SHA256_CTX * ctx)
  * write the output to buf.  The value dkLen must be at most 32 * (2^32 - 1).
  */
 void
-PBKDF2_SHA256(const uint8_t * passwd, size_t passwdlen, const uint8_t * salt,
+libscrypt_PBKDF2_SHA256(const uint8_t * passwd, size_t passwdlen, const uint8_t * salt,
     size_t saltlen, uint64_t c, uint8_t * buf, size_t dkLen)
 {
    HMAC_SHA256_CTX PShctx, hctx;
@@ -372,8 +372,8 @@ PBKDF2_SHA256(const uint8_t * passwd, size_t passwdlen, const uint8_t * salt,
    size_t clen;

    /* Compute HMAC state after processing P and S. */
-   HMAC_SHA256_Init(&PShctx, passwd, passwdlen);
-   HMAC_SHA256_Update(&PShctx, salt, saltlen);
+   libscrypt_HMAC_SHA256_Init(&PShctx, passwd, passwdlen);
+   libscrypt_HMAC_SHA256_Update(&PShctx, salt, saltlen);

    /* Iterate through the blocks. */
    for (i = 0; i * 32 < dkLen; i++) {
@@ -382,17 +382,17 @@ PBKDF2_SHA256(const uint8_t * passwd, size_t passwdlen, const uint8_t * salt,

        /* Compute U_1 = PRF(P, S || INT(i)). */
        memcpy(&hctx, &PShctx, sizeof(HMAC_SHA256_CTX));
-       HMAC_SHA256_Update(&hctx, ivec, 4);
-       HMAC_SHA256_Final(U, &hctx);
+       libscrypt_HMAC_SHA256_Update(&hctx, ivec, 4);
+       libscrypt_HMAC_SHA256_Final(U, &hctx);

        /* T_i = U_1 ... */
        memcpy(T, U, 32);

        for (j = 2; j <= c; j++) {
            /* Compute U_j. */
-           HMAC_SHA256_Init(&hctx, passwd, passwdlen);
-           HMAC_SHA256_Update(&hctx, U, 32);
-           HMAC_SHA256_Final(U, &hctx);
+           libscrypt_HMAC_SHA256_Init(&hctx, passwd, passwdlen);
+           libscrypt_HMAC_SHA256_Update(&hctx, U, 32);
+           libscrypt_HMAC_SHA256_Final(U, &hctx);

            /* ... xor U_j ... */
            for (k = 0; k < 32; k++)
diff --git a/sha256.h b/sha256.h
index 580183a..f7138b4 100644
--- a/sha256.h
+++ b/sha256.h
@@ -33,38 +33,38 @@

 #include <stdint.h>

-typedef struct SHA256Context {
+typedef struct libscrypt_SHA256Context {
    uint32_t state[8];
    uint32_t count[2];
    unsigned char buf[64];
 } SHA256_CTX;

-typedef struct HMAC_SHA256Context {
+typedef struct libscrypt_HMAC_SHA256Context {
    SHA256_CTX ictx;
    SHA256_CTX octx;
 } HMAC_SHA256_CTX;

-void   SHA256_Init(/*@out@*/ SHA256_CTX *);
-void   SHA256_Update(SHA256_CTX *, const void *, size_t);
+void   libscrypt_SHA256_Init(/*@out@*/ SHA256_CTX *);
+void   libscrypt_SHA256_Update(SHA256_CTX *, const void *, size_t);

 /* Original declaration: 
  * void    SHA256_Final(unsigned char [32], SHA256_CTX *);
 */
-void   SHA256_Final(/*@out@*/ unsigned char [], SHA256_CTX *);
-void   HMAC_SHA256_Init(HMAC_SHA256_CTX *, const void *, size_t);
-void   HMAC_SHA256_Update(HMAC_SHA256_CTX *, const void *, size_t);
+void   libscrypt_SHA256_Final(/*@out@*/ unsigned char [], SHA256_CTX *);
+void   libscrypt_HMAC_SHA256_Init(HMAC_SHA256_CTX *, const void *, size_t);
+void   libscrypt_HMAC_SHA256_Update(HMAC_SHA256_CTX *, const void *, size_t);

 /* Original declaration:
  * void    HMAC_SHA256_Final(unsigned char [32], HMAC_SHA256_CTX *);
 */
-void   HMAC_SHA256_Final(unsigned char [], HMAC_SHA256_CTX *);
+void   libscrypt_HMAC_SHA256_Final(unsigned char [], HMAC_SHA256_CTX *);

 /**
  * PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, c, buf, dkLen):
  * Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-SHA256 as the PRF, and
  * write the output to buf.  The value dkLen must be at most 32 * (2^32 - 1).
  */
-void   PBKDF2_SHA256(const uint8_t *, size_t, const uint8_t *, size_t,
+void   libscrypt_PBKDF2_SHA256(const uint8_t *, size_t, const uint8_t *, size_t,
     uint64_t, uint8_t *, size_t);

 #endif /* !_SHA256_H_ */

Setting fixed salt with libscrypt_hash

Title is self explanatory. How can I set a fixed salt in the libscrypt_hash function, for i.e getting a specific salt from the system to check password input against a predetermined hash.

Compiler warning about uint64_t to uint32_t downcast

Hi, getting the following error when compiling with Xcode 6.1 (clang):

libscrypt/crypto_scrypt-check.c:84:14: warning: implicit conversion loses integer precision: 'uint64_t' (aka 'unsigned long long') to 'uint32_t' (aka 'unsigned int') [-Wshorten-64-to-32]
N = ipow(2, N);
~~~~ ^

N is declared as uint64_t. Is it OK to change the definition to uint32_t, or is there a reason why it's bigger?

Test failure on macOS with Xcode 15 / clang 15

We compile with:

make install-osx PREFIX=/opt/homebrew/Cellar/libscrypt/1.22 LDFLAGS= LDFLAGS_EXTRA= CFLAGS_EXTRA=

then run checks with:

$ make check LDFLAGS= LDFLAGS_EXTRA= CFLAGS_EXTRA=
LD_LIBRARY_PATH=. ./reference
TEST ONE: Direct call to reference function with password 'password' and salt 'NaCL'
TEST ONE: SUCCESSFUL
TEST ONE and a half: Review errno on invalid input
TEST ONE and a half: Successfully failed on error: Invalid argument
TEST TWO: Convert binary output to hex
TEST TWO: SUCCESSFUL, Hex output is:
06f8551fcbac81156d42f53707eea6a74ae4c344f5f03be9340da145cb4ebe0a129f587fb2fcf211da5276c6fd9b29c1eb1995145eac7f23e211070412a1498c
TEST THREE: Compare hex output to reference hash output
TEST THREE: FAILED to match reference on hash
make: *** [check] Error 1

The check passes with clang 14

Confusion about return values after change in libscrypt_scrypt()

Hi!

It seems that after a change in return values in libscrypt_scrypt(), there is still some confusion in the library itself:
In crypto_scrypt-hash.c you do:

retval = libscrypt_scrypt(...)
if(retval == -1)
    return 0;

But after commit 7cd8a4f you don't indicate error with -1 from libscrypt_scrypt(). So there could perfectly be an error with errno set, and this check would evaluate to false, and continue.

But the whole return value change doesn't make much sense to me either, and IMHO, it is a pretty crucial part of the library, and there was not much warning about this change. Even you forgot to follow this deeper into the library. Previously, when error was indicated with -1, the caller could simply check errno if he or she wanted to, and be done with it.
Now you also must ensure in libscrypt_scrypt(), that errno is definitely set before every "goto err0;", otherwise, errno might contain 0, and you end up with an erroneously successful call. (nevermind mind that now every caller must change the retval check for libscrypt_scrypt()...).
I really don't want to be offensive, I'm just wondering about the why. Or maybe I'm just still drunk on christmas cookies, and seeing some things different than they are.

Daniel

OS X linking issues

The Makefile specifies an install-osx target that renames libscrypt.so.0 to libscrypt.0.dylib. Unfortunately this rename actually causes the library to be unusable as the internal name of the library is still libscrypt.so.0:

$ otool -L libscrypt.0.dylib
libscrypt.so.0:
    libscrypt.so.0 (compatibility version 0.0.0, current version 0.0.0)
    /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1213.0.0)

I am not particularly skilled with Makefiles so I'm unsure what the correct fix is here. If you manually change the Makefile to use libscrypt.0.dylib as its native name then everything works as expected, but that is not a real fix.

`ld: unknown option: -z` error for osx build

👋 trying to build the latest release, but run into some build issue. The error log is as below:

build error

  ==> make check LDFLAGS= CFLAGS_EXTRA=
  clang  -D_FORTIFY_SOURCE=2 -fPIC   -c -o main.o main.c
  clang  -D_FORTIFY_SOURCE=2 -fPIC   -c -o crypto_scrypt-hexconvert.o crypto_scrypt-hexconvert.c
  ln -s -f libscrypt.so.0 libscrypt.so
  clang -o reference main.o b64.o crypto_scrypt-hexconvert.o  -D_FORTIFY_SOURCE=2 -fPIC -Wl,-z,relro -L.  -lscrypt
  ld: unknown option: -z
  clang: error: linker command failed with exit code 1 (use -v to see invocation)
  make: *** [reference] Error 1

full build log, https://github.com/Homebrew/homebrew-core/runs/5154594733
relates to Homebrew/homebrew-core#94934

Project homepage broken

In README.md you mentioned that the project homepage is http://www.lolware.net/libscrypt.html . However, this link now returns 404.

How to install this library to project in ubuntu?

I'm working on open source project.
there is a statement #include <libscrypt.h>.
If this repository supports libscrypt, please let me know the solution.

test NINE failing on big endian platforms

We get the 9th test to fail on big endian platforms like ppc and s390, both 32-bit and 64-bit fail. Not sure about the following tests as the test app exits after first failure.

gcc -Wall -o reference main.o -Wl,-rpath=. -L. -lscrypt
./reference
TEST ONE: Direct call to reference function with password 'password' and salt 'NaCL'
TEST ONE: SUCCESSFUL
TEST TWO: Convert binary output to hex
TEST TWO: SUCCESSFUL, Hex output is:
fdbabe1c9d3472007856e7190d01e9fe7c6ad7cbc8237830e77376634b3731622eaf30d92e22a3886ff109279d9830dac727afb94a83ee6d8360cbdfa2cc0640
TEST THREE: Compare hex output to reference hash output
TEST THREE: SUCCESSUL, Test vector matched!
TEST FOUR: Direct call to reference function with pleaseletmein password and SodiumChloride as salt
TEST FOUR: SUCCESSFUL
TEST FIVE: Convert binary output to hex
TEST FIVE: SUCCESSFUL, Hex output is:
7023bdcb3afd7348461c06cd81fd38ebfda8fbba904f8e3ea9b543f6545da1f2d5432955613f0fcf62d49705242a9af9e61e85dc0d651e40dfcf017b45575887
TEST SIX: Compare hex output to reference hash output
TEST SIX: SUCCESSUL, Test vector matched!
TEST SEVEN: BASE64 encoding the salt and hash output
TEST SEVEN: SUCCESSFUL
TEST EIGHT: Create an MCF format output
TEST EIGHT: SUCCESSFUL, calculated mcf
$s1$0e0801$U29kaXVtQ2hsb3JpZGU=$cCO9yzr9c0hGHAbNgf046/2o+7qQT44+qbVD9lRdofLVQylVYT8Pz2LUlwUkKpr55h6F3A1lHkDfzwF7RVdYhw==
TEST NINE: Password verify on given MCF
TEST NINE: FAILED, hash failed to calculate
make: *** [check] Error 1

Error with make on *nix

When I run make on Deb this is the error I'm getting.

ln -s -f libscrypt.so.0 libscrypt.so
cc -Wall -o reference main.o  b64.o -Wl,-rpath=. -L.  -lscrypt
./libscrypt.so: undefined reference to `log'
collect2: error: ld returned 1 exit status
make: *** [reference] Error 1

Tag new release

The project's latest tag is created more than 6 years ago.
Could you create a new formal tag?
Thanks!

libscrypt_scrypt returns binary, yet libscrypt_mcf expects base64

Previously I could access the b64 encode functionality from libscrypt. You seem to have hidden this functionality and thus made it impossible to use libscrypt_crypt and libscrypt_mcf as far as I can tell.

Could you please tell me how to use those functions now that the b64_encode is no longer exposed?

Thanks,

Daniel.

Simple hashing & checking example doesn't work

What am I doing wrong?

Example output:

$s1$0e0810$gDkDQGQo0pFlOyhbMbsFOA==$iyKYbepoMPb63RE0ED3iG05MccJCGBSy0sMFN/SvbybRwuDxyxmdPBBAe2pR6QC3HOVc9KGxJ99w9mNg9NdMAw=
retval:0

#include <stdio.h>
#include <stdlib.h>
#include <libscrypt.h>


int main (void)
{
    char mcf[SCRYPT_MCF_LEN];

    libscrypt_hash(mcf, "test", SCRYPT_N, SCRYPT_r, SCRYPT_p);
    printf("%s\n", mcf);

    int a = libscrypt_check(mcf, "test");
    printf("retval:%d\n", a);

    return 0;
}

Export SHA256

Can I export sha256 function from this library?

Signature in the readme doesn't match header

The README describes:

int libscrypt_scrypt(char *dst, char *passphrase, uint32_t N, uint8_t r, uint8_t p);

While the header features:

int libscrypt_scrypt(const uint8_t *, size_t, const uint8_t *, size_t, uint64_t,
    uint32_t, uint32_t, /*@out@*/ uint8_t *, size_t);

libscrypt does not compile on OS X

I assume this is a result of the GNU vs. clang toolchain. Anyways, here is the error:

$ make
gcc -O2 -Wall -g -D_FORTIFY_SOURCE=2 -fstack-protector -fPIC   -c -o crypto_scrypt-nosse.o crypto_scrypt-nosse.c
gcc -O2 -Wall -g -D_FORTIFY_SOURCE=2 -fstack-protector -fPIC   -c -o sha256.o sha256.c
gcc -O2 -Wall -g -D_FORTIFY_SOURCE=2 -fstack-protector -fPIC   -c -o crypto_scrypt-hexconvert.o crypto_scrypt-hexconvert.c
gcc -O2 -Wall -g -D_FORTIFY_SOURCE=2 -fstack-protector -fPIC   -c -o crypto-mcf.o crypto-mcf.c
gcc -O2 -Wall -g -D_FORTIFY_SOURCE=2 -fstack-protector -fPIC   -c -o b64.o b64.c
gcc -O2 -Wall -g -D_FORTIFY_SOURCE=2 -fstack-protector -fPIC   -c -o crypto-scrypt-saltgen.o crypto-scrypt-saltgen.c
gcc -O2 -Wall -g -D_FORTIFY_SOURCE=2 -fstack-protector -fPIC   -c -o crypto_scrypt-check.o crypto_scrypt-check.c
gcc -O2 -Wall -g -D_FORTIFY_SOURCE=2 -fstack-protector -fPIC   -c -o crypto_scrypt-hash.o crypto_scrypt-hash.c
gcc  -Wl,-z,now -Wl,-z,relro -shared -Wl,-soname,libscrypt.so.0 -Wl,--version-script=libscrypt.version -o libscrypt.so.0 -lc -lm  crypto_scrypt-nosse.o sha256.o crypto_scrypt-hexconvert.o crypto-mcf.o b64.o crypto-scrypt-saltgen.o crypto_scrypt-check.o crypto_scrypt-hash.o
ld: unknown option: -z
clang: error: linker command failed with exit code 1 (use -v to see invocation)
make: *** [library] Error 1