9#include <botan/pbkdf2.h>
11#include <botan/exceptn.h>
12#include <botan/mem_ops.h>
13#include <botan/internal/fmt.h>
14#include <botan/internal/time_utils.h>
30 std::chrono::milliseconds msec,
31 std::chrono::milliseconds tune_time = std::chrono::milliseconds(10)) {
32 if(output_length == 0) {
36 const size_t prf_sz = prf.output_length();
40 const size_t trial_iterations = 2000;
44 prf.set_key(
nullptr, 0);
46 const uint64_t duration_nsec =
measure_cost(tune_time, [&]() {
47 uint8_t out[12] = {0};
48 uint8_t salt[12] = {0};
49 pbkdf2(prf, out,
sizeof(out), salt,
sizeof(salt), trial_iterations);
52 const uint64_t desired_nsec =
static_cast<uint64_t
>(msec.count()) * 1000000;
54 if(duration_nsec > desired_nsec) {
55 return trial_iterations;
58 const size_t blocks_needed = (output_length + prf_sz - 1) / prf_sz;
60 const size_t multiplier =
static_cast<size_t>(desired_nsec / duration_nsec / blocks_needed);
63 return trial_iterations;
65 return trial_iterations * multiplier;
74 std::string_view password,
78 std::chrono::milliseconds msec) {
80 iterations = tune_pbkdf2(prf, out_len, msec);
85 pbkdf2.derive_key(out, out_len, password.data(), password.size(), salt, salt_len);
111 uint32_t counter = 1;
113 const size_t prf_output = std::min<size_t>(prf_sz, out_len);
115 prf.
update(salt, salt_len);
119 xor_buf(out, U.data(), prf_output);
121 for(
size_t i = 1; i != iterations; ++i) {
124 xor_buf(out, U.data(), prf_output);
127 out_len -= prf_output;
135 std::string_view password,
136 const uint8_t salt[],
139 std::chrono::milliseconds msec)
const {
140 if(iterations == 0) {
141 iterations = tune_pbkdf2(*m_mac, key_len, msec);
146 pbkdf2.derive_key(key, key_len, password.data(), password.size(), salt, salt_len);
152 return fmt(
"PBKDF2({})", m_mac->name());
156 return std::make_unique<PKCS5_PBKDF2>(m_mac->new_object());
162 m_prf(prf.new_object()), m_iterations(tune_pbkdf2(*m_prf, olen, msec)) {}
165 return fmt(
"PBKDF2({},{})", m_prf->name(), m_iterations);
170 const char* password,
171 const size_t password_len,
172 const uint8_t salt[],
173 size_t salt_len)
const {
174 pbkdf2_set_key(*m_prf, password, password_len);
175 pbkdf2(*m_prf, out, out_len, salt, salt_len, m_iterations);
179 return fmt(
"PBKDF2({})", m_prf->name());
183 std::chrono::milliseconds msec,
185 std::chrono::milliseconds tune_time)
const {
186 auto iterations = tune_pbkdf2(*m_prf, output_len, msec, tune_time);
187 return std::make_unique<PBKDF2>(*m_prf, iterations);
191 return std::make_unique<PBKDF2>(*m_prf, 150000);
195 return std::make_unique<PBKDF2>(*m_prf, iter);
199 return std::make_unique<PBKDF2>(*m_prf, iter);
#define BOTAN_ASSERT_NOMSG(expr)
void update(const uint8_t in[], size_t length)
virtual size_t output_length() const =0
void update_be(uint16_t val)
void final(uint8_t out[])
std::string name() const override
std::unique_ptr< PasswordHash > default_params() const override
std::unique_ptr< PasswordHash > from_iterations(size_t iter) const override
std::unique_ptr< PasswordHash > tune(size_t output_len, std::chrono::milliseconds msec, size_t max_memory, std::chrono::milliseconds tune_msec) const override
std::unique_ptr< PasswordHash > from_params(size_t iter, size_t, size_t) const override
PBKDF2(const MessageAuthenticationCode &prf, size_t iter)
void derive_key(uint8_t out[], size_t out_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len) const override
std::string to_string() const override
size_t pbkdf(uint8_t output_buf[], size_t output_len, std::string_view passphrase, const uint8_t salt[], size_t salt_len, size_t iterations, std::chrono::milliseconds msec) const override
std::string name() const override
std::unique_ptr< PBKDF > new_object() const override
std::string fmt(std::string_view format, const T &... args)
constexpr void xor_buf(ranges::contiguous_output_range< uint8_t > auto &&out, ranges::contiguous_range< uint8_t > auto &&in)
std::vector< T, secure_allocator< T > > secure_vector
uint64_t measure_cost(std::chrono::milliseconds trial_msec, F func)
size_t pbkdf2(MessageAuthenticationCode &prf, uint8_t out[], size_t out_len, std::string_view password, const uint8_t salt[], size_t salt_len, size_t iterations, std::chrono::milliseconds msec)
constexpr void clear_mem(T *ptr, size_t n)
const uint8_t * cast_char_ptr_to_uint8(const char *s)