Botan 3.6.1
Crypto and TLS for C&
|
#include <pgp_s2k.h>
Public Member Functions | |
virtual void | derive_key (uint8_t out[], size_t out_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len, const uint8_t ad[], size_t ad_len, const uint8_t key[], size_t key_len) const |
void | derive_key (uint8_t out[], size_t out_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len) const override |
void | hash (std::span< uint8_t > out, std::string_view password, std::span< const uint8_t > salt) const |
void | hash (std::span< uint8_t > out, std::string_view password, std::span< const uint8_t > salt, std::span< const uint8_t > associated_data, std::span< const uint8_t > key) const |
size_t | iterations () const override |
virtual size_t | memory_param () const |
virtual size_t | parallelism () const |
RFC4880_S2K (std::unique_ptr< HashFunction > hash, size_t iterations) | |
virtual bool | supports_associated_data () const |
virtual bool | supports_keyed_operation () const |
std::string | to_string () const override |
virtual size_t | total_memory_usage () const |
OpenPGP's S2K
See RFC 4880 sections 3.7.1.1, 3.7.1.2, and 3.7.1.3 If the salt is empty and iterations == 1, "simple" S2K is used If the salt is non-empty and iterations == 1, "salted" S2K is used If the salt is non-empty and iterations > 1, "iterated" S2K is used
Note that unlike PBKDF2, OpenPGP S2K's "iterations" are defined as the number of bytes hashed.
Botan::RFC4880_S2K::RFC4880_S2K | ( | std::unique_ptr< HashFunction > | hash, |
size_t | iterations ) |
hash | the hash function to use |
iterations | is rounded due to PGP formatting |
Definition at line 128 of file pgp_s2k.cpp.
|
virtualinherited |
Derive a key from a password plus additional data and/or a secret key
Currently this is only supported for Argon2. Using a non-empty AD or key with other algorithms will cause a Not_Implemented exception.
out | buffer to store the derived key, must be of out_len bytes |
out_len | the desired length of the key to produce |
password | the password to derive the key from |
password_len | the length of password in bytes |
salt | a randomly chosen salt |
salt_len | length of salt in bytes |
ad | some additional data |
ad_len | length of ad in bytes |
key | a secret key |
key_len | length of key in bytes |
This function is const, but is not thread safe. Different threads should either use unique objects, or serialize all access.
Reimplemented in Botan::Argon2.
Definition at line 34 of file pwdhash.cpp.
References BOTAN_UNUSED, Botan::PasswordHash::derive_key(), and Botan::PasswordHash::to_string().
|
overridevirtual |
Derive a key from a password
out | buffer to store the derived key, must be of out_len bytes |
out_len | the desired length of the key to produce |
password | the password to derive the key from |
password_len | the length of password in bytes |
salt | a randomly chosen salt |
salt_len | length of salt in bytes |
This function is const, but is not thread safe. Different threads should either use unique objects, or serialize all access.
Implements Botan::PasswordHash.
Definition at line 135 of file pgp_s2k.cpp.
|
inlineinherited |
Hash a password into a bitstring
Derive a key from the specified password
and salt
, placing it into out
.
out | a span where the derived key will be placed |
password | the password to derive the key from |
salt | a randomly chosen salt |
This function is const, but is not thread safe. Different threads should either use unique objects, or serialize all access.
Definition at line 84 of file pwdhash.h.
|
inlineinherited |
Hash a password into a bitstring
Derive a key from the specified password
, salt
, associated_data
, and secret key
, placing it into out
. The associated_data
and key
are both allowed to be empty. Currently non-empty AD/key is only supported with Argon2.
out | a span where the derived key will be placed |
password | the password to derive the key from |
salt | a randomly chosen salt |
associated_data | some additional data |
key | a secret key |
This function is const, but is not thread safe. Different threads should either use unique objects, or serialize all access.
Definition at line 105 of file pwdhash.h.
|
inlineoverridevirtual |
Most password hashes have some notion of iterations.
Implements Botan::PasswordHash.
Definition at line 90 of file pgp_s2k.h.
|
inlinevirtualinherited |
Some password hashing algorithms have a parameter which controls how much memory is used. If not supported by some algorithm, returns 0.
Reimplemented in Botan::Argon2, Botan::Bcrypt_PBKDF, and Botan::Scrypt.
Definition at line 40 of file pwdhash.h.
|
inlinevirtualinherited |
Some password hashing algorithms have a parallelism parameter. If the algorithm does not support this notion, then the function returns zero. This allows distinguishing between a password hash which just does not support parallel operation, vs one that does support parallel operation but which has been configured to use a single lane.
Reimplemented in Botan::Argon2, Botan::Bcrypt_PBKDF, and Botan::Scrypt.
Definition at line 50 of file pwdhash.h.
|
inlinevirtualinherited |
Reimplemented in Botan::Argon2.
Definition at line 69 of file pwdhash.h.
|
inlinevirtualinherited |
Reimplemented in Botan::Argon2.
Definition at line 64 of file pwdhash.h.
|
overridevirtual |
Implements Botan::PasswordHash.
Definition at line 131 of file pgp_s2k.cpp.
References Botan::fmt().
|
inlinevirtualinherited |
Returns an estimate of the total number of bytes required to perform this key derivation.
If this algorithm uses a small and constant amount of memory, with no effort made towards being memory hard, this function returns 0.
Reimplemented in Botan::Argon2, Botan::Bcrypt_PBKDF, and Botan::Scrypt.
Definition at line 59 of file pwdhash.h.