Botan 3.8.1
Crypto and TLS for C&
Botan::PKCS5_PBKDF2 Class Referencefinal

#include <pbkdf2.h>

Inheritance diagram for Botan::PKCS5_PBKDF2:
Botan::PBKDF

Public Member Functions

PBKDFclone () const
 
template<typename Alloc>
OctetString derive_key (size_t out_len, std::string_view passphrase, const std::vector< uint8_t, Alloc > &salt, size_t iterations) const
 
template<typename Alloc>
OctetString derive_key (size_t out_len, std::string_view passphrase, const std::vector< uint8_t, Alloc > &salt, std::chrono::milliseconds msec, size_t &iterations) const
 
OctetString derive_key (size_t out_len, std::string_view passphrase, const uint8_t salt[], size_t salt_len, size_t iterations) const
 
OctetString derive_key (size_t out_len, std::string_view passphrase, const uint8_t salt[], size_t salt_len, std::chrono::milliseconds msec, size_t &iterations) const
 
std::string name () const override
 
std::unique_ptr< PBKDFnew_object () const override
 
size_t pbkdf (uint8_t output_buf[], size_t output_len, std::string_view passphrase, const uint8_t salt[], size_t salt_len, size_t iterations, std::chrono::milliseconds msec) const override
 
secure_vector< uint8_t > pbkdf_iterations (size_t out_len, std::string_view passphrase, const uint8_t salt[], size_t salt_len, size_t iterations) const
 
void pbkdf_iterations (uint8_t out[], size_t out_len, std::string_view passphrase, const uint8_t salt[], size_t salt_len, size_t iterations) const
 
secure_vector< uint8_t > pbkdf_timed (size_t out_len, std::string_view passphrase, const uint8_t salt[], size_t salt_len, std::chrono::milliseconds msec, size_t &iterations) const
 
void pbkdf_timed (uint8_t out[], size_t out_len, std::string_view passphrase, const uint8_t salt[], size_t salt_len, std::chrono::milliseconds msec, size_t &iterations) const
 
 PKCS5_PBKDF2 (MessageAuthenticationCode *mac_fn)
 
 PKCS5_PBKDF2 (std::unique_ptr< MessageAuthenticationCode > mac_fn)
 

Static Public Member Functions

static std::unique_ptr< PBKDFcreate (std::string_view algo_spec, std::string_view provider="")
 
static std::unique_ptr< PBKDFcreate_or_throw (std::string_view algo_spec, std::string_view provider="")
 
static std::vector< std::string > providers (std::string_view algo_spec)
 

Detailed Description

PKCS #5 PBKDF2 (old interface)

Definition at line 100 of file pbkdf2.h.

Constructor & Destructor Documentation

◆ PKCS5_PBKDF2() [1/2]

Botan::PKCS5_PBKDF2::PKCS5_PBKDF2 ( MessageAuthenticationCode * mac_fn)
inlineexplicit

Create a PKCS #5 instance using the specified message auth code

Parameters
mac_fnthe MAC object to use as PRF

Definition at line 119 of file pbkdf2.h.

119: m_mac(mac_fn) {}

References PKCS5_PBKDF2().

Referenced by PKCS5_PBKDF2(), and PKCS5_PBKDF2().

◆ PKCS5_PBKDF2() [2/2]

Botan::PKCS5_PBKDF2::PKCS5_PBKDF2 ( std::unique_ptr< MessageAuthenticationCode > mac_fn)
inlineexplicit

Create a PKCS #5 instance using the specified message auth code

Parameters
mac_fnthe MAC object to use as PRF

Definition at line 126 of file pbkdf2.h.

126: m_mac(std::move(mac_fn)) {}

References PKCS5_PBKDF2().

Member Function Documentation

◆ clone()

PBKDF * Botan::PBKDF::clone ( ) const
inlineinherited
Returns
new instance of this same algorithm

Definition at line 65 of file pbkdf.h.

65{ return this->new_object().release(); }
virtual std::unique_ptr< PBKDF > new_object() const =0

References new_object().

◆ create()

std::unique_ptr< PBKDF > Botan::PBKDF::create ( std::string_view algo_spec,
std::string_view provider = "" )
staticinherited

Create an instance based on a name If provider is empty then best available is chosen.

Parameters
algo_specalgorithm name
providerprovider implementation to choose
Returns
a null pointer if the algo/provider combination cannot be found

Definition at line 24 of file pbkdf.cpp.

24 {
25 const SCAN_Name req(algo_spec);
26
27#if defined(BOTAN_HAS_PBKDF2)
28 if(req.algo_name() == "PBKDF2") {
29 if(provider.empty() || provider == "base") {
30 if(auto mac = MessageAuthenticationCode::create("HMAC(" + req.arg(0) + ")")) {
31 return std::make_unique<PKCS5_PBKDF2>(std::move(mac));
32 }
33
34 if(auto mac = MessageAuthenticationCode::create(req.arg(0))) {
35 return std::make_unique<PKCS5_PBKDF2>(std::move(mac));
36 }
37 }
38
39 return nullptr;
40 }
41#endif
42
43#if defined(BOTAN_HAS_PGP_S2K)
44 if(req.algo_name() == "OpenPGP-S2K" && req.arg_count() == 1) {
45 if(auto hash = HashFunction::create(req.arg(0))) {
46 return std::make_unique<OpenPGP_S2K>(std::move(hash));
47 }
48 }
49#endif
50
51 BOTAN_UNUSED(req, provider);
52
53 return nullptr;
54}
#define BOTAN_UNUSED
Definition assert.h:120
static std::unique_ptr< HashFunction > create(std::string_view algo_spec, std::string_view provider="")
Definition hash.cpp:107
static std::unique_ptr< MessageAuthenticationCode > create(std::string_view algo_spec, std::string_view provider="")
Definition mac.cpp:51

References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_count(), BOTAN_UNUSED, Botan::HashFunction::create(), and Botan::MessageAuthenticationCode::create().

Referenced by create_or_throw().

◆ create_or_throw()

std::unique_ptr< PBKDF > Botan::PBKDF::create_or_throw ( std::string_view algo_spec,
std::string_view provider = "" )
staticinherited

Create an instance based on a name, or throw if the algo/provider combination cannot be found. If provider is empty then best available is chosen.

Definition at line 57 of file pbkdf.cpp.

57 {
58 if(auto pbkdf = PBKDF::create(algo, provider)) {
59 return pbkdf;
60 }
61 throw Lookup_Error("PBKDF", algo, provider);
62}
virtual size_t pbkdf(uint8_t out[], size_t out_len, std::string_view passphrase, const uint8_t salt[], size_t salt_len, size_t iterations, std::chrono::milliseconds msec) const =0
static std::unique_ptr< PBKDF > create(std::string_view algo_spec, std::string_view provider="")
Definition pbkdf.cpp:24

References create(), and pbkdf().

Referenced by Botan::get_pbkdf(), and Botan::get_s2k().

◆ derive_key() [1/4]

template<typename Alloc>
OctetString Botan::PBKDF::derive_key ( size_t out_len,
std::string_view passphrase,
const std::vector< uint8_t, Alloc > & salt,
size_t iterations ) const
inlineinherited

Derive a key from a passphrase

Parameters
out_lenthe desired length of the key to produce
passphrasethe password to derive the key from
salta randomly chosen salt
iterationsthe number of iterations to use (use 10K or more)

Definition at line 189 of file pbkdf.h.

192 {
193 return OctetString(pbkdf_iterations(out_len, passphrase, salt.data(), salt.size(), iterations));
194 }
void pbkdf_iterations(uint8_t out[], size_t out_len, std::string_view passphrase, const uint8_t salt[], size_t salt_len, size_t iterations) const
Definition pbkdf.cpp:78

References pbkdf_iterations().

◆ derive_key() [2/4]

template<typename Alloc>
OctetString Botan::PBKDF::derive_key ( size_t out_len,
std::string_view passphrase,
const std::vector< uint8_t, Alloc > & salt,
std::chrono::milliseconds msec,
size_t & iterations ) const
inlineinherited

Derive a key from a passphrase using a certain amount of time

Parameters
out_lenthe desired length of the key to produce
passphrasethe password to derive the key from
salta randomly chosen salt
msecis how long to run the PBKDF
iterationsis set to the number of iterations used

Definition at line 223 of file pbkdf.h.

227 {
228 return OctetString(pbkdf_timed(out_len, passphrase, salt.data(), salt.size(), msec, iterations));
229 }
void pbkdf_timed(uint8_t out[], size_t out_len, std::string_view passphrase, const uint8_t salt[], size_t salt_len, std::chrono::milliseconds msec, size_t &iterations) const
Definition pbkdf.cpp:68

References pbkdf_timed().

◆ derive_key() [3/4]

OctetString Botan::PBKDF::derive_key ( size_t out_len,
std::string_view passphrase,
const uint8_t salt[],
size_t salt_len,
size_t iterations ) const
inlineinherited

Derive a key from a passphrase

Parameters
out_lenthe desired length of the key to produce
passphrasethe password to derive the key from
salta randomly chosen salt
salt_lenlength of salt in bytes
iterationsthe number of iterations to use (use 10K or more)

Definition at line 176 of file pbkdf.h.

177 {
178 return OctetString(pbkdf_iterations(out_len, passphrase, salt, salt_len, iterations));
179 }

References pbkdf_iterations().

Referenced by Botan::check_passhash9(), and Botan::generate_passhash9().

◆ derive_key() [4/4]

OctetString Botan::PBKDF::derive_key ( size_t out_len,
std::string_view passphrase,
const uint8_t salt[],
size_t salt_len,
std::chrono::milliseconds msec,
size_t & iterations ) const
inlineinherited

Derive a key from a passphrase

Parameters
out_lenthe desired length of the key to produce
passphrasethe password to derive the key from
salta randomly chosen salt
salt_lenlength of salt in bytes
msecis how long to run the PBKDF
iterationsis set to the number of iterations used

Definition at line 205 of file pbkdf.h.

210 {
211 return OctetString(pbkdf_timed(out_len, passphrase, salt, salt_len, msec, iterations));
212 }

References pbkdf_timed().

◆ name()

std::string Botan::PKCS5_PBKDF2::name ( ) const
overridevirtual
Returns
name of this PBKDF

Implements Botan::PBKDF.

Definition at line 151 of file pbkdf2.cpp.

151 {
152 return fmt("PBKDF2({})", m_mac->name());
153}
std::string fmt(std::string_view format, const T &... args)
Definition fmt.h:53

References Botan::fmt().

◆ new_object()

std::unique_ptr< PBKDF > Botan::PKCS5_PBKDF2::new_object ( ) const
overridevirtual
Returns
new instance of this same algorithm

Implements Botan::PBKDF.

Definition at line 155 of file pbkdf2.cpp.

155 {
156 return std::make_unique<PKCS5_PBKDF2>(m_mac->new_object());
157}

◆ pbkdf()

size_t Botan::PKCS5_PBKDF2::pbkdf ( uint8_t out[],
size_t out_len,
std::string_view passphrase,
const uint8_t salt[],
size_t salt_len,
size_t iterations,
std::chrono::milliseconds msec ) const
overridevirtual

Derive a key from a passphrase for a number of iterations specified by either iterations or if iterations == 0 then running until msec time has elapsed.

Parameters
outbuffer to store the derived key, must be of out_len bytes
out_lenthe desired length of the key to produce
passphrasethe password to derive the key from
salta randomly chosen salt
salt_lenlength of salt in bytes
iterationsthe number of iterations to use (use 10K or more)
msecif iterations is zero, then instead the PBKDF is run until msec milliseconds has passed.
Returns
the number of iterations performed

Implements Botan::PBKDF.

Definition at line 133 of file pbkdf2.cpp.

139 {
140 if(iterations == 0) {
141 iterations = tune_pbkdf2(*m_mac, key_len, msec);
142 }
143
144 PBKDF2 pbkdf2(*m_mac, iterations);
145
146 pbkdf2.derive_key(key, key_len, password.data(), password.size(), salt, salt_len);
147
148 return iterations;
149}
size_t pbkdf2(MessageAuthenticationCode &prf, uint8_t out[], size_t out_len, std::string_view password, const uint8_t salt[], size_t salt_len, size_t iterations, std::chrono::milliseconds msec)
Definition pbkdf2.cpp:71

References Botan::pbkdf2().

◆ pbkdf_iterations() [1/2]

secure_vector< uint8_t > Botan::PBKDF::pbkdf_iterations ( size_t out_len,
std::string_view passphrase,
const uint8_t salt[],
size_t salt_len,
size_t iterations ) const
inherited

Derive a key from a passphrase for a number of iterations.

Parameters
out_lenthe desired length of the key to produce
passphrasethe password to derive the key from
salta randomly chosen salt
salt_lenlength of salt in bytes
iterationsthe number of iterations to use (use 10K or more)
Returns
the derived key

Definition at line 93 of file pbkdf.cpp.

94 {
95 secure_vector<uint8_t> out(out_len);
96 pbkdf_iterations(out.data(), out_len, passphrase, salt, salt_len, iterations);
97 return out;
98}
std::vector< T, secure_allocator< T > > secure_vector
Definition secmem.h:65

References pbkdf_iterations().

◆ pbkdf_iterations() [2/2]

void Botan::PBKDF::pbkdf_iterations ( uint8_t out[],
size_t out_len,
std::string_view passphrase,
const uint8_t salt[],
size_t salt_len,
size_t iterations ) const
inherited

Derive a key from a passphrase for a number of iterations.

Parameters
outbuffer to store the derived key, must be of out_len bytes
out_lenthe desired length of the key to produce
passphrasethe password to derive the key from
salta randomly chosen salt
salt_lenlength of salt in bytes
iterationsthe number of iterations to use (use 10K or more)

Definition at line 78 of file pbkdf.cpp.

83 {
84 if(iterations == 0) {
85 throw Invalid_Argument(name() + ": Invalid iteration count");
86 }
87
88 const size_t iterations_run =
89 pbkdf(out, out_len, passphrase, salt, salt_len, iterations, std::chrono::milliseconds(0));
90 BOTAN_ASSERT_EQUAL(iterations, iterations_run, "Expected PBKDF iterations");
91}
#define BOTAN_ASSERT_EQUAL(expr1, expr2, assertion_made)
Definition assert.h:70
virtual std::string name() const =0

References BOTAN_ASSERT_EQUAL, name(), and pbkdf().

Referenced by derive_key(), derive_key(), pbkdf(), and pbkdf_iterations().

◆ pbkdf_timed() [1/2]

secure_vector< uint8_t > Botan::PBKDF::pbkdf_timed ( size_t out_len,
std::string_view passphrase,
const uint8_t salt[],
size_t salt_len,
std::chrono::milliseconds msec,
size_t & iterations ) const
inherited

Derive a key from a passphrase, running until msec time has elapsed.

Parameters
out_lenthe desired length of the key to produce
passphrasethe password to derive the key from
salta randomly chosen salt
salt_lenlength of salt in bytes
msecif iterations is zero, then instead the PBKDF is run until msec milliseconds has passed.
iterationsset to the number iterations executed
Returns
the derived key

Definition at line 100 of file pbkdf.cpp.

105 {
106 secure_vector<uint8_t> out(out_len);
107 pbkdf_timed(out.data(), out_len, passphrase, salt, salt_len, msec, iterations);
108 return out;
109}

References pbkdf_timed().

◆ pbkdf_timed() [2/2]

void Botan::PBKDF::pbkdf_timed ( uint8_t out[],
size_t out_len,
std::string_view passphrase,
const uint8_t salt[],
size_t salt_len,
std::chrono::milliseconds msec,
size_t & iterations ) const
inherited

Derive a key from a passphrase, running until msec time has elapsed.

Parameters
outbuffer to store the derived key, must be of out_len bytes
out_lenthe desired length of the key to produce
passphrasethe password to derive the key from
salta randomly chosen salt
salt_lenlength of salt in bytes
msecif iterations is zero, then instead the PBKDF is run until msec milliseconds has passed.
iterationsset to the number iterations executed

Definition at line 68 of file pbkdf.cpp.

74 {
75 iterations = pbkdf(out, out_len, passphrase, salt, salt_len, 0, msec);
76}

References pbkdf().

Referenced by derive_key(), derive_key(), pbkdf(), and pbkdf_timed().

◆ providers()

std::vector< std::string > Botan::PBKDF::providers ( std::string_view algo_spec)
staticinherited
Returns
list of available providers for this algorithm, empty if not available

Definition at line 64 of file pbkdf.cpp.

64 {
65 return probe_providers_of<PBKDF>(algo_spec);
66}
std::vector< std::string > probe_providers_of(std::string_view algo_spec, const std::vector< std::string > &possible={"base"})
Definition scan_name.h:105

References Botan::probe_providers_of().


The documentation for this class was generated from the following files: