Botan 3.0.0-alpha0
Crypto and TLS for C&
Public Member Functions | List of all members
Botan::RFC4880_S2K Class Referencefinal

#include <pgp_s2k.h>

Inheritance diagram for Botan::RFC4880_S2K:
Botan::PasswordHash

Public Member Functions

void derive_key (uint8_t out[], size_t out_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len) const override
 
virtual void derive_key (uint8_t out[], size_t out_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len, const uint8_t ad[], size_t ad_len, const uint8_t key[], size_t key_len) const
 
size_t iterations () const override
 
virtual size_t memory_param () const
 
virtual size_t parallelism () const
 
 RFC4880_S2K (HashFunction *hash, size_t iterations)
 
std::string to_string () const override
 
virtual size_t total_memory_usage () const
 

Detailed Description

OpenPGP's S2K

See RFC 4880 sections 3.7.1.1, 3.7.1.2, and 3.7.1.3 If the salt is empty and iterations == 1, "simple" S2K is used If the salt is non-empty and iterations == 1, "salted" S2K is used If the salt is non-empty and iterations > 1, "iterated" S2K is used

Note that unlike PBKDF2, OpenPGP S2K's "iterations" are defined as the number of bytes hashed.

Definition at line 90 of file pgp_s2k.h.

Constructor & Destructor Documentation

◆ RFC4880_S2K()

Botan::RFC4880_S2K::RFC4880_S2K ( HashFunction hash,
size_t  iterations 
)
Parameters
hashthe hash function to use
iterationsis rounded due to PGP formatting

Definition at line 140 of file pgp_s2k.cpp.

140 :
141 m_hash(hash),
142 m_iterations(iterations)
143 {
144 }
size_t iterations() const override
Definition: pgp_s2k.h:101
MechanismType hash

Member Function Documentation

◆ derive_key() [1/2]

void Botan::RFC4880_S2K::derive_key ( uint8_t  out[],
size_t  out_len,
const char *  password,
size_t  password_len,
const uint8_t  salt[],
size_t  salt_len 
) const
overridevirtual

Derive a key from a password

Parameters
outbuffer to store the derived key, must be of out_len bytes
out_lenthe desired length of the key to produce
passwordthe password to derive the key from
password_lenthe length of password in bytes
salta randomly chosen salt
salt_lenlength of salt in bytes

This function is const, but is not thread safe. Different threads should either use unique objects, or serialize all access.

Implements Botan::PasswordHash.

Definition at line 151 of file pgp_s2k.cpp.

154 {
155 pgp_s2k(*m_hash, out, out_len,
156 password, password_len,
157 salt, salt_len,
158 m_iterations);
159 }
size_t salt_len
Definition: x509_obj.cpp:25

References salt_len.

◆ derive_key() [2/2]

void Botan::PasswordHash::derive_key ( uint8_t  out[],
size_t  out_len,
const char *  password,
size_t  password_len,
const uint8_t  salt[],
size_t  salt_len,
const uint8_t  ad[],
size_t  ad_len,
const uint8_t  key[],
size_t  key_len 
) const
virtualinherited

Derive a key from a password plus additional data and/or a secret key

Currently this is only supported for Argon2. Using a non-empty AD or key with other algorithms will cause a Not_Implemented exception.

Parameters
outbuffer to store the derived key, must be of out_len bytes
out_lenthe desired length of the key to produce
passwordthe password to derive the key from
password_lenthe length of password in bytes
salta randomly chosen salt
salt_lenlength of salt in bytes
adsome additional data
ad_lenlength of ad in bytes
keya secret key
key_lenlength of key in bytes

This function is const, but is not thread safe. Different threads should either use unique objects, or serialize all access.

Reimplemented in Botan::Argon2.

Definition at line 33 of file pwdhash.cpp.

38 {
39 BOTAN_UNUSED(ad, key);
40
41 if(ad_len == 0 && key_len == 0)
42 return this->derive_key(out, out_len,
43 password, password_len,
44 salt, salt_len);
45 else
46 throw Not_Implemented("PasswordHash " + this->to_string() + " does not support AD or key");
47 }
#define BOTAN_UNUSED(...)
Definition: assert.h:141
virtual void derive_key(uint8_t out[], size_t out_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len) const =0
virtual std::string to_string() const =0

References BOTAN_UNUSED, Botan::PasswordHash::derive_key(), salt_len, and Botan::PasswordHash::to_string().

◆ iterations()

size_t Botan::RFC4880_S2K::iterations ( ) const
inlineoverridevirtual

Most password hashes have some notion of iterations.

Implements Botan::PasswordHash.

Definition at line 101 of file pgp_s2k.h.

101{ return m_iterations; }

◆ memory_param()

virtual size_t Botan::PasswordHash::memory_param ( ) const
inlinevirtualinherited

Some password hashing algorithms have a parameter which controls how much memory is used. If not supported by some algorithm, returns 0.

Reimplemented in Botan::Argon2, Botan::Bcrypt_PBKDF, and Botan::Scrypt.

Definition at line 40 of file pwdhash.h.

40{ return 0; }

◆ parallelism()

virtual size_t Botan::PasswordHash::parallelism ( ) const
inlinevirtualinherited

Some password hashing algorithms have a parallelism parameter. If the algorithm does not support this notion, then the function returns zero. This allows distinguishing between a password hash which just does not support parallel operation, vs one that does support parallel operation but which has been configured to use a single lane.

Reimplemented in Botan::Argon2, Botan::Bcrypt_PBKDF, and Botan::Scrypt.

Definition at line 50 of file pwdhash.h.

50{ return 0; }

◆ to_string()

std::string Botan::RFC4880_S2K::to_string ( ) const
overridevirtual

Implements Botan::PasswordHash.

Definition at line 146 of file pgp_s2k.cpp.

147 {
148 return "OpenPGP-S2K(" + m_hash->name() + "," + std::to_string(m_iterations) + ")";
149 }
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:209

References Botan::ASN1::to_string().

◆ total_memory_usage()

virtual size_t Botan::PasswordHash::total_memory_usage ( ) const
inlinevirtualinherited

Returns an estimate of the total number of bytes required to perform this key derivation.

If this algorithm uses a small and constant amount of memory, with no effort made towards being memory hard, this function returns 0.

Reimplemented in Botan::Argon2, Botan::Bcrypt_PBKDF, and Botan::Scrypt.

Definition at line 59 of file pwdhash.h.

59{ return 0; }

The documentation for this class was generated from the following files: