Lock simple-scrypt library to master branch

The master branch includes a fix for i386, otherwise the calibration
panics. See https://github.com/restic/restic/issues/676 for details.

Gopkg.lock

@@ -14,10 +14,10 @@
   version = "v1.0.6"
 
 [[projects]]
+  branch = "master"
   name = "github.com/elithrar/simple-scrypt"
   packages = ["."]
-  revision = "47767683c6c880a9f89e48d376c70de7f5268951"
+  revision = "6724715de445c2e70cdafb7a1a14c8cfe0984210"
-  version = "v1.1"
 
 [[projects]]
   name = "github.com/go-ini/ini"
@@ -142,6 +142,6 @@
 [solve-meta]
   analyzer-name = "dep"
   analyzer-version = 1
-  inputs-digest = "10287830033309dd91c5e7e381e1a56cd3bf135fd4e776954232c404c39be210"
+  inputs-digest = "0783f6c5ff3952c10a8ea9ba5e80dcc816e95f9934983b772764b867d9be7eb8"
   solver-name = "gps-cdcl"
   solver-version = 1

Gopkg.toml

@@ -27,7 +27,7 @@
 
 [[constraint]]
   name = "github.com/elithrar/simple-scrypt"
-  version = "1.1.0"
+  branch = "master"
 
 [[constraint]]
   name = "github.com/kurin/blazer"

vendor/github.com/elithrar/simple-scrypt/.travis.yml

@@ -1,13 +1,16 @@
 language: go
+
 sudo: false
+
 go:
-- 1.2
+  - 1.2
-- 1.3
+  - 1.3
-- 1.4
+  - 1.4
-- 1.5
+  - 1.5
-- tip
+  - 1.6
-install:
+  - 1.7
-  - go get golang.org/x/tools/cmd/vet
+  - tip
+
 script:
   - go get -t -v ./...
   - diff -u <(echo -n) <(gofmt -d -s .)

vendor/github.com/elithrar/simple-scrypt/README.md

@@ -16,6 +16,14 @@ The API closely mirrors Go's [bcrypt](https://golang.org/x/crypto/bcrypt)
 library in an effort to make it easy to migrate—and because it's an easy to grok
 API.
 
+## Installation
+
+With a [working Go toolchain](https://golang.org/doc/code.html):
+
+```sh
+go get -u github.com/elithrar/simple-scrypt
+```
+
 ## Example
 
 simple-scrypt doesn't try to re-invent the wheel or do anything "special". It
@@ -95,14 +103,51 @@ func main() {
 }
 ```
 
-## TO-DO:
+## Automatically Determining Parameters
 
-The following features are planned. PRs are welcome.
+Thanks to the work by [tgulacsi](https://github.com/tgulacsi), you can have simple-scrypt
+automatically determine the optimal parameters for you (time vs. memory). You should run this once
+on program startup, as calibrating parameters can be an expensive operation.
 
-- [x] Tag a release build.
+```go
-- [x] Automatically calculate "optimal" values for N, r, p similar [to the Ruby scrypt library](https://github.com/pbhogan/scrypt/blob/master/lib/scrypt.rb#L97-L146)
+var params scrypt.Params
-   e.g. `func Calibrate(duration int, mem int, fallback Params) (Params, error)`
+
-   - contributed thanks to @tgulacsi.
+func main() {
+    var err error
+    // 500ms, 64MB of RAM per hash.
+    params, err = scrypt.Calibrate(500*time.Millisecond, 64, Params{})
+    if err != nil {
+        return nil, err
+    }
+
+    ...
+}
+
+func RegisterUserHandler(w http.ResponseWriter, r *http.Request) {
+    err := r.ParseForm()
+    if err != nil {
+        http.Error(w, err.Error(), http.StatusBadRequest)
+        return
+    }
+
+    // Make sure you validate: not empty, not too long, etc.
+    email := r.PostFormValue("email")
+    pass := r.PostFormValue("password")
+
+    // Use our calibrated parameters
+    hash, err := scrypt.GenerateFromPassword([]byte(pass), params)
+    if err != nil {
+        http.Error(w, err.Error(), http.StatusBadRequest)
+        return
+    }
+
+    // Save to DB, etc.
+}
+```
+
+Be aware that increasing these, whilst making it harder to brute-force the resulting hash, also
+increases the risk of a denial-of-service attack against your server. A surge in authenticate
+attempts (even if legitimate!) could consume all available resources.
 
 ## License
 

vendor/github.com/elithrar/simple-scrypt/scrypt.go

@@ -260,7 +260,7 @@ func Calibrate(timeout time.Duration, memMiBytes int, params Params) (Params, er
 	var again bool
 	memBytes := memMiBytes << 20
 	// If we'd use more memory then the allowed, we can tune the memory usage
-	for 128*p.R*p.N > memBytes {
+	for 128*int64(p.R)*int64(p.N) > int64(memBytes) {
 		if p.R > 1 {
 			// by lowering r
 			p.R--

vendor/github.com/elithrar/simple-scrypt/scrypt_test.go

@@ -23,11 +23,11 @@ var testParams = []struct {
 	{true, Params{1048576, 8, 2, 64, 128}},
 	{false, Params{-1, 8, 1, 16, 32}},          // invalid N
 	{false, Params{0, 8, 1, 16, 32}},           // invalid N
-	{false, Params{1 << 31, 8, 1, 16, 32}},     // invalid N
+	{false, Params{1<<31 - 1, 8, 1, 16, 32}},   // invalid N
 	{false, Params{16384, 0, 12, 16, 32}},      // invalid R
 	{false, Params{16384, 8, 0, 16, 32}},       // invalid R > maxInt/128/P
 	{false, Params{16384, 1 << 24, 1, 16, 32}}, // invalid R > maxInt/256
-	{false, Params{1 << 31, 8, 0, 16, 32}},     // invalid p < 0
+	{false, Params{1<<31 - 1, 8, 0, 16, 32}},   // invalid p < 0
 	{false, Params{4096, 8, 1, 5, 32}},         // invalid SaltLen
 	{false, Params{4096, 8, 1, 16, 2}},         // invalid DKLen
 }