Botan 3.8.1
Crypto and TLS for C&
pgp_s2k.h
Go to the documentation of this file.
1/*
2* OpenPGP PBKDF
3* (C) 1999-2007,2017 Jack Lloyd
4* (C) 2018 Ribose Inc
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#ifndef BOTAN_OPENPGP_S2K_H_
10#define BOTAN_OPENPGP_S2K_H_
11
12#include <botan/hash.h>
13#include <botan/pbkdf.h>
14#include <botan/pwdhash.h>
15#include <botan/rfc4880.h>
16
17// Use pwdhash.h
18BOTAN_FUTURE_INTERNAL_HEADER(pgp_s2k.h)
19
20namespace Botan {
21
22/**
23* OpenPGP's S2K
24*
25* See RFC 4880 sections 3.7.1.1, 3.7.1.2, and 3.7.1.3
26* If the salt is empty and iterations == 1, "simple" S2K is used
27* If the salt is non-empty and iterations == 1, "salted" S2K is used
28* If the salt is non-empty and iterations > 1, "iterated" S2K is used
29*
30* Due to complexities of the PGP S2K algorithm, time-based derivation
31* is not supported. So if iterations == 0 and msec.count() > 0, an
32* exception is thrown. In the future this may be supported, in which
33* case "iterated" S2K will be used and the number of iterations
34* performed is returned.
35*
36* Note that unlike PBKDF2, OpenPGP S2K's "iterations" are defined as
37* the number of bytes hashed.
38*/
39class BOTAN_PUBLIC_API(2, 2) OpenPGP_S2K final : public PBKDF {
40 public:
41 /**
42 * @param hash the hash function to use
43 */
44 explicit OpenPGP_S2K(std::unique_ptr<HashFunction> hash) : m_hash(std::move(hash)) {}
45
46 std::string name() const override { return "OpenPGP-S2K(" + m_hash->name() + ")"; }
47
48 std::unique_ptr<PBKDF> new_object() const override { return std::make_unique<OpenPGP_S2K>(m_hash->new_object()); }
49
50 size_t pbkdf(uint8_t output_buf[],
51 size_t output_len,
52 std::string_view passphrase,
53 const uint8_t salt[],
54 size_t salt_len,
55 size_t iterations,
56 std::chrono::milliseconds msec) const override;
57
58 /**
59 * RFC 4880 encodes the iteration count to a single-byte value
60 */
61 static uint8_t encode_count(size_t iterations) { return RFC4880_encode_count(iterations); }
62
63 static size_t decode_count(uint8_t encoded_iter) { return RFC4880_decode_count(encoded_iter); }
64
65 private:
66 std::unique_ptr<HashFunction> m_hash;
67};
68
69/**
70* OpenPGP's S2K
71*
72* See RFC 4880 sections 3.7.1.1, 3.7.1.2, and 3.7.1.3
73* If the salt is empty and iterations == 1, "simple" S2K is used
74* If the salt is non-empty and iterations == 1, "salted" S2K is used
75* If the salt is non-empty and iterations > 1, "iterated" S2K is used
76*
77* Note that unlike PBKDF2, OpenPGP S2K's "iterations" are defined as
78* the number of bytes hashed.
79*/
80class BOTAN_PUBLIC_API(2, 8) RFC4880_S2K final : public PasswordHash {
81 public:
82 /**
83 * @param hash the hash function to use
84 * @param iterations is rounded due to PGP formatting
85 */
86 RFC4880_S2K(std::unique_ptr<HashFunction> hash, size_t iterations);
87
88 std::string to_string() const override;
89
90 size_t iterations() const override { return m_iterations; }
91
92 void derive_key(uint8_t out[],
93 size_t out_len,
94 const char* password,
95 size_t password_len,
96 const uint8_t salt[],
97 size_t salt_len) const override;
98
99 private:
100 std::unique_ptr<HashFunction> m_hash;
101 size_t m_iterations;
102};
103
104class BOTAN_PUBLIC_API(2, 8) RFC4880_S2K_Family final : public PasswordHashFamily {
105 public:
106 RFC4880_S2K_Family(std::unique_ptr<HashFunction> hash) : m_hash(std::move(hash)) {}
107
108 std::string name() const override;
109
110 std::unique_ptr<PasswordHash> tune(size_t output_len,
111 std::chrono::milliseconds msec,
112 size_t max_mem,
113 std::chrono::milliseconds tune_msec) const override;
114
115 /**
116 * Return some default parameter set for this PBKDF that should be good
117 * enough for most users. The value returned may change over time as
118 * processing power and attacks improve.
119 */
120 std::unique_ptr<PasswordHash> default_params() const override;
121
122 std::unique_ptr<PasswordHash> from_iterations(size_t iter) const override;
123
124 std::unique_ptr<PasswordHash> from_params(size_t iter, size_t, size_t) const override;
125
126 private:
127 std::unique_ptr<HashFunction> m_hash;
128};
129
130} // namespace Botan
131
132#endif
BOTAN_PUBLIC_API
#define BOTAN_PUBLIC_API(maj, min)
Definition api.h:19
BOTAN_FUTURE_INTERNAL_HEADER
#define BOTAN_FUTURE_INTERNAL_HEADER(hdr)
Definition api.h:84
Botan::OpenPGP_S2K::new_object
std::unique_ptr< PBKDF > new_object() const override
Definition pgp_s2k.h:48
Botan::OpenPGP_S2K::decode_count
static size_t decode_count(uint8_t encoded_iter)
Definition pgp_s2k.h:63
Botan::OpenPGP_S2K::name
std::string name() const override
Definition pgp_s2k.h:46
Botan::OpenPGP_S2K::encode_count
static uint8_t encode_count(size_t iterations)
Definition pgp_s2k.h:61
Botan::OpenPGP_S2K::OpenPGP_S2K
OpenPGP_S2K(std::unique_ptr< HashFunction > hash)
Definition pgp_s2k.h:44
Botan::PBKDF::derive_key
OctetString derive_key(size_t out_len, std::string_view passphrase, const uint8_t salt[], size_t salt_len, size_t iterations) const
Definition pbkdf.h:176
Botan::PBKDF::pbkdf
virtual size_t pbkdf(uint8_t out[], size_t out_len, std::string_view passphrase, const uint8_t salt[], size_t salt_len, size_t iterations, std::chrono::milliseconds msec) const =0
Botan::PBKDF::name
virtual std::string name() const =0
Botan::PasswordHash::hash
void hash(std::span< uint8_t > out, std::string_view password, std::span< const uint8_t > salt) const
Definition pwdhash.h:84
Botan::RFC4880_S2K_Family::RFC4880_S2K_Family
RFC4880_S2K_Family(std::unique_ptr< HashFunction > hash)
Definition pgp_s2k.h:106
Botan::RFC4880_S2K::iterations
size_t iterations() const override
Definition pgp_s2k.h:90
Botan::RFC4880_S2K::RFC4880_S2K
RFC4880_S2K(std::unique_ptr< HashFunction > hash, size_t iterations)
Definition pgp_s2k.cpp:128
Botan::RFC4880_encode_count
uint8_t RFC4880_encode_count(size_t desired_iterations)
Definition rfc4880.cpp:47
Botan::RFC4880_decode_count
size_t RFC4880_decode_count(uint8_t iter)
Definition rfc4880.cpp:61
Botan::to_string
std::string to_string(ErrorType type)
Convert an ErrorType to string.
Definition exceptn.cpp:13
Generated by doxygen 1.13.2