Botan::RFC4880_S2K Class Reference

#include <pgp_s2k.h>

Inheritance diagram for Botan::RFC4880_S2K:

Public Member Functions
void	derive_key (uint8_t out[], size_t out_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len) const override
virtual void	derive_key (uint8_t out[], size_t out_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len, const uint8_t ad[], size_t ad_len, const uint8_t key[], size_t key_len) const
size_t	iterations () const override
virtual size_t	memory_param () const
virtual size_t	parallelism () const
	RFC4880_S2K (HashFunction *hash, size_t iterations)
std::string	to_string () const override
virtual size_t	total_memory_usage () const

Detailed Description

OpenPGP's S2K

See RFC 4880 sections 3.7.1.1, 3.7.1.2, and 3.7.1.3 If the salt is empty and iterations == 1, "simple" S2K is used If the salt is non-empty and iterations == 1, "salted" S2K is used If the salt is non-empty and iterations > 1, "iterated" S2K is used

Note that unlike PBKDF2, OpenPGP S2K's "iterations" are defined as the number of bytes hashed.

Definition at line 90 of file pgp_s2k.h.

Constructor & Destructor Documentation

RFC4880_S2K()

Botan::RFC4880_S2K::RFC4880_S2K	(	HashFunction *	hash,
		size_t	iterations
	)

Parameters

hash	the hash function to use
iterations	is rounded due to PGP formatting

Definition at line 140 of file pgp_s2k.cpp.

                                                              :
   m_hash(hash),
   m_iterations(iterations)
   {
   }

Member Function Documentation

derive_key() [1/2]

void Botan::RFC4880_S2K::derive_key ( uint8_t  out[], size_t  out_len, const char *  password, size_t  password_len, const uint8_t  salt[], size_t  salt_len  ) const

overridevirtual

Derive a key from a password

Parameters

out	buffer to store the derived key, must be of out_len bytes
out_len	the desired length of the key to produce
password	the password to derive the key from
password_len	the length of password in bytes
salt	a randomly chosen salt
salt_len	length of salt in bytes

This function is const, but is not thread safe. Different threads should either use unique objects, or serialize all access.

Implements Botan::PasswordHash.

Definition at line 151 of file pgp_s2k.cpp.

   {
   pgp_s2k(*m_hash, out, out_len,
           password, password_len,
           salt, salt_len,
           m_iterations);
   }

References salt_len.

derive_key() [2/2]

void Botan::PasswordHash::derive_key ( uint8_t  out[], size_t  out_len, const char *  password, size_t  password_len, const uint8_t  salt[], size_t  salt_len, const uint8_t  ad[], size_t  ad_len, const uint8_t  key[], size_t  key_len  ) const

virtualinherited

Derive a key from a password plus additional data and/or a secret key

Currently this is only supported for Argon2. Using a non-empty AD or key with other algorithms will cause a Not_Implemented exception.

Parameters

out	buffer to store the derived key, must be of out_len bytes
out_len	the desired length of the key to produce
password	the password to derive the key from
password_len	the length of password in bytes
salt	a randomly chosen salt
salt_len	length of salt in bytes
ad	some additional data
ad_len	length of ad in bytes
key	a secret key
key_len	length of key in bytes

This function is const, but is not thread safe. Different threads should either use unique objects, or serialize all access.

Reimplemented in Botan::Argon2.

Definition at line 33 of file pwdhash.cpp.

   {
   BOTAN_UNUSED(ad, key);
 
   if(ad_len == 0 && key_len == 0)
      return this->derive_key(out, out_len,
                              password, password_len,
                              salt, salt_len);
   else
      throw Not_Implemented("PasswordHash " + this->to_string() + " does not support AD or key");
   }

References BOTAN_UNUSED, Botan::PasswordHash::derive_key(), salt_len, and Botan::PasswordHash::to_string().

iterations()

size_t Botan::RFC4880_S2K::iterations ( ) const

inlineoverridevirtual

Most password hashes have some notion of iterations.

Implements Botan::PasswordHash.

Definition at line 101 of file pgp_s2k.h.

{ return m_iterations; }

memory_param()

virtual size_t Botan::PasswordHash::memory_param ( ) const

inlinevirtualinherited

Some password hashing algorithms have a parameter which controls how much memory is used. If not supported by some algorithm, returns 0.

Reimplemented in Botan::Argon2, Botan::Bcrypt_PBKDF, and Botan::Scrypt.

Definition at line 40 of file pwdhash.h.

{ return 0; }

parallelism()

virtual size_t Botan::PasswordHash::parallelism ( ) const

inlinevirtualinherited

Some password hashing algorithms have a parallelism parameter. If the algorithm does not support this notion, then the function returns zero. This allows distinguishing between a password hash which just does not support parallel operation, vs one that does support parallel operation but which has been configured to use a single lane.

Reimplemented in Botan::Argon2, Botan::Bcrypt_PBKDF, and Botan::Scrypt.

Definition at line 50 of file pwdhash.h.

{ return 0; }

to_string()

std::string Botan::RFC4880_S2K::to_string ( ) const

overridevirtual

Implements Botan::PasswordHash.

Definition at line 146 of file pgp_s2k.cpp.

   {
   return "OpenPGP-S2K(" + m_hash->name() + "," + std::to_string(m_iterations) + ")";
   }

References Botan::ASN1::to_string().

total_memory_usage()

virtual size_t Botan::PasswordHash::total_memory_usage ( ) const

inlinevirtualinherited

Returns an estimate of the total number of bytes required to perform this key derivation.

If this algorithm uses a small and constant amount of memory, with no effort made towards being memory hard, this function returns 0.

Reimplemented in Botan::Argon2, Botan::Bcrypt_PBKDF, and Botan::Scrypt.

Definition at line 59 of file pwdhash.h.

{ return 0; }

---

The documentation for this class was generated from the following files:

• src/lib/pbkdf/pgp_s2k/pgp_s2k.h
• src/lib/pbkdf/pgp_s2k/pgp_s2k.cpp