Botan 3.6.1
Crypto and TLS for C&
Public Member Functions | Static Public Member Functions | List of all members
Botan::Argon2_Family Class Referencefinal

#include <argon2.h>

Inheritance diagram for Botan::Argon2_Family:
Botan::PasswordHashFamily

Public Member Functions

 Argon2_Family (uint8_t family)
 
std::unique_ptr< PasswordHashdefault_params () const override
 
std::unique_ptr< PasswordHashfrom_iterations (size_t iter) const override
 
std::unique_ptr< PasswordHashfrom_params (size_t M, size_t t, size_t p) const override
 
std::string name () const override
 
std::unique_ptr< PasswordHashtune (size_t output_length, std::chrono::milliseconds msec, size_t max_memory, std::chrono::milliseconds tune_msec) const override
 

Static Public Member Functions

static std::unique_ptr< PasswordHashFamilycreate (std::string_view algo_spec, std::string_view provider="")
 
static std::unique_ptr< PasswordHashFamilycreate_or_throw (std::string_view algo_spec, std::string_view provider="")
 
static std::vector< std::string > providers (std::string_view algo_spec)
 

Detailed Description

Definition at line 103 of file argon2.h.

Constructor & Destructor Documentation

◆ Argon2_Family()

Botan::Argon2_Family::Argon2_Family ( uint8_t family)

Definition at line 66 of file argon2pwhash.cpp.

66 : m_family(family) {
67 if(m_family != 0 && m_family != 1 && m_family != 2) {
68 throw Invalid_Argument("Unknown Argon2 family identifier");
69 }
70}

Member Function Documentation

◆ create()

std::unique_ptr< PasswordHashFamily > Botan::PasswordHashFamily::create ( std::string_view algo_spec,
std::string_view provider = "" )
staticinherited

Create an instance based on a name If provider is empty then best available is chosen.

Parameters
algo_specalgorithm name
providerprovider implementation to choose
Returns
a null pointer if the algo/provider combination cannot be found

Definition at line 53 of file pwdhash.cpp.

53 {
54 const SCAN_Name req(algo_spec);
55
56#if defined(BOTAN_HAS_PBKDF2)
57 if(req.algo_name() == "PBKDF2") {
58 if(provider.empty() || provider == "base") {
59 if(auto mac = MessageAuthenticationCode::create("HMAC(" + req.arg(0) + ")")) {
60 return std::make_unique<PBKDF2_Family>(std::move(mac));
61 }
62
63 if(auto mac = MessageAuthenticationCode::create(req.arg(0))) {
64 return std::make_unique<PBKDF2_Family>(std::move(mac));
65 }
66 }
67
68 return nullptr;
69 }
70#endif
71
72#if defined(BOTAN_HAS_SCRYPT)
73 if(req.algo_name() == "Scrypt") {
74 return std::make_unique<Scrypt_Family>();
75 }
76#endif
77
78#if defined(BOTAN_HAS_ARGON2)
79 if(req.algo_name() == "Argon2d") {
80 return std::make_unique<Argon2_Family>(static_cast<uint8_t>(0));
81 } else if(req.algo_name() == "Argon2i") {
82 return std::make_unique<Argon2_Family>(static_cast<uint8_t>(1));
83 } else if(req.algo_name() == "Argon2id") {
84 return std::make_unique<Argon2_Family>(static_cast<uint8_t>(2));
85 }
86#endif
87
88#if defined(BOTAN_HAS_PBKDF_BCRYPT)
89 if(req.algo_name() == "Bcrypt-PBKDF") {
90 return std::make_unique<Bcrypt_PBKDF_Family>();
91 }
92#endif
93
94#if defined(BOTAN_HAS_PGP_S2K)
95 if(req.algo_name() == "OpenPGP-S2K" && req.arg_count() == 1) {
96 if(auto hash = HashFunction::create(req.arg(0))) {
97 return std::make_unique<RFC4880_S2K_Family>(std::move(hash));
98 }
99 }
100#endif
101
102 BOTAN_UNUSED(req);
103 BOTAN_UNUSED(provider);
104
105 return nullptr;
106}
BOTAN_UNUSED
#define BOTAN_UNUSED
Definition assert.h:118
Botan::HashFunction::create
static std::unique_ptr< HashFunction > create(std::string_view algo_spec, std::string_view provider="")
Definition hash.cpp:107
Botan::MessageAuthenticationCode::create
static std::unique_ptr< MessageAuthenticationCode > create(std::string_view algo_spec, std::string_view provider="")
Definition mac.cpp:51

References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_count(), BOTAN_UNUSED, Botan::HashFunction::create(), and Botan::MessageAuthenticationCode::create().

Referenced by botan_pwdhash(), botan_pwdhash_timed(), and Botan::PasswordHashFamily::create_or_throw().

◆ create_or_throw()

std::unique_ptr< PasswordHashFamily > Botan::PasswordHashFamily::create_or_throw ( std::string_view algo_spec,
std::string_view provider = "" )
staticinherited

Create an instance based on a name, or throw if the algo/provider combination cannot be found. If provider is empty then best available is chosen.

Definition at line 109 of file pwdhash.cpp.

110 {
111 if(auto pbkdf = PasswordHashFamily::create(algo, provider)) {
112 return pbkdf;
113 }
114 throw Lookup_Error("PasswordHashFamily", algo, provider);
115}
Botan::PasswordHashFamily::create
static std::unique_ptr< PasswordHashFamily > create(std::string_view algo_spec, std::string_view provider="")
Definition pwdhash.cpp:53

References Botan::PasswordHashFamily::create().

Referenced by Botan::argon2_check_pwhash(), Botan::argon2_generate_pwhash(), Botan::CryptoBox::decrypt_bin(), and Botan::CryptoBox::encrypt().

◆ default_params()

std::unique_ptr< PasswordHash > Botan::Argon2_Family::default_params ( ) const
overridevirtual

Return some default parameter set for this PBKDF that should be good enough for most users. The value returned may change over time as processing power and attacks improve.

Implements Botan::PasswordHashFamily.

Definition at line 136 of file argon2pwhash.cpp.

136 {
137 return this->from_params(128 * 1024, 1, 1);
138}
Botan::Argon2_Family::from_params
std::unique_ptr< PasswordHash > from_params(size_t M, size_t t, size_t p) const override
Definition argon2pwhash.cpp:152

References from_params().

Referenced by tune().

◆ from_iterations()

std::unique_ptr< PasswordHash > Botan::Argon2_Family::from_iterations ( size_t iterations) const
overridevirtual

Return a parameter chosen based on a rough approximation with the specified iteration count. The exact value this returns for a particular algorithm may change from over time. Think of it as an alternative to tune, where time is expressed in terms of PBKDF2 iterations rather than milliseconds.

Implements Botan::PasswordHashFamily.

Definition at line 140 of file argon2pwhash.cpp.

140 {
141 /*
142 These choices are arbitrary, but should not change in future
143 releases since they will break applications expecting deterministic
144 mapping from iteration count to params
145 */
146 const size_t M = iter;
147 const size_t t = 1;
148 const size_t p = 1;
149 return this->from_params(M, t, p);
150}

References from_params().

◆ from_params()

std::unique_ptr< PasswordHash > Botan::Argon2_Family::from_params ( size_t i1,
size_t i2,
size_t i3 ) const
overridevirtual

Create a password hash using some scheme specific format. Parameters are as follows:

  • For PBKDF2, PGP-S2K, and Bcrypt-PBKDF, i1 is iterations
  • Scrypt uses N, r, p for i{1-3}
  • Argon2 family uses memory (in KB), iterations, and parallelism for i{1-3}

All unneeded parameters should be set to 0 or left blank.

Implements Botan::PasswordHashFamily.

Definition at line 152 of file argon2pwhash.cpp.

152 {
153 return std::make_unique<Argon2>(m_family, M, t, p);
154}

Referenced by default_params(), from_iterations(), and tune().

◆ name()

std::string Botan::Argon2_Family::name ( ) const
overridevirtual
Returns
name of this PasswordHash

Implements Botan::PasswordHashFamily.

Definition at line 72 of file argon2pwhash.cpp.

72 {
73 return argon2_family_name(m_family);
74}

◆ providers()

std::vector< std::string > Botan::PasswordHashFamily::providers ( std::string_view algo_spec)
staticinherited
Returns
list of available providers for this algorithm, empty if not available

Definition at line 117 of file pwdhash.cpp.

117 {
118 return probe_providers_of<PasswordHashFamily>(algo_spec);
119}
Botan::probe_providers_of
std::vector< std::string > probe_providers_of(std::string_view algo_spec, const std::vector< std::string > &possible={"base"})
Definition scan_name.h:105

References Botan::probe_providers_of().

◆ tune()

std::unique_ptr< PasswordHash > Botan::Argon2_Family::tune ( size_t output_length,
std::chrono::milliseconds msec,
size_t max_memory_usage_mb,
std::chrono::milliseconds tuning_msec ) const
overridevirtual

Return a new parameter set tuned for this machine

Return a password hash instance tuned to run for approximately msec milliseconds when producing an output of length output_length. (Accuracy may vary, use the command line utility botan pbkdf_tune to check.)

The parameters will be selected to use at most max_memory_usage_mb megabytes of memory, or if left as zero any size is allowed.

This function works by runing a short tuning loop to estimate the performance of the algorithm, then scaling the parameters appropriately to hit the target size. The length of time the tuning loop runs can be controlled using the tuning_msec parameter.

Parameters
output_lengthhow long the output length will be
msecthe desired execution time in milliseconds
max_memory_usage_mbsome password hash functions can use a tunable amount of memory, in this case max_memory_usage limits the amount of RAM the returned parameters will require, in mebibytes (2**20 bytes). It may require some small amount above the request. Set to zero to place no limit at all.
tuning_msechow long to run the tuning loop

Implements Botan::PasswordHashFamily.

Definition at line 76 of file argon2pwhash.cpp.

79 {
80 const size_t max_kib = (max_memory == 0) ? 256 * 1024 : max_memory * 1024;
81
82 // Tune with a large memory otherwise we measure cache vs RAM speeds and underestimate
83 // costs for larger params. Default is 36 MiB, or use 128 for long times.
84 const size_t tune_M = (msec >= std::chrono::milliseconds(200) ? 128 : 36) * 1024;
85 const size_t p = 1;
86 size_t t = 1;
87
88 Timer timer("Argon2");
89
90 auto pwhash = this->from_params(tune_M, t, p);
91
92 timer.run_until_elapsed(tune_time, [&]() {
93 uint8_t output[64] = {0};
94 pwhash->derive_key(output, sizeof(output), "test", 4, nullptr, 0);
95 });
96
97 if(timer.events() == 0 || timer.value() == 0) {
98 return default_params();
99 }
100
101 size_t M = 4 * 1024;
102
103 const uint64_t measured_time = timer.value() / (timer.events() * (tune_M / M));
104
105 const uint64_t target_nsec = msec.count() * static_cast<uint64_t>(1000000);
106
107 /*
108 * Argon2 scaling rules:
109 * k*M, k*t, k*p all increase cost by about k
110 *
111 * Since we don't even take advantage of p > 1, we prefer increasing
112 * t or M instead.
113 *
114 * If possible to increase M, prefer that.
115 */
116
117 uint64_t est_nsec = measured_time;
118
119 if(est_nsec < target_nsec && M < max_kib) {
120 const uint64_t desired_cost_increase = (target_nsec + est_nsec - 1) / est_nsec;
121 const uint64_t mem_headroom = max_kib / M;
122
123 const uint64_t M_mult = std::min(desired_cost_increase, mem_headroom);
124 M *= static_cast<size_t>(M_mult);
125 est_nsec *= M_mult;
126 }
127
128 if(est_nsec < target_nsec / 2) {
129 const uint64_t desired_cost_increase = (target_nsec + est_nsec - 1) / est_nsec;
130 t *= static_cast<size_t>(desired_cost_increase);
131 }
132
133 return this->from_params(M, t, p);
134}
Botan::Argon2_Family::default_params
std::unique_ptr< PasswordHash > default_params() const override
Definition argon2pwhash.cpp:136

References default_params(), Botan::Timer::events(), from_params(), Botan::Timer::run_until_elapsed(), and Botan::Timer::value().

The documentation for this class was generated from the following files:
Generated by doxygen 1.12.0