Botan::Argon2 Class Reference

#include <argon2.h>

Inheritance diagram for Botan::Argon2:

Public Member Functions
	Argon2 (uint8_t family, size_t M, size_t t, size_t p)
void	derive_key (uint8_t out[], size_t out_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len) const override
void	derive_key (uint8_t out[], size_t out_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len, const uint8_t ad[], size_t ad_len, const uint8_t key[], size_t key_len) const override
void	hash (std::span< uint8_t > out, std::string_view password, std::span< const uint8_t > salt) const
void	hash (std::span< uint8_t > out, std::string_view password, std::span< const uint8_t > salt, std::span< const uint8_t > associated_data, std::span< const uint8_t > key) const
size_t	iterations () const override
size_t	M () const
size_t	memory_param () const override
size_t	p () const
size_t	parallelism () const override
bool	supports_associated_data () const override
bool	supports_keyed_operation () const override
size_t	t () const
std::string	to_string () const override
size_t	total_memory_usage () const override

Static Public Member Functions
static void	blamka (uint64_t N[128], uint64_t T[128])

Detailed Description

Argon2 key derivation function

Definition at line 26 of file argon2.h.

Constructor & Destructor Documentation

Argon2()

Botan::Argon2::Argon2	(	uint8_t	family,
		size_t	M,
		size_t	t,
		size_t	p )

Definition at line 18 of file argon2pwhash.cpp.

                                                           : m_family(family), m_M(M), m_t(t), m_p(p) {
   BOTAN_ARG_CHECK(m_p >= 1 && m_p <= 128, "Invalid Argon2 threads parameter");
   BOTAN_ARG_CHECK(m_M >= 8 * m_p && m_M <= 8192 * 1024, "Invalid Argon2 M parameter");
   BOTAN_ARG_CHECK(m_t >= 1 && m_t <= std::numeric_limits<uint32_t>::max(), "Invalid Argon2 t parameter");
}

References BOTAN_ARG_CHECK, M(), p(), and t().

Member Function Documentation

blamka()

void Botan::Argon2::blamka ( uint64_t N[128], uint64_t T[128] )

static

Argon2's BLAMKA function

Definition at line 169 of file argon2.cpp.

                                                    {
#if defined(BOTAN_HAS_ARGON2_AVX2)
   if(CPUID::has(CPUID::Feature::AVX2)) {
      return Argon2::blamka_avx2(N, T);
   }
#endif
 
#if defined(BOTAN_HAS_ARGON2_SSSE3)
   if(CPUID::has(CPUID::Feature::SSSE3)) {
      return Argon2::blamka_ssse3(N, T);
   }
#endif
 
   copy_mem(T, N, 128);
 
   for(size_t i = 0; i != 128; i += 16) {
      blamka_G(T[i + 0], T[i + 4], T[i + 8], T[i + 12]);
      blamka_G(T[i + 1], T[i + 5], T[i + 9], T[i + 13]);
      blamka_G(T[i + 2], T[i + 6], T[i + 10], T[i + 14]);
      blamka_G(T[i + 3], T[i + 7], T[i + 11], T[i + 15]);
 
      blamka_G(T[i + 0], T[i + 5], T[i + 10], T[i + 15]);
      blamka_G(T[i + 1], T[i + 6], T[i + 11], T[i + 12]);
      blamka_G(T[i + 2], T[i + 7], T[i + 8], T[i + 13]);
      blamka_G(T[i + 3], T[i + 4], T[i + 9], T[i + 14]);
   }
 
   for(size_t i = 0; i != 128 / 8; i += 2) {
      blamka_G(T[i + 0], T[i + 32], T[i + 64], T[i + 96]);
      blamka_G(T[i + 1], T[i + 33], T[i + 65], T[i + 97]);
      blamka_G(T[i + 16], T[i + 48], T[i + 80], T[i + 112]);
      blamka_G(T[i + 17], T[i + 49], T[i + 81], T[i + 113]);
 
      blamka_G(T[i + 0], T[i + 33], T[i + 80], T[i + 113]);
      blamka_G(T[i + 1], T[i + 48], T[i + 81], T[i + 96]);
      blamka_G(T[i + 16], T[i + 49], T[i + 64], T[i + 97]);
      blamka_G(T[i + 17], T[i + 32], T[i + 65], T[i + 112]);
   }
 
   for(size_t i = 0; i != 128; ++i) {
      N[i] ^= T[i];
   }
}

References Botan::CPUFeature::AVX2, Botan::copy_mem(), Botan::CPUID::has(), and Botan::CPUFeature::SSSE3.

derive_key() [1/2]

void Botan::Argon2::derive_key ( uint8_t out[], size_t out_len, const char * password, size_t password_len, const uint8_t salt[], size_t salt_len ) const

overridevirtual

Derive a new key under the current Argon2 parameter set

Implements Botan::PasswordHash.

Definition at line 24 of file argon2pwhash.cpp.

                                               {
   argon2(output, output_len, password, password_len, salt, salt_len, nullptr, 0, nullptr, 0);
}

derive_key() [2/2]

void Botan::Argon2::derive_key ( uint8_t out[], size_t out_len, const char * password, size_t password_len, const uint8_t salt[], size_t salt_len, const uint8_t ad[], size_t ad_len, const uint8_t key[], size_t key_len ) const

overridevirtual

Derive a key from a password plus additional data and/or a secret key

Currently this is only supported for Argon2. Using a non-empty AD or key with other algorithms will cause a Not_Implemented exception.

Parameters

out	buffer to store the derived key, must be of out_len bytes
out_len	the desired length of the key to produce
password	the password to derive the key from
password_len	the length of password in bytes
salt	a randomly chosen salt
salt_len	length of salt in bytes
ad	some additional data
ad_len	length of ad in bytes
key	a secret key
key_len	length of key in bytes

This function is const, but is not thread safe. Different threads should either use unique objects, or serialize all access.

Reimplemented from Botan::PasswordHash.

Definition at line 33 of file argon2pwhash.cpp.

                                              {
   argon2(output, output_len, password, password_len, salt, salt_len, key, key_len, ad, ad_len);
}

hash() [1/2]

void Botan::PasswordHash::hash ( std::span< uint8_t > out, std::string_view password, std::span< const uint8_t > salt ) const

inlineinherited

Hash a password into a bitstring

Derive a key from the specified password and salt, placing it into out.

Parameters

out	a span where the derived key will be placed
password	the password to derive the key from
salt	a randomly chosen salt

This function is const, but is not thread safe. Different threads should either use unique objects, or serialize all access.

Definition at line 84 of file pwdhash.h.

                                                                                                  {
         this->derive_key(out.data(), out.size(), password.data(), password.size(), salt.data(), salt.size());
      }

References derive_key().

Referenced by Botan::RFC4880_S2K::RFC4880_S2K().

hash() [2/2]

void Botan::PasswordHash::hash ( std::span< uint8_t > out, std::string_view password, std::span< const uint8_t > salt, std::span< const uint8_t > associated_data, std::span< const uint8_t > key ) const

inlineinherited

Hash a password into a bitstring

Derive a key from the specified password, salt, associated_data, and secret key, placing it into out. The associated_data and key are both allowed to be empty. Currently non-empty AD/key is only supported with Argon2.

Parameters

out	a span where the derived key will be placed
password	the password to derive the key from
salt	a randomly chosen salt
associated_data	some additional data
key	a secret key

This function is const, but is not thread safe. Different threads should either use unique objects, or serialize all access.

Definition at line 105 of file pwdhash.h.

                                                  {
         this->derive_key(out.data(),
                          out.size(),
                          password.data(),
                          password.size(),
                          salt.data(),
                          salt.size(),
                          associated_data.data(),
                          associated_data.size(),
                          key.data(),
                          key.size());
      }

References derive_key().

iterations()

size_t Botan::Argon2::iterations ( ) const

inlineoverridevirtual

Most password hashes have some notion of iterations.

Implements Botan::PasswordHash.

Definition at line 63 of file argon2.h.

{ return t(); }

References t().

M()

size_t Botan::Argon2::M ( ) const

inline

Definition at line 53 of file argon2.h.

{ return m_M; }

Referenced by Argon2(), memory_param(), and total_memory_usage().

memory_param()

size_t Botan::Argon2::memory_param ( ) const

inlineoverridevirtual

Some password hashing algorithms have a parameter which controls how much memory is used. If not supported by some algorithm, returns 0.

Reimplemented from Botan::PasswordHash.

Definition at line 67 of file argon2.h.

{ return M(); }

References M().

p()

size_t Botan::Argon2::p ( ) const

inline

Definition at line 57 of file argon2.h.

{ return m_p; }

Referenced by Argon2(), and parallelism().

parallelism()

size_t Botan::Argon2::parallelism ( ) const

inlineoverridevirtual

Some password hashing algorithms have a parallelism parameter. If the algorithm does not support this notion, then the function returns zero. This allows distinguishing between a password hash which just does not support parallel operation, vs one that does support parallel operation but which has been configured to use a single lane.

Reimplemented from Botan::PasswordHash.

Definition at line 65 of file argon2.h.

{ return p(); }

References p().

supports_associated_data()

bool Botan::Argon2::supports_associated_data ( ) const

inlineoverridevirtual

Returns

true if this password hash supports supplying associated data

Reimplemented from Botan::PasswordHash.

Definition at line 61 of file argon2.h.

{ return true; }

supports_keyed_operation()

bool Botan::Argon2::supports_keyed_operation ( ) const

inlineoverridevirtual

Returns

true if this password hash supports supplying a key

Reimplemented from Botan::PasswordHash.

Definition at line 59 of file argon2.h.

{ return true; }

t()

size_t Botan::Argon2::t ( ) const

inline

Definition at line 55 of file argon2.h.

{ return m_t; }

Referenced by Argon2(), and iterations().

to_string()

std::string Botan::Argon2::to_string ( ) const

overridevirtual

Implements Botan::PasswordHash.

Definition at line 63 of file argon2pwhash.cpp.

                                  {
   return fmt("{}({},{},{})", argon2_family_name(m_family), m_M, m_t, m_p);
}

References Botan::fmt().

total_memory_usage()

size_t Botan::Argon2::total_memory_usage ( ) const

inlineoverridevirtual

Returns an estimate of the total number of bytes required to perform this key derivation.

If this algorithm uses a small and constant amount of memory, with no effort made towards being memory hard, this function returns 0.

Reimplemented from Botan::PasswordHash.

Definition at line 69 of file argon2.h.

{ return M() * 1024; }

References M().

---

The documentation for this class was generated from the following files:

• src/lib/pbkdf/argon2/argon2.h
• src/lib/pbkdf/argon2/argon2.cpp
• src/lib/pbkdf/argon2/argon2_avx2/argon2_avx2.cpp
• src/lib/pbkdf/argon2/argon2_ssse3/argon2_ssse3.cpp
• src/lib/pbkdf/argon2/argon2pwhash.cpp