diff options
Diffstat (limited to 'src/lib/pbkdf/pbkdf.h')
| -rw-r--r-- | src/lib/pbkdf/pbkdf.h | 124 |
1 files changed, 124 insertions, 0 deletions
diff --git a/src/lib/pbkdf/pbkdf.h b/src/lib/pbkdf/pbkdf.h new file mode 100644 index 000000000..65ad8e83a --- /dev/null +++ b/src/lib/pbkdf/pbkdf.h @@ -0,0 +1,124 @@ +/* +* PBKDF +* (C) 1999-2007,2012 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_PBKDF_H__ +#define BOTAN_PBKDF_H__ + +#include <botan/algo_base.h> +#include <botan/symkey.h> +#include <chrono> + +namespace Botan { + +/** +* Base class for PBKDF (password based key derivation function) +* implementations. Converts a password into a key using a salt +* and iterated hashing to make brute force attacks harder. +*/ +class BOTAN_DLL PBKDF : public Algorithm + { + public: + + /** + * @return new instance of this same algorithm + */ + virtual PBKDF* clone() const = 0; + + void clear() {} + + /** + * Derive a key from a passphrase + * @param output_len the desired length of the key to produce + * @param passphrase the password to derive the key from + * @param salt a randomly chosen salt + * @param salt_len length of salt in bytes + * @param iterations the number of iterations to use (use 10K or more) + */ + OctetString derive_key(size_t output_len, + const std::string& passphrase, + const byte salt[], size_t salt_len, + size_t iterations) const; + + /** + * Derive a key from a passphrase + * @param output_len the desired length of the key to produce + * @param passphrase the password to derive the key from + * @param salt a randomly chosen salt + * @param iterations the number of iterations to use (use 10K or more) + */ + template<typename Alloc> + OctetString derive_key(size_t output_len, + const std::string& passphrase, + const std::vector<byte, Alloc>& salt, + size_t iterations) const + { + return derive_key(output_len, passphrase, &salt[0], salt.size(), iterations); + } + + /** + * Derive a key from a passphrase + * @param output_len the desired length of the key to produce + * @param passphrase the password to derive the key from + * @param salt a randomly chosen salt + * @param salt_len length of salt in bytes + * @param msec is how long to run the PBKDF + * @param iterations is set to the number of iterations used + */ + OctetString derive_key(size_t output_len, + const std::string& passphrase, + const byte salt[], size_t salt_len, + std::chrono::milliseconds msec, + size_t& iterations) const; + + /** + * Derive a key from a passphrase using a certain amount of time + * @param output_len the desired length of the key to produce + * @param passphrase the password to derive the key from + * @param salt a randomly chosen salt + * @param msec is how long to run the PBKDF + * @param iterations is set to the number of iterations used + */ + template<typename Alloc> + OctetString derive_key(size_t output_len, + const std::string& passphrase, + const std::vector<byte, Alloc>& salt, + std::chrono::milliseconds msec, + size_t& iterations) const + { + return derive_key(output_len, passphrase, &salt[0], salt.size(), msec, iterations); + } + + /** + * Derive a key from a passphrase for a number of iterations + * specified by either iterations or if iterations == 0 then + * running until seconds time has elapsed. + * + * @param output_len the desired length of the key to produce + * @param passphrase the password to derive the key from + * @param salt a randomly chosen salt + * @param salt_len length of salt in bytes + * @param iterations the number of iterations to use (use 10K or more) + * @param msec if iterations is zero, then instead the PBKDF is + * run until msec milliseconds has passed. + * @return the number of iterations performed and the derived key + */ + virtual std::pair<size_t, OctetString> + key_derivation(size_t output_len, + const std::string& passphrase, + const byte salt[], size_t salt_len, + size_t iterations, + std::chrono::milliseconds msec) const = 0; + }; + +/** +* For compatability with 1.8 +*/ +typedef PBKDF S2K; + +} + +#endif |