Rename S2K to PBKDF, because that is by far the most common name - S2K

really is only used by OpenPGP, and largely it was named S2K here
because the OpenPGP S2K was implemented years before the ones in PKCS
#5. We have a typedef of PBKDF to S2K, and an inlined get_s2k that
calls get_pbkdf for source compatability.

There doesn't seem to be any reason to have a forward for the renamed
s2k.h header - to actually use a PBKDF, you'd have to either include
lookup.h and call get_s2k / get_pbkdf, or else include an
algorithm-specific header and use it directly. In either case,
including s2k.h is neither necessary nor sufficient.

16 files changed, 108 insertions, 118 deletions

diff --git a/src/libstate/get_enc.cpp b/src/libstate/get_enc.cpp
index ab4d15896..a825a5d24 100644
--- a/src/libstate/get_enc.cpp
+++ b/src/libstate/get_enc.cpp
@@ -81,9 +81,9 @@
 namespace Botan {
 
 /*
-* Get a S2K algorithm by name
+* Get a PBKDF algorithm by name
 */
-S2K* get_s2k(const std::string& algo_spec)
+PBKDF* get_pbkdf(const std::string& algo_spec)
    {
    SCAN_Name request(algo_spec);
 
diff --git a/src/libstate/info.txt b/src/libstate/info.txt
index 0829506fb..749b6afaf 100644
--- a/src/libstate/info.txt
+++ b/src/libstate/info.txt
@@ -35,10 +35,10 @@ mac
 mode_pad
 mutex
 noop_mutex
+pbkdf
 pk_pad
 pubkey
 rng
-s2k
 stream
 system_alloc
 </requires>
diff --git a/src/libstate/lookup.h b/src/libstate/lookup.h
index debcee52b..178f80428 100644
--- a/src/libstate/lookup.h
+++ b/src/libstate/lookup.h
@@ -15,7 +15,7 @@
 #include <botan/kdf.h>
 #include <botan/eme.h>
 #include <botan/emsa.h>
-#include <botan/s2k.h>
+#include <botan/pbkdf.h>
 
 namespace Botan {
 
@@ -130,11 +130,21 @@ inline MessageAuthenticationCode* get_mac(const std::string& algo_spec)
    }
 
 /**
-* String to key algorithm factory method.
-* @param algo_spec the name of the desired string to key (S2K) algorithm
-* @return pointer to the string to key algorithm object
+* Password based key derivation function factory method
+* @param algo_spec the name of the desired PBKDF algorithm
+* @return pointer to newly allocated object of that type
 */
-BOTAN_DLL S2K* get_s2k(const std::string& algo_spec);
+BOTAN_DLL PBKDF* get_pbkdf(const std::string& algo_spec);
+
+/**
+* @deprecated Use get_pbkdf
+* @param algo_spec the name of the desired algorithm
+* @return pointer to newly allocated object of that type
+*/
+inline PBKDF* get_s2k(const std::string& algo_spec)
+   {
+   return get_pbkdf(algo_spec);
+   }
 
 /*
 * Get an EMSA/EME/KDF/MGF function
@@ -145,7 +155,7 @@ BOTAN_DLL S2K* get_s2k(const std::string& algo_spec);
 /**
 * Factory method for EME (message-encoding methods for encryption) objects
 * @param algo_spec the name of the EME to create
-* @return pointer to the desired EME object
+* @return pointer to newly allocated object of that type
 */
 BOTAN_DLL EME*  get_eme(const std::string& algo_spec);
 
@@ -153,14 +163,14 @@ BOTAN_DLL EME*  get_eme(const std::string& algo_spec);
 * Factory method for EMSA (message-encoding methods for signatures
 * with appendix) objects
 * @param algo_spec the name of the EME to create
-* @return pointer to the desired EME object
+* @return pointer to newly allocated object of that type
 */
 BOTAN_DLL EMSA* get_emsa(const std::string& algo_spec);
 
 /**
 * Factory method for KDF (key derivation function)
 * @param algo_spec the name of the KDF to create
-* @return pointer to the desired KDF object
+* @return pointer to newly allocated object of that type
 */
 BOTAN_DLL KDF*  get_kdf(const std::string& algo_spec);
 
@@ -176,7 +186,7 @@ BOTAN_DLL KDF*  get_kdf(const std::string& algo_spec);
 * @param iv the initialization vector to be used
 * @param direction determines whether the filter will be an encrypting
 * or decrypting filter
-* @return pointer to the encryption or decryption filter
+* @return pointer to newly allocated encryption or decryption filter
 */
 BOTAN_DLL Keyed_Filter* get_cipher(const std::string& algo_spec,
                                    const SymmetricKey& key,
diff --git a/src/s2k/info.txt b/src/pbkdf/info.txt
index 861b6f760..861b6f760 100644
--- a/src/s2k/info.txt
+++ b/src/pbkdf/info.txt
diff --git a/src/s2k/s2k.h b/src/pbkdf/pbkdf.h
index 59e789a15..eaad1fca9 100644
--- a/src/s2k/s2k.h
+++ b/src/pbkdf/pbkdf.h
@@ -1,33 +1,34 @@
 /*
-* S2K
+* PBKDF
 * (C) 1999-2007 Jack Lloyd
 *
 * Distributed under the terms of the Botan license
 */
 
-#ifndef BOTAN_S2K_H__
-#define BOTAN_S2K_H__
+#ifndef BOTAN_PBKDF_H__
+#define BOTAN_PBKDF_H__
 
 #include <botan/symkey.h>
 
 namespace Botan {
 
 /**
-* Base class for S2K (string to key) operations, which convert a
-* password/passphrase into a key
+* Base class for PBKDF (password based key derivation function)
+* implementations. Converts a password into a key using a salt
+* and iterated hashing to make brute force attacks harder.
 */
-class BOTAN_DLL S2K
+class BOTAN_DLL PBKDF
    {
    public:
 
       /**
       * @return new instance of this same algorithm
       */
-      virtual S2K* clone() const = 0;
+      virtual PBKDF* clone() const = 0;
 
       /**
       * Get the algorithm name.
-      * @return name of this S2K algorithm
+      * @return name of this PBKDF algorithm
       */
       virtual std::string name() const = 0;
 
@@ -37,7 +38,7 @@ class BOTAN_DLL S2K
       virtual void clear() {}
 
       /**
-      * Derive a key from a passphrase with this S2K object. It will use
+      * Derive a key from a passphrase with this PBKDF object. It will use
       * the salt value and number of iterations configured in this object.
       * @param output_len the desired length of the key to produce
       * @param passphrase the password to derive the key from
@@ -50,13 +51,18 @@ class BOTAN_DLL S2K
                                      const byte salt[], u32bit salt_len,
                                      u32bit iterations) const = 0;
 
-      S2K() {}
-      virtual ~S2K() {}
+      PBKDF() {}
+      virtual ~PBKDF() {}
    private:
-      S2K(const S2K&) {}
-      S2K& operator=(const S2K&) { return (*this); }
+      PBKDF(const PBKDF&) {}
+      PBKDF& operator=(const PBKDF&) { return (*this); }
    };
 
+/**
+* For compatability with 1.8
+*/
+typedef PBKDF S2K;
+
 }
 
 #endif
diff --git a/src/s2k/pbkdf1/info.txt b/src/pbkdf/pbkdf1/info.txt
index e51b44886..e51b44886 100644
--- a/src/s2k/pbkdf1/info.txt
+++ b/src/pbkdf/pbkdf1/info.txt
diff --git a/src/s2k/pbkdf1/pbkdf1.cpp b/src/pbkdf/pbkdf1/pbkdf1.cpp
index a8270e26f..02d2c6cc0 100644
--- a/src/s2k/pbkdf1/pbkdf1.cpp
+++ b/src/pbkdf/pbkdf1/pbkdf1.cpp
@@ -37,20 +37,4 @@ OctetString PKCS5_PBKDF1::derive_key(u32bit key_len,
    return OctetString(key, std::min(key_len, key.size()));
    }
 
-/*
-* Clone this type
-*/
-S2K* PKCS5_PBKDF1::clone() const
-   {
-   return new PKCS5_PBKDF1(hash->clone());
-   }
-
-/*
-* Return the name of this type
-*/
-std::string PKCS5_PBKDF1::name() const
-   {
-   return "PBKDF1(" + hash->name() + ")";
-   }
-
 }
diff --git a/src/s2k/pbkdf1/pbkdf1.h b/src/pbkdf/pbkdf1/pbkdf1.h
index c0508d127..d10536f7e 100644
--- a/src/s2k/pbkdf1/pbkdf1.h
+++ b/src/pbkdf/pbkdf1/pbkdf1.h
@@ -8,25 +8,19 @@
 #ifndef BOTAN_PBKDF1_H__
 #define BOTAN_PBKDF1_H__
 
-#include <botan/s2k.h>
+#include <botan/pbkdf.h>
 #include <botan/hash.h>
 
 namespace Botan {
 
 /**
-* This class implements the PKCS #5 PBKDF1 functionality.
+* PKCS #5 v1 PBKDF, aka PBKDF1
+* Can only generate a key up to the size of the hash output.
+* Unless needed for backwards compatability, use PKCS5_PBKDF2
 */
-class BOTAN_DLL PKCS5_PBKDF1 : public S2K
+class BOTAN_DLL PKCS5_PBKDF1 : public PBKDF
    {
    public:
-      std::string name() const;
-      S2K* clone() const;
-
-      OctetString derive_key(u32bit output_len,
-                             const std::string& passphrase,
-                             const byte salt[], u32bit salt_len,
-                             u32bit iterations) const;
-
       /**
       * Create a PKCS #5 instance using the specified hash function.
       * @param hash_in pointer to a hash function object to use
@@ -38,9 +32,24 @@ class BOTAN_DLL PKCS5_PBKDF1 : public S2K
       * @param other the object to copy
       */
       PKCS5_PBKDF1(const PKCS5_PBKDF1& other) :
-         S2K(), hash(other.hash->clone()) {}
+         PBKDF(), hash(other.hash->clone()) {}
 
       ~PKCS5_PBKDF1() { delete hash; }
+
+      std::string name() const
+         {
+         return "PBKDF1(" + hash->name() + ")";
+         }
+
+      PBKDF* clone() const
+         {
+         return new PKCS5_PBKDF1(hash->clone());
+         }
+
+      OctetString derive_key(u32bit output_len,
+                             const std::string& passphrase,
+                             const byte salt[], u32bit salt_len,
+                             u32bit iterations) const;
    private:
       HashFunction* hash;
    };
diff --git a/src/s2k/pbkdf2/info.txt b/src/pbkdf/pbkdf2/info.txt
index 5462b2e1b..5462b2e1b 100644
--- a/src/s2k/pbkdf2/info.txt
+++ b/src/pbkdf/pbkdf2/info.txt
diff --git a/src/s2k/pbkdf2/pbkdf2.cpp b/src/pbkdf/pbkdf2/pbkdf2.cpp
index f1fc6e29f..e88a5749a 100644
--- a/src/s2k/pbkdf2/pbkdf2.cpp
+++ b/src/pbkdf/pbkdf2/pbkdf2.cpp
@@ -12,7 +12,7 @@
 namespace Botan {
 
 /*
-* Return a PKCS#5 PBKDF2 derived key
+* Return a PKCS #5 PBKDF2 derived key
 */
 OctetString PKCS5_PBKDF2::derive_key(u32bit key_len,
                                      const std::string& passphrase,
@@ -59,24 +59,4 @@ OctetString PKCS5_PBKDF2::derive_key(u32bit key_len,
    return key;
    }
 
-/*
-* Return the name of this type
-*/
-std::string PKCS5_PBKDF2::name() const
-   {
-   return "PBKDF2(" + mac->name() + ")";
-   }
-
-S2K* PKCS5_PBKDF2::clone() const
-   {
-   return new PKCS5_PBKDF2(mac->clone());
-   }
-
-/*
-* PKCS5_PBKDF2 Constructor
-*/
-PKCS5_PBKDF2::PKCS5_PBKDF2(MessageAuthenticationCode* m) : mac(m) {}
-
-PKCS5_PBKDF2::~PKCS5_PBKDF2() { delete mac; }
-
 }
diff --git a/src/s2k/pbkdf2/pbkdf2.h b/src/pbkdf/pbkdf2/pbkdf2.h
index b6d231916..2b25a7b1d 100644
--- a/src/s2k/pbkdf2/pbkdf2.h
+++ b/src/pbkdf/pbkdf2/pbkdf2.h
@@ -8,19 +8,26 @@
 #ifndef BOTAN_PBKDF2_H__
 #define BOTAN_PBKDF2_H__
 
-#include <botan/s2k.h>
+#include <botan/pbkdf.h>
 #include <botan/mac.h>
 
 namespace Botan {
 
 /**
-* This class implements the PKCS #5 PBKDF2 functionality.
+* PKCS #5 PBKDF2
 */
-class BOTAN_DLL PKCS5_PBKDF2 : public S2K
+class BOTAN_DLL PKCS5_PBKDF2 : public PBKDF
    {
    public:
-      std::string name() const;
-      S2K* clone() const;
+      std::string name() const
+         {
+         return "PBKDF2(" + mac->name() + ")";
+         }
+
+      PBKDF* clone() const
+         {
+         return new PKCS5_PBKDF2(mac->clone());
+         }
 
       OctetString derive_key(u32bit output_len,
                              const std::string& passphrase,
@@ -31,8 +38,12 @@ class BOTAN_DLL PKCS5_PBKDF2 : public S2K
       * Create a PKCS #5 instance using the specified message auth code
       * @param mac the MAC to use
       */
-      PKCS5_PBKDF2(MessageAuthenticationCode* mac);
-      ~PKCS5_PBKDF2();
+      PKCS5_PBKDF2(MessageAuthenticationCode* m) : mac(m) {}
+
+      /**
+      * Destructor
+      */
+      ~PKCS5_PBKDF2() { delete mac; }
    private:
       MessageAuthenticationCode* mac;
    };
diff --git a/src/s2k/pgps2k/info.txt b/src/pbkdf/pgps2k/info.txt
index 8be9c79f8..8be9c79f8 100644
--- a/src/s2k/pgps2k/info.txt
+++ b/src/pbkdf/pgps2k/info.txt
diff --git a/src/s2k/pgps2k/pgp_s2k.cpp b/src/pbkdf/pgps2k/pgp_s2k.cpp
index 49ff6892c..db18adaf1 100644
--- a/src/s2k/pgps2k/pgp_s2k.cpp
+++ b/src/pbkdf/pgps2k/pgp_s2k.cpp
@@ -6,8 +6,6 @@
 */
 
 #include <botan/pgp_s2k.h>
-#include <algorithm>
-#include <memory>
 
 namespace Botan {
 
@@ -56,20 +54,4 @@ OctetString OpenPGP_S2K::derive_key(u32bit key_len,
    return key;
    }
 
-/*
-* Return the name of this type
-*/
-std::string OpenPGP_S2K::name() const
-   {
-   return "OpenPGP-S2K(" + hash->name() + ")";
-   }
-
-/*
-* Return a clone of this object
-*/
-S2K* OpenPGP_S2K::clone() const
-   {
-   return new OpenPGP_S2K(hash->clone());
-   }
-
 }
diff --git a/src/s2k/pgps2k/pgp_s2k.h b/src/pbkdf/pgps2k/pgp_s2k.h
index cfe9bf5d5..9fb09af5a 100644
--- a/src/s2k/pgps2k/pgp_s2k.h
+++ b/src/pbkdf/pgps2k/pgp_s2k.h
@@ -1,5 +1,5 @@
 /*
-* OpenPGP S2K
+* OpenPGP PBKDF
 * (C) 1999-2007 Jack Lloyd
 *
 * Distributed under the terms of the Botan license
@@ -8,7 +8,7 @@
 #ifndef BOTAN_OPENPGP_S2K_H__
 #define BOTAN_OPENPGP_S2K_H__
 
-#include <botan/s2k.h>
+#include <botan/pbkdf.h>
 #include <botan/hash.h>
 
 namespace Botan {
@@ -16,22 +16,30 @@ namespace Botan {
 /**
 * OpenPGP's S2K
 */
-class BOTAN_DLL OpenPGP_S2K : public S2K
+class BOTAN_DLL OpenPGP_S2K : public PBKDF
    {
    public:
-      std::string name() const;
-      S2K* clone() const;
-
-      OctetString derive_key(u32bit output_len,
-                             const std::string& passphrase,
-                             const byte salt[], u32bit salt_len,
-                             u32bit iterations) const;
-
       /**
       * @param hash_in the hash function to use
       */
       OpenPGP_S2K(HashFunction* hash_in) : hash(hash_in) {}
+
       ~OpenPGP_S2K() { delete hash; }
+
+      std::string name() const
+         {
+         return "OpenPGP-S2K(" + hash->name() + ")";
+         }
+
+      PBKDF* clone() const
+         {
+         return new OpenPGP_S2K(hash->clone());
+         }
+
+      OctetString derive_key(u32bit output_len,
+                             const std::string& passphrase,
+                             const byte salt[], u32bit salt_len,
+                             u32bit iterations) const;
    private:
       HashFunction* hash;
    };
diff --git a/src/wrap/sqlite/codec.cpp b/src/wrap/sqlite/codec.cpp
index 5dfcea82e..60c8f6a21 100644
--- a/src/wrap/sqlite/codec.cpp
+++ b/src/wrap/sqlite/codec.cpp
@@ -54,12 +54,12 @@ Codec::InitializeCodec(void *db)
 void
 Codec::GenerateWriteKey(const char* userPassword, int passwordLength)
 {
-    S2K* s2k = get_s2k(S2K_STR);
-    s2k->set_iterations(S2K_ITERATIONS);
-    s2k->change_salt((const byte*)SALT_STR.c_str(), SALT_SIZE);
+    PBKDF* pbkdf = get_pbkdf(PBKDF_STR);
+    pbkdf->set_iterations(PBKDF_ITERATIONS);
+    pbkdf->change_salt((const byte*)SALT_STR.c_str(), SALT_SIZE);
 
     SymmetricKey masterKey =
-        s2k->derive_key(KEY_SIZE + IV_DERIVATION_KEY_SIZE, std::string(userPassword, passwordLength));
+        pbkdf->derive_key(KEY_SIZE + IV_DERIVATION_KEY_SIZE, std::string(userPassword, passwordLength));
 
     m_writeKey = SymmetricKey(masterKey.bits_of(), KEY_SIZE);
     m_ivWriteKey = SymmetricKey(masterKey.bits_of() + KEY_SIZE, IV_DERIVATION_KEY_SIZE);
diff --git a/src/wrap/sqlite/codec.h b/src/wrap/sqlite/codec.h
index 8b753be62..c254f9fde 100644
--- a/src/wrap/sqlite/codec.h
+++ b/src/wrap/sqlite/codec.h
@@ -50,9 +50,9 @@ using namespace Botan;
 //make sure to add "/NoPadding" for modes that use padding schemes
 const string BLOCK_CIPHER_STR = "Twofish/XTS";
 
-//S2K_STR: Key derivation function used to derive both the encryption
+//PBKDF_STR: Key derivation function used to derive both the encryption
 //and IV derivation keys from the given database passphrase
-const string S2K_STR = "PBKDF2(SHA-160)";
+const string PBKDF_STR = "PBKDF2(SHA-160)";
 
 //SALT_STR: Hard coded salt used to derive the key from the passphrase.
 const string SALT_STR = "&g#nB'9]";
@@ -61,9 +61,9 @@ const string SALT_STR = "&g#nB'9]";
 //encryption
 const string MAC_STR = "CMAC(Twofish)";
 
-//S2K_ITERATIONS: Number of hash iterations used in the key derivation
+//PBKDF_ITERATIONS: Number of hash iterations used in the key derivation
 //process.
-const int S2K_ITERATIONS = 10000;
+const int PBKDF_ITERATIONS = 10000;
 
 //SALT_SIZE: Size of the salt in bytes (as given in SALT_STR)
 const int SALT_SIZE = 64/8; //64 bit, 8 byte salt