libgcrypt's scrypt algorithm has N and p values wrongly set

[Laxmi Narsaiah Bandla]

Hi All,

In the API gcry_kdf_scrypt implementation i see the below code.

240 gcry_err_code_t
241 _gcry_kdf_scrypt (const unsigned char *passwd, size_t passwdlen,
242                   int algo, int subalgo,
243                   const unsigned char *salt, size_t saltlen,
244                   unsigned long iterations,
245                   size_t dkLen, unsigned char *DK)
246 {
247   u64 N = subalgo;    /* CPU/memory cost parameter.  */
248   u32 r;              /* Block size.  */
249   u32 p = iterations; /* Parallelization parameter.  */ <<<<<<<<<<<
250
251   gpg_err_code_t ec;
252   u32 i;
253   unsigned char *B = NULL;
254   unsigned char *tmp1 = NULL;
255   unsigned char *tmp2 = NULL;
256   size_t r128;
257   size_t nbytes;

Here iterations should have been assigned to N (CPU/memory cost supposed to
be higher) but it is assigned to p (parallelization). The same wrapper api
gcry_kdf_derive() api's iteration argument has been correcly used in
_gcry_kdf_pkdf2().

when i set iterations to 20,000 (for PBKDF2) and 16384 (for scrypt) in
gcry_kdf_derive(), on my machine PBKDF2 took less than a second to generate
the key/hash where as scrypt took almost 35 minutes.

when i set iterations = 1 (subalgo) and subalgo = 16384, it took less than
a second to generate the key.

Suggested fix:

1. Either we should document the arguments properly.

OR

2.

 u64 N = iterations;    /* CPU/memory cost parameter.  */
 u32 r;              /* Block size.  */
 u32 p = subalgo; /* Parallelization parameter.  */ <<<<<<<<<<<

Please let me know.

Thanks

P.S : I have raised a task on gnupg : https://dev.gnupg.org/T3737
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gcrypt-devel/attachments/20180114/3300bf4a/attachment.html>