Botan  2.4.0
Crypto and TLS for C++11
Functions
ffi_kdf.cpp File Reference
#include <botan/ffi.h>
#include <botan/internal/ffi_util.h>
#include <botan/internal/ffi_rng.h>
#include <botan/pbkdf.h>
#include <botan/kdf.h>

Go to the source code of this file.

Functions

int botan_bcrypt_generate (uint8_t *out, size_t *out_len, const char *pass, botan_rng_t rng_obj, size_t wf, uint32_t flags)
 
int botan_bcrypt_is_valid (const char *pass, const char *hash)
 
int botan_kdf (const char *kdf_algo, uint8_t out[], size_t out_len, const uint8_t secret[], size_t secret_len, const uint8_t salt[], size_t salt_len, const uint8_t label[], size_t label_len)
 
int botan_pbkdf (const char *pbkdf_algo, uint8_t out[], size_t out_len, const char *pass, const uint8_t salt[], size_t salt_len, size_t iterations)
 
int botan_pbkdf_timed (const char *pbkdf_algo, uint8_t out[], size_t out_len, const char *password, const uint8_t salt[], size_t salt_len, size_t ms_to_run, size_t *iterations_used)
 

Function Documentation

◆ botan_bcrypt_generate()

int botan_bcrypt_generate ( uint8_t *  out,
size_t *  out_len,
const char *  password,
botan_rng_t  rng,
size_t  work_factor,
uint32_t  flags 
)

Create a password hash using Bcrypt

Parameters
outbuffer holding the password hash, should be of length 64 bytes
out_lenthe desired output length in bytes
passwordthe password
rnga random number generator
work_factorhow much work to do to slow down guessing attacks
flagsshould be 0 in current API revision, all other uses are reserved and return BOTAN_FFI_ERROR_BAD_FLAG
Returns
0 on success, a negative value on failure

Output is formatted bcrypt $2a$...

Definition at line 61 of file ffi_kdf.cpp.

References BOTAN_CURRENT_FUNCTION, BOTAN_FFI_ERROR_BAD_FLAG, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, Botan_FFI::ffi_guard_thunk(), Botan::generate_bcrypt(), Botan_FFI::safe_get(), Botan::ASN1::to_string(), and Botan_FFI::write_str_output().

65  {
66 #if defined(BOTAN_HAS_BCRYPT)
67  return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int {
68  if(out == nullptr || out_len == nullptr || pass == nullptr)
70 
71  if(flags != 0)
73 
74  if(wf < 4 || wf > 18)
75  throw FFI_Error("Bad bcrypt work factor " + std::to_string(wf));
76 
77  Botan::RandomNumberGenerator& rng = safe_get(rng_obj);
78  const std::string bcrypt = Botan::generate_bcrypt(pass, rng, static_cast<uint16_t>(wf));
79  return write_str_output(out, out_len, bcrypt);
80  });
81 #else
83 #endif
84  }
#define BOTAN_FFI_ERROR_BAD_FLAG
Definition: ffi.h:146
int ffi_guard_thunk(const char *func_name, Thunk thunk)
Definition: ffi_util.h:64
Flags flags(Flag flags)
Definition: p11.h:858
std::string generate_bcrypt(const std::string &pass, RandomNumberGenerator &rng, uint16_t work_factor)
Definition: bcrypt.cpp:126
std::string to_string(const BER_Object &obj)
Definition: asn1_obj.cpp:108
int write_str_output(uint8_t out[], size_t *out_len, const std::string &str)
Definition: ffi_util.h:151
#define BOTAN_FFI_ERROR_NOT_IMPLEMENTED
Definition: ffi.h:149
T & safe_get(botan_struct< T, M > *p)
Definition: ffi_util.h:49
#define BOTAN_CURRENT_FUNCTION
Definition: compiler.h:143
#define BOTAN_FFI_ERROR_NULL_POINTER
Definition: ffi.h:147

◆ botan_bcrypt_is_valid()

int botan_bcrypt_is_valid ( const char *  pass,
const char *  hash 
)

Check a previously created password hash

Parameters
passthe password to check against
hashthe stored hash to check against
Returns
0 if if this password/hash combination is valid, 1 if the combination is not valid (but otherwise well formed), negative on error

Definition at line 86 of file ffi_kdf.cpp.

References BOTAN_CURRENT_FUNCTION, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_INVALID_VERIFIER, BOTAN_FFI_SUCCESS, Botan::check_bcrypt(), and Botan_FFI::ffi_guard_thunk().

87  {
88 #if defined(BOTAN_HAS_BCRYPT)
89  return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int {
91  });
92 #else
94 #endif
95  }
#define BOTAN_FFI_INVALID_VERIFIER
Definition: ffi.h:139
#define BOTAN_FFI_SUCCESS
Definition: ffi.h:137
int ffi_guard_thunk(const char *func_name, Thunk thunk)
Definition: ffi_util.h:64
#define BOTAN_FFI_ERROR_NOT_IMPLEMENTED
Definition: ffi.h:149
#define BOTAN_CURRENT_FUNCTION
Definition: compiler.h:143
bool check_bcrypt(const std::string &pass, const std::string &hash)
Definition: bcrypt.cpp:133
MechanismType hash

◆ botan_kdf()

int botan_kdf ( const char *  kdf_algo,
uint8_t  out[],
size_t  out_len,
const uint8_t  secret[],
size_t  secret_len,
const uint8_t  salt[],
size_t  salt_len,
const uint8_t  label[],
size_t  label_len 
)

Derive a key

Parameters
kdf_algoKDF algorithm, e.g., "SP800-56C"
outbuffer holding the derived key, must be of length out_len
out_lenthe desired output length in bytes
secretthe secret input
secret_lensize of secret in bytes
salta diversifier
salt_lensize of salt in bytes
labelpurpose for the derived keying material
label_lensize of label in bytes
Returns
0 on success, a negative value on failure

Definition at line 48 of file ffi_kdf.cpp.

References BOTAN_CURRENT_FUNCTION, BOTAN_FFI_SUCCESS, Botan_FFI::ffi_guard_thunk(), and Botan::get_kdf().

53  {
54  return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int {
55  std::unique_ptr<Botan::KDF> kdf(Botan::get_kdf(kdf_algo));
56  kdf->kdf(out, out_len, secret, secret_len, salt, salt_len, label, label_len);
57  return BOTAN_FFI_SUCCESS;
58  });
59  }
#define BOTAN_FFI_SUCCESS
Definition: ffi.h:137
int ffi_guard_thunk(const char *func_name, Thunk thunk)
Definition: ffi_util.h:64
KDF * get_kdf(const std::string &algo_spec)
Definition: kdf.cpp:236
size_t salt_len
Definition: x509_obj.cpp:25
#define BOTAN_CURRENT_FUNCTION
Definition: compiler.h:143

◆ botan_pbkdf()

int botan_pbkdf ( const char *  pbkdf_algo,
uint8_t  out[],
size_t  out_len,
const char *  pass,
const uint8_t  salt[],
size_t  salt_len,
size_t  iterations 
)

Definition at line 21 of file ffi_kdf.cpp.

References BOTAN_CURRENT_FUNCTION, BOTAN_FFI_SUCCESS, Botan_FFI::ffi_guard_thunk(), and Botan::get_pbkdf().

24  {
25  return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int {
26  std::unique_ptr<Botan::PBKDF> pbkdf(Botan::get_pbkdf(pbkdf_algo));
27  pbkdf->pbkdf_iterations(out, out_len, pass, salt, salt_len, iterations);
28  return BOTAN_FFI_SUCCESS;
29  });
30  }
#define BOTAN_FFI_SUCCESS
Definition: ffi.h:137
int ffi_guard_thunk(const char *func_name, Thunk thunk)
Definition: ffi_util.h:64
PBKDF * get_pbkdf(const std::string &algo_spec, const std::string &provider="")
Definition: pbkdf.h:230
size_t salt_len
Definition: x509_obj.cpp:25
#define BOTAN_CURRENT_FUNCTION
Definition: compiler.h:143

◆ botan_pbkdf_timed()

int botan_pbkdf_timed ( const char *  pbkdf_algo,
uint8_t  out[],
size_t  out_len,
const char *  passphrase,
const uint8_t  salt[],
size_t  salt_len,
size_t  milliseconds_to_run,
size_t *  out_iterations_used 
)

Derive a key from a passphrase, running until msec time has elapsed.

Parameters
pbkdf_algoPBKDF algorithm, e.g., "PBKDF2"
outbuffer to store the derived key, must be of out_len bytes
out_lenthe desired length of the key to produce
passphrasethe password to derive the key from
salta randomly chosen salt
salt_lenlength of salt in bytes
milliseconds_to_runif iterations is zero, then instead the PBKDF is run until milliseconds_to_run milliseconds has passed
out_iterations_usedset to the number iterations executed
Returns
0 on success, a negative value on failure

Definition at line 32 of file ffi_kdf.cpp.

References BOTAN_CURRENT_FUNCTION, BOTAN_FFI_SUCCESS, Botan_FFI::ffi_guard_thunk(), and Botan::get_pbkdf().

38  {
39  return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int {
40  std::unique_ptr<Botan::PBKDF> pbkdf(Botan::get_pbkdf(pbkdf_algo));
41  pbkdf->pbkdf_timed(out, out_len, password, salt, salt_len,
42  std::chrono::milliseconds(ms_to_run),
43  *iterations_used);
44  return BOTAN_FFI_SUCCESS;
45  });
46  }
#define BOTAN_FFI_SUCCESS
Definition: ffi.h:137
int ffi_guard_thunk(const char *func_name, Thunk thunk)
Definition: ffi_util.h:64
PBKDF * get_pbkdf(const std::string &algo_spec, const std::string &provider="")
Definition: pbkdf.h:230
size_t salt_len
Definition: x509_obj.cpp:25
#define BOTAN_CURRENT_FUNCTION
Definition: compiler.h:143