Botan  1.11.34
Crypto and TLS for C++11
Public Member Functions | Static Public Member Functions | List of all members
Botan::PKCS5_PBKDF1 Class Referencefinal

#include <pbkdf1.h>

Inheritance diagram for Botan::PKCS5_PBKDF1:
Botan::PBKDF

Public Member Functions

PBKDFclone () const override
 
OctetString derive_key (size_t out_len, const std::string &passphrase, const byte salt[], size_t salt_len, size_t iterations) const
 
template<typename Alloc >
OctetString derive_key (size_t out_len, const std::string &passphrase, const std::vector< byte, Alloc > &salt, size_t iterations) const
 
OctetString derive_key (size_t out_len, const std::string &passphrase, const byte salt[], size_t salt_len, std::chrono::milliseconds msec, size_t &iterations) const
 
template<typename Alloc >
OctetString derive_key (size_t out_len, const std::string &passphrase, const std::vector< byte, Alloc > &salt, std::chrono::milliseconds msec, size_t &iterations) const
 
std::string name () const override
 
size_t pbkdf (byte output_buf[], size_t output_len, const std::string &passphrase, const byte salt[], size_t salt_len, size_t iterations, std::chrono::milliseconds msec) const override
 
void pbkdf_iterations (byte out[], size_t out_len, const std::string &passphrase, const byte salt[], size_t salt_len, size_t iterations) const
 
secure_vector< bytepbkdf_iterations (size_t out_len, const std::string &passphrase, const byte salt[], size_t salt_len, size_t iterations) const
 
void pbkdf_timed (byte out[], size_t out_len, const std::string &passphrase, const byte salt[], size_t salt_len, std::chrono::milliseconds msec, size_t &iterations) const
 
secure_vector< bytepbkdf_timed (size_t out_len, const std::string &passphrase, const byte salt[], size_t salt_len, std::chrono::milliseconds msec, size_t &iterations) const
 
 PKCS5_PBKDF1 (HashFunction *hash)
 

Static Public Member Functions

static std::unique_ptr< PBKDFcreate (const std::string &algo_spec, const std::string &provider="")
 
static std::vector< std::string > providers (const std::string &algo_spec)
 

Detailed Description

PKCS #5 v1 PBKDF, aka PBKDF1 Can only generate a key up to the size of the hash output. Unless needed for backwards compatibility, use PKCS5_PBKDF2

Definition at line 21 of file pbkdf1.h.

Constructor & Destructor Documentation

§ PKCS5_PBKDF1()

Botan::PKCS5_PBKDF1::PKCS5_PBKDF1 ( HashFunction hash)
inlineexplicit

Create a PKCS #5 instance using the specified hash function.

Parameters
hashpointer to a hash function object to use

Definition at line 28 of file pbkdf1.h.

28 : m_hash(hash) {}
MechanismType hash

Member Function Documentation

§ clone()

PBKDF* Botan::PKCS5_PBKDF1::clone ( ) const
inlineoverridevirtual
Returns
new instance of this same algorithm

Implements Botan::PBKDF.

Definition at line 35 of file pbkdf1.h.

36  {
37  return new PKCS5_PBKDF1(m_hash->clone());
38  }
PKCS5_PBKDF1(HashFunction *hash)
Definition: pbkdf1.h:28

§ create()

std::unique_ptr< PBKDF > Botan::PBKDF::create ( const std::string &  algo_spec,
const std::string &  provider = "" 
)
staticinherited

Create an instance based on a name If provider is empty then best available is chosen.

Parameters
algo_specalgorithm name
providerprovider implementation to choose
Returns
a null pointer if the algo/provider combination cannot be found

Definition at line 23 of file pbkdf.cpp.

References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_count(), Botan::HashFunction::create(), Botan::MessageAuthenticationCode::create(), and hash.

Referenced by Botan::get_pbkdf().

25  {
26  const SCAN_Name req(algo_spec);
27 
28 #if defined(BOTAN_HAS_PBKDF2)
29  if(req.algo_name() == "PBKDF2")
30  {
31  // TODO OpenSSL
32 
33  if(provider.empty() || provider == "base")
34  {
35  if(auto mac = MessageAuthenticationCode::create(req.arg(0)))
36  return std::unique_ptr<PBKDF>(new PKCS5_PBKDF2(mac.release()));
37 
38  if(auto mac = MessageAuthenticationCode::create("HMAC(" + req.arg(0) + ")"))
39  return std::unique_ptr<PBKDF>(new PKCS5_PBKDF2(mac.release()));
40  }
41 
42  return nullptr;
43  }
44 #endif
45 
46 #if defined(BOTAN_HAS_PBKDF1)
47  if(req.algo_name() == "PBKDF1" && req.arg_count() == 1)
48  {
49  if(auto hash = HashFunction::create(req.arg(0)))
50  return std::unique_ptr<PBKDF>(new PKCS5_PBKDF1(hash.release()));
51 
52  }
53 #endif
54 
55  return nullptr;
56  }
static std::unique_ptr< MessageAuthenticationCode > create(const std::string &algo_spec, const std::string &provider="")
Definition: mac.cpp:43
static std::unique_ptr< HashFunction > create(const std::string &algo_spec, const std::string &provider="")
Definition: hash.cpp:93
MechanismType hash

§ derive_key() [1/4]

OctetString Botan::PBKDF::derive_key ( size_t  out_len,
const std::string &  passphrase,
const byte  salt[],
size_t  salt_len,
size_t  iterations 
) const
inlineinherited

Derive a key from a passphrase

Parameters
out_lenthe desired length of the key to produce
passphrasethe password to derive the key from
salta randomly chosen salt
salt_lenlength of salt in bytes
iterationsthe number of iterations to use (use 10K or more)

Definition at line 149 of file pbkdf.h.

Referenced by Botan::check_passhash9(), Botan::CryptoBox::decrypt(), and Botan::CryptoBox::encrypt().

153  {
154  return pbkdf_iterations(out_len, passphrase, salt, salt_len, iterations);
155  }
void pbkdf_iterations(byte out[], size_t out_len, const std::string &passphrase, const byte salt[], size_t salt_len, size_t iterations) const
Definition: pbkdf.cpp:72

§ derive_key() [2/4]

template<typename Alloc >
OctetString Botan::PBKDF::derive_key ( size_t  out_len,
const std::string &  passphrase,
const std::vector< byte, Alloc > &  salt,
size_t  iterations 
) const
inlineinherited

Derive a key from a passphrase

Parameters
out_lenthe desired length of the key to produce
passphrasethe password to derive the key from
salta randomly chosen salt
iterationsthe number of iterations to use (use 10K or more)

Definition at line 165 of file pbkdf.h.

169  {
170  return pbkdf_iterations(out_len, passphrase, salt.data(), salt.size(), iterations);
171  }
void pbkdf_iterations(byte out[], size_t out_len, const std::string &passphrase, const byte salt[], size_t salt_len, size_t iterations) const
Definition: pbkdf.cpp:72

§ derive_key() [3/4]

OctetString Botan::PBKDF::derive_key ( size_t  out_len,
const std::string &  passphrase,
const byte  salt[],
size_t  salt_len,
std::chrono::milliseconds  msec,
size_t &  iterations 
) const
inlineinherited

Derive a key from a passphrase

Parameters
out_lenthe desired length of the key to produce
passphrasethe password to derive the key from
salta randomly chosen salt
salt_lenlength of salt in bytes
msecis how long to run the PBKDF
iterationsis set to the number of iterations used

Definition at line 182 of file pbkdf.h.

187  {
188  return pbkdf_timed(out_len, passphrase, salt, salt_len, msec, iterations);
189  }
void pbkdf_timed(byte out[], size_t out_len, const std::string &passphrase, const byte salt[], size_t salt_len, std::chrono::milliseconds msec, size_t &iterations) const
Definition: pbkdf.cpp:63

§ derive_key() [4/4]

template<typename Alloc >
OctetString Botan::PBKDF::derive_key ( size_t  out_len,
const std::string &  passphrase,
const std::vector< byte, Alloc > &  salt,
std::chrono::milliseconds  msec,
size_t &  iterations 
) const
inlineinherited

Derive a key from a passphrase using a certain amount of time

Parameters
out_lenthe desired length of the key to produce
passphrasethe password to derive the key from
salta randomly chosen salt
msecis how long to run the PBKDF
iterationsis set to the number of iterations used

Definition at line 200 of file pbkdf.h.

205  {
206  return pbkdf_timed(out_len, passphrase, salt.data(), salt.size(), msec, iterations);
207  }
void pbkdf_timed(byte out[], size_t out_len, const std::string &passphrase, const byte salt[], size_t salt_len, std::chrono::milliseconds msec, size_t &iterations) const
Definition: pbkdf.cpp:63

§ name()

std::string Botan::PKCS5_PBKDF1::name ( ) const
inlineoverridevirtual
Returns
name of this PBKDF

Implements Botan::PBKDF.

Definition at line 30 of file pbkdf1.h.

31  {
32  return "PBKDF1(" + m_hash->name() + ")";
33  }

§ pbkdf()

size_t Botan::PKCS5_PBKDF1::pbkdf ( byte  out[],
size_t  out_len,
const std::string &  passphrase,
const byte  salt[],
size_t  salt_len,
size_t  iterations,
std::chrono::milliseconds  msec 
) const
overridevirtual

Derive a key from a passphrase for a number of iterations specified by either iterations or if iterations == 0 then running until msec time has elapsed.

Parameters
outbuffer to store the derived key, must be of out_len bytes
out_lenthe desired length of the key to produce
passphrasethe password to derive the key from
salta randomly chosen salt
salt_lenlength of salt in bytes
iterationsthe number of iterations to use (use 10K or more)
msecif iterations is zero, then instead the PBKDF is run until msec milliseconds has passed.
Returns
the number of iterations performed

Implements Botan::PBKDF.

Definition at line 13 of file pbkdf1.cpp.

References Botan::copy_mem().

18  {
19  if(output_len > m_hash->output_length())
20  throw Invalid_Argument("PKCS5_PBKDF1: Requested output length too long");
21 
22  m_hash->update(passphrase);
23  m_hash->update(salt, salt_len);
24  secure_vector<byte> key = m_hash->final();
25 
26  const auto start = std::chrono::high_resolution_clock::now();
27  size_t iterations_performed = 1;
28 
29  while(true)
30  {
31  if(iterations == 0)
32  {
33  if(iterations_performed % 10000 == 0)
34  {
35  auto time_taken = std::chrono::high_resolution_clock::now() - start;
36  auto msec_taken = std::chrono::duration_cast<std::chrono::milliseconds>(time_taken);
37  if(msec_taken > msec)
38  break;
39  }
40  }
41  else if(iterations_performed == iterations)
42  break;
43 
44  m_hash->update(key);
45  m_hash->final(key.data());
46 
47  ++iterations_performed;
48  }
49 
50  copy_mem(output_buf, key.data(), output_len);
51  return iterations_performed;
52  }
void copy_mem(T *out, const T *in, size_t n)
Definition: mem_ops.h:68

§ pbkdf_iterations() [1/2]

void Botan::PBKDF::pbkdf_iterations ( byte  out[],
size_t  out_len,
const std::string &  passphrase,
const byte  salt[],
size_t  salt_len,
size_t  iterations 
) const
inherited

Derive a key from a passphrase for a number of iterations.

Parameters
outbuffer to store the derived key, must be of out_len bytes
out_lenthe desired length of the key to produce
passphrasethe password to derive the key from
salta randomly chosen salt
salt_lenlength of salt in bytes
iterationsthe number of iterations to use (use 10K or more)

Definition at line 72 of file pbkdf.cpp.

References BOTAN_ASSERT_EQUAL, Botan::PBKDF::name(), and Botan::PBKDF::pbkdf().

Referenced by Botan::PBKDF::pbkdf_iterations().

76  {
77  if(iterations == 0)
78  throw Invalid_Argument(name() + ": Invalid iteration count");
79 
80  const size_t iterations_run = pbkdf(out, out_len, passphrase,
81  salt, salt_len, iterations,
82  std::chrono::milliseconds(0));
83  BOTAN_ASSERT_EQUAL(iterations, iterations_run, "Expected PBKDF iterations");
84  }
virtual size_t pbkdf(byte out[], size_t out_len, const std::string &passphrase, const byte salt[], size_t salt_len, size_t iterations, std::chrono::milliseconds msec) const =0
virtual std::string name() const =0
#define BOTAN_ASSERT_EQUAL(expr1, expr2, assertion_made)
Definition: assert.h:53

§ pbkdf_iterations() [2/2]

secure_vector< byte > Botan::PBKDF::pbkdf_iterations ( size_t  out_len,
const std::string &  passphrase,
const byte  salt[],
size_t  salt_len,
size_t  iterations 
) const
inherited

Derive a key from a passphrase for a number of iterations.

Parameters
out_lenthe desired length of the key to produce
passphrasethe password to derive the key from
salta randomly chosen salt
salt_lenlength of salt in bytes
iterationsthe number of iterations to use (use 10K or more)
Returns
the derived key

Definition at line 86 of file pbkdf.cpp.

References Botan::PBKDF::pbkdf_iterations().

90  {
91  secure_vector<byte> out(out_len);
92  pbkdf_iterations(out.data(), out_len, passphrase, salt, salt_len, iterations);
93  return out;
94  }
void pbkdf_iterations(byte out[], size_t out_len, const std::string &passphrase, const byte salt[], size_t salt_len, size_t iterations) const
Definition: pbkdf.cpp:72

§ pbkdf_timed() [1/2]

void Botan::PBKDF::pbkdf_timed ( byte  out[],
size_t  out_len,
const std::string &  passphrase,
const byte  salt[],
size_t  salt_len,
std::chrono::milliseconds  msec,
size_t &  iterations 
) const
inherited

Derive a key from a passphrase, running until msec time has elapsed.

Parameters
outbuffer to store the derived key, must be of out_len bytes
out_lenthe desired length of the key to produce
passphrasethe password to derive the key from
salta randomly chosen salt
salt_lenlength of salt in bytes
msecif iterations is zero, then instead the PBKDF is run until msec milliseconds has passed.
iterationsset to the number iterations executed

Definition at line 63 of file pbkdf.cpp.

References Botan::PBKDF::pbkdf().

Referenced by Botan::PBKDF::pbkdf_timed().

68  {
69  iterations = pbkdf(out, out_len, passphrase, salt, salt_len, 0, msec);
70  }
virtual size_t pbkdf(byte out[], size_t out_len, const std::string &passphrase, const byte salt[], size_t salt_len, size_t iterations, std::chrono::milliseconds msec) const =0

§ pbkdf_timed() [2/2]

secure_vector< byte > Botan::PBKDF::pbkdf_timed ( size_t  out_len,
const std::string &  passphrase,
const byte  salt[],
size_t  salt_len,
std::chrono::milliseconds  msec,
size_t &  iterations 
) const
inherited

Derive a key from a passphrase, running until msec time has elapsed.

Parameters
out_lenthe desired length of the key to produce
passphrasethe password to derive the key from
salta randomly chosen salt
salt_lenlength of salt in bytes
msecif iterations is zero, then instead the PBKDF is run until msec milliseconds has passed.
iterationsset to the number iterations executed
Returns
the derived key

Definition at line 96 of file pbkdf.cpp.

References Botan::PBKDF::pbkdf_timed().

101  {
102  secure_vector<byte> out(out_len);
103  pbkdf_timed(out.data(), out_len, passphrase, salt, salt_len, msec, iterations);
104  return out;
105  }
void pbkdf_timed(byte out[], size_t out_len, const std::string &passphrase, const byte salt[], size_t salt_len, std::chrono::milliseconds msec, size_t &iterations) const
Definition: pbkdf.cpp:63

§ providers()

std::vector< std::string > Botan::PBKDF::providers ( const std::string &  algo_spec)
staticinherited
Returns
list of available providers for this algorithm, empty if not available

Definition at line 58 of file pbkdf.cpp.

59  {
60  return probe_providers_of<PBKDF>(algo_spec, { "base", "openssl" });
61  }

The documentation for this class was generated from the following files: