doxygen/passhash9_8cpp_source.html

/*

* Passhash9 Password Hashing

* (C) 2010 Jack Lloyd

*

* Botan is released under the Simplified BSD License (see license.txt)

*/


#include <botan/passhash9.h>

#include <botan/rng.h>

#include <botan/internal/loadstor.h>

#include <botan/pbkdf2.h>

#include <botan/base64.h>


namespace Botan {


namespace {


const std::string MAGIC_PREFIX = "$9$";


const size_t WORKFACTOR_BYTES = 2;

const size_t ALGID_BYTES = 1;

const size_t SALT_BYTES = 12; // 96 bits of salt

const size_t PASSHASH9_PBKDF_OUTPUT_LEN = 24; // 192 bits output


const size_t WORK_FACTOR_SCALE = 10000;


std::unique_ptr<MessageAuthenticationCode> get_pbkdf_prf(uint8_t alg_id)

   {

   if(alg_id == 0)

      return MessageAuthenticationCode::create("HMAC(SHA-1)");

   else if(alg_id == 1)

      return MessageAuthenticationCode::create("HMAC(SHA-256)");

   else if(alg_id == 2)

      return MessageAuthenticationCode::create("CMAC(Blowfish)");

   else if(alg_id == 3)

      return MessageAuthenticationCode::create("HMAC(SHA-384)");

   else if(alg_id == 4)

      return MessageAuthenticationCode::create("HMAC(SHA-512)");

   return nullptr;

   }


}


std::string generate_passhash9(std::string_view pass,

                               RandomNumberGenerator& rng,

                               uint16_t work_factor,

                               uint8_t alg_id)

   {

   BOTAN_ARG_CHECK(work_factor > 0 && work_factor < 512, "Invalid Passhash9 work factor");


   auto prf = get_pbkdf_prf(alg_id);


   if(!prf)

      throw Invalid_Argument("Passhash9: Algorithm id " +

                             std::to_string(alg_id) +

                             " is not defined");


   PKCS5_PBKDF2 kdf(std::move(prf));


   secure_vector<uint8_t> salt(SALT_BYTES);

   rng.randomize(salt.data(), salt.size());


   const size_t kdf_iterations = WORK_FACTOR_SCALE * work_factor;


   secure_vector<uint8_t> blob;

   blob.push_back(alg_id);

   blob.push_back(get_byte<0>(work_factor));

   blob.push_back(get_byte<1>(work_factor));

   blob += salt;

   blob += kdf.derive_key(PASSHASH9_PBKDF_OUTPUT_LEN,

                          pass,

                          salt.data(), salt.size(),

                          kdf_iterations).bits_of();


   return MAGIC_PREFIX + base64_encode(blob);

   }


bool check_passhash9(std::string_view pass, std::string_view hash)

   {

   const size_t BINARY_LENGTH =

     ALGID_BYTES +

     WORKFACTOR_BYTES +

     PASSHASH9_PBKDF_OUTPUT_LEN +

     SALT_BYTES;


   const size_t BASE64_LENGTH =

      MAGIC_PREFIX.size() + (BINARY_LENGTH * 8) / 6;


   if(hash.size() != BASE64_LENGTH)

      return false;


   for(size_t i = 0; i != MAGIC_PREFIX.size(); ++i)

      if(hash[i] != MAGIC_PREFIX[i])

         return false;


   secure_vector<uint8_t> bin = base64_decode(hash.data() + MAGIC_PREFIX.size());


   if(bin.size() != BINARY_LENGTH)

      return false;


   uint8_t alg_id = bin[0];


   const size_t work_factor = load_be<uint16_t>(&bin[ALGID_BYTES], 0);


   // Bug in the format, bad states shouldn't be representable, but are...

   if(work_factor == 0)

      return false;


   if(work_factor > 512)

      throw Invalid_Argument("Requested passhash9 work factor " +

                             std::to_string(work_factor) + " is too large");


   const size_t kdf_iterations = WORK_FACTOR_SCALE * work_factor;


   auto pbkdf_prf = get_pbkdf_prf(alg_id);


   if(!pbkdf_prf)

      return false; // unknown algorithm, reject


   PKCS5_PBKDF2 kdf(std::move(pbkdf_prf));


   secure_vector<uint8_t> cmp = kdf.derive_key(

      PASSHASH9_PBKDF_OUTPUT_LEN,

      pass,

      &bin[ALGID_BYTES + WORKFACTOR_BYTES], SALT_BYTES,

      kdf_iterations).bits_of();


   return constant_time_compare(cmp.data(),

                   &bin[ALGID_BYTES + WORKFACTOR_BYTES + SALT_BYTES],

                   PASSHASH9_PBKDF_OUTPUT_LEN);

   }


bool is_passhash9_alg_supported(uint8_t alg_id)

   {

   if (get_pbkdf_prf(alg_id))

      {

      return true;

      }

   return false;

   }


}

BOTAN_ARG_CHECK
#define BOTAN_ARG_CHECK(expr, msg)
Definition: assert.h:36

Botan::Invalid_Argument
Definition: exceptn.h:133

Botan::MessageAuthenticationCode::create
static std::unique_ptr< MessageAuthenticationCode > create(std::string_view algo_spec, std::string_view provider="")
Definition: mac.cpp:46

Botan::OctetString::bits_of
secure_vector< uint8_t > bits_of() const
Definition: symkey.h:35

Botan::PBKDF::derive_key
OctetString derive_key(size_t out_len, std::string_view passphrase, const uint8_t salt[], size_t salt_len, size_t iterations) const
Definition: pbkdf.h:175

Botan::PKCS5_PBKDF2
Definition: pbkdf2.h:98

Botan::RandomNumberGenerator
Definition: rng.h:31

Botan::RandomNumberGenerator::randomize
void randomize(std::span< uint8_t > output)
Definition: rng.h:53

Botan
Definition: alg_id.cpp:12

Botan::generate_passhash9
std::string generate_passhash9(std::string_view pass, RandomNumberGenerator &rng, uint16_t work_factor, uint8_t alg_id)
Definition: passhash9.cpp:44

Botan::check_passhash9
bool check_passhash9(std::string_view pass, std::string_view hash)
Definition: passhash9.cpp:78

Botan::base64_encode
size_t base64_encode(char out[], const uint8_t in[], size_t input_length, size_t &input_consumed, bool final_inputs)
Definition: base64.cpp:178

Botan::base64_decode
size_t base64_decode(uint8_t out[], const char in[], size_t input_length, size_t &input_consumed, bool final_inputs, bool ignore_ws)
Definition: base64.cpp:193

Botan::constant_time_compare
bool constant_time_compare(const uint8_t x[], const uint8_t y[], size_t len)
Definition: mem_ops.h:82

Botan::is_passhash9_alg_supported
bool is_passhash9_alg_supported(uint8_t alg_id)
Definition: passhash9.cpp:133

Botan::load_be< uint16_t >
constexpr uint16_t load_be< uint16_t >(const uint8_t in[], size_t off)
Definition: loadstor.h:150

Botan::secure_vector
std::vector< T, secure_allocator< T > > secure_vector
Definition: secmem.h:64