Home Explore Help
Sign In
sl1nk
/
tarsnap
mirror of https://github.com/Tarsnap/tarsnap.git
Watch 1
Star 0
Fork 0
Files Issues 0 Wiki
Tree: eb8d654474
Branches Tags
tarsnap
/
lib
/
scryptenc
/
scryptenc.h

scryptenc.h 8.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182 
  1. /*-
    2. 

  2.  * Copyright 2009-2025 Tarsnap Backup Inc.
    3. 

  3.  * All rights reserved.
    4. 

  4.  *
    5. 

  5.  * Redistribution and use in source and binary forms, with or without
    6. 

  6.  * modification, are permitted provided that the following conditions
    7. 

  7.  * are met:
    8. 

  8.  * 1. Redistributions of source code must retain the above copyright
    9. 

  9.  *    notice, this list of conditions and the following disclaimer.
    10. 

  10.  * 2. Redistributions in binary form must reproduce the above copyright
    11. 

  11.  *    notice, this list of conditions and the following disclaimer in the
    12. 

  12.  *    documentation and/or other materials provided with the distribution.
    13. 

  13.  *
    14. 

  14.  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
    15. 

  15.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
    16. 

  16.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
    17. 

  17.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
    18. 

  18.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
    19. 

  19.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
    20. 

  20.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
    21. 

  21.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
    22. 

  22.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
    23. 

  23.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
    24. 

  24.  * SUCH DAMAGE.
    25. 

  25.  *
    26. 

  26.  * This file was originally written by Colin Percival as part of the Tarsnap
    27. 

  27.  * online backup system.
    28. 

  28.  */
    29. 

  29. #ifndef SCRYPTENC_H_
    30. 

  30. #define SCRYPTENC_H_
    31. 

  31. 

  32. #include <stdint.h>
    33. 

  33. #include <stdio.h>
    34. 

  34. 

  35. /**
    36. 

  36.  * NOTE: This file provides prototypes for routines which encrypt/decrypt data
    37. 

  37.  * using a key derived from a password by using the scrypt key derivation
    38. 

  38.  * function.  If you are just trying to "hash" a password for user logins,
    39. 

  39.  * this is not the code you are looking for.  You want to use the
    40. 

  40.  * crypto_scrypt() function directly.
    41. 

  41.  */
    42. 

  42. 

  43. /**
    44. 

  44.  * The parameters maxmem, maxmemfrac, and maxtime used by all of these
    45. 

  45.  * functions are defined as follows:
    46. 

  46.  * maxmem - maximum number of bytes of storage to use for V array (which is
    47. 

  47.  *     by far the largest consumer of memory).  If this value is set to 0, no
    48. 

  48.  *     maximum will be enforced; any other value less than 1 MiB will be
    49. 

  49.  *     treated as 1 MiB.
    50. 

  50.  * maxmemfrac - maximum fraction of available storage to use for the V array,
    51. 

  51.  *     where "available storage" is defined as the minimum out of the
    52. 

  52.  *     RLIMIT_AS, RLIMIT_DATA. and RLIMIT_RSS resource limits (if any are
    53. 

  53.  *     set).  This value will never cause a limit of less than 1 MiB to
    54. 

  54.  *     be enforced.
    55. 

  55.  * maxtime - maximum amount of CPU time to spend computing the derived keys,
    56. 

  56.  *     in seconds.  This limit is only approximately enforced; the CPU
    57. 

  57.  *     performance is estimated and parameter limits are chosen accordingly.
    58. 

  58.  * For the encryption functions, the parameters to the scrypt key derivation
    59. 

  59.  * function are chosen to make the key as strong as possible subject to the
    60. 

  60.  * specified limits; for the decryption functions, the parameters used are
    61. 

  61.  * compared to the computed limits and an error is returned if decrypting
    62. 

  62.  * the data would take too much memory or CPU time.
    63. 

  63.  */
    64. 

  64. struct scryptenc_params {
    65. 

  65. 	size_t maxmem;
    66. 

  66. 	double maxmemfrac;
    67. 

  67. 	double maxtime;
    68. 

  68. 

  69. 	/* Explicit parameters. */
    70. 

  70. 	int logN;
    71. 

  71. 	uint32_t r;
    72. 

  72. 	uint32_t p;
    73. 

  73. };
    74. 

  74. 

  75. /* Return codes from scrypt(enc|dec)_(buf|file|prep). */
    76. 

  76. #define SCRYPT_OK	0	/* success */
    77. 

  77. #define SCRYPT_ELIMIT	1	/* getrlimit or sysctrl(hw.usermem) failed */
    78. 

  78. #define SCRYPT_ECLOCK	2	/* clock_getres or clock_gettime failed */
    79. 

  79. #define SCRYPT_EKEY	3	/* error computing derived key */
    80. 

  80. #define SCRYPT_ESALT	4	/* could not read salt */
    81. 

  81. #define SCRYPT_EOPENSSL	5	/* error in OpenSSL */
    82. 

  82. #define SCRYPT_ENOMEM	6	/* malloc failed */
    83. 

  83. #define SCRYPT_EINVAL	7	/* data is not a valid scrypt-encrypted block */
    84. 

  84. #define SCRYPT_EVERSION	8	/* unrecognized scrypt version number */
    85. 

  85. #define SCRYPT_ETOOBIG	9	/* decrypting would take too much memory */
    86. 

  86. #define SCRYPT_ETOOSLOW	10	/* decrypting would take too long */
    87. 

  87. #define SCRYPT_EPASS	11	/* password is incorrect */
    88. 

  88. #define SCRYPT_EWRFILE	12	/* error writing output file */
    89. 

  89. #define SCRYPT_ERDFILE	13	/* error reading input file */
    90. 

  90. #define SCRYPT_EPARAM	14	/* error in explicit parameters */
    91. 

  91. #define SCRYPT_EBIGSLOW 15	/* both SCRYPT_ETOOBIG and SCRYPT_ETOOSLOW */
    92. 

  92. 

  93. /* Opaque structure. */
    94. 

  94. struct scryptdec_file_cookie;
    95. 

  95. 

  96. /**
    97. 

  97.  * scryptenc_buf(inbuf, inbuflen, outbuf, passwd, passwdlen,
    98. 

  98.  *     params, verbose, force):
    99. 

  99.  * Encrypt ${inbuflen} bytes from ${inbuf}, writing the resulting
    100. 

  100.  * ${inbuflen} + 128 bytes to ${outbuf}.  If ${force} is 1, do not check
    101. 

  101.  * whether decryption will exceed the estimated available memory or time.
    102. 

  102.  * The explicit parameters within ${params} must be zero or must all be
    103. 

  103.  * non-zero.  If explicit parameters are used and the computation is estimated
    104. 

  104.  * to exceed resource limits, print a warning instead of returning an error.
    105. 

  105.  * Return the explicit parameters used via ${params}.
    106. 

  106.  */
    107. 

  107. int scryptenc_buf(const uint8_t *, size_t, uint8_t *,
    108. 

  108.     const uint8_t *, size_t, struct scryptenc_params *, int, int);
    109. 

  109. 

  110. /**
    111. 

  111.  * scryptdec_buf(inbuf, inbuflen, outbuf, outlen, passwd, passwdlen,
    112. 

  112.  *     params, verbose, force):
    113. 

  113.  * Decrypt ${inbuflen} bytes from ${inbuf}, writing the result into ${outbuf}
    114. 

  114.  * and the decrypted data length to ${outlen}.  The allocated length of
    115. 

  115.  * ${outbuf} must be at least ${inbuflen}.  If ${force} is 1, do not check
    116. 

  116.  * whether decryption will exceed the estimated available memory or time.
    117. 

  117.  * The explicit parameters within ${params} must be zero.  Return the explicit
    118. 

  118.  * parameters used via ${params}.
    119. 

  119.  */
    120. 

  120. int scryptdec_buf(const uint8_t *, size_t, uint8_t *, size_t *,
    121. 

  121.     const uint8_t *, size_t, struct scryptenc_params *, int, int);
    122. 

  122. 

  123. /**
    124. 

  124.  * scryptenc_file(infile, outfile, passwd, passwdlen, params, verbose, force):
    125. 

  125.  * Read a stream from ${infile} and encrypt it, writing the resulting stream
    126. 

  126.  * to ${outfile}.  If ${force} is 1, do not check whether decryption will
    127. 

  127.  * exceed the estimated available memory or time.  The explicit parameters
    128. 

  128.  * within ${params} must be zero or must all be non-zero.  If explicit
    129. 

  129.  * parameters are used and the computation is estimated to exceed resource
    130. 

  130.  * limits, print a warning instead of returning an error.  Return the explicit
    131. 

  131.  * parameters used via ${params}.
    132. 

  132.  */
    133. 

  133. int scryptenc_file(FILE *, FILE *, const uint8_t *, size_t,
    134. 

  134.     struct scryptenc_params *, int, int);
    135. 

  135. 

  136. /**
    137. 

  137.  * scryptdec_file_printparams(infile):
    138. 

  138.  * Print the encryption parameters (N, r, p) used for the encrypted ${infile}.
    139. 

  139.  */
    140. 

  140. int scryptdec_file_printparams(FILE *);
    141. 

  141. 

  142. /**
    143. 

  143.  * scryptdec_file(infile, outfile, passwd, passwdlen, params, verbose, force):
    144. 

  144.  * Read a stream from ${infile} and decrypt it, writing the resulting stream
    145. 

  145.  * to ${outfile}.  If ${force} is 1, do not check whether decryption
    146. 

  146.  * will exceed the estimated available memory or time.  The explicit
    147. 

  147.  * parameters within ${params} must be zero.  Return the explicit parameters
    148. 

  148.  * used via ${params}.
    149. 

  149.  */
    150. 

  150. int scryptdec_file(FILE *, FILE *, const uint8_t *, size_t,
    151. 

  151.     struct scryptenc_params *, int, int);
    152. 

  152. 

  153. /**
    154. 

  154.  * scryptdec_file_prep(infile, passwd, passwdlen, params, verbose, force,
    155. 

  155.  *     cookie):
    156. 

  156.  * Prepare to decrypt ${infile}, including checking the passphrase.  Allocate
    157. 

  157.  * a cookie at ${cookie}.  After calling this function, ${infile} should not
    158. 

  158.  * be modified until the decryption is completed by scryptdec_file_copy().
    159. 

  159.  * If ${force} is 1, do not check whether decryption will exceed the estimated
    160. 

  160.  * available memory or time.  The explicit parameters within ${params} must be
    161. 

  161.  * zero.  Return the explicit parameters to be used via ${params}.
    162. 

  162.  */
    163. 

  163. int scryptdec_file_prep(FILE *, const uint8_t *, size_t,
    164. 

  164.     struct scryptenc_params *, int, int, struct scryptdec_file_cookie **);
    165. 

  165. 

  166. /**
    167. 

  167.  * scryptdec_file_copy(cookie, outfile):
    168. 

  168.  * Read a stream from the file that was passed into the ${cookie} by
    169. 

  169.  * scryptdec_file_prep(), decrypt it, and write the resulting stream to
    170. 

  170.  * ${outfile}.  After this function completes, it is safe to modify/close
    171. 

  171.  * ${outfile} and the ${infile} which was given to scryptdec_file_prep().
    172. 

  172.  */
    173. 

  173. int scryptdec_file_copy(struct scryptdec_file_cookie *, FILE *);
    174. 

  174. 

  175. /**
    176. 

  176.  * scryptdec_file_cookie_free(cookie):
    177. 

  177.  * Free the ${cookie}.
    178. 

  178.  */
    179. 

  179. void scryptdec_file_cookie_free(struct scryptdec_file_cookie *);
    180. 

  180. 

  181. #endif /* !SCRYPTENC_H_ */
    182. 

  182.