Botan 3.0.0-alpha0
Crypto and TLS for C&
Public Member Functions | Static Public Member Functions | List of all members
Botan::Scrypt_Family Class Referencefinal

#include <scrypt.h>

Inheritance diagram for Botan::Scrypt_Family:
Botan::PasswordHashFamily

Public Member Functions

std::unique_ptr< PasswordHashdefault_params () const override
 
std::unique_ptr< PasswordHashfrom_iterations (size_t iter) const override
 
std::unique_ptr< PasswordHashfrom_params (size_t N, size_t r, size_t p) const override
 
std::string name () const override
 
std::unique_ptr< PasswordHashtune (size_t output_length, std::chrono::milliseconds msec, size_t max_memory) const override
 

Static Public Member Functions

static std::unique_ptr< PasswordHashFamilycreate (const std::string &algo_spec, const std::string &provider="")
 
static std::unique_ptr< PasswordHashFamilycreate_or_throw (const std::string &algo_spec, const std::string &provider="")
 
static std::vector< std::string > providers (const std::string &algo_spec)
 

Detailed Description

Definition at line 49 of file scrypt.h.

Member Function Documentation

◆ create()

std::unique_ptr< PasswordHashFamily > Botan::PasswordHashFamily::create ( const std::string &  algo_spec,
const std::string &  provider = "" 
)
staticinherited

Create an instance based on a name If provider is empty then best available is chosen.

Parameters
algo_specalgorithm name
providerprovider implementation to choose
Returns
a null pointer if the algo/provider combination cannot be found

Definition at line 49 of file pwdhash.cpp.

51 {
52 const SCAN_Name req(algo_spec);
53
54#if defined(BOTAN_HAS_PBKDF2)
55 if(req.algo_name() == "PBKDF2")
56 {
57 if(provider.empty() || provider == "base")
58 {
59 if(auto mac = MessageAuthenticationCode::create("HMAC(" + req.arg(0) + ")"))
60 return std::make_unique<PBKDF2_Family>(mac.release());
61
62 if(auto mac = MessageAuthenticationCode::create(req.arg(0)))
63 return std::make_unique<PBKDF2_Family>(mac.release());
64 }
65
66 return nullptr;
67 }
68#endif
69
70#if defined(BOTAN_HAS_SCRYPT)
71 if(req.algo_name() == "Scrypt")
72 {
73 return std::make_unique<Scrypt_Family>();
74 }
75#endif
76
77#if defined(BOTAN_HAS_ARGON2)
78 if(req.algo_name() == "Argon2d")
79 {
80 return std::make_unique<Argon2_Family>(static_cast<uint8_t>(0));
81 }
82 else if(req.algo_name() == "Argon2i")
83 {
84 return std::make_unique<Argon2_Family>(static_cast<uint8_t>(1));
85 }
86 else if(req.algo_name() == "Argon2id")
87 {
88 return std::make_unique<Argon2_Family>(static_cast<uint8_t>(2));
89 }
90#endif
91
92#if defined(BOTAN_HAS_PBKDF_BCRYPT)
93 if(req.algo_name() == "Bcrypt-PBKDF")
94 {
95 return std::make_unique<Bcrypt_PBKDF_Family>();
96 }
97#endif
98
99#if defined(BOTAN_HAS_PGP_S2K)
100 if(req.algo_name() == "OpenPGP-S2K" && req.arg_count() == 1)
101 {
102 if(auto hash = HashFunction::create(req.arg(0)))
103 {
104 return std::make_unique<RFC4880_S2K_Family>(hash.release());
105 }
106 }
107#endif
108
109 BOTAN_UNUSED(req);
110 BOTAN_UNUSED(provider);
111
112 return nullptr;
113 }
#define BOTAN_UNUSED(...)
Definition: assert.h:141
static std::unique_ptr< HashFunction > create(const std::string &algo_spec, const std::string &provider="")
Definition: hash.cpp:98
static std::unique_ptr< MessageAuthenticationCode > create(const std::string &algo_spec, const std::string &provider="")
Definition: mac.cpp:46
MechanismType hash

References Botan::SCAN_Name::algo_name(), Botan::SCAN_Name::arg(), Botan::SCAN_Name::arg_count(), BOTAN_UNUSED, Botan::HashFunction::create(), Botan::MessageAuthenticationCode::create(), and hash.

Referenced by botan_pwdhash(), botan_pwdhash_timed(), and Botan::PasswordHashFamily::create_or_throw().

◆ create_or_throw()

std::unique_ptr< PasswordHashFamily > Botan::PasswordHashFamily::create_or_throw ( const std::string &  algo_spec,
const std::string &  provider = "" 
)
staticinherited

Create an instance based on a name, or throw if the algo/provider combination cannot be found. If provider is empty then best available is chosen.

Definition at line 117 of file pwdhash.cpp.

119 {
120 if(auto pbkdf = PasswordHashFamily::create(algo, provider))
121 {
122 return pbkdf;
123 }
124 throw Lookup_Error("PasswordHashFamily", algo, provider);
125 }
static std::unique_ptr< PasswordHashFamily > create(const std::string &algo_spec, const std::string &provider="")
Definition: pwdhash.cpp:49

References Botan::PasswordHashFamily::create().

Referenced by Botan::argon2_check_pwhash(), Botan::argon2_generate_pwhash(), Botan::CryptoBox::decrypt_bin(), and Botan::CryptoBox::encrypt().

◆ default_params()

std::unique_ptr< PasswordHash > Botan::Scrypt_Family::default_params ( ) const
overridevirtual

Return some default parameter set for this PBKDF that should be good enough for most users. The value returned may change over time as processing power and attacks improve.

Implements Botan::PasswordHashFamily.

Definition at line 32 of file scrypt.cpp.

33 {
34 return std::make_unique<Scrypt>(32768, 8, 1);
35 }

◆ from_iterations()

std::unique_ptr< PasswordHash > Botan::Scrypt_Family::from_iterations ( size_t  iterations) const
overridevirtual

Return a parameter chosen based on a rough approximation with the specified iteration count. The exact value this returns for a particular algorithm may change from over time. Think of it as an alternative to tune, where time is expressed in terms of PBKDF2 iterations rather than milliseconds.

Implements Botan::PasswordHashFamily.

Definition at line 122 of file scrypt.cpp.

123 {
124 const size_t r = 8;
125 const size_t p = 1;
126
127 size_t N = 8192;
128
129 if(iter > 50000)
130 N = 16384;
131 if(iter > 100000)
132 N = 32768;
133 if(iter > 150000)
134 N = 65536;
135
136 return std::make_unique<Scrypt>(N, r, p);
137 }

◆ from_params()

std::unique_ptr< PasswordHash > Botan::Scrypt_Family::from_params ( size_t  i1,
size_t  i2,
size_t  i3 
) const
overridevirtual

Create a password hash using some scheme specific format. Parameters are as follows:

  • For PBKDF2, PGP-S2K, and Bcrypt-PBKDF, i1 is iterations
  • Scrypt uses N, r, p for i{1-3}
  • Argon2 family uses memory (in KB), iterations, and parallelism for i{1-3}

All unneeded parameters should be set to 0 or left blank.

Implements Botan::PasswordHashFamily.

Definition at line 117 of file scrypt.cpp.

118 {
119 return std::make_unique<Scrypt>(N, r, p);
120 }

◆ name()

std::string Botan::Scrypt_Family::name ( ) const
overridevirtual
Returns
name of this PasswordHash

Implements Botan::PasswordHashFamily.

Definition at line 27 of file scrypt.cpp.

28 {
29 return "Scrypt";
30 }

◆ providers()

std::vector< std::string > Botan::PasswordHashFamily::providers ( const std::string &  algo_spec)
staticinherited
Returns
list of available providers for this algorithm, empty if not available

Definition at line 127 of file pwdhash.cpp.

128 {
129 return probe_providers_of<PasswordHashFamily>(algo_spec);
130 }

◆ tune()

std::unique_ptr< PasswordHash > Botan::Scrypt_Family::tune ( size_t  output_length,
std::chrono::milliseconds  msec,
size_t  max_memory_usage_mb 
) const
overridevirtual

Return a new parameter set tuned for this machine

Parameters
output_lengthhow long the output length will be
msecthe desired execution time in milliseconds
max_memory_usage_mbsome password hash functions can use a tunable amount of memory, in this case max_memory_usage limits the amount of RAM the returned parameters will require, in mebibytes (2**20 bytes). It may require some small amount above the request. Set to zero to place no limit at all.

Implements Botan::PasswordHashFamily.

Definition at line 37 of file scrypt.cpp.

40 {
41 BOTAN_UNUSED(output_length);
42
43 /*
44 * Some rough relations between scrypt parameters and runtime.
45 * Denote here by stime(N,r,p) the msec it takes to run scrypt.
46 *
47 * Emperically for smaller sizes:
48 * stime(N,8*r,p) / stime(N,r,p) is ~ 6-7
49 * stime(N,r,8*p) / stime(N,r,8*p) is ~ 7
50 * stime(2*N,r,p) / stime(N,r,p) is ~ 2
51 *
52 * Compute stime(8192,1,1) as baseline and extrapolate
53 */
54
55 const size_t max_memory_usage = max_memory_usage_mb * 1024 * 1024;
56 // Starting parameters
57 size_t N = 8192;
58 size_t r = 1;
59 size_t p = 1;
60
61 Timer timer("Scrypt");
62 const auto tune_time = BOTAN_PBKDF_TUNING_TIME;
63
64 auto pwdhash = this->from_params(N, r, p);
65
66 timer.run_until_elapsed(tune_time, [&]() {
67 uint8_t output[32] = { 0 };
68 pwdhash->derive_key(output, sizeof(output),
69 "test", 4,
70 nullptr, 0);
71 });
72
73 // No timer events seems strange, perhaps something is wrong - give
74 // up on this and just return default params
75 if(timer.events() == 0)
76 return default_params();
77
78 // nsec per eval of scrypt with initial params
79 const uint64_t measured_time = timer.value() / timer.events();
80
81 const uint64_t target_nsec = msec.count() * static_cast<uint64_t>(1000000);
82
83 uint64_t est_nsec = measured_time;
84
85 // First move increase r by 8x if possible
86
87 if(max_memory_usage == 0 || scrypt_memory_usage(N, r, p)*8 < max_memory_usage)
88 {
89 if(target_nsec / est_nsec >= 5)
90 {
91 r *= 8;
92 est_nsec *= 5;
93 }
94 }
95
96 // Now double N as many times as we can
97
98 while(max_memory_usage == 0 || scrypt_memory_usage(N, r, p)*2 < max_memory_usage)
99 {
100 if(target_nsec / est_nsec >= 2)
101 {
102 N *= 2;
103 est_nsec *= 2;
104 }
105 else
106 break;
107 }
108
109 // If we have extra runtime budget, increment p
110
111 if(target_nsec / est_nsec > 2)
112 p *= std::min<size_t>(1024, static_cast<size_t>(target_nsec / est_nsec));
113
114 return std::make_unique<Scrypt>(N, r, p);
115 }
std::unique_ptr< PasswordHash > from_params(size_t N, size_t r, size_t p) const override
Definition: scrypt.cpp:117
std::unique_ptr< PasswordHash > default_params() const override
Definition: scrypt.cpp:32
#define BOTAN_PBKDF_TUNING_TIME
Definition: build.h:447

References BOTAN_UNUSED.


The documentation for this class was generated from the following files: