@ -1,5 +1,6 @@
/*-
* Copyright 2009 Colin Percival , 2011 ArtForz , 2011 pooler , 2013 Balthazar
/*
* Copyright 2009 Colin Percival , 2011 ArtForz , 2011 - 2014 pooler
* All rights reserved .
* All rights reserved .
*
*
* Redistribution and use in source and binary forms , with or without
* Redistribution and use in source and binary forms , with or without
@ -27,251 +28,341 @@
* online backup system .
* online backup system .
*/
*/
# include "../includes/curve25519.h"
# include <stdlib.h>
# define SCRYPT_BUFFER_SIZE (131072 + 63)
# include <string.h>
# include <inttypes.h>
/*
static const uint32_t keypad [ 12 ] = {
static inline uint32_t be32dec ( const void * pp )
0x80000000 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0x00000280
{
} ;
const uint8_t * p = ( uint8_t const * ) pp ;
static const uint32_t innerpad [ 11 ] = {
return ( ( uint32_t ) ( p [ 3 ] ) + ( ( uint32_t ) ( p [ 2 ] ) < < 8 ) + ( ( uint32_t ) ( p [ 1 ] ) < < 16 ) + ( ( uint32_t ) ( p [ 0 ] ) < < 24 ) ) ;
0x80000000 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0x000004a0
}
} ;
static const uint32_t outerpad [ 8 ] = {
0x80000000 , 0 , 0 , 0 , 0 , 0 , 0 , 0x00000300
} ;
static const uint32_t finalblk [ 16 ] = {
0x00000001 , 0x80000000 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0 , 0x00000620
} ;
static inline void be32enc ( void * pp , uint32_t x )
static const uint32_t sha256_h [ 8 ] = {
{
0x6a09e667 , 0xbb67ae85 , 0x3c6ef372 , 0xa54ff53a ,
uint8_t * p = ( uint8_t * ) pp ;
0x510e527f , 0x9b05688c , 0x1f83d9ab , 0x5be0cd19
p [ 3 ] = x & 0xff ;
} ;
p [ 2 ] = ( x > > 8 ) & 0xff ;
p [ 1 ] = ( x > > 16 ) & 0xff ;
p [ 0 ] = ( x > > 24 ) & 0xff ;
}
void HMAC_SHA256_Init ( HMAC_SHA256_CTX * ctx , const void * _K , size_t Klen )
static const uint32_t sha256_k [ 64 ] = {
{
0x428a2f98 , 0x71374491 , 0xb5c0fbcf , 0xe9b5dba5 ,
size_t i ; uint8_t pad [ 64 ] , khash [ 32 ] ; const uint8_t * K = ( const uint8_t * ) _K ;
0x3956c25b , 0x59f111f1 , 0x923f82a4 , 0xab1c5ed5 ,
// If Klen > 64, the key is really SHA256(K).
0xd807aa98 , 0x12835b01 , 0x243185be , 0x550c7dc3 ,
if ( Klen > 64 )
0x72be5d74 , 0x80deb1fe , 0x9bdc06a7 , 0xc19bf174 ,
{
0xe49b69c1 , 0xefbe4786 , 0x0fc19dc6 , 0x240ca1cc ,
SHA256_Init ( & ctx - > ictx ) ;
0x2de92c6f , 0x4a7484aa , 0x5cb0a9dc , 0x76f988da ,
SHA256_Update ( & ctx - > ictx , K , Klen ) ;
0x983e5152 , 0xa831c66d , 0xb00327c8 , 0xbf597fc7 ,
SHA256_Final ( khash , & ctx - > ictx ) ;
0xc6e00bf3 , 0xd5a79147 , 0x06ca6351 , 0x14292967 ,
K = khash ;
0x27b70a85 , 0x2e1b2138 , 0x4d2c6dfc , 0x53380d13 ,
Klen = 32 ;
0x650a7354 , 0x766a0abb , 0x81c2c92e , 0x92722c85 ,
}
0xa2bfe8a1 , 0xa81a664b , 0xc24b8b70 , 0xc76c51a3 ,
// Inner SHA256 operation is SHA256(K xor [block of 0x36] || data).
0xd192e819 , 0xd6990624 , 0xf40e3585 , 0x106aa070 ,
SHA256_Init ( & ctx - > ictx ) ;
0x19a4c116 , 0x1e376c08 , 0x2748774c , 0x34b0bcb5 ,
memset ( pad , 0x36 , 64 ) ;
0x391c0cb3 , 0x4ed8aa4a , 0x5b9cca4f , 0x682e6ff3 ,
for ( i = 0 ; i < Klen ; i + + )
0x748f82ee , 0x78a5636f , 0x84c87814 , 0x8cc70208 ,
pad [ i ] ^ = K [ i ] ;
0x90befffa , 0xa4506ceb , 0xbef9a3f7 , 0xc67178f2
SHA256_Update ( & ctx - > ictx , pad , 64 ) ;
} ;
// Outer SHA256 operation is SHA256(K xor [block of 0x5c] || hash).
SHA256_Init ( & ctx - > octx ) ;
memset ( pad , 0x5c , 64 ) ;
for ( i = 0 ; i < Klen ; i + + )
pad [ i ] ^ = K [ i ] ;
SHA256_Update ( & ctx - > octx , pad , 64 ) ;
// Clean the stack.
memset ( khash , 0 , 32 ) ;
}
// Add bytes to the HMAC-SHA256 operation.
static inline void sha256_init ( uint32_t * state )
void HMAC_SHA256_Update ( HMAC_SHA256_CTX * ctx , const void * in , size_t len )
{
{
SHA256_Update ( & ctx - > ictx , in , len ) ;
memcpy ( state , sha256_h , 32 ) ;
}
}
// Finish an HMAC-SHA256 operation.
/* Elementary functions used by SHA256 */
void HMAC_SHA256_Final ( uint8_t digest [ 32 ] , HMAC_SHA256_CTX * ctx )
# define Ch(x, y, z) ((x & (y ^ z)) ^ z)
{
# define Maj(x, y, z) ((x & (y | z)) | (y & z))
uint8_t ihash [ 32 ] ;
# define ROTR(x, n) ((x >> n) | (x << (32 - n)))
SHA256_Final ( ihash , & ctx - > ictx ) ;
# define S0(x) (ROTR(x, 2) ^ ROTR(x, 13) ^ ROTR(x, 22))
SHA256_Update ( & ctx - > octx , ihash , 32 ) ;
# define S1(x) (ROTR(x, 6) ^ ROTR(x, 11) ^ ROTR(x, 25))
SHA256_Final ( digest , & ctx - > octx ) ;
# define s0(x) (ROTR(x, 7) ^ ROTR(x, 18) ^ (x >> 3))
memset ( ihash , 0 , 32 ) ;
# define s1(x) (ROTR(x, 17) ^ ROTR(x, 19) ^ (x >> 10))
}
// PBKDF2_SHA256(passwd, passwdlen, salt, saltlen, c, buf, dkLen): Compute PBKDF2(passwd, salt, c, dkLen) using HMAC-SHA256 as the PRF, and write the output to buf. The value dkLen must be at most 32 * (2^32 - 1)
void PBKDF2_SHA256 ( const uint8_t * passwd , size_t passwdlen , const uint8_t * salt , size_t saltlen , uint64_t c , uint8_t * buf , size_t dkLen )
{
HMAC_SHA256_CTX PShctx , hctx ;
size_t i , clen ; uint8_t ivec [ 4 ] , U [ 32 ] , T [ 32 ] ; uint64_t j ; int32_t k ;
// Compute HMAC state after processing P and S.
HMAC_SHA256_Init ( & PShctx , passwd , passwdlen ) ;
HMAC_SHA256_Update ( & PShctx , salt , saltlen ) ;
// Iterate through the blocks.
for ( i = 0 ; i * 32 < dkLen ; i + + )
{
// Generate INT(i + 1).
be32enc ( ivec , ( uint32_t ) ( i + 1 ) ) ;
// Compute U_1 = PRF(P, S || INT(i)).
memcpy ( & hctx , & PShctx , sizeof ( HMAC_SHA256_CTX ) ) ;
HMAC_SHA256_Update ( & hctx , ivec , 4 ) ;
HMAC_SHA256_Final ( U , & hctx ) ;
// T_i = U_1 ...
memcpy ( T , U , 32 ) ;
for ( j = 2 ; j < = c ; j + + )
{
// Compute U_j.
HMAC_SHA256_Init ( & hctx , passwd , passwdlen ) ;
HMAC_SHA256_Update ( & hctx , U , 32 ) ;
HMAC_SHA256_Final ( U , & hctx ) ;
// ... xor U_j ...
for ( k = 0 ; k < 32 ; k + + )
T [ k ] ^ = U [ k ] ;
}
// Copy as many bytes as necessary into buf
clen = dkLen - i * 32 ;
if ( clen > 32 )
clen = 32 ;
memcpy ( & buf [ i * 32 ] , T , clen ) ;
}
} */
// Generic scrypt_core implementation
/* SHA256 round function */
# define RND(a, b, c, d, e, f, g, h, k) \
static inline void xor_salsa8 ( uint32_t B [ 16 ] , const uint32_t Bx [ 16 ] )
do { \
{
t0 = h + S1 ( e ) + Ch ( e , f , g ) + k ; \
int32_t i ; uint32_t x00 , x01 , x02 , x03 , x04 , x05 , x06 , x07 , x08 , x09 , x10 , x11 , x12 , x13 , x14 , x15 ;
t1 = S0 ( a ) + Maj ( a , b , c ) ; \
x00 = ( B [ 0 ] ^ = Bx [ 0 ] ) ;
d + = t0 ; \
x01 = ( B [ 1 ] ^ = Bx [ 1 ] ) ;
h = t0 + t1 ; \
x02 = ( B [ 2 ] ^ = Bx [ 2 ] ) ;
} while ( 0 )
x03 = ( B [ 3 ] ^ = Bx [ 3 ] ) ;
x04 = ( B [ 4 ] ^ = Bx [ 4 ] ) ;
x05 = ( B [ 5 ] ^ = Bx [ 5 ] ) ;
x06 = ( B [ 6 ] ^ = Bx [ 6 ] ) ;
x07 = ( B [ 7 ] ^ = Bx [ 7 ] ) ;
x08 = ( B [ 8 ] ^ = Bx [ 8 ] ) ;
x09 = ( B [ 9 ] ^ = Bx [ 9 ] ) ;
x10 = ( B [ 10 ] ^ = Bx [ 10 ] ) ;
x11 = ( B [ 11 ] ^ = Bx [ 11 ] ) ;
x12 = ( B [ 12 ] ^ = Bx [ 12 ] ) ;
x13 = ( B [ 13 ] ^ = Bx [ 13 ] ) ;
x14 = ( B [ 14 ] ^ = Bx [ 14 ] ) ;
x15 = ( B [ 15 ] ^ = Bx [ 15 ] ) ;
for ( i = 0 ; i < 8 ; i + = 2 ) {
# define R(a, b) (((a) << (b)) | ((a) >> (32 - (b))))
/* Operate on columns. */
x04 ^ = R ( x00 + x12 , 7 ) ; x09 ^ = R ( x05 + x01 , 7 ) ;
x14 ^ = R ( x10 + x06 , 7 ) ; x03 ^ = R ( x15 + x11 , 7 ) ;
x08 ^ = R ( x04 + x00 , 9 ) ; x13 ^ = R ( x09 + x05 , 9 ) ;
/* Adjusted round function for rotating state */
x02 ^ = R ( x14 + x10 , 9 ) ; x07 ^ = R ( x03 + x15 , 9 ) ;
# define RNDr(S, W, i) \
RND ( S [ ( 64 - i ) % 8 ] , S [ ( 65 - i ) % 8 ] , \
S [ ( 66 - i ) % 8 ] , S [ ( 67 - i ) % 8 ] , \
S [ ( 68 - i ) % 8 ] , S [ ( 69 - i ) % 8 ] , \
S [ ( 70 - i ) % 8 ] , S [ ( 71 - i ) % 8 ] , \
W [ i ] + sha256_k [ i ] )
x12 ^ = R ( x08 + x04 , 13 ) ; x01 ^ = R ( x13 + x09 , 13 ) ;
# define swab32(x) ((((x) << 24) & 0xff000000u) | (((x) << 8) & 0x00ff0000u) | (((x) >> 8) & 0x0000ff00u) | (((x) >> 24) & 0x000000ffu))
x06 ^ = R ( x02 + x14 , 13 ) ; x11 ^ = R ( x07 + x03 , 13 ) ;
x00 ^ = R ( x12 + x08 , 18 ) ; x05 ^ = R ( x01 + x13 , 18 ) ;
static inline void sha256_transform ( uint32_t * state , const uint32_t * block , int swap )
x10 ^ = R ( x06 + x02 , 18 ) ; x15 ^ = R ( x11 + x07 , 18 ) ;
/* Operate on rows. */
x01 ^ = R ( x00 + x03 , 7 ) ; x06 ^ = R ( x05 + x04 , 7 ) ;
x11 ^ = R ( x10 + x09 , 7 ) ; x12 ^ = R ( x15 + x14 , 7 ) ;
x02 ^ = R ( x01 + x00 , 9 ) ; x07 ^ = R ( x06 + x05 , 9 ) ;
x08 ^ = R ( x11 + x10 , 9 ) ; x13 ^ = R ( x12 + x15 , 9 ) ;
x03 ^ = R ( x02 + x01 , 13 ) ; x04 ^ = R ( x07 + x06 , 13 ) ;
x09 ^ = R ( x08 + x11 , 13 ) ; x14 ^ = R ( x13 + x12 , 13 ) ;
x00 ^ = R ( x03 + x02 , 18 ) ; x05 ^ = R ( x04 + x07 , 18 ) ;
x10 ^ = R ( x09 + x08 , 18 ) ; x15 ^ = R ( x14 + x13 , 18 ) ;
# undef R
}
B [ 0 ] + = x00 ;
B [ 1 ] + = x01 ;
B [ 2 ] + = x02 ;
B [ 3 ] + = x03 ;
B [ 4 ] + = x04 ;
B [ 5 ] + = x05 ;
B [ 6 ] + = x06 ;
B [ 7 ] + = x07 ;
B [ 8 ] + = x08 ;
B [ 9 ] + = x09 ;
B [ 10 ] + = x10 ;
B [ 11 ] + = x11 ;
B [ 12 ] + = x12 ;
B [ 13 ] + = x13 ;
B [ 14 ] + = x14 ;
B [ 15 ] + = x15 ;
}
static inline void scrypt_core ( uint32_t * X , uint32_t * V )
{
{
uint32_t i , j , k ;
uint32_t W [ 64 ] ;
for ( i = 0 ; i < 1024 ; i + + )
uint32_t S [ 8 ] ;
{
uint32_t t0 , t1 ;
memcpy ( & V [ i * 32 ] , X , 128 ) ;
int i ;
xor_salsa8 ( & X [ 0 ] , & X [ 16 ] ) ;
xor_salsa8 ( & X [ 16 ] , & X [ 0 ] ) ;
/* 1. Prepare message schedule W. */
}
if ( swap ) {
for ( i = 0 ; i < 1024 ; i + + )
for ( i = 0 ; i < 16 ; i + + )
{
W [ i ] = swab32 ( block [ i ] ) ;
j = 32 * ( X [ 16 ] & 1023 ) ;
} else
for ( k = 0 ; k < 32 ; k + + )
memcpy ( W , block , 64 ) ;
X [ k ] ^ = V [ j + k ] ;
for ( i = 16 ; i < 64 ; i + = 2 ) {
xor_salsa8 ( & X [ 0 ] , & X [ 16 ] ) ;
W [ i ] = s1 ( W [ i - 2 ] ) + W [ i - 7 ] + s0 ( W [ i - 15 ] ) + W [ i - 16 ] ;
xor_salsa8 ( & X [ 16 ] , & X [ 0 ] ) ;
W [ i + 1 ] = s1 ( W [ i - 1 ] ) + W [ i - 6 ] + s0 ( W [ i - 14 ] ) + W [ i - 15 ] ;
}
}
/* 2. Initialize working variables. */
memcpy ( S , state , 32 ) ;
/* 3. Mix. */
RNDr ( S , W , 0 ) ;
RNDr ( S , W , 1 ) ;
RNDr ( S , W , 2 ) ;
RNDr ( S , W , 3 ) ;
RNDr ( S , W , 4 ) ;
RNDr ( S , W , 5 ) ;
RNDr ( S , W , 6 ) ;
RNDr ( S , W , 7 ) ;
RNDr ( S , W , 8 ) ;
RNDr ( S , W , 9 ) ;
RNDr ( S , W , 10 ) ;
RNDr ( S , W , 11 ) ;
RNDr ( S , W , 12 ) ;
RNDr ( S , W , 13 ) ;
RNDr ( S , W , 14 ) ;
RNDr ( S , W , 15 ) ;
RNDr ( S , W , 16 ) ;
RNDr ( S , W , 17 ) ;
RNDr ( S , W , 18 ) ;
RNDr ( S , W , 19 ) ;
RNDr ( S , W , 20 ) ;
RNDr ( S , W , 21 ) ;
RNDr ( S , W , 22 ) ;
RNDr ( S , W , 23 ) ;
RNDr ( S , W , 24 ) ;
RNDr ( S , W , 25 ) ;
RNDr ( S , W , 26 ) ;
RNDr ( S , W , 27 ) ;
RNDr ( S , W , 28 ) ;
RNDr ( S , W , 29 ) ;
RNDr ( S , W , 30 ) ;
RNDr ( S , W , 31 ) ;
RNDr ( S , W , 32 ) ;
RNDr ( S , W , 33 ) ;
RNDr ( S , W , 34 ) ;
RNDr ( S , W , 35 ) ;
RNDr ( S , W , 36 ) ;
RNDr ( S , W , 37 ) ;
RNDr ( S , W , 38 ) ;
RNDr ( S , W , 39 ) ;
RNDr ( S , W , 40 ) ;
RNDr ( S , W , 41 ) ;
RNDr ( S , W , 42 ) ;
RNDr ( S , W , 43 ) ;
RNDr ( S , W , 44 ) ;
RNDr ( S , W , 45 ) ;
RNDr ( S , W , 46 ) ;
RNDr ( S , W , 47 ) ;
RNDr ( S , W , 48 ) ;
RNDr ( S , W , 49 ) ;
RNDr ( S , W , 50 ) ;
RNDr ( S , W , 51 ) ;
RNDr ( S , W , 52 ) ;
RNDr ( S , W , 53 ) ;
RNDr ( S , W , 54 ) ;
RNDr ( S , W , 55 ) ;
RNDr ( S , W , 56 ) ;
RNDr ( S , W , 57 ) ;
RNDr ( S , W , 58 ) ;
RNDr ( S , W , 59 ) ;
RNDr ( S , W , 60 ) ;
RNDr ( S , W , 61 ) ;
RNDr ( S , W , 62 ) ;
RNDr ( S , W , 63 ) ;
/* 4. Mix local working variables into global state */
for ( i = 0 ; i < 8 ; i + + )
state [ i ] + = S [ i ] ;
}
}
/* cpu and memory intensive function to transform a 80 byte buffer into a 32 byte output
static inline void HMAC_SHA256_80_init ( const uint32_t * key , uint32_t * tstate , uint32_t * ostate )
scratchpad size needs to be at least 63 + ( 128 * r * p ) + ( 256 * r + 64 ) + ( 128 * r * N ) bytes
r = 1 , p = 1 , N = 1024
*/
bits256 scrypt_nosalt ( const void * input , size_t inputlen , void * scratchpad )
{
{
uint32_t * V ; uint32_t X [ 32 ] ; bits256 result ;
uint32_t ihash [ 8 ] ;
memset ( result . bytes , 0 , sizeof ( result ) ) ;
uint32_t pad [ 16 ] ;
V = ( uint32_t * ) ( ( ( uintptr_t ) ( scratchpad ) + 63 ) & ~ ( uintptr_t ) ( 63 ) ) ;
int i ;
calc_hmac_sha256 ( ( void * ) X , 128 , ( void * ) input , ( int32_t ) inputlen , ( void * ) input , ( int32_t ) inputlen ) ;
//PBKDF2_SHA256((const uint8_t *)input,inputlen,(const uint8_t *)input,inputlen,1,(uint8_t *)X,128);
/* tstate is assumed to contain the midstate of key */
scrypt_core ( X , V ) ;
memcpy ( pad , key + 16 , 16 ) ;
calc_hmac_sha256 ( ( void * ) result . bytes , sizeof ( result ) , ( void * ) input , ( int32_t ) inputlen , ( void * ) X , 128 ) ;
memcpy ( pad + 4 , keypad , 48 ) ;
//PBKDF2_SHA256((const uint8_t *)input,inputlen,(uint8_t *)X,128,1,(uint8_t*)&result,32);
sha256_transform ( tstate , pad , 0 ) ;
return result ;
memcpy ( ihash , tstate , 32 ) ;
sha256_init ( ostate ) ;
for ( i = 0 ; i < 8 ; i + + )
pad [ i ] = ihash [ i ] ^ 0x5c5c5c5c ;
for ( ; i < 16 ; i + + )
pad [ i ] = 0x5c5c5c5c ;
sha256_transform ( ostate , pad , 0 ) ;
sha256_init ( tstate ) ;
for ( i = 0 ; i < 8 ; i + + )
pad [ i ] = ihash [ i ] ^ 0x36363636 ;
for ( ; i < 16 ; i + + )
pad [ i ] = 0x36363636 ;
sha256_transform ( tstate , pad , 0 ) ;
}
}
bits256 scrypt ( const void * data , size_t datalen , const void * salt , size_t saltlen , void * scratchpad )
static inline void PBKDF2_SHA256_80_128 ( const uint32_t * tstate , const uint32_t * ostate , const uint32_t * salt , uint32_t * output )
{
{
uint32_t * V ; uint32_t X [ 32 ] ; bits256 result ;
uint32_t istate [ 8 ] , ostate2 [ 8 ] , ibuf [ 16 ] , obuf [ 16 ] ; int i , j ;
memset ( result . bytes , 0 , sizeof ( result ) ) ;
memcpy ( istate , tstate , 32 ) ;
V = ( uint32_t * ) ( ( ( uintptr_t ) ( scratchpad ) + 63 ) & ~ ( uintptr_t ) ( 63 ) ) ;
sha256_transform ( istate , salt , 0 ) ;
calc_hmac_sha256 ( ( void * ) X , 128 , ( void * ) data , ( int32_t ) datalen , ( void * ) salt , ( int32_t ) saltlen ) ;
memcpy ( ibuf , salt + 16 , 16 ) ;
//PBKDF2_SHA256((const uint8_t *)data,datalen,(const uint8_t *)salt,saltlen,1,(uint8_t *)X,128);
memcpy ( ibuf + 5 , innerpad , 44 ) ;
scrypt_core ( X , V ) ;
memcpy ( obuf + 8 , outerpad , 32 ) ;
calc_hmac_sha256 ( ( void * ) result . bytes , sizeof ( result ) , ( void * ) data , ( int32_t ) datalen , ( void * ) X , 128 ) ;
for ( i = 0 ; i < 4 ; i + + )
//PBKDF2_SHA256((const uint8_t *)data,datalen,(uint8_t *)X,128,1,(uint8_t *)&result,32);
{
return result ;
memcpy ( obuf , istate , 32 ) ;
ibuf [ 4 ] = i + 1 ;
sha256_transform ( obuf , ibuf , 0 ) ;
memcpy ( ostate2 , ostate , 32 ) ;
sha256_transform ( ostate2 , obuf , 0 ) ;
for ( j = 0 ; j < 8 ; j + + )
output [ 8 * i + j ] = swab32 ( ostate2 [ j ] ) ;
}
}
}
bits256 scrypt_hash ( const void * input , size_t inputlen )
static inline void PBKDF2_SHA256_128_32 ( uint32_t * tstate , uint32_t * ostate , const uint32_t * salt , uint32_t * output )
{
{
uint8_t scratchpad [ SCRYPT_BUFFER_SIZE ] ;
uint32_t buf [ 16 ] ; int i ;
return scrypt_nosalt ( input , inputlen , scratchpad ) ;
sha256_transform ( tstate , salt , 1 ) ;
sha256_transform ( tstate , salt + 16 , 1 ) ;
sha256_transform ( tstate , finalblk , 0 ) ;
memcpy ( buf , tstate , 32 ) ;
memcpy ( buf + 8 , outerpad , 32 ) ;
sha256_transform ( ostate , buf , 0 ) ;
for ( i = 0 ; i < 8 ; i + + )
output [ i ] = swab32 ( ostate [ i ] ) ;
}
}
bits256 scrypt_salted_hash ( const void * input , size_t inputlen , const void * salt , size_t saltlen )
static inline void xor_salsa8 ( uint32_t B [ 16 ] , const uint32_t Bx [ 16 ] )
{
{
uint8_t scratchpad [ SCRYPT_BUFFER_SIZE ] ;
uint32_t x00 , x01 , x02 , x03 , x04 , x05 , x06 , x07 , x08 , x09 , x10 , x11 , x12 , x13 , x14 , x15 ;
return scrypt ( input , inputlen , salt , saltlen , scratchpad ) ;
int i ;
x00 = ( B [ 0 ] ^ = Bx [ 0 ] ) ;
x01 = ( B [ 1 ] ^ = Bx [ 1 ] ) ;
x02 = ( B [ 2 ] ^ = Bx [ 2 ] ) ;
x03 = ( B [ 3 ] ^ = Bx [ 3 ] ) ;
x04 = ( B [ 4 ] ^ = Bx [ 4 ] ) ;
x05 = ( B [ 5 ] ^ = Bx [ 5 ] ) ;
x06 = ( B [ 6 ] ^ = Bx [ 6 ] ) ;
x07 = ( B [ 7 ] ^ = Bx [ 7 ] ) ;
x08 = ( B [ 8 ] ^ = Bx [ 8 ] ) ;
x09 = ( B [ 9 ] ^ = Bx [ 9 ] ) ;
x10 = ( B [ 10 ] ^ = Bx [ 10 ] ) ;
x11 = ( B [ 11 ] ^ = Bx [ 11 ] ) ;
x12 = ( B [ 12 ] ^ = Bx [ 12 ] ) ;
x13 = ( B [ 13 ] ^ = Bx [ 13 ] ) ;
x14 = ( B [ 14 ] ^ = Bx [ 14 ] ) ;
x15 = ( B [ 15 ] ^ = Bx [ 15 ] ) ;
for ( i = 0 ; i < 8 ; i + = 2 ) {
# define R(a, b) (((a) << (b)) | ((a) >> (32 - (b))))
/* Operate on columns. */
x04 ^ = R ( x00 + x12 , 7 ) ; x09 ^ = R ( x05 + x01 , 7 ) ;
x14 ^ = R ( x10 + x06 , 7 ) ; x03 ^ = R ( x15 + x11 , 7 ) ;
x08 ^ = R ( x04 + x00 , 9 ) ; x13 ^ = R ( x09 + x05 , 9 ) ;
x02 ^ = R ( x14 + x10 , 9 ) ; x07 ^ = R ( x03 + x15 , 9 ) ;
x12 ^ = R ( x08 + x04 , 13 ) ; x01 ^ = R ( x13 + x09 , 13 ) ;
x06 ^ = R ( x02 + x14 , 13 ) ; x11 ^ = R ( x07 + x03 , 13 ) ;
x00 ^ = R ( x12 + x08 , 18 ) ; x05 ^ = R ( x01 + x13 , 18 ) ;
x10 ^ = R ( x06 + x02 , 18 ) ; x15 ^ = R ( x11 + x07 , 18 ) ;
/* Operate on rows. */
x01 ^ = R ( x00 + x03 , 7 ) ; x06 ^ = R ( x05 + x04 , 7 ) ;
x11 ^ = R ( x10 + x09 , 7 ) ; x12 ^ = R ( x15 + x14 , 7 ) ;
x02 ^ = R ( x01 + x00 , 9 ) ; x07 ^ = R ( x06 + x05 , 9 ) ;
x08 ^ = R ( x11 + x10 , 9 ) ; x13 ^ = R ( x12 + x15 , 9 ) ;
x03 ^ = R ( x02 + x01 , 13 ) ; x04 ^ = R ( x07 + x06 , 13 ) ;
x09 ^ = R ( x08 + x11 , 13 ) ; x14 ^ = R ( x13 + x12 , 13 ) ;
x00 ^ = R ( x03 + x02 , 18 ) ; x05 ^ = R ( x04 + x07 , 18 ) ;
x10 ^ = R ( x09 + x08 , 18 ) ; x15 ^ = R ( x14 + x13 , 18 ) ;
# undef R
}
B [ 0 ] + = x00 ;
B [ 1 ] + = x01 ;
B [ 2 ] + = x02 ;
B [ 3 ] + = x03 ;
B [ 4 ] + = x04 ;
B [ 5 ] + = x05 ;
B [ 6 ] + = x06 ;
B [ 7 ] + = x07 ;
B [ 8 ] + = x08 ;
B [ 9 ] + = x09 ;
B [ 10 ] + = x10 ;
B [ 11 ] + = x11 ;
B [ 12 ] + = x12 ;
B [ 13 ] + = x13 ;
B [ 14 ] + = x14 ;
B [ 15 ] + = x15 ;
}
}
bits256 scrypt_salted_multiround_hash ( const void * input , size_t inputlen , const void * salt , size_t saltlen , const uint32_t nRounds )
static inline void scrypt_core ( uint32_t * X , uint32_t * V , int N )
{
{
uint32_t i ; bits256 resultHash = scrypt_salted_hash ( input , inputlen , salt , saltlen ) ;
uint32_t i , j , k ;
bits256 transitionalHash = resultHash ;
for ( i = 0 ; i < N ; i + + )
for ( i = 1 ; i < nRounds ; i + + )
{
//printf("core.%d V.%p X.%p\n",i,V,X);
memcpy ( & V [ i * 32 ] , X , 128 ) ;
xor_salsa8 ( & X [ 0 ] , & X [ 16 ] ) ;
xor_salsa8 ( & X [ 16 ] , & X [ 0 ] ) ;
}
for ( i = 0 ; i < N ; i + + )
{
{
resultHash = scrypt_salted_hash ( input , inputlen , ( const void * ) & transitionalHash , 32 ) ;
j = 32 * ( X [ 16 ] & ( N - 1 ) ) ;
transitionalHash = resultHash ;
for ( k = 0 ; k < 32 ; k + + )
}
X [ k ] ^ = V [ j + k ] ;
return resultHash ;
xor_salsa8 ( & X [ 0 ] , & X [ 16 ] ) ;
xor_salsa8 ( & X [ 16 ] , & X [ 0 ] ) ;
}
}
}
bits256 scrypt_blockhash ( const void * input )
void scrypt_1024_1_1_256 ( const uint32_t * input , uint32_t * output , uint32_t * midstate , uint8_t * scratchpad , int N )
{
{
uint8_t scratchpad [ SCRYPT_BUFFER_SIZE ] ;
uint32_t * V , tstate [ 8 ] , ostate [ 8 ] , X [ 32 ] __attribute__ ( ( aligned ( 128 ) ) ) ;
return scrypt_nosalt ( input , 80 , scratchpad ) ;
V = ( uint32_t * ) ( ( ( uintptr_t ) ( scratchpad ) + 63 ) & ~ ( uintptr_t ) ( 63 ) ) ;
memcpy ( tstate , midstate , 32 ) ;
HMAC_SHA256_80_init ( input , tstate , ostate ) ;
PBKDF2_SHA256_80_128 ( tstate , ostate , input , X ) ;
scrypt_core ( X , V , N ) ;
PBKDF2_SHA256_128_32 ( tstate , ostate , X , output ) ;
}
}
void calc_scrypthash ( uint32_t * hash , void * data )
{
uint8_t * scratchbuf ; uint32_t midstate [ 8 ] ;
memset ( midstate , 0 , sizeof ( midstate ) ) ;
memset ( hash , 0 , 32 ) ;
sha256_init ( midstate ) ;
sha256_transform ( midstate , ( void * ) data , 0 ) ;
scratchbuf = malloc ( 1024 * 128 + 64 ) ;
scrypt_1024_1_1_256 ( ( void * ) data , hash , midstate , scratchbuf , 1024 ) ;
free ( scratchbuf ) ;
}
//010000000000000000000000000000000000000000000000000000000000000000000000d9ced4ed1130f7b7faad9be25323ffafa33232a17c3edf6cfd97bee6bafbdd97b9aa8e4ef0ff0f1ecd513f7c
//010000000000000000000000000000000000000000000000000000000000000000000000d9ced4ed1130f7b7faad9be25323ffafa33232a17c3edf6cfd97bee6bafbdd97b9aa8e4ef0ff0f1ecd513f7c00