Botan 3.0.0-alpha0
Crypto and TLS for C&
Functions
ffi_kdf.cpp File Reference
Foreign Function Interface
#include <botan/ffi.h>
#include <botan/internal/ffi_util.h>
#include <botan/internal/ffi_rng.h>
#include <botan/pwdhash.h>
#include <botan/kdf.h>

Go to the source code of this file.

Functions

int botan_bcrypt_generate (uint8_t *out, size_t *out_len, const char *pass, botan_rng_t rng_obj, size_t wf, uint32_t flags)
 
int botan_bcrypt_is_valid (const char *pass, const char *hash)
 
int botan_kdf (const char *kdf_algo, uint8_t out[], size_t out_len, const uint8_t secret[], size_t secret_len, const uint8_t salt[], size_t salt_len, const uint8_t label[], size_t label_len)
 
int botan_pbkdf (const char *algo, uint8_t out[], size_t out_len, const char *pass, const uint8_t salt[], size_t salt_len, size_t iterations)
 
int botan_pbkdf_timed (const char *algo, uint8_t out[], size_t out_len, const char *password, const uint8_t salt[], size_t salt_len, size_t ms_to_run, size_t *iterations_used)
 
int botan_pwdhash (const char *algo, size_t param1, size_t param2, size_t param3, uint8_t out[], size_t out_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len)
 
int botan_pwdhash_timed (const char *algo, uint32_t msec, size_t *param1, size_t *param2, size_t *param3, uint8_t out[], size_t out_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len)
 
int botan_scrypt (uint8_t out[], size_t out_len, const char *password, const uint8_t salt[], size_t salt_len, size_t N, size_t r, size_t p)
 

Function Documentation

◆ botan_bcrypt_generate()

int botan_bcrypt_generate ( uint8_t *  out,
size_t *  out_len,
const char *  password,
botan_rng_t  rng,
size_t  work_factor,
uint32_t  flags 
)

Create a password hash using Bcrypt

Parameters
outbuffer holding the password hash, should be of length 64 bytes
out_lenthe desired output length in bytes
passwordthe password
rnga random number generator
work_factorhow much work to do to slow down guessing attacks
flagsshould be 0 in current API revision, all other uses are reserved and return BOTAN_FFI_ERROR_BAD_FLAG
Returns
0 on success, a negative value on failure

Output is formatted bcrypt $2a$...

Definition at line 152 of file ffi_kdf.cpp.

156 {
157#if defined(BOTAN_HAS_BCRYPT)
158 return ffi_guard_thunk(__func__, [=]() -> int {
159 if(out == nullptr || out_len == nullptr || pass == nullptr)
160 return BOTAN_FFI_ERROR_NULL_POINTER;
161
162 if(flags != 0)
163 return BOTAN_FFI_ERROR_BAD_FLAG;
164
165 if(wf < 4 || wf > 18)
166 return BOTAN_FFI_ERROR_BAD_PARAMETER;
167
168 Botan::RandomNumberGenerator& rng = safe_get(rng_obj);
169 const std::string bcrypt = Botan::generate_bcrypt(pass, rng, static_cast<uint16_t>(wf));
170 return write_str_output(out, out_len, bcrypt);
171 });
172#else
173 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
174#endif
175 }
BOTAN_FFI_ERROR_NOT_IMPLEMENTED
@ BOTAN_FFI_ERROR_NOT_IMPLEMENTED
Definition: ffi.h:83
BOTAN_FFI_ERROR_BAD_FLAG
@ BOTAN_FFI_ERROR_BAD_FLAG
Definition: ffi.h:76
BOTAN_FFI_ERROR_NULL_POINTER
@ BOTAN_FFI_ERROR_NULL_POINTER
Definition: ffi.h:77
BOTAN_FFI_ERROR_BAD_PARAMETER
@ BOTAN_FFI_ERROR_BAD_PARAMETER
Definition: ffi.h:78
Botan::PKCS11::flags
Flags flags(Flag flags)
Definition: p11.h:860
Botan_FFI::safe_get
T & safe_get(botan_struct< T, M > *p)
Definition: ffi_util.h:65
Botan_FFI::write_str_output
int write_str_output(uint8_t out[], size_t *out_len, const std::string &str)
Definition: ffi_util.h:157
Botan_FFI::ffi_guard_thunk
int ffi_guard_thunk(const char *func_name, const std::function< int()> &thunk)
Definition: ffi.cpp:92
Botan::generate_bcrypt
std::string generate_bcrypt(const std::string &pass, RandomNumberGenerator &rng, uint16_t work_factor, char version)
Definition: bcrypt.cpp:144

References BOTAN_FFI_ERROR_BAD_FLAG, BOTAN_FFI_ERROR_BAD_PARAMETER, BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, Botan_FFI::ffi_guard_thunk(), Botan::PKCS11::flags(), Botan::generate_bcrypt(), Botan_FFI::safe_get(), and Botan_FFI::write_str_output().

◆ botan_bcrypt_is_valid()

int botan_bcrypt_is_valid ( const char *  pass,
const char *  hash 
)

Check a previously created password hash

Parameters
passthe password to check against
hashthe stored hash to check against
Returns
0 if if this password/hash combination is valid, 1 if the combination is not valid (but otherwise well formed), negative on error

Definition at line 177 of file ffi_kdf.cpp.

178 {
179#if defined(BOTAN_HAS_BCRYPT)
180 return ffi_guard_thunk(__func__, [=]() -> int {
181 return Botan::check_bcrypt(pass, hash) ? BOTAN_FFI_SUCCESS : BOTAN_FFI_INVALID_VERIFIER;
182 });
183#else
184 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
185#endif
186 }
BOTAN_FFI_INVALID_VERIFIER
@ BOTAN_FFI_INVALID_VERIFIER
Definition: ffi.h:64
BOTAN_FFI_SUCCESS
@ BOTAN_FFI_SUCCESS
Definition: ffi.h:63
Botan::check_bcrypt
bool check_bcrypt(const std::string &pass, const std::string &hash)
Definition: bcrypt.cpp:162
hash
MechanismType hash
Definition: p11_mechanism.cpp:67

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_INVALID_VERIFIER, BOTAN_FFI_SUCCESS, Botan::check_bcrypt(), Botan_FFI::ffi_guard_thunk(), and hash.

◆ botan_kdf()

int botan_kdf ( const char *  kdf_algo,
uint8_t  out[],
size_t  out_len,
const uint8_t  secret[],
size_t  secret_len,
const uint8_t  salt[],
size_t  salt_len,
const uint8_t  label[],
size_t  label_len 
)

Derive a key

Parameters
kdf_algoKDF algorithm, e.g., "SP800-56C"
outbuffer holding the derived key, must be of length out_len
out_lenthe desired output length in bytes
secretthe secret input
secret_lensize of secret in bytes
salta diversifier
salt_lensize of salt in bytes
labelpurpose for the derived keying material
label_lensize of label in bytes
Returns
0 on success, a negative value on failure

Definition at line 128 of file ffi_kdf.cpp.

133 {
134 return ffi_guard_thunk(__func__, [=]() -> int {
135 auto kdf = Botan::KDF::create_or_throw(kdf_algo);
136 kdf->kdf(out, out_len, secret, secret_len, salt, salt_len, label, label_len);
137 return BOTAN_FFI_SUCCESS;
138 });
139 }
Botan::KDF::create_or_throw
static std::unique_ptr< KDF > create_or_throw(const std::string &algo_spec, const std::string &provider="")
Definition: kdf.cpp:212
salt_len
size_t salt_len
Definition: x509_obj.cpp:25

References BOTAN_FFI_SUCCESS, Botan::KDF::create_or_throw(), Botan_FFI::ffi_guard_thunk(), and salt_len.

◆ botan_pbkdf()

int botan_pbkdf ( const char *  algo,
uint8_t  out[],
size_t  out_len,
const char *  pass,
const uint8_t  salt[],
size_t  salt_len,
size_t  iterations 
)

Definition at line 21 of file ffi_kdf.cpp.

24 {
25 return botan_pwdhash(algo,
26 iterations,
27 0,
28 0,
29 out, out_len,
30 pass, 0,
31 salt, salt_len);
32 }
botan_pwdhash
int botan_pwdhash(const char *algo, size_t param1, size_t param2, size_t param3, uint8_t out[], size_t out_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len)
Definition: ffi_kdf.cpp:51

References botan_pwdhash(), and salt_len.

◆ botan_pbkdf_timed()

int botan_pbkdf_timed ( const char *  pbkdf_algo,
uint8_t  out[],
size_t  out_len,
const char *  passphrase,
const uint8_t  salt[],
size_t  salt_len,
size_t  milliseconds_to_run,
size_t *  out_iterations_used 
)

Derive a key from a passphrase, running until msec time has elapsed.

Parameters
pbkdf_algoPBKDF algorithm, e.g., "PBKDF2(SHA-256)"
outbuffer to store the derived key, must be of out_len bytes
out_lenthe desired length of the key to produce
passphrasethe password to derive the key from
salta randomly chosen salt
salt_lenlength of salt in bytes
milliseconds_to_runif iterations is zero, then instead the PBKDF is run until milliseconds_to_run milliseconds has passed
out_iterations_usedset to the number iterations executed
Returns
0 on success, a negative value on failure

Deprecated: use

botan_pwdhash_timed(pbkdf_algo, static_cast<uint32_t>(ms_to_run), iterations_used, nullptr, nullptr, out, out_len, password, 0, salt, salt_len);

Definition at line 34 of file ffi_kdf.cpp.

40 {
41 return botan_pwdhash_timed(algo,
42 static_cast<uint32_t>(ms_to_run),
43 iterations_used,
44 nullptr,
45 nullptr,
46 out, out_len,
47 password, 0,
48 salt, salt_len);
49 }
botan_pwdhash_timed
int botan_pwdhash_timed(const char *algo, uint32_t msec, size_t *param1, size_t *param2, size_t *param3, uint8_t out[], size_t out_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len)
Definition: ffi_kdf.cpp:85

References botan_pwdhash_timed(), and salt_len.

◆ botan_pwdhash()

int botan_pwdhash ( const char *  algo,
size_t  param1,
size_t  param2,
size_t  param3,
uint8_t  out[],
size_t  out_len,
const char *  password,
size_t  password_len,
const uint8_t  salt[],
size_t  salt_len 
)

Definition at line 51 of file ffi_kdf.cpp.

62 {
63 if(algo == nullptr || password == nullptr)
64 return BOTAN_FFI_ERROR_NULL_POINTER;
65
66 if(password_len == 0)
67 password_len = std::strlen(password);
68
69 return ffi_guard_thunk(__func__, [=]() -> int {
70 auto pwdhash_fam = Botan::PasswordHashFamily::create(algo);
71
72 if(!pwdhash_fam)
73 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
74
75 auto pwdhash = pwdhash_fam->from_params(param1, param2, param3);
76
77 pwdhash->derive_key(out, out_len,
78 password, password_len,
79 salt, salt_len);
80
81 return BOTAN_FFI_SUCCESS;
82 });
83 }
Botan::PasswordHashFamily::create
static std::unique_ptr< PasswordHashFamily > create(const std::string &algo_spec, const std::string &provider="")
Definition: pwdhash.cpp:49

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, Botan::PasswordHashFamily::create(), Botan_FFI::ffi_guard_thunk(), and salt_len.

Referenced by botan_pbkdf().

◆ botan_pwdhash_timed()

int botan_pwdhash_timed ( const char *  algo,
uint32_t  msec,
size_t *  param1,
size_t *  param2,
size_t *  param3,
uint8_t  out[],
size_t  out_len,
const char *  password,
size_t  password_len,
const uint8_t  salt[],
size_t  salt_len 
)

Definition at line 85 of file ffi_kdf.cpp.

97 {
98 if(algo == nullptr || password == nullptr)
99 return BOTAN_FFI_ERROR_NULL_POINTER;
100
101 if(password_len == 0)
102 password_len = std::strlen(password);
103
104 return ffi_guard_thunk(__func__, [=]() -> int {
105
106 auto pwdhash_fam = Botan::PasswordHashFamily::create(algo);
107
108 if(!pwdhash_fam)
109 return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
110
111 auto pwdhash = pwdhash_fam->tune(out_len, std::chrono::milliseconds(msec));
112
113 if(param1)
114 *param1 = pwdhash->iterations();
115 if(param2)
116 *param2 = pwdhash->parallelism();
117 if(param3)
118 *param3 = pwdhash->memory_param();
119
120 pwdhash->derive_key(out, out_len,
121 password, password_len,
122 salt, salt_len);
123
124 return BOTAN_FFI_SUCCESS;
125 });
126 }

References BOTAN_FFI_ERROR_NOT_IMPLEMENTED, BOTAN_FFI_ERROR_NULL_POINTER, BOTAN_FFI_SUCCESS, Botan::PasswordHashFamily::create(), Botan_FFI::ffi_guard_thunk(), and salt_len.

Referenced by botan_pbkdf_timed().

◆ botan_scrypt()

int botan_scrypt ( uint8_t  out[],
size_t  out_len,
const char *  passphrase,
const uint8_t  salt[],
size_t  salt_len,
size_t  N,
size_t  r,
size_t  p 
)

Derive a key using scrypt Deprecated; use botan_pwdhash("Scrypt", N, r, p, out, out_len, password, 0, salt, salt_len);

Definition at line 141 of file ffi_kdf.cpp.

145 {
146 return botan_pwdhash("Scrypt", N, r, p,
147 out, out_len,
148 password, 0,
149 salt, salt_len);
150 }
Generated by doxygen 1.9.3