File: Scrypt.hs

package info (click to toggle)
haskell-crypton 1.0.4-3
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 3,548 kB
  • sloc: haskell: 26,764; ansic: 22,294; makefile: 6
file content (80 lines) | stat: -rw-r--r-- 2,708 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
 
{-# LANGUAGE BangPatterns #-}
{-# LANGUAGE ForeignFunctionInterface #-}

-- |
-- Module      : Crypto.KDF.Scrypt
-- License     : BSD-style
-- Maintainer  : Vincent Hanquez <vincent@snarc.org>
-- Stability   : experimental
-- Portability : unknown
--
-- Scrypt key derivation function as defined in Colin Percival's paper
-- "Stronger Key Derivation via Sequential Memory-Hard Functions"
-- <http://www.tarsnap.com/scrypt/scrypt.pdf>.
module Crypto.KDF.Scrypt (
    Parameters (..),
    generate,
) where

import Control.Monad (forM_)
import Data.Word
import Foreign.Marshal.Alloc
import Foreign.Ptr (Ptr, plusPtr)

import Crypto.Hash (SHA256 (..))
import Crypto.Internal.ByteArray (ByteArray, ByteArrayAccess)
import qualified Crypto.Internal.ByteArray as B
import Crypto.Internal.Compat (popCount, unsafeDoIO)
import qualified Crypto.KDF.PBKDF2 as PBKDF2

-- | Parameters for Scrypt
data Parameters = Parameters
    { n :: Word64
    -- ^ Cpu/Memory cost ratio. must be a power of 2 greater than 1. also known as N.
    , r :: Int
    -- ^ Must satisfy r * p < 2^30
    , p :: Int
    -- ^ Must satisfy r * p < 2^30
    , outputLength :: Int
    -- ^ the number of bytes to generate out of Scrypt
    }

foreign import ccall "crypton_scrypt_smix"
    ccrypton_scrypt_smix
        :: Ptr Word8 -> Word32 -> Word64 -> Ptr Word8 -> Ptr Word8 -> IO ()

-- | Generate the scrypt key derivation data
generate
    :: (ByteArrayAccess password, ByteArrayAccess salt, ByteArray output)
    => Parameters
    -> password
    -> salt
    -> output
generate params password salt
    | r params * p params >= 0x40000000 =
        error "Scrypt: invalid parameters: r and p constraint"
    | popCount (n params) /= 1 =
        error "Scrypt: invalid parameters: n not a power of 2"
    | otherwise = unsafeDoIO $ do
        let b = PBKDF2.generate prf (PBKDF2.Parameters 1 intLen) password salt :: B.Bytes
        newSalt <- B.copy b $ \bPtr ->
            allocaBytesAligned (128 * (fromIntegral $ n params) * (r params)) 8 $ \v ->
                allocaBytesAligned (256 * r params + 64) 8 $ \xy -> do
                    forM_ [0 .. (p params - 1)] $ \i ->
                        ccrypton_scrypt_smix
                            (bPtr `plusPtr` (i * 128 * (r params)))
                            (fromIntegral $ r params)
                            (n params)
                            v
                            xy

        return $
            PBKDF2.generate
                prf
                (PBKDF2.Parameters 1 (outputLength params))
                password
                (newSalt :: B.Bytes)
  where
    prf = PBKDF2.prfHMAC SHA256
    intLen = p params * 128 * r params
{-# NOINLINE generate #-}