Modify the S2K interface. Instead of being stateful in terms of the salt

and iteration count, force it to be passed to each call to derive_key. So remove current_salt, set_iterations, new_random_salt, and change_salt functions from S2K interface. Update examples and test application to match. While I was in there, change the passhash example to use 64 bit salts and 128 bit PBKDF2 outputs.
author: lloyd <[email protected]> 2010-02-01 16:29:38 +0000
committer: lloyd <[email protected]> 2010-02-01 16:29:38 +0000
commit: 454e45b7c4fece11a7f43ffa412148b4a274c90f (patch)
tree: 5ae87c2104fba534548e59fa477d6a5f2f5a5e29 /src/s2k
parent: ae6a404ec14cc3c86a96cd3e5c67c9c23be38147 (diff)
8 files changed, 36 insertions, 124 deletions
diff --git a/src/s2k/pbkdf1/pbkdf1.cpp b/src/s2k/pbkdf1/pbkdf1.cpp
index fcc5b9a97..8e521e988 100644
--- a/src/s2k/pbkdf1/pbkdf1.cpp
+++ b/src/s2k/pbkdf1/pbkdf1.cpp
@@ -12,10 +12,10 @@ namespace Botan {
 /*
 * Return a PKCS#5 PBKDF1 derived key
 */
-OctetString PKCS5_PBKDF1::derive(u32bit key_len,
-                                 const std::string& passphrase,
-                                 const byte salt[], u32bit salt_size,
-                                 u32bit iterations) const
+OctetString PKCS5_PBKDF1::derive_key(u32bit key_len,
+                                     const std::string& passphrase,
+                                     const byte salt[], u32bit salt_size,
+                                     u32bit iterations) const
    {
    if(iterations == 0)
       throw Invalid_Argument("PKCS5_PBKDF1: Invalid iteration count");
diff --git a/src/s2k/pbkdf1/pbkdf1.h b/src/s2k/pbkdf1/pbkdf1.h
index 4e5cafdb0..053a2dbe1 100644
--- a/src/s2k/pbkdf1/pbkdf1.h
+++ b/src/s2k/pbkdf1/pbkdf1.h
@@ -22,6 +22,11 @@ class BOTAN_DLL PKCS5_PBKDF1 : public S2K
       std::string name() const;
       S2K* clone() const;
 
+      OctetString derive_key(u32bit output_len,
+                             const std::string& passphrase,
+                             const byte salt[], u32bit salt_len,
+                             u32bit iterations) const;
+
       /**
       * Create a PKCS #5 instance using the specified hash function.
       * @param hash a pointer to a hash function object to use
@@ -33,9 +38,6 @@ class BOTAN_DLL PKCS5_PBKDF1 : public S2K
 
       ~PKCS5_PBKDF1() { delete hash; }
    private:
-      OctetString derive(u32bit, const std::string&,
-                          const byte[], u32bit, u32bit) const;
-
       HashFunction* hash;
    };
 
diff --git a/src/s2k/pbkdf2/pbkdf2.cpp b/src/s2k/pbkdf2/pbkdf2.cpp
index 6f790c06b..e7aebbfe2 100644
--- a/src/s2k/pbkdf2/pbkdf2.cpp
+++ b/src/s2k/pbkdf2/pbkdf2.cpp
@@ -14,10 +14,10 @@ namespace Botan {
 /*
 * Return a PKCS#5 PBKDF2 derived key
 */
-OctetString PKCS5_PBKDF2::derive(u32bit key_len,
-                                 const std::string& passphrase,
-                                 const byte salt[], u32bit salt_size,
-                                 u32bit iterations) const
+OctetString PKCS5_PBKDF2::derive_key(u32bit key_len,
+                                     const std::string& passphrase,
+                                     const byte salt[], u32bit salt_size,
+                                     u32bit iterations) const
    {
    if(iterations == 0)
       throw Invalid_Argument("PKCS#5 PBKDF2: Invalid iteration count");
diff --git a/src/s2k/pbkdf2/pbkdf2.h b/src/s2k/pbkdf2/pbkdf2.h
index 7510338bb..b6d231916 100644
--- a/src/s2k/pbkdf2/pbkdf2.h
+++ b/src/s2k/pbkdf2/pbkdf2.h
@@ -22,6 +22,11 @@ class BOTAN_DLL PKCS5_PBKDF2 : public S2K
       std::string name() const;
       S2K* clone() const;
 
+      OctetString derive_key(u32bit output_len,
+                             const std::string& passphrase,
+                             const byte salt[], u32bit salt_len,
+                             u32bit iterations) const;
+
       /**
       * Create a PKCS #5 instance using the specified message auth code
       * @param mac the MAC to use
@@ -29,9 +34,6 @@ class BOTAN_DLL PKCS5_PBKDF2 : public S2K
       PKCS5_PBKDF2(MessageAuthenticationCode* mac);
       ~PKCS5_PBKDF2();
    private:
-      OctetString derive(u32bit, const std::string&,
-                          const byte[], u32bit, u32bit) const;
-
       MessageAuthenticationCode* mac;
    };
 
diff --git a/src/s2k/pgps2k/pgp_s2k.cpp b/src/s2k/pgps2k/pgp_s2k.cpp
index 86394d84d..49ff6892c 100644
--- a/src/s2k/pgps2k/pgp_s2k.cpp
+++ b/src/s2k/pgps2k/pgp_s2k.cpp
@@ -14,9 +14,10 @@ namespace Botan {
 /*
 * Derive a key using the OpenPGP S2K algorithm
 */
-OctetString OpenPGP_S2K::derive(u32bit key_len, const std::string& passphrase,
-                                const byte salt_buf[], u32bit salt_size,
-                                u32bit iterations) const
+OctetString OpenPGP_S2K::derive_key(u32bit key_len,
+                                    const std::string& passphrase,
+                                    const byte salt_buf[], u32bit salt_size,
+                                    u32bit iterations) const
    {
    SecureVector<byte> key(key_len), hash_buf;
 
diff --git a/src/s2k/pgps2k/pgp_s2k.h b/src/s2k/pgps2k/pgp_s2k.h
index 00e95f7fa..7f25623f3 100644
--- a/src/s2k/pgps2k/pgp_s2k.h
+++ b/src/s2k/pgps2k/pgp_s2k.h
@@ -22,12 +22,14 @@ class BOTAN_DLL OpenPGP_S2K : public S2K
       std::string name() const;
       S2K* clone() const;
 
+      OctetString derive_key(u32bit output_len,
+                             const std::string& passphrase,
+                             const byte salt[], u32bit salt_len,
+                             u32bit iterations) const;
+
       OpenPGP_S2K(HashFunction* hash_in) : hash(hash_in) {}
       ~OpenPGP_S2K() { delete hash; }
    private:
-      OctetString derive(u32bit, const std::string&,
-                         const byte[], u32bit, u32bit) const;
-
       HashFunction* hash;
    };
 
diff --git a/src/s2k/s2k.cpp b/src/s2k/s2k.cpp
deleted file mode 100644
index 42064529d..000000000
--- a/src/s2k/s2k.cpp
+++ /dev/null
@@ -1,55 +0,0 @@
-/*
-* S2K
-* (C) 1999-2007 Jack Lloyd
-*
-* Distributed under the terms of the Botan license
-*/
-
-#include <botan/s2k.h>
-
-namespace Botan {
-
-/*
-* Derive a key from a passphrase
-*/
-OctetString S2K::derive_key(u32bit key_len,
-                            const std::string& passphrase) const
-   {
-   return derive(key_len, passphrase, salt, salt.size(), iterations());
-   }
-
-/*
-* Set the number of iterations
-*/
-void S2K::set_iterations(u32bit i)
-   {
-   iter = i;
-   }
-
-/*
-* Change the salt
-*/
-void S2K::change_salt(const byte new_salt[], u32bit length)
-   {
-   salt.set(new_salt, length);
-   }
-
-/*
-* Change the salt
-*/
-void S2K::change_salt(const MemoryRegion<byte>& new_salt)
-   {
-   change_salt(new_salt.begin(), new_salt.size());
-   }
-
-/*
-* Create a new random salt
-*/
-void S2K::new_random_salt(RandomNumberGenerator& rng,
-                          u32bit length)
-   {
-   salt.resize(length);
-   rng.randomize(salt, length);
-   }
-
-}
diff --git a/src/s2k/s2k.h b/src/s2k/s2k.h
index 7af92519b..82f5abeef 100644
--- a/src/s2k/s2k.h
+++ b/src/s2k/s2k.h
@@ -39,62 +39,22 @@ class BOTAN_DLL S2K
       /**
       * Derive a key from a passphrase with this S2K object. It will use
       * the salt value and number of iterations configured in this object.
-      * @param key_len the desired length of the key to produce
+      * @param output_len the desired length of the key to produce
       * @param passphrase the password to derive the key from
+      * @param salt the randomly chosen salt
+      * @param salt_len length of salt in bytes
+      * @param iterations the number of iterations to use (use 10K or more)
       */
-      OctetString derive_key(u32bit key_len,
-                             const std::string& passphrase) const;
+      virtual OctetString derive_key(u32bit output_len,
+                                     const std::string& passphrase,
+                                     const byte salt[], u32bit salt_len,
+                                     u32bit iterations) const = 0;
 
-      /**
-      * Set the number of iterations for the one-way function during
-      * key generation.
-      * @param n the desired number of iterations
-      */
-      void set_iterations(u32bit n);
-
-      /**
-      * Set a new salt value.
-      * @param new_salt a byte array defining the new salt value
-      * @param len the length of the above byte array
-      */
-      void change_salt(const byte new_salt[], u32bit len);
-
-      /**
-      * Set a new salt value.
-      * @param new_salt the new salt value
-      */
-      void change_salt(const MemoryRegion<byte>& new_salt);
-
-      /**
-      * Create a new random salt value using the rng
-      * @param rng the random number generator to use
-      * @param len the desired length of the new salt value
-      */
-      void new_random_salt(RandomNumberGenerator& rng, u32bit len);
-
-      /**
-      * Get the number of iterations for the key derivation currently
-      * configured in this S2K object.
-      * @return the current number of iterations
-      */
-      u32bit iterations() const { return iter; }
-
-      /**
-      * Get the currently configured salt value of this S2K object.
-      * @return the current salt value
-      */
-      SecureVector<byte> current_salt() const { return salt; }
-
-      S2K() { iter = 0; }
+      S2K() {}
       virtual ~S2K() {}
    private:
       S2K(const S2K&) {}
       S2K& operator=(const S2K&) { return (*this); }
-
-      virtual OctetString derive(u32bit, const std::string&,
-                                 const byte[], u32bit, u32bit) const = 0;
-      SecureVector<byte> salt;
-      u32bit iter;
    };
 
 }
author	lloyd <[email protected]>	2010-02-01 16:29:38 +0000
committer	lloyd <[email protected]>	2010-02-01 16:29:38 +0000
commit	454e45b7c4fece11a7f43ffa412148b4a274c90f (patch)
tree	5ae87c2104fba534548e59fa477d6a5f2f5a5e29 /src/s2k
parent	ae6a404ec14cc3c86a96cd3e5c67c9c23be38147 (diff)