Botan::PKCS5_PBKDF1 Class Reference

#include <pbkdf1.h>

Inheritance diagram for Botan::PKCS5_PBKDF1:

Public Member Functions
PBKDF *	clone () const override
OctetString	derive_key (size_t out_len, const std::string &passphrase, const uint8_t salt[], size_t salt_len, size_t iterations) const
template<typename Alloc >
OctetString	derive_key (size_t out_len, const std::string &passphrase, const std::vector< uint8_t, Alloc > &salt, size_t iterations) const
OctetString	derive_key (size_t out_len, const std::string &passphrase, const uint8_t salt[], size_t salt_len, std::chrono::milliseconds msec, size_t &iterations) const
template<typename Alloc >
OctetString	derive_key (size_t out_len, const std::string &passphrase, const std::vector< uint8_t, Alloc > &salt, std::chrono::milliseconds msec, size_t &iterations) const
std::string	name () const override
size_t	pbkdf (uint8_t output_buf[], size_t output_len, const std::string &passphrase, const uint8_t salt[], size_t salt_len, size_t iterations, std::chrono::milliseconds msec) const override
void	pbkdf_iterations (uint8_t out[], size_t out_len, const std::string &passphrase, const uint8_t salt[], size_t salt_len, size_t iterations) const
secure_vector< uint8_t >	pbkdf_iterations (size_t out_len, const std::string &passphrase, const uint8_t salt[], size_t salt_len, size_t iterations) const
void	pbkdf_timed (uint8_t out[], size_t out_len, const std::string &passphrase, const uint8_t salt[], size_t salt_len, std::chrono::milliseconds msec, size_t &iterations) const
secure_vector< uint8_t >	pbkdf_timed (size_t out_len, const std::string &passphrase, const uint8_t salt[], size_t salt_len, std::chrono::milliseconds msec, size_t &iterations) const
	PKCS5_PBKDF1 (HashFunction *hash)

Static Public Member Functions
static std::unique_ptr< PBKDF >	create (const std::string &algo_spec, const std::string &provider="")
static std::vector< std::string >	providers (const std::string &algo_spec)

Detailed Description

PKCS #5 v1 PBKDF, aka PBKDF1 Can only generate a key up to the size of the hash output. Unless needed for backwards compatibility, use PKCS5_PBKDF2

Definition at line 21 of file pbkdf1.h.

Constructor & Destructor Documentation

PKCS5_PBKDF1()

Botan::PKCS5_PBKDF1::PKCS5_PBKDF1 ( HashFunction *  hash )

inlineexplicit

Create a PKCS #5 instance using the specified hash function.

Parameters

hash	pointer to a hash function object to use

Definition at line 28 of file pbkdf1.h.

: m_hash(hash) {}

Member Function Documentation

clone()

PBKDF* Botan::PKCS5_PBKDF1::clone ( ) const

inlineoverridevirtual

Returns

new instance of this same algorithm

Implements Botan::PBKDF.

Definition at line 35 of file pbkdf1.h.

         {
         return new PKCS5_PBKDF1(m_hash->clone());
         }

create()

std::unique_ptr< PBKDF > Botan::PBKDF::create ( const std::string &  algo_spec, const std::string &  provider = ""  )

staticinherited

Create an instance based on a name If provider is empty then best available is chosen.

Parameters

algo_spec	algorithm name
provider	provider implementation to choose

Returns

a null pointer if the algo/provider combination cannot be found

Definition at line 21 of file pbkdf.cpp.

References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_count(), BOTAN_UNUSED, Botan::HashFunction::create(), Botan::MessageAuthenticationCode::create(), and hash.

Referenced by Botan::get_pbkdf().

   {
   const SCAN_Name req(algo_spec);

#if defined(BOTAN_HAS_PBKDF2)
   if(req.algo_name() == "PBKDF2")
      {
      // TODO OpenSSL

      if(provider.empty() || provider == "base")
         {
         if(auto mac = MessageAuthenticationCode::create(req.arg(0)))
            return std::unique_ptr<PBKDF>(new PKCS5_PBKDF2(mac.release()));

         if(auto mac = MessageAuthenticationCode::create("HMAC(" + req.arg(0) + ")"))
            return std::unique_ptr<PBKDF>(new PKCS5_PBKDF2(mac.release()));
         }

      return nullptr;
      }
#endif

#if defined(BOTAN_HAS_PBKDF1)
   if(req.algo_name() == "PBKDF1" && req.arg_count() == 1)
      {
      if(auto hash = HashFunction::create(req.arg(0)))
         return std::unique_ptr<PBKDF>(new PKCS5_PBKDF1(hash.release()));

      }
#endif

   BOTAN_UNUSED(req);
   BOTAN_UNUSED(provider);

   return nullptr;
   }

derive_key() [1/4]

OctetString Botan::PBKDF::derive_key ( size_t  out_len, const std::string &  passphrase, const uint8_t  salt[], size_t  salt_len, size_t  iterations  ) const

inlineinherited

Derive a key from a passphrase

Parameters

out_len	the desired length of the key to produce
passphrase	the password to derive the key from
salt	a randomly chosen salt
salt_len	length of salt in bytes
iterations	the number of iterations to use (use 10K or more)

Definition at line 149 of file pbkdf.h.

Referenced by Botan::check_passhash9(), Botan::CryptoBox::decrypt(), and Botan::CryptoBox::encrypt().

         {
         return pbkdf_iterations(out_len, passphrase, salt, salt_len, iterations);
         }

derive_key() [2/4]

template<typename Alloc >

OctetString Botan::PBKDF::derive_key ( size_t  out_len, const std::string &  passphrase, const std::vector< uint8_t, Alloc > &  salt, size_t  iterations  ) const

inlineinherited

Derive a key from a passphrase

Parameters

out_len	the desired length of the key to produce
passphrase	the password to derive the key from
salt	a randomly chosen salt
iterations	the number of iterations to use (use 10K or more)

Definition at line 165 of file pbkdf.h.

         {
         return pbkdf_iterations(out_len, passphrase, salt.data(), salt.size(), iterations);
         }

derive_key() [3/4]

OctetString Botan::PBKDF::derive_key ( size_t  out_len, const std::string &  passphrase, const uint8_t  salt[], size_t  salt_len, std::chrono::milliseconds  msec, size_t &  iterations  ) const

inlineinherited

Derive a key from a passphrase

Parameters

out_len	the desired length of the key to produce
passphrase	the password to derive the key from
salt	a randomly chosen salt
salt_len	length of salt in bytes
msec	is how long to run the PBKDF
iterations	is set to the number of iterations used

Definition at line 182 of file pbkdf.h.

         {
         return pbkdf_timed(out_len, passphrase, salt, salt_len, msec, iterations);
         }

derive_key() [4/4]

template<typename Alloc >

OctetString Botan::PBKDF::derive_key ( size_t  out_len, const std::string &  passphrase, const std::vector< uint8_t, Alloc > &  salt, std::chrono::milliseconds  msec, size_t &  iterations  ) const

inlineinherited

Derive a key from a passphrase using a certain amount of time

Parameters

out_len	the desired length of the key to produce
passphrase	the password to derive the key from
salt	a randomly chosen salt
msec	is how long to run the PBKDF
iterations	is set to the number of iterations used

Definition at line 200 of file pbkdf.h.

         {
         return pbkdf_timed(out_len, passphrase, salt.data(), salt.size(), msec, iterations);
         }

name()

std::string Botan::PKCS5_PBKDF1::name ( ) const

inlineoverridevirtual

Returns

name of this PBKDF

Implements Botan::PBKDF.

Definition at line 30 of file pbkdf1.h.

         {
         return "PBKDF1(" + m_hash->name() + ")";
         }

pbkdf()

size_t Botan::PKCS5_PBKDF1::pbkdf ( uint8_t  out[], size_t  out_len, const std::string &  passphrase, const uint8_t  salt[], size_t  salt_len, size_t  iterations, std::chrono::milliseconds  msec  ) const

overridevirtual

Derive a key from a passphrase for a number of iterations specified by either iterations or if iterations == 0 then running until msec time has elapsed.

Parameters

out	buffer to store the derived key, must be of out_len bytes
out_len	the desired length of the key to produce
passphrase	the password to derive the key from
salt	a randomly chosen salt
salt_len	length of salt in bytes
iterations	the number of iterations to use (use 10K or more)
msec	if iterations is zero, then instead the PBKDF is run until msec milliseconds has passed.

Returns

the number of iterations performed

Implements Botan::PBKDF.

Definition at line 13 of file pbkdf1.cpp.

References Botan::copy_mem().

   {
   if(output_len > m_hash->output_length())
      throw Invalid_Argument("PKCS5_PBKDF1: Requested output length too long");

   m_hash->update(passphrase);
   m_hash->update(salt, salt_len);
   secure_vector<uint8_t> key = m_hash->final();

   const auto start = std::chrono::high_resolution_clock::now();
   size_t iterations_performed = 1;

   while(true)
      {
      if(iterations == 0)
         {
         if(iterations_performed % 10000 == 0)
            {
            auto time_taken = std::chrono::high_resolution_clock::now() - start;
            auto msec_taken = std::chrono::duration_cast<std::chrono::milliseconds>(time_taken);
            if(msec_taken > msec)
               break;
            }
         }
      else if(iterations_performed == iterations)
         break;

      m_hash->update(key);
      m_hash->final(key.data());

      ++iterations_performed;
      }

   copy_mem(output_buf, key.data(), output_len);
   return iterations_performed;
   }

pbkdf_iterations() [1/2]

void Botan::PBKDF::pbkdf_iterations ( uint8_t  out[], size_t  out_len, const std::string &  passphrase, const uint8_t  salt[], size_t  salt_len, size_t  iterations  ) const

inherited

Derive a key from a passphrase for a number of iterations.

Parameters

out	buffer to store the derived key, must be of out_len bytes
out_len	the desired length of the key to produce
passphrase	the password to derive the key from
salt	a randomly chosen salt
salt_len	length of salt in bytes
iterations	the number of iterations to use (use 10K or more)

Definition at line 73 of file pbkdf.cpp.

References BOTAN_ASSERT_EQUAL, Botan::PBKDF::name(), and Botan::PBKDF::pbkdf().

Referenced by Botan::PBKDF::pbkdf_iterations().

   {
   if(iterations == 0)
      throw Invalid_Argument(name() + ": Invalid iteration count");

   const size_t iterations_run = pbkdf(out, out_len, passphrase,
                                       salt, salt_len, iterations,
                                       std::chrono::milliseconds(0));
   BOTAN_ASSERT_EQUAL(iterations, iterations_run, "Expected PBKDF iterations");
   }

pbkdf_iterations() [2/2]

secure_vector< uint8_t > Botan::PBKDF::pbkdf_iterations ( size_t  out_len, const std::string &  passphrase, const uint8_t  salt[], size_t  salt_len, size_t  iterations  ) const

inherited

Derive a key from a passphrase for a number of iterations.

Parameters

out_len	the desired length of the key to produce
passphrase	the password to derive the key from
salt	a randomly chosen salt
salt_len	length of salt in bytes
iterations	the number of iterations to use (use 10K or more)

Returns

the derived key

Definition at line 87 of file pbkdf.cpp.

References Botan::PBKDF::pbkdf_iterations().

   {
   secure_vector<uint8_t> out(out_len);
   pbkdf_iterations(out.data(), out_len, passphrase, salt, salt_len, iterations);
   return out;
   }

pbkdf_timed() [1/2]

void Botan::PBKDF::pbkdf_timed ( uint8_t  out[], size_t  out_len, const std::string &  passphrase, const uint8_t  salt[], size_t  salt_len, std::chrono::milliseconds  msec, size_t &  iterations  ) const

inherited

Derive a key from a passphrase, running until msec time has elapsed.

Parameters

out	buffer to store the derived key, must be of out_len bytes
out_len	the desired length of the key to produce
passphrase	the password to derive the key from
salt	a randomly chosen salt
salt_len	length of salt in bytes
msec	if iterations is zero, then instead the PBKDF is run until msec milliseconds has passed.
iterations	set to the number iterations executed

Definition at line 64 of file pbkdf.cpp.

References Botan::PBKDF::pbkdf().

Referenced by Botan::PBKDF::pbkdf_timed().

   {
   iterations = pbkdf(out, out_len, passphrase, salt, salt_len, 0, msec);
   }

pbkdf_timed() [2/2]

secure_vector< uint8_t > Botan::PBKDF::pbkdf_timed ( size_t  out_len, const std::string &  passphrase, const uint8_t  salt[], size_t  salt_len, std::chrono::milliseconds  msec, size_t &  iterations  ) const

inherited

Derive a key from a passphrase, running until msec time has elapsed.

Parameters

out_len	the desired length of the key to produce
passphrase	the password to derive the key from
salt	a randomly chosen salt
salt_len	length of salt in bytes
msec	if iterations is zero, then instead the PBKDF is run until msec milliseconds has passed.
iterations	set to the number iterations executed

Returns

the derived key

Definition at line 97 of file pbkdf.cpp.

References Botan::PBKDF::pbkdf_timed().

   {
   secure_vector<uint8_t> out(out_len);
   pbkdf_timed(out.data(), out_len, passphrase, salt, salt_len, msec, iterations);
   return out;
   }

providers()

std::vector< std::string > Botan::PBKDF::providers ( const std::string &  algo_spec )

staticinherited

Returns

list of available providers for this algorithm, empty if not available

Definition at line 59 of file pbkdf.cpp.

   {
   return probe_providers_of<PBKDF>(algo_spec, { "base", "openssl" });
   }

---

The documentation for this class was generated from the following files:

• src/lib/pbkdf/pbkdf1/pbkdf1.h
• src/lib/pbkdf/pbkdf1/pbkdf1.cpp