Botan::Scrypt Class Reference

#include <scrypt.h>

Inheritance diagram for Botan::Scrypt:

Public Member Functions
void	derive_key (uint8_t out[], size_t out_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len) const override
virtual void	derive_key (uint8_t out[], size_t out_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len, const uint8_t ad[], size_t ad_len, const uint8_t key[], size_t key_len) const
void	hash (std::span< uint8_t > out, std::string_view password, std::span< const uint8_t > salt)
void	hash (std::span< uint8_t > out, std::string_view password, std::span< const uint8_t > salt, std::span< const uint8_t > associated_data, std::span< const uint8_t > key)
size_t	iterations () const override
size_t	memory_param () const override
Scrypt &	operator= (const Scrypt &)=default
size_t	parallelism () const override
	Scrypt (const Scrypt &other)=default
	Scrypt (size_t N, size_t r, size_t p)
virtual bool	supports_associated_data () const
virtual bool	supports_keyed_operation () const
std::string	to_string () const override
size_t	total_memory_usage () const override

Detailed Description

Scrypt key derivation function (RFC 7914)

Definition at line 21 of file scrypt.h.

Constructor & Destructor Documentation

Scrypt() [1/2]

Botan::Scrypt::Scrypt	(	size_t	N,
		size_t	r,
		size_t	p
	)

Definition at line 144 of file scrypt.cpp.

                                           :
   m_N(N), m_r(r), m_p(p)
   {
   if(!is_power_of_2(N))
      throw Invalid_Argument("Scrypt N parameter must be a power of 2");
 
   if(p == 0 || p > 1024)
      throw Invalid_Argument("Invalid or unsupported scrypt p");
   if(r == 0 || r > 256)
      throw Invalid_Argument("Invalid or unsupported scrypt r");
   if(N < 1 || N > 4194304)
      throw Invalid_Argument("Invalid or unsupported scrypt N");
   }

References Botan::is_power_of_2().

Scrypt() [2/2]

Botan::Scrypt::Scrypt ( const Scrypt &  other )

default

Member Function Documentation

derive_key() [1/2]

void Botan::Scrypt::derive_key ( uint8_t  out[], size_t  out_len, const char *  password, size_t  password_len, const uint8_t  salt[], size_t  salt_len  ) const

overridevirtual

Derive a new key under the current Scrypt parameter set

Implements Botan::PasswordHash.

Definition at line 220 of file scrypt.cpp.

   {
   const size_t N = memory_param();
   const size_t p = parallelism();
   const size_t r = iterations();
 
   const size_t S = 128 * r;
   secure_vector<uint8_t> B(p * S);
   // temp space
   secure_vector<uint8_t> V((N+1) * S);
 
   auto hmac_sha256 = MessageAuthenticationCode::create_or_throw("HMAC(SHA-256)");
 
   try
      {
      hmac_sha256->set_key(cast_char_ptr_to_uint8(password), password_len);
      }
   catch(Invalid_Key_Length&)
      {
      throw Invalid_Argument("Scrypt cannot accept passphrases of the provided length");
      }
 
   pbkdf2(*hmac_sha256,
          B.data(), B.size(),
          salt, salt_len,
          1);
 
   // these can be parallel
   for(size_t i = 0; i != p; ++i)
      {
      scryptROMmix(r, N, &B[128*r*i], V);
      }
 
   pbkdf2(*hmac_sha256,
          output, output_len,
          B.data(), B.size(),
          1);
   }

References Botan::cast_char_ptr_to_uint8(), Botan::MessageAuthenticationCode::create_or_throw(), iterations(), memory_param(), parallelism(), and Botan::pbkdf2().

derive_key() [2/2]

void Botan::PasswordHash::derive_key ( uint8_t  out[], size_t  out_len, const char *  password, size_t  password_len, const uint8_t  salt[], size_t  salt_len, const uint8_t  ad[], size_t  ad_len, const uint8_t  key[], size_t  key_len  ) const

virtualinherited

Derive a key from a password plus additional data and/or a secret key

Currently this is only supported for Argon2. Using a non-empty AD or key with other algorithms will cause a Not_Implemented exception.

Parameters

out	buffer to store the derived key, must be of out_len bytes
out_len	the desired length of the key to produce
password	the password to derive the key from
password_len	the length of password in bytes
salt	a randomly chosen salt
salt_len	length of salt in bytes
ad	some additional data
ad_len	length of ad in bytes
key	a secret key
key_len	length of key in bytes

This function is const, but is not thread safe. Different threads should either use unique objects, or serialize all access.

Reimplemented in Botan::Argon2.

Definition at line 33 of file pwdhash.cpp.

   {
   BOTAN_UNUSED(ad, key);
 
   if(ad_len == 0 && key_len == 0)
      return this->derive_key(out, out_len,
                              password, password_len,
                              salt, salt_len);
   else
      throw Not_Implemented("PasswordHash " + this->to_string() + " does not support AD or key");
   }

References BOTAN_UNUSED, Botan::PasswordHash::derive_key(), and Botan::PasswordHash::to_string().

hash() [1/2]

void Botan::PasswordHash::hash ( std::span< uint8_t >  out, std::string_view  password, std::span< const uint8_t >  salt  )

inlineinherited

Hash a password into a bitstring

Parameters

out	a span where the derived key will be placed
password	the password to derive the key from
salt	a randomly chosen salt

This function is const, but is not thread safe. Different threads should either use unique objects, or serialize all access.

Definition at line 82 of file pwdhash.h.

         {
         this->derive_key(out.data(), out.size(),
                          password.data(), password.size(),
                          salt.data(), salt.size());
         }

hash() [2/2]

void Botan::PasswordHash::hash ( std::span< uint8_t >  out, std::string_view  password, std::span< const uint8_t >  salt, std::span< const uint8_t >  associated_data, std::span< const uint8_t >  key  )

inlineinherited

Hash a password into a bitstring

Parameters

out	a span where the derived key will be placed
password	the password to derive the key from
salt	a randomly chosen salt
associated_data	some additional data
key	a secret key

This function is const, but is not thread safe. Different threads should either use unique objects, or serialize all access.

Definition at line 103 of file pwdhash.h.

         {
         this->derive_key(out.data(), out.size(),
                          password.data(), password.size(),
                          salt.data(), salt.size(),
                          associated_data.data(), associated_data.size(),
                          key.data(), key.size());
         }

iterations()

size_t Botan::Scrypt::iterations ( ) const

inlineoverridevirtual

Most password hashes have some notion of iterations.

Implements Botan::PasswordHash.

Definition at line 38 of file scrypt.h.

{ return m_r; }

Referenced by derive_key(), and total_memory_usage().

memory_param()

size_t Botan::Scrypt::memory_param ( ) const

inlineoverridevirtual

Some password hashing algorithms have a parameter which controls how much memory is used. If not supported by some algorithm, returns 0.

Reimplemented from Botan::PasswordHash.

Definition at line 42 of file scrypt.h.

{ return m_N; }

Referenced by derive_key(), and total_memory_usage().

operator=()

Scrypt & Botan::Scrypt::operator= ( const Scrypt &  )

default

parallelism()

size_t Botan::Scrypt::parallelism ( ) const

inlineoverridevirtual

Some password hashing algorithms have a parallelism parameter. If the algorithm does not support this notion, then the function returns zero. This allows distinguishing between a password hash which just does not support parallel operation, vs one that does support parallel operation but which has been configured to use a single lane.

Reimplemented from Botan::PasswordHash.

Definition at line 40 of file scrypt.h.

{ return m_p; }

Referenced by derive_key(), and total_memory_usage().

supports_associated_data()

virtual bool Botan::PasswordHash::supports_associated_data ( ) const

inlinevirtualinherited

Returns true if this password hash supports supplying associated data

Reimplemented in Botan::Argon2.

Definition at line 70 of file pwdhash.h.

{ return false; }

supports_keyed_operation()

virtual bool Botan::PasswordHash::supports_keyed_operation ( ) const

inlinevirtualinherited

Returns true if this password hash supports supplying a key

Reimplemented in Botan::Argon2.

Definition at line 65 of file pwdhash.h.

{ return false; }

to_string()

std::string Botan::Scrypt::to_string ( ) const

overridevirtual

Implements Botan::PasswordHash.

Definition at line 158 of file scrypt.cpp.

   {
   return fmt("Scrypt({},{},{})", m_N, m_r, m_p);
   }

References Botan::fmt().

total_memory_usage()

size_t Botan::Scrypt::total_memory_usage ( ) const

overridevirtual

Returns an estimate of the total number of bytes required to perform this key derivation.

If this algorithm uses a small and constant amount of memory, with no effort made towards being memory hard, this function returns 0.

Reimplemented from Botan::PasswordHash.

Definition at line 163 of file scrypt.cpp.

   {
   const size_t N = memory_param();
   const size_t p = parallelism();
   const size_t r = iterations();
 
   return scrypt_memory_usage(N, r, p);
   }

References iterations(), memory_param(), and parallelism().

---

The documentation for this class was generated from the following files:

• src/lib/pbkdf/scrypt/scrypt.h
• src/lib/pbkdf/scrypt/scrypt.cpp