aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2018-09-04 20:28:03 -0400
committerJack Lloyd <[email protected]>2018-09-10 13:27:45 -0400
commitfbfaae958ad28f81bb2643372d57981a092f526b (patch)
tree55a17b6f7c854fb01c092fd7ce47b9fcf9a58b47 /src/lib
parent0bc69a14918f0df0f6033b43b2600f41333e9273 (diff)
Add FFI
This is a contribution of Ribose Inc (@riboseinc)
Diffstat (limited to 'src/lib')
-rw-r--r--src/lib/ffi/ffi.h55
-rw-r--r--src/lib/ffi/ffi_kdf.cpp94
2 files changed, 134 insertions, 15 deletions
diff --git a/src/lib/ffi/ffi.h b/src/lib/ffi/ffi.h
index ed3e0bb71..6525b80cc 100644
--- a/src/lib/ffi/ffi.h
+++ b/src/lib/ffi/ffi.h
@@ -514,7 +514,7 @@ BOTAN_PUBLIC_API(2,0) int botan_cipher_destroy(botan_cipher_t cipher);
/*
* Derive a key from a passphrase for a number of iterations
-* @param pbkdf_algo PBKDF algorithm, e.g., "PBKDF2"
+* @param pbkdf_algo PBKDF algorithm, e.g., "PBKDF2(SHA-256)"
* @param out buffer to store the derived key, must be of out_len bytes
* @param out_len the desired length of the key to produce
* @param passphrase the password to derive the key from
@@ -531,7 +531,7 @@ BOTAN_PUBLIC_API(2,0) int botan_pbkdf(const char* pbkdf_algo,
/**
* Derive a key from a passphrase, running until msec time has elapsed.
-* @param pbkdf_algo PBKDF algorithm, e.g., "PBKDF2"
+* @param pbkdf_algo PBKDF algorithm, e.g., "PBKDF2(SHA-256)"
* @param out buffer to store the derived key, must be of out_len bytes
* @param out_len the desired length of the key to produce
* @param passphrase the password to derive the key from
@@ -550,6 +550,56 @@ BOTAN_PUBLIC_API(2,0) int botan_pbkdf_timed(const char* pbkdf_algo,
size_t* out_iterations_used);
+/*
+* Derive a key from a passphrase
+* @param pbkdf_algo PBKDF algorithm, e.g., "PBKDF2(SHA-256)"
+* @param out buffer to store the derived key, must be of out_len bytes
+* @param out_len the desired length of the key to produce
+* @param passphrase the password to derive the key from
+* @param salt a randomly chosen salt
+* @param salt_len length of salt in bytes
+* @param iterations the number of iterations to use (use 10K or more)
+* @return 0 on success, a negative value on failure
+*/
+int BOTAN_PUBLIC_API(2,8) botan_pwdhash(
+ const char* algo,
+ size_t param1,
+ size_t param2,
+ size_t param3,
+ uint8_t out[],
+ size_t out_len,
+ const char* passphrase,
+ size_t passphrase_len,
+ const uint8_t salt[],
+ size_t salt_len);
+
+/*
+* Derive a key from a passphrase
+* @param pbkdf_algo PBKDF algorithm, e.g., "Scrypt" or "PBKDF2(SHA-256)"
+* @param msec the desired runtime in milliseconds
+* @param param1 will be set to the first password hash parameter
+* @param param2 will be set to the second password hash parameter
+* @param param3 will be set to the third password hash parameter
+* @param out buffer to store the derived key, must be of out_len bytes
+* @param out_len the desired length of the key to produce
+* @param passphrase the password to derive the key from
+* @param salt a randomly chosen salt
+* @param salt_len length of salt in bytes
+* @return 0 on success, a negative value on failure
+*/
+int BOTAN_PUBLIC_API(2,8) botan_pwdhash_timed(
+ const char* algo,
+ uint32_t msec,
+ size_t* param1,
+ size_t* param2,
+ size_t* param3,
+ uint8_t out[],
+ size_t out_len,
+ const char* passphrase,
+ size_t passphrase_len,
+ const uint8_t salt[],
+ size_t salt_len);
+
/**
* Derive a key using scrypt
*/
@@ -557,6 +607,7 @@ BOTAN_PUBLIC_API(2,8) int botan_scrypt(uint8_t out[], size_t out_len,
const char* passphrase,
const uint8_t salt[], size_t salt_len,
size_t N, size_t r, size_t p);
+
/**
* Derive a key
* @param kdf_algo KDF algorithm, e.g., "SP800-56C"
diff --git a/src/lib/ffi/ffi_kdf.cpp b/src/lib/ffi/ffi_kdf.cpp
index c63406625..b72fe935e 100644
--- a/src/lib/ffi/ffi_kdf.cpp
+++ b/src/lib/ffi/ffi_kdf.cpp
@@ -22,29 +22,97 @@ extern "C" {
using namespace Botan_FFI;
-int botan_pbkdf(const char* pbkdf_algo, uint8_t out[], size_t out_len,
+int botan_pbkdf(const char* algo, uint8_t out[], size_t out_len,
const char* pass, const uint8_t salt[], size_t salt_len,
size_t iterations)
{
- return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int {
- std::unique_ptr<Botan::PBKDF> pbkdf(Botan::get_pbkdf(pbkdf_algo));
- pbkdf->pbkdf_iterations(out, out_len, pass, salt, salt_len, iterations);
- return BOTAN_FFI_SUCCESS;
- });
+ return botan_pwdhash(algo,
+ iterations,
+ 0,
+ 0,
+ out, out_len,
+ pass, std::strlen(pass),
+ salt, salt_len);
}
-int botan_pbkdf_timed(const char* pbkdf_algo,
+int botan_pbkdf_timed(const char* algo,
uint8_t out[], size_t out_len,
const char* password,
const uint8_t salt[], size_t salt_len,
size_t ms_to_run,
size_t* iterations_used)
{
+ return botan_pwdhash_timed(algo,
+ static_cast<uint32_t>(ms_to_run),
+ iterations_used,
+ nullptr,
+ nullptr,
+ out, out_len,
+ password, std::strlen(password),
+ salt, salt_len);
+ }
+
+int botan_pwdhash(
+ const char* algo,
+ size_t param1,
+ size_t param2,
+ size_t param3,
+ uint8_t out[],
+ size_t out_len,
+ const char* password,
+ size_t password_len,
+ const uint8_t salt[],
+ size_t salt_len)
+ {
+ return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int {
+ auto pwdhash_fam = Botan::PasswordHashFamily::create(algo);
+
+ if(!pwdhash_fam)
+ return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
+
+ auto pwdhash = pwdhash_fam->from_params(param1, param2, param3);
+
+ pwdhash->derive_key(out, out_len,
+ password, password_len,
+ salt, salt_len);
+
+ return BOTAN_FFI_SUCCESS;
+ });
+ }
+
+int botan_pwdhash_timed(
+ const char* algo,
+ uint32_t msec,
+ size_t* param1,
+ size_t* param2,
+ size_t* param3,
+ uint8_t out[],
+ size_t out_len,
+ const char* password,
+ size_t password_len,
+ const uint8_t salt[],
+ size_t salt_len)
+ {
return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int {
- std::unique_ptr<Botan::PBKDF> pbkdf(Botan::get_pbkdf(pbkdf_algo));
- pbkdf->pbkdf_timed(out, out_len, password, salt, salt_len,
- std::chrono::milliseconds(ms_to_run),
- *iterations_used);
+
+ auto pwdhash_fam = Botan::PasswordHashFamily::create(algo);
+
+ if(!pwdhash_fam)
+ return BOTAN_FFI_ERROR_NOT_IMPLEMENTED;
+
+ auto pwdhash = pwdhash_fam->tune(out_len, std::chrono::milliseconds(msec));
+
+ if(param1)
+ *param1 = pwdhash->iterations();
+ if(param2)
+ *param2 = pwdhash->parallelism();
+ if(param3)
+ *param3 = pwdhash->memory_param();
+
+ pwdhash->derive_key(out, out_len,
+ password, password_len,
+ salt, salt_len);
+
return BOTAN_FFI_SUCCESS;
});
}
@@ -63,13 +131,13 @@ int botan_kdf(const char* kdf_algo,
}
int botan_scrypt(uint8_t out[], size_t out_len,
- const char* passphrase,
+ const char* password,
const uint8_t salt[], size_t salt_len,
size_t N, size_t r, size_t p)
{
#if defined(BOTAN_HAS_SCRYPT)
return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int {
- Botan::scrypt(out, out_len, passphrase, salt, salt_len, N, r, p);
+ Botan::scrypt(out, out_len, password, strlen(password), salt, salt_len, N, r, p);
return BOTAN_FFI_SUCCESS;
});
#else