#include <pwdhash.h>
Public Member Functions | |
| virtual void | derive_key (uint8_t out[], size_t out_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len) const =0 |
| virtual void | derive_key (uint8_t out[], size_t out_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len, const uint8_t ad[], size_t ad_len, const uint8_t key[], size_t key_len) const |
| void | hash (std::span< uint8_t > out, std::string_view password, std::span< const uint8_t > salt) const |
| void | hash (std::span< uint8_t > out, std::string_view password, std::span< const uint8_t > salt, std::span< const uint8_t > associated_data, std::span< const uint8_t > key) const |
| virtual size_t | iterations () const =0 |
| virtual size_t | memory_param () const |
| virtual size_t | parallelism () const |
| virtual bool | supports_associated_data () const |
| virtual bool | supports_keyed_operation () const |
| virtual std::string | to_string () const =0 |
| virtual size_t | total_memory_usage () const |
| virtual | ~PasswordHash ()=default |
Detailed Description
Base class for password based key derivation functions.
Converts a password into a key using a salt and iterated hashing to make brute force attacks harder.
Constructor & Destructor Documentation
◆ ~PasswordHash()
|
virtualdefault |
Member Function Documentation
◆ derive_key() [1/2]
|
pure virtual |
Derive a key from a password
- Parameters
-
out buffer to store the derived key, must be of out_len bytes out_len the desired length of the key to produce password the password to derive the key from password_len the length of password in bytes salt a randomly chosen salt salt_len length of salt in bytes
This function is const, but is not thread safe. Different threads should either use unique objects, or serialize all access.
Implemented in Botan::Argon2, Botan::Bcrypt_PBKDF, Botan::PBKDF2, Botan::RFC4880_S2K, and Botan::Scrypt.
References derive_key().
Referenced by derive_key(), derive_key(), hash(), and hash().
◆ derive_key() [2/2]
|
virtual |
Derive a key from a password plus additional data and/or a secret key
Currently this is only supported for Argon2. Using a non-empty AD or key with other algorithms will cause a Not_Implemented exception.
- Parameters
-
out buffer to store the derived key, must be of out_len bytes out_len the desired length of the key to produce password the password to derive the key from password_len the length of password in bytes salt a randomly chosen salt salt_len length of salt in bytes ad some additional data ad_len length of ad in bytes key a secret key key_len length of key in bytes
This function is const, but is not thread safe. Different threads should either use unique objects, or serialize all access.
Reimplemented in Botan::Argon2.
Definition at line 35 of file pwdhash.cpp.
References BOTAN_UNUSED, derive_key(), and to_string().
◆ hash() [1/2]
|
inline |
Hash a password into a bitstring
Derive a key from the specified password and salt, placing it into out.
- Parameters
-
out a span where the derived key will be placed password the password to derive the key from salt a randomly chosen salt
This function is const, but is not thread safe. Different threads should either use unique objects, or serialize all access.
Definition at line 84 of file pwdhash.h.
References derive_key().
Referenced by Botan::RFC4880_S2K::RFC4880_S2K().
◆ hash() [2/2]
|
inline |
Hash a password into a bitstring
Derive a key from the specified password, salt, associated_data, and secret key, placing it into out. The associated_data and key are both allowed to be empty. Currently non-empty AD/key is only supported with Argon2.
- Parameters
-
out a span where the derived key will be placed password the password to derive the key from salt a randomly chosen salt associated_data some additional data key a secret key
This function is const, but is not thread safe. Different threads should either use unique objects, or serialize all access.
Definition at line 105 of file pwdhash.h.
References derive_key().
◆ iterations()
|
pure virtual |
Most password hashes have some notion of iterations.
Implemented in Botan::Argon2, Botan::Bcrypt_PBKDF, Botan::PBKDF2, Botan::RFC4880_S2K, and Botan::Scrypt.
◆ memory_param()
|
inlinevirtual |
Some password hashing algorithms have a parameter which controls how much memory is used. If not supported by some algorithm, returns 0.
Reimplemented in Botan::Argon2, Botan::Bcrypt_PBKDF, and Botan::Scrypt.
Definition at line 40 of file pwdhash.h.
◆ parallelism()
|
inlinevirtual |
Some password hashing algorithms have a parallelism parameter. If the algorithm does not support this notion, then the function returns zero. This allows distinguishing between a password hash which just does not support parallel operation, vs one that does support parallel operation but which has been configured to use a single lane.
Reimplemented in Botan::Argon2, Botan::Bcrypt_PBKDF, and Botan::Scrypt.
Definition at line 50 of file pwdhash.h.
◆ supports_associated_data()
|
inlinevirtual |
- Returns
- true if this password hash supports supplying associated data
Reimplemented in Botan::Argon2.
Definition at line 69 of file pwdhash.h.
◆ supports_keyed_operation()
|
inlinevirtual |
- Returns
- true if this password hash supports supplying a key
Reimplemented in Botan::Argon2.
Definition at line 64 of file pwdhash.h.
◆ to_string()
|
pure virtual |
Implemented in Botan::Argon2, Botan::Bcrypt_PBKDF, Botan::PBKDF2, Botan::RFC4880_S2K, and Botan::Scrypt.
Referenced by derive_key().
◆ total_memory_usage()
|
inlinevirtual |
Returns an estimate of the total number of bytes required to perform this key derivation.
If this algorithm uses a small and constant amount of memory, with no effort made towards being memory hard, this function returns 0.
Reimplemented in Botan::Argon2, Botan::Bcrypt_PBKDF, and Botan::Scrypt.
Definition at line 59 of file pwdhash.h.
The documentation for this class was generated from the following files:
- src/lib/pbkdf/pwdhash.h
- src/lib/pbkdf/pwdhash.cpp
Generated by
1.13.2