diff options
Diffstat (limited to 'src/lib/ffi')
| -rw-r--r-- | src/lib/ffi/ffi.h | 57 | ||||
| -rw-r--r-- | src/lib/ffi/ffi_kdf.cpp | 94 |
2 files changed, 136 insertions, 15 deletions
diff --git a/src/lib/ffi/ffi.h b/src/lib/ffi/ffi.h index 57631bc28..ff7086488 100644 --- a/src/lib/ffi/ffi.h +++ b/src/lib/ffi/ffi.h @@ -514,7 +514,7 @@ BOTAN_PUBLIC_API(2,0) int botan_cipher_destroy(botan_cipher_t cipher); /* * Derive a key from a passphrase for a number of iterations -* @param pbkdf_algo PBKDF algorithm, e.g., "PBKDF2" +* @param pbkdf_algo PBKDF algorithm, e.g., "PBKDF2(SHA-256)" * @param out buffer to store the derived key, must be of out_len bytes * @param out_len the desired length of the key to produce * @param passphrase the password to derive the key from @@ -531,7 +531,7 @@ BOTAN_PUBLIC_API(2,0) int botan_pbkdf(const char* pbkdf_algo, /** * Derive a key from a passphrase, running until msec time has elapsed. -* @param pbkdf_algo PBKDF algorithm, e.g., "PBKDF2" +* @param pbkdf_algo PBKDF algorithm, e.g., "PBKDF2(SHA-256)" * @param out buffer to store the derived key, must be of out_len bytes * @param out_len the desired length of the key to produce * @param passphrase the password to derive the key from @@ -550,6 +550,58 @@ BOTAN_PUBLIC_API(2,0) int botan_pbkdf_timed(const char* pbkdf_algo, size_t* out_iterations_used); +/* +* Derive a key from a passphrase +* @param algo PBKDF algorithm, e.g., "PBKDF2(SHA-256)" or "Scrypt" +* @param param1 the first PBKDF algorithm parameter +* @param param2 the second PBKDF algorithm parameter (may be zero if unneeded) +* @param param3 the third PBKDF algorithm parameter (may be zero if unneeded) +* @param out buffer to store the derived key, must be of out_len bytes +* @param out_len the desired length of the key to produce +* @param passphrase the password to derive the key from +* @param salt a randomly chosen salt +* @param salt_len length of salt in bytes +* @return 0 on success, a negative value on failure +*/ +int BOTAN_PUBLIC_API(2,8) botan_pwdhash( + const char* algo, + size_t param1, + size_t param2, + size_t param3, + uint8_t out[], + size_t out_len, + const char* passphrase, + size_t passphrase_len, + const uint8_t salt[], + size_t salt_len); + +/* +* Derive a key from a passphrase +* @param pbkdf_algo PBKDF algorithm, e.g., "Scrypt" or "PBKDF2(SHA-256)" +* @param msec the desired runtime in milliseconds +* @param param1 will be set to the first password hash parameter +* @param param2 will be set to the second password hash parameter +* @param param3 will be set to the third password hash parameter +* @param out buffer to store the derived key, must be of out_len bytes +* @param out_len the desired length of the key to produce +* @param passphrase the password to derive the key from +* @param salt a randomly chosen salt +* @param salt_len length of salt in bytes +* @return 0 on success, a negative value on failure +*/ +int BOTAN_PUBLIC_API(2,8) botan_pwdhash_timed( + const char* algo, + uint32_t msec, + size_t* param1, + size_t* param2, + size_t* param3, + uint8_t out[], + size_t out_len, + const char* passphrase, + size_t passphrase_len, + const uint8_t salt[], + size_t salt_len); + /** * Derive a key using scrypt */ @@ -557,6 +609,7 @@ BOTAN_PUBLIC_API(2,8) int botan_scrypt(uint8_t out[], size_t out_len, const char* passphrase, const uint8_t salt[], size_t salt_len, size_t N, size_t r, size_t p); + /** * Derive a key * @param kdf_algo KDF algorithm, e.g., "SP800-56C" diff --git a/src/lib/ffi/ffi_kdf.cpp b/src/lib/ffi/ffi_kdf.cpp index c63406625..b72fe935e 100644 --- a/src/lib/ffi/ffi_kdf.cpp +++ b/src/lib/ffi/ffi_kdf.cpp @@ -22,29 +22,97 @@ extern "C" { using namespace Botan_FFI; -int botan_pbkdf(const char* pbkdf_algo, uint8_t out[], size_t out_len, +int botan_pbkdf(const char* algo, uint8_t out[], size_t out_len, const char* pass, const uint8_t salt[], size_t salt_len, size_t iterations) { - return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { - std::unique_ptr<Botan::PBKDF> pbkdf(Botan::get_pbkdf(pbkdf_algo)); - pbkdf->pbkdf_iterations(out, out_len, pass, salt, salt_len, iterations); - return BOTAN_FFI_SUCCESS; - }); + return botan_pwdhash(algo, + iterations, + 0, + 0, + out, out_len, + pass, std::strlen(pass), + salt, salt_len); } -int botan_pbkdf_timed(const char* pbkdf_algo, +int botan_pbkdf_timed(const char* algo, uint8_t out[], size_t out_len, const char* password, const uint8_t salt[], size_t salt_len, size_t ms_to_run, size_t* iterations_used) { + return botan_pwdhash_timed(algo, + static_cast<uint32_t>(ms_to_run), + iterations_used, + nullptr, + nullptr, + out, out_len, + password, std::strlen(password), + salt, salt_len); + } + +int botan_pwdhash( + const char* algo, + size_t param1, + size_t param2, + size_t param3, + uint8_t out[], + size_t out_len, + const char* password, + size_t password_len, + const uint8_t salt[], + size_t salt_len) + { + return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { + auto pwdhash_fam = Botan::PasswordHashFamily::create(algo); + + if(!pwdhash_fam) + return BOTAN_FFI_ERROR_NOT_IMPLEMENTED; + + auto pwdhash = pwdhash_fam->from_params(param1, param2, param3); + + pwdhash->derive_key(out, out_len, + password, password_len, + salt, salt_len); + + return BOTAN_FFI_SUCCESS; + }); + } + +int botan_pwdhash_timed( + const char* algo, + uint32_t msec, + size_t* param1, + size_t* param2, + size_t* param3, + uint8_t out[], + size_t out_len, + const char* password, + size_t password_len, + const uint8_t salt[], + size_t salt_len) + { return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { - std::unique_ptr<Botan::PBKDF> pbkdf(Botan::get_pbkdf(pbkdf_algo)); - pbkdf->pbkdf_timed(out, out_len, password, salt, salt_len, - std::chrono::milliseconds(ms_to_run), - *iterations_used); + + auto pwdhash_fam = Botan::PasswordHashFamily::create(algo); + + if(!pwdhash_fam) + return BOTAN_FFI_ERROR_NOT_IMPLEMENTED; + + auto pwdhash = pwdhash_fam->tune(out_len, std::chrono::milliseconds(msec)); + + if(param1) + *param1 = pwdhash->iterations(); + if(param2) + *param2 = pwdhash->parallelism(); + if(param3) + *param3 = pwdhash->memory_param(); + + pwdhash->derive_key(out, out_len, + password, password_len, + salt, salt_len); + return BOTAN_FFI_SUCCESS; }); } @@ -63,13 +131,13 @@ int botan_kdf(const char* kdf_algo, } int botan_scrypt(uint8_t out[], size_t out_len, - const char* passphrase, + const char* password, const uint8_t salt[], size_t salt_len, size_t N, size_t r, size_t p) { #if defined(BOTAN_HAS_SCRYPT) return ffi_guard_thunk(BOTAN_CURRENT_FUNCTION, [=]() -> int { - Botan::scrypt(out, out_len, passphrase, salt, salt_len, N, r, p); + Botan::scrypt(out, out_len, password, strlen(password), salt, salt_len, N, r, p); return BOTAN_FFI_SUCCESS; }); #else |