1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
|
#!/usr/bin/env python
import os
import sys
from ctypes import (
POINTER,
c_char_p,
c_double,
c_int,
c_size_t,
c_uint32,
c_uint64,
cdll,
create_string_buffer,
pointer,
)
if sys.version_info >= (3, 8) and sys.platform == 'win32':
lib_path = os.path.join(os.path.normpath(sys.prefix), 'Library', 'bin')
build_dir = os.path.join(os.path.dirname(__file__), '../')
if os.path.exists(lib_path):
os.add_dll_directory(lib_path)
if os.path.exists(build_dir):
os.add_dll_directory(build_dir)
import importlib
import importlib.util
_scrypt = cdll.LoadLibrary(importlib.util.find_spec('_scrypt').origin)
__version__ = '0.8.27'
_scryptenc_buf = _scrypt.exp_scryptenc_buf
_scryptenc_buf.argtypes = [
c_char_p, # const uint_t *inbuf
c_size_t, # size_t inbuflen
c_char_p, # uint8_t *outbuf
c_char_p, # const uint8_t *passwd
c_size_t, # size_t passwdlen
c_size_t, # size_t maxmem
c_double, # double maxmemfrac
c_double, # double maxtime
c_int, # int verbose
]
_scryptenc_buf.restype = c_int
_scryptdec_buf = _scrypt.exp_scryptdec_buf
_scryptdec_buf.argtypes = [
c_char_p, # const uint8_t *inbuf
c_size_t, # size_t inbuflen
c_char_p, # uint8_t *outbuf
POINTER(c_size_t), # size_t *outlen
c_char_p, # const uint8_t *passwd
c_size_t, # size_t passwdlen
c_size_t, # size_t maxmem
c_double, # double maxmemfrac
c_double, # double maxtime
c_int, # int verbose
c_int, # int force
]
_scryptdec_buf.restype = c_int
_crypto_scrypt = _scrypt.exp_crypto_scrypt
_crypto_scrypt.argtypes = [
c_char_p, # const uint8_t *passwd
c_size_t, # size_t passwdlen
c_char_p, # const uint8_t *salt
c_size_t, # size_t saltlen
c_uint64, # uint64_t N
c_uint32, # uint32_t r
c_uint32, # uint32_t p
c_char_p, # uint8_t *buf
c_size_t, # size_t buflen
]
_crypto_scrypt.restype = c_int
ERROR_MESSAGES = [
'success',
'getrlimit or sysctl(hw.usermem) failed',
'clock_getres or clock_gettime failed',
'error computing derived key',
'could not read salt from /dev/urandom',
'error in OpenSSL',
'malloc failed',
'data is not a valid scrypt-encrypted block',
'unrecognized scrypt format',
'decrypting file would take too much memory',
'decrypting file would take too long',
'password is incorrect',
'error writing output file',
'error reading input file',
]
MAXMEM_DEFAULT = 0
MAXMEMFRAC_DEFAULT = 0.5
MAXTIME_DEFAULT = 300.0
MAXTIME_DEFAULT_ENC = 5.0
class error(Exception):
def __init__(self, scrypt_code):
if isinstance(scrypt_code, int):
self._scrypt_code = scrypt_code
super().__init__(ERROR_MESSAGES[scrypt_code])
else:
self._scrypt_code = -1
super().__init__(scrypt_code)
def _ensure_bytes(data):
if isinstance(data, str):
return bytes(data, 'utf-8')
return data
def encrypt(
input,
password,
maxtime=MAXTIME_DEFAULT_ENC,
maxmem=MAXMEM_DEFAULT,
maxmemfrac=MAXMEMFRAC_DEFAULT,
):
"""Encrypt a string using a password.
The resulting data will have len = len(input)
+ 128.
Notes for Python 2:
- `input` and `password` must be str instances
- The result will be a str instance
Notes for Python 3:
- `input` and `password` can be both str and bytes. If they are str
instances, they will be encoded with utf-8
- The result will be a bytes instance
Exceptions raised:
- TypeError on invalid input
- scrypt.error if encryption failed
For more information on the `maxtime`, `maxmem`, and `maxmemfrac`
parameters, see the scrypt documentation.
"""
input = _ensure_bytes(input)
password = _ensure_bytes(password)
outbuf = create_string_buffer(len(input) + 128)
# verbose is set to zero
result = _scryptenc_buf(
input,
len(input),
outbuf,
password,
len(password),
maxmem,
maxmemfrac,
maxtime,
0,
)
if result:
raise error(result)
return outbuf.raw
def decrypt(
input,
password,
maxtime=MAXTIME_DEFAULT,
maxmem=MAXMEM_DEFAULT,
maxmemfrac=MAXMEMFRAC_DEFAULT,
encoding='utf-8',
):
"""Decrypt a string using a password.
Notes for Python 2:
- `input` and `password` must be str instances
- The result will be a str instance
- The encoding parameter is ignored
Notes for Python 3:
- `input` and `password` can be both str and bytes. If they are str
instances, they wil be encoded with utf-8. `input` *should*
really be a bytes instance, since that's what `encrypt` returns.
- The result will be a str instance encoded with `encoding`.
If encoding=None, the result will be a bytes instance.
Exceptions raised:
- TypeError on invalid input
- scrypt.error if decryption failed
For more information on the `maxtime`, `maxmem`, and `maxmemfrac`
parameters, see the scrypt documentation.
"""
outbuf = create_string_buffer(len(input))
outbuflen = pointer(c_size_t(0))
input = _ensure_bytes(input)
password = _ensure_bytes(password)
# verbose and force are set to zero
result = _scryptdec_buf(
input,
len(input),
outbuf,
outbuflen,
password,
len(password),
maxmem,
maxmemfrac,
maxtime,
0,
0,
)
if result:
raise error(result)
out_bytes = outbuf.raw[: outbuflen.contents.value]
if encoding is None:
return out_bytes
return str(out_bytes, encoding)
def hash(password, salt, N=1 << 14, r=8, p=1, buflen=64):
"""Compute scrypt(password, salt, N, r, p, buflen).
The parameters r, p, and buflen must satisfy r * p < 2^30 and
buflen <= (2^32 - 1) * 32. The parameter N must be a power of 2
greater than 1. N, r and p must all be positive.
- `password` and `salt` can be both str and bytes. If they are str
instances, they wil be encoded with utf-8.
- The result will be a bytes instance
Exceptions raised:
- TypeError on invalid input
- scrypt.error if scrypt failed
"""
outbuf = create_string_buffer(buflen)
password = _ensure_bytes(password)
salt = _ensure_bytes(salt)
if r * p >= (1 << 30) or N <= 1 or (N & (N - 1)) != 0 or p < 1 or r < 1:
raise error(
'hash parameters are wrong (r*p should be < 2**30, '
'and N should be a power of two > 1)'
)
result = _crypto_scrypt(
password, len(password), salt, len(salt), N, r, p, outbuf, buflen, 0
)
if result:
raise error('could not compute hash')
return outbuf.raw
__all__ = ['error', 'encrypt', 'decrypt', 'hash']
|
