Botan  2.11.0
Crypto and TLS for C++11
Public Member Functions | Static Public Member Functions | List of all members
Botan::RFC4880_S2K_Family Class Referencefinal

#include <pgp_s2k.h>

Inheritance diagram for Botan::RFC4880_S2K_Family:
Botan::PasswordHashFamily

Public Member Functions

std::unique_ptr< PasswordHashdefault_params () const override
 
std::unique_ptr< PasswordHashfrom_iterations (size_t iter) const override
 
std::unique_ptr< PasswordHashfrom_params (size_t iter, size_t, size_t) const override
 
std::string name () const override
 
 RFC4880_S2K_Family (HashFunction *hash)
 
std::unique_ptr< PasswordHashtune (size_t output_len, std::chrono::milliseconds msec, size_t max_mem) const override
 

Static Public Member Functions

static std::unique_ptr< PasswordHashFamilycreate (const std::string &algo_spec, const std::string &provider="")
 
static std::unique_ptr< PasswordHashFamilycreate_or_throw (const std::string &algo_spec, const std::string &provider="")
 
static std::vector< std::string > providers (const std::string &algo_spec)
 

Detailed Description

Definition at line 128 of file pgp_s2k.h.

Constructor & Destructor Documentation

◆ RFC4880_S2K_Family()

Botan::RFC4880_S2K_Family::RFC4880_S2K_Family ( HashFunction hash)
inline

Definition at line 131 of file pgp_s2k.h.

131 : m_hash(hash) {}
MechanismType hash

Member Function Documentation

◆ create()

std::unique_ptr< PasswordHashFamily > Botan::PasswordHashFamily::create ( const std::string &  algo_spec,
const std::string &  provider = "" 
)
staticinherited

Create an instance based on a name If provider is empty then best available is chosen.

Parameters
algo_specalgorithm name
providerprovider implementation to choose
Returns
a null pointer if the algo/provider combination cannot be found

Definition at line 33 of file pwdhash.cpp.

References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_count(), BOTAN_UNUSED, Botan::HashFunction::create(), Botan::MessageAuthenticationCode::create(), and hash.

Referenced by botan_pwdhash(), botan_pwdhash_timed(), and Botan::PasswordHashFamily::create_or_throw().

35  {
36  const SCAN_Name req(algo_spec);
37 
38 #if defined(BOTAN_HAS_PBKDF2)
39  if(req.algo_name() == "PBKDF2")
40  {
41  // TODO OpenSSL
42 
43  if(provider.empty() || provider == "base")
44  {
45  if(auto mac = MessageAuthenticationCode::create(req.arg(0)))
46  return std::unique_ptr<PasswordHashFamily>(new PBKDF2_Family(mac.release()));
47 
48  if(auto mac = MessageAuthenticationCode::create("HMAC(" + req.arg(0) + ")"))
49  return std::unique_ptr<PasswordHashFamily>(new PBKDF2_Family(mac.release()));
50  }
51 
52  return nullptr;
53  }
54 #endif
55 
56 #if defined(BOTAN_HAS_SCRYPT)
57  if(req.algo_name() == "Scrypt")
58  {
59  return std::unique_ptr<PasswordHashFamily>(new Scrypt_Family);
60  }
61 #endif
62 
63 #if defined(BOTAN_HAS_ARGON2)
64  if(req.algo_name() == "Argon2d")
65  {
66  return std::unique_ptr<PasswordHashFamily>(new Argon2_Family(0));
67  }
68  else if(req.algo_name() == "Argon2i")
69  {
70  return std::unique_ptr<PasswordHashFamily>(new Argon2_Family(1));
71  }
72  else if(req.algo_name() == "Argon2id")
73  {
74  return std::unique_ptr<PasswordHashFamily>(new Argon2_Family(2));
75  }
76 #endif
77 
78 #if defined(BOTAN_HAS_PBKDF_BCRYPT)
79  if(req.algo_name() == "Bcrypt-PBKDF")
80  {
81  return std::unique_ptr<PasswordHashFamily>(new Bcrypt_PBKDF_Family);
82  }
83 #endif
84 
85 #if defined(BOTAN_HAS_PGP_S2K)
86  if(req.algo_name() == "OpenPGP-S2K" && req.arg_count() == 1)
87  {
88  if(auto hash = HashFunction::create(req.arg(0)))
89  {
90  return std::unique_ptr<PasswordHashFamily>(new RFC4880_S2K_Family(hash.release()));
91  }
92  }
93 #endif
94 
95  BOTAN_UNUSED(req);
96  BOTAN_UNUSED(provider);
97 
98  return nullptr;
99  }
static std::unique_ptr< MessageAuthenticationCode > create(const std::string &algo_spec, const std::string &provider="")
Definition: mac.cpp:46
static std::unique_ptr< HashFunction > create(const std::string &algo_spec, const std::string &provider="")
Definition: hash.cpp:110
#define BOTAN_UNUSED(...)
Definition: assert.h:142
MechanismType hash

◆ create_or_throw()

std::unique_ptr< PasswordHashFamily > Botan::PasswordHashFamily::create_or_throw ( const std::string &  algo_spec,
const std::string &  provider = "" 
)
staticinherited

Create an instance based on a name, or throw if the algo/provider combination cannot be found. If provider is empty then best available is chosen.

Definition at line 103 of file pwdhash.cpp.

References Botan::PasswordHashFamily::create().

105  {
106  if(auto pbkdf = PasswordHashFamily::create(algo, provider))
107  {
108  return pbkdf;
109  }
110  throw Lookup_Error("PasswordHashFamily", algo, provider);
111  }
static std::unique_ptr< PasswordHashFamily > create(const std::string &algo_spec, const std::string &provider="")
Definition: pwdhash.cpp:33

◆ default_params()

std::unique_ptr< PasswordHash > Botan::RFC4880_S2K_Family::default_params ( ) const
overridevirtual

Return some default parameter set for this PBKDF that should be good enough for most users. The value returned may change over time as processing power and attacks improve.

Implements Botan::PasswordHashFamily.

Definition at line 188 of file pgp_s2k.cpp.

189  {
190  return std::unique_ptr<PasswordHash>(new RFC4880_S2K(m_hash->clone(), 50331648));
191  }

◆ from_iterations()

std::unique_ptr< PasswordHash > Botan::RFC4880_S2K_Family::from_iterations ( size_t  iterations) const
overridevirtual

Return a parameter chosen based on a rough approximation with the specified iteration count. The exact value this returns for a particular algorithm may change from over time. Think of it as an alternative to tune, where time is expressed in terms of PBKDF2 iterations rather than milliseconds.

Implements Botan::PasswordHashFamily.

Definition at line 193 of file pgp_s2k.cpp.

194  {
195  return std::unique_ptr<PasswordHash>(new RFC4880_S2K(m_hash->clone(), iter));
196  }

◆ from_params()

std::unique_ptr< PasswordHash > Botan::RFC4880_S2K_Family::from_params ( size_t  i1,
size_t  i2,
size_t  i3 
) const
overridevirtual

Create a password hash using some scheme specific format. Eg PBKDF2 and PGP-S2K set iterations in i1 Scrypt uses N,r,p in i{1-3} Bcrypt-PBKDF just has iterations Argon2{i,d,id} would use iterations, memory, parallelism for i{1-3}, and Argon2 type is part of the family.

Values not needed should be set to 0

Implements Botan::PasswordHashFamily.

Definition at line 183 of file pgp_s2k.cpp.

184  {
185  return std::unique_ptr<PasswordHash>(new RFC4880_S2K(m_hash->clone(), iter));
186  }

◆ name()

std::string Botan::RFC4880_S2K_Family::name ( ) const
overridevirtual
Returns
name of this PasswordHash

Implements Botan::PasswordHashFamily.

Definition at line 154 of file pgp_s2k.cpp.

155  {
156  return "OpenPGP-S2K(" + m_hash->name() + ")";
157  }

◆ providers()

std::vector< std::string > Botan::PasswordHashFamily::providers ( const std::string &  algo_spec)
staticinherited
Returns
list of available providers for this algorithm, empty if not available

Definition at line 113 of file pwdhash.cpp.

114  {
115  return probe_providers_of<PasswordHashFamily>(algo_spec, { "base", "openssl" });
116  }

◆ tune()

std::unique_ptr< PasswordHash > Botan::RFC4880_S2K_Family::tune ( size_t  output_length,
std::chrono::milliseconds  msec,
size_t  max_memory_usage_mb 
) const
overridevirtual

Return a new parameter set tuned for this machine

Parameters
output_lengthhow long the output length will be
msecthe desired execution time in milliseconds
max_memory_usage_mbsome password hash functions can use a tunable amount of memory, in this case max_memory_usage limits the amount of RAM the returned parameters will require, in mebibytes (2**20 bytes). It may require some small amount above the request. Set to zero to place no limit at all.

Implements Botan::PasswordHashFamily.

Definition at line 159 of file pgp_s2k.cpp.

References Botan::Timer::bytes_per_second(), Botan::RFC4880_round_iterations(), and Botan::Timer::run_until_elapsed().

Referenced by Botan::OpenPGP_S2K::pbkdf().

160  {
161  const auto tune_time = BOTAN_PBKDF_TUNING_TIME;
162 
163  const size_t buf_size = 1024;
164  std::vector<uint8_t> buffer(buf_size);
165 
166  Timer timer("RFC4880_S2K", buf_size);
167  timer.run_until_elapsed(tune_time, [&]() {
168  m_hash->update(buffer);
169  });
170 
171  const double hash_bytes_per_second = timer.bytes_per_second();
172  const uint64_t desired_nsec = msec.count() * 1000000;
173 
174  const size_t hash_size = m_hash->output_length();
175  const size_t blocks_required = (output_len <= hash_size ? 1 : (output_len + hash_size - 1) / hash_size);
176 
177  const double bytes_to_be_hashed = (hash_bytes_per_second * (desired_nsec / 1000000000.0)) / blocks_required;
178  const size_t iterations = RFC4880_round_iterations(static_cast<size_t>(bytes_to_be_hashed));
179 
180  return std::unique_ptr<PasswordHash>(new RFC4880_S2K(m_hash->clone(), iterations));
181  }
size_t RFC4880_round_iterations(size_t iterations)
Definition: pgp_s2k.h:32

The documentation for this class was generated from the following files: