From 1f177528c18900491c2516a4f61cba7e62b3b530 Mon Sep 17 00:00:00 2001
From: ed <s@ocv.me>
Date: Fri, 15 Nov 2024 00:42:08 +0000
Subject: [PATCH] fix advanced options for password-hashing

and allow raising scrypt ram usage past OpenSSL's default 32 MiB
---
 copyparty/__main__.py |  5 +++--
 copyparty/pwhash.py   | 18 ++++++++++--------
 2 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/copyparty/__main__.py b/copyparty/__main__.py
index a5917762..5d281d9d 100644
--- a/copyparty/__main__.py
+++ b/copyparty/__main__.py
@@ -878,8 +878,9 @@ def get_sects():
             use argon2id with timecost 3, 256 MiB, 4 threads, version 19 (0x13/v1.3)
 
             \033[36m--ah-alg scrypt\033[0m  # which is the same as:
-            \033[36m--ah-alg scrypt,13,2,8,4\033[0m
-            use scrypt with cost 2**13, 2 iterations, blocksize 8, 4 threads
+            \033[36m--ah-alg scrypt,13,2,8,4,32\033[0m
+            use scrypt with cost 2**13, 2 iterations, blocksize 8, 4 threads,
+              and allow using up to 32 MiB RAM (ram=cost*blksz roughly)
 
             \033[36m--ah-alg sha2\033[0m  # which is the same as:
             \033[36m--ah-alg sha2,424242\033[0m
diff --git a/copyparty/pwhash.py b/copyparty/pwhash.py
index c613c910..c032f6bd 100644
--- a/copyparty/pwhash.py
+++ b/copyparty/pwhash.py
@@ -24,17 +24,13 @@ class PWHash(object):
     def __init__(self, args: argparse.Namespace):
         self.args = args
 
-        try:
-            alg, ac = args.ah_alg.split(",")
-        except:
-            alg = args.ah_alg
-            ac = {}
-
+        zsl = args.ah_alg.split(",")
+        alg = zsl[0]
         if alg == "none":
             alg = ""
 
         self.alg = alg
-        self.ac = ac
+        self.ac = zsl[1:]
         if not alg:
             self.on = False
             self.hash = unicode
@@ -90,17 +86,23 @@ class PWHash(object):
         its = 2
         blksz = 8
         para = 4
+        ramcap = 0  # openssl 1.1 = 32 MiB
         try:
             cost = 2 << int(self.ac[0])
             its = int(self.ac[1])
             blksz = int(self.ac[2])
             para = int(self.ac[3])
+            ramcap = int(self.ac[4]) * 1024 * 1024
         except:
             pass
 
+        cfg = {"salt": self.salt, "n": cost, "r": blksz, "p": para, "dklen": 24}
+        if ramcap:
+            cfg["maxmem"] = ramcap
+
         ret = plain.encode("utf-8")
         for _ in range(its):
-            ret = hashlib.scrypt(ret, salt=self.salt, n=cost, r=blksz, p=para, dklen=24)
+            ret = hashlib.scrypt(ret, **cfg)
 
         return "+" + base64.urlsafe_b64encode(ret).decode("utf-8")