Botan 3.0.0-alpha0
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::Bcrypt_PBKDF Class Referencefinal

#include <bcrypt_pbkdf.h>

Inheritance diagram for Botan::Bcrypt_PBKDF:
Botan::PasswordHash

Public Member Functions

 Bcrypt_PBKDF (const Bcrypt_PBKDF &other)=default
 
 Bcrypt_PBKDF (size_t iterations)
 
void derive_key (uint8_t out[], size_t out_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len) const override
 
virtual void derive_key (uint8_t out[], size_t out_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len, const uint8_t ad[], size_t ad_len, const uint8_t key[], size_t key_len) const
 
size_t iterations () const override
 
size_t memory_param () const override
 
Bcrypt_PBKDFoperator= (const Bcrypt_PBKDF &)=default
 
size_t parallelism () const override
 
std::string to_string () const override
 
size_t total_memory_usage () const override
 

Detailed Description

Bcrypt-PBKDF key derivation function

Definition at line 19 of file bcrypt_pbkdf.h.

Constructor & Destructor Documentation

◆ Bcrypt_PBKDF() [1/2]

Botan::Bcrypt_PBKDF::Bcrypt_PBKDF ( size_t  iterations)

Definition at line 15 of file bcrypt_pbkdf.cpp.

15 :
16 m_iterations(iterations)
17 {
18 BOTAN_ARG_CHECK(m_iterations > 0, "Invalid Bcrypt-PBKDF iterations");
19 }
#define BOTAN_ARG_CHECK(expr, msg)
Definition: assert.h:36
size_t iterations() const override
Definition: bcrypt_pbkdf.h:36

References BOTAN_ARG_CHECK.

◆ Bcrypt_PBKDF() [2/2]

Botan::Bcrypt_PBKDF::Bcrypt_PBKDF ( const Bcrypt_PBKDF other)
default

Member Function Documentation

◆ derive_key() [1/2]

void Botan::Bcrypt_PBKDF::derive_key ( uint8_t  out[],
size_t  out_len,
const char *  password,
size_t  password_len,
const uint8_t  salt[],
size_t  salt_len 
) const
overridevirtual

Derive a new key under the current Bcrypt-PBKDF parameter set

Implements Botan::PasswordHash.

Definition at line 130 of file bcrypt_pbkdf.cpp.

133 {
134 // No output desired, so we are all done already...
135 if(output_len == 0)
136 return;
137
138 BOTAN_ARG_CHECK(output_len <= 10*1024*1024, "Too much output for Bcrypt PBKDF");
139
140 const size_t BCRYPT_BLOCK_SIZE = 32;
141 const size_t blocks = (output_len + BCRYPT_BLOCK_SIZE - 1) / BCRYPT_BLOCK_SIZE;
142
143 auto sha512 = HashFunction::create_or_throw("SHA-512");
144 const auto pass_hash =
145 sha512->process(reinterpret_cast<const uint8_t*>(password), password_len);
146
147 secure_vector<uint8_t> salt_hash(sha512->output_length());
148
149 Blowfish blowfish;
150 secure_vector<uint8_t> out(BCRYPT_BLOCK_SIZE);
151 secure_vector<uint8_t> tmp(BCRYPT_BLOCK_SIZE);
152
153 for(size_t block = 0; block != blocks; ++block)
154 {
155 clear_mem(out.data(), out.size());
156
157 sha512->update(salt, salt_len);
158 sha512->update_be(static_cast<uint32_t>(block + 1));
159 sha512->final(salt_hash.data());
160
161 bcrypt_round(blowfish, pass_hash, salt_hash, out, tmp);
162
163 for(size_t r = 1; r < m_iterations; ++r)
164 {
165 // Next salt is H(prev_output)
166 sha512->update(tmp);
167 sha512->final(salt_hash.data());
168
169 bcrypt_round(blowfish, pass_hash, salt_hash, out, tmp);
170 }
171
172 for(size_t i = 0; i != BCRYPT_BLOCK_SIZE; ++i)
173 {
174 const size_t dest = i * blocks + block;
175 if(dest < output_len)
176 output[dest] = out[i];
177 }
178 }
179 }
static std::unique_ptr< HashFunction > create_or_throw(const std::string &algo_spec, const std::string &provider="")
Definition: hash.cpp:312
constexpr void clear_mem(T *ptr, size_t n)
Definition: mem_ops.h:115
size_t salt_len
Definition: x509_obj.cpp:25

References BOTAN_ARG_CHECK, Botan::clear_mem(), Botan::HashFunction::create_or_throw(), and salt_len.

◆ derive_key() [2/2]

void Botan::PasswordHash::derive_key ( uint8_t  out[],
size_t  out_len,
const char *  password,
size_t  password_len,
const uint8_t  salt[],
size_t  salt_len,
const uint8_t  ad[],
size_t  ad_len,
const uint8_t  key[],
size_t  key_len 
) const
virtualinherited

Derive a key from a password plus additional data and/or a secret key

Currently this is only supported for Argon2. Using a non-empty AD or key with other algorithms will cause a Not_Implemented exception.

Parameters
outbuffer to store the derived key, must be of out_len bytes
out_lenthe desired length of the key to produce
passwordthe password to derive the key from
password_lenthe length of password in bytes
salta randomly chosen salt
salt_lenlength of salt in bytes
adsome additional data
ad_lenlength of ad in bytes
keya secret key
key_lenlength of key in bytes

This function is const, but is not thread safe. Different threads should either use unique objects, or serialize all access.

Reimplemented in Botan::Argon2.

Definition at line 33 of file pwdhash.cpp.

38 {
39 BOTAN_UNUSED(ad, key);
40
41 if(ad_len == 0 && key_len == 0)
42 return this->derive_key(out, out_len,
43 password, password_len,
44 salt, salt_len);
45 else
46 throw Not_Implemented("PasswordHash " + this->to_string() + " does not support AD or key");
47 }
#define BOTAN_UNUSED(...)
Definition: assert.h:141
virtual void derive_key(uint8_t out[], size_t out_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len) const =0
virtual std::string to_string() const =0

References BOTAN_UNUSED, Botan::PasswordHash::derive_key(), salt_len, and Botan::PasswordHash::to_string().

◆ iterations()

size_t Botan::Bcrypt_PBKDF::iterations ( ) const
inlineoverridevirtual

Most password hashes have some notion of iterations.

Implements Botan::PasswordHash.

Definition at line 36 of file bcrypt_pbkdf.h.

36{ return m_iterations; }

◆ memory_param()

size_t Botan::Bcrypt_PBKDF::memory_param ( ) const
inlineoverridevirtual

Some password hashing algorithms have a parameter which controls how much memory is used. If not supported by some algorithm, returns 0.

Reimplemented from Botan::PasswordHash.

Definition at line 40 of file bcrypt_pbkdf.h.

40{ return 0; }

◆ operator=()

Bcrypt_PBKDF & Botan::Bcrypt_PBKDF::operator= ( const Bcrypt_PBKDF )
default

◆ parallelism()

size_t Botan::Bcrypt_PBKDF::parallelism ( ) const
inlineoverridevirtual

Some password hashing algorithms have a parallelism parameter. If the algorithm does not support this notion, then the function returns zero. This allows distinguishing between a password hash which just does not support parallel operation, vs one that does support parallel operation but which has been configured to use a single lane.

Reimplemented from Botan::PasswordHash.

Definition at line 38 of file bcrypt_pbkdf.h.

38{ return 0; }

◆ to_string()

std::string Botan::Bcrypt_PBKDF::to_string ( ) const
overridevirtual

Implements Botan::PasswordHash.

Definition at line 21 of file bcrypt_pbkdf.cpp.

22 {
23 return "Bcrypt-PBKDF(" + std::to_string(m_iterations) + ")";
24 }
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:209

References Botan::ASN1::to_string().

◆ total_memory_usage()

size_t Botan::Bcrypt_PBKDF::total_memory_usage ( ) const
inlineoverridevirtual

Returns an estimate of the total number of bytes required to perform this key derivation.

If this algorithm uses a small and constant amount of memory, with no effort made towards being memory hard, this function returns 0.

Reimplemented from Botan::PasswordHash.

Definition at line 42 of file bcrypt_pbkdf.h.

42{ return 4096; }

The documentation for this class was generated from the following files: