Coverage Report

Created: 2024-11-21 07:03

/src/botan/build/include/public/botan/pbkdf.h
Line
Count
Source (jump to first uncovered line)
1
/*
2
* PBKDF
3
* (C) 1999-2007,2012,2015 Jack Lloyd
4
*
5
* Botan is released under the Simplified BSD License (see license.txt)
6
*/
7
8
#ifndef BOTAN_PBKDF_H_
9
#define BOTAN_PBKDF_H_
10
11
#include <botan/symkey.h>
12
#include <chrono>
13
#include <string>
14
#include <string_view>
15
16
/*
17
* This entire interface is deprecated. Use the interface in pwdhash.h
18
*/
19
BOTAN_DEPRECATED_HEADER("pbkdf.h")
20
21
namespace Botan {
22
23
/**
24
* Base class for PBKDF (password based key derivation function)
25
* implementations. Converts a password into a key using a salt
26
* and iterated hashing to make brute force attacks harder.
27
*
28
* Starting in 2.8 this functionality is also offered by PasswordHash.
29
* The PBKDF interface may be removed in a future release.
30
*/
31
class BOTAN_PUBLIC_API(2, 0) PBKDF {
32
   public:
33
      /**
34
      * Create an instance based on a name
35
      * If provider is empty then best available is chosen.
36
      * @param algo_spec algorithm name
37
      * @param provider provider implementation to choose
38
      * @return a null pointer if the algo/provider combination cannot be found
39
      */
40
      BOTAN_DEPRECATED("Use PasswordHashFamily + PasswordHash")
41
      static std::unique_ptr<PBKDF> create(std::string_view algo_spec, std::string_view provider = "");
42
43
      /**
44
      * Create an instance based on a name, or throw if the
45
      * algo/provider combination cannot be found. If provider is
46
      * empty then best available is chosen.
47
      */
48
      BOTAN_DEPRECATED("Use PasswordHashFamily + PasswordHash")
49
      static std::unique_ptr<PBKDF> create_or_throw(std::string_view algo_spec, std::string_view provider = "");
50
51
      /**
52
      * @return list of available providers for this algorithm, empty if not available
53
      */
54
      static std::vector<std::string> providers(std::string_view algo_spec);
55
56
      /**
57
      * @return new instance of this same algorithm
58
      */
59
      virtual std::unique_ptr<PBKDF> new_object() const = 0;
60
61
      /**
62
      * @return new instance of this same algorithm
63
      */
64
0
      PBKDF* clone() const { return this->new_object().release(); }
65
66
      /**
67
      * @return name of this PBKDF
68
      */
69
      virtual std::string name() const = 0;
70
71
0
      virtual ~PBKDF() = default;
72
73
      /**
74
      * Derive a key from a passphrase for a number of iterations
75
      * specified by either iterations or if iterations == 0 then
76
      * running until msec time has elapsed.
77
      *
78
      * @param out buffer to store the derived key, must be of out_len bytes
79
      * @param out_len the desired length of the key to produce
80
      * @param passphrase the password to derive the key from
81
      * @param salt a randomly chosen salt
82
      * @param salt_len length of salt in bytes
83
      * @param iterations the number of iterations to use (use 10K or more)
84
      * @param msec if iterations is zero, then instead the PBKDF is
85
      *        run until msec milliseconds has passed.
86
      * @return the number of iterations performed
87
      */
88
      virtual size_t pbkdf(uint8_t out[],
89
                           size_t out_len,
90
                           std::string_view passphrase,
91
                           const uint8_t salt[],
92
                           size_t salt_len,
93
                           size_t iterations,
94
                           std::chrono::milliseconds msec) const = 0;
95
96
      /**
97
      * Derive a key from a passphrase for a number of iterations.
98
      *
99
      * @param out buffer to store the derived key, must be of out_len bytes
100
      * @param out_len the desired length of the key to produce
101
      * @param passphrase the password to derive the key from
102
      * @param salt a randomly chosen salt
103
      * @param salt_len length of salt in bytes
104
      * @param iterations the number of iterations to use (use 10K or more)
105
      */
106
      void pbkdf_iterations(uint8_t out[],
107
                            size_t out_len,
108
                            std::string_view passphrase,
109
                            const uint8_t salt[],
110
                            size_t salt_len,
111
                            size_t iterations) const;
112
113
      /**
114
      * Derive a key from a passphrase, running until msec time has elapsed.
115
      *
116
      * @param out buffer to store the derived key, must be of out_len bytes
117
      * @param out_len the desired length of the key to produce
118
      * @param passphrase the password to derive the key from
119
      * @param salt a randomly chosen salt
120
      * @param salt_len length of salt in bytes
121
      * @param msec if iterations is zero, then instead the PBKDF is
122
      *        run until msec milliseconds has passed.
123
      * @param iterations set to the number iterations executed
124
      */
125
      void pbkdf_timed(uint8_t out[],
126
                       size_t out_len,
127
                       std::string_view passphrase,
128
                       const uint8_t salt[],
129
                       size_t salt_len,
130
                       std::chrono::milliseconds msec,
131
                       size_t& iterations) const;
132
133
      /**
134
      * Derive a key from a passphrase for a number of iterations.
135
      *
136
      * @param out_len the desired length of the key to produce
137
      * @param passphrase the password to derive the key from
138
      * @param salt a randomly chosen salt
139
      * @param salt_len length of salt in bytes
140
      * @param iterations the number of iterations to use (use 10K or more)
141
      * @return the derived key
142
      */
143
      secure_vector<uint8_t> pbkdf_iterations(
144
         size_t out_len, std::string_view passphrase, const uint8_t salt[], size_t salt_len, size_t iterations) const;
145
146
      /**
147
      * Derive a key from a passphrase, running until msec time has elapsed.
148
      *
149
      * @param out_len the desired length of the key to produce
150
      * @param passphrase the password to derive the key from
151
      * @param salt a randomly chosen salt
152
      * @param salt_len length of salt in bytes
153
      * @param msec if iterations is zero, then instead the PBKDF is
154
      *        run until msec milliseconds has passed.
155
      * @param iterations set to the number iterations executed
156
      * @return the derived key
157
      */
158
      secure_vector<uint8_t> pbkdf_timed(size_t out_len,
159
                                         std::string_view passphrase,
160
                                         const uint8_t salt[],
161
                                         size_t salt_len,
162
                                         std::chrono::milliseconds msec,
163
                                         size_t& iterations) const;
164
165
      // Following kept for compat with 1.10:
166
167
      /**
168
      * Derive a key from a passphrase
169
      * @param out_len the desired length of the key to produce
170
      * @param passphrase the password to derive the key from
171
      * @param salt a randomly chosen salt
172
      * @param salt_len length of salt in bytes
173
      * @param iterations the number of iterations to use (use 10K or more)
174
      */
175
      OctetString derive_key(
176
0
         size_t out_len, std::string_view passphrase, const uint8_t salt[], size_t salt_len, size_t iterations) const {
177
0
         return OctetString(pbkdf_iterations(out_len, passphrase, salt, salt_len, iterations));
178
0
      }
179
180
      /**
181
      * Derive a key from a passphrase
182
      * @param out_len the desired length of the key to produce
183
      * @param passphrase the password to derive the key from
184
      * @param salt a randomly chosen salt
185
      * @param iterations the number of iterations to use (use 10K or more)
186
      */
187
      template <typename Alloc>
188
      OctetString derive_key(size_t out_len,
189
                             std::string_view passphrase,
190
                             const std::vector<uint8_t, Alloc>& salt,
191
                             size_t iterations) const {
192
         return OctetString(pbkdf_iterations(out_len, passphrase, salt.data(), salt.size(), iterations));
193
      }
194
195
      /**
196
      * Derive a key from a passphrase
197
      * @param out_len the desired length of the key to produce
198
      * @param passphrase the password to derive the key from
199
      * @param salt a randomly chosen salt
200
      * @param salt_len length of salt in bytes
201
      * @param msec is how long to run the PBKDF
202
      * @param iterations is set to the number of iterations used
203
      */
204
      OctetString derive_key(size_t out_len,
205
                             std::string_view passphrase,
206
                             const uint8_t salt[],
207
                             size_t salt_len,
208
                             std::chrono::milliseconds msec,
209
0
                             size_t& iterations) const {
210
0
         return OctetString(pbkdf_timed(out_len, passphrase, salt, salt_len, msec, iterations));
211
0
      }
212
213
      /**
214
      * Derive a key from a passphrase using a certain amount of time
215
      * @param out_len the desired length of the key to produce
216
      * @param passphrase the password to derive the key from
217
      * @param salt a randomly chosen salt
218
      * @param msec is how long to run the PBKDF
219
      * @param iterations is set to the number of iterations used
220
      */
221
      template <typename Alloc>
222
      OctetString derive_key(size_t out_len,
223
                             std::string_view passphrase,
224
                             const std::vector<uint8_t, Alloc>& salt,
225
                             std::chrono::milliseconds msec,
226
                             size_t& iterations) const {
227
         return OctetString(pbkdf_timed(out_len, passphrase, salt.data(), salt.size(), msec, iterations));
228
      }
229
};
230
231
/*
232
* Compatibility typedef
233
*/
234
typedef PBKDF S2K;
235
236
/**
237
* Password based key derivation function factory method
238
* @param algo_spec the name of the desired PBKDF algorithm
239
* @param provider the provider to use
240
* @return pointer to newly allocated object of that type
241
*/
242
BOTAN_DEPRECATED("Use PasswordHashFamily + PasswordHash")
243
0
inline PBKDF* get_pbkdf(std::string_view algo_spec, std::string_view provider = "") {
244
0
   return PBKDF::create_or_throw(algo_spec, provider).release();
245
0
}
246
247
0
BOTAN_DEPRECATED("Use PasswordHashFamily + PasswordHash") inline PBKDF* get_s2k(std::string_view algo_spec) {
248
0
   return PBKDF::create_or_throw(algo_spec).release();
249
0
}
250
251
}  // namespace Botan
252
253
#endif