diff options
Diffstat (limited to 'src/pbkdf')
| -rw-r--r-- | src/pbkdf/info.txt | 3 | ||||
| -rw-r--r-- | src/pbkdf/pbkdf.cpp | 44 | ||||
| -rw-r--r-- | src/pbkdf/pbkdf.h | 124 | ||||
| -rw-r--r-- | src/pbkdf/pbkdf1/info.txt | 5 | ||||
| -rw-r--r-- | src/pbkdf/pbkdf1/pbkdf1.cpp | 58 | ||||
| -rw-r--r-- | src/pbkdf/pbkdf1/pbkdf1.h | 61 | ||||
| -rw-r--r-- | src/pbkdf/pbkdf2/info.txt | 5 | ||||
| -rw-r--r-- | src/pbkdf/pbkdf2/pbkdf2.cpp | 111 | ||||
| -rw-r--r-- | src/pbkdf/pbkdf2/pbkdf2.h | 55 |
9 files changed, 0 insertions, 466 deletions
diff --git a/src/pbkdf/info.txt b/src/pbkdf/info.txt deleted file mode 100644 index d991577f7..000000000 --- a/src/pbkdf/info.txt +++ /dev/null @@ -1,3 +0,0 @@ -<requires> -algo_base -</requires> diff --git a/src/pbkdf/pbkdf.cpp b/src/pbkdf/pbkdf.cpp deleted file mode 100644 index ccd203dbd..000000000 --- a/src/pbkdf/pbkdf.cpp +++ /dev/null @@ -1,44 +0,0 @@ -/* -* PBKDF -* (C) 2012 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include <botan/pbkdf.h> -#include <stdexcept> - -namespace Botan { - -OctetString PBKDF::derive_key(size_t output_len, - const std::string& passphrase, - const byte salt[], size_t salt_len, - size_t iterations) const - { - if(iterations == 0) - throw std::invalid_argument(name() + ": Invalid iteration count"); - - auto derived = key_derivation(output_len, passphrase, - salt, salt_len, iterations, - std::chrono::milliseconds(0)); - - BOTAN_ASSERT(derived.first == iterations, - "PBKDF used the correct number of iterations"); - - return derived.second; - } - -OctetString PBKDF::derive_key(size_t output_len, - const std::string& passphrase, - const byte salt[], size_t salt_len, - std::chrono::milliseconds ms, - size_t& iterations) const - { - auto derived = key_derivation(output_len, passphrase, salt, salt_len, 0, ms); - - iterations = derived.first; - - return derived.second; - } - -} diff --git a/src/pbkdf/pbkdf.h b/src/pbkdf/pbkdf.h deleted file mode 100644 index 65ad8e83a..000000000 --- a/src/pbkdf/pbkdf.h +++ /dev/null @@ -1,124 +0,0 @@ -/* -* PBKDF -* (C) 1999-2007,2012 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_PBKDF_H__ -#define BOTAN_PBKDF_H__ - -#include <botan/algo_base.h> -#include <botan/symkey.h> -#include <chrono> - -namespace Botan { - -/** -* Base class for PBKDF (password based key derivation function) -* implementations. Converts a password into a key using a salt -* and iterated hashing to make brute force attacks harder. -*/ -class BOTAN_DLL PBKDF : public Algorithm - { - public: - - /** - * @return new instance of this same algorithm - */ - virtual PBKDF* clone() const = 0; - - void clear() {} - - /** - * Derive a key from a passphrase - * @param output_len the desired length of the key to produce - * @param passphrase the password to derive the key from - * @param salt a randomly chosen salt - * @param salt_len length of salt in bytes - * @param iterations the number of iterations to use (use 10K or more) - */ - OctetString derive_key(size_t output_len, - const std::string& passphrase, - const byte salt[], size_t salt_len, - size_t iterations) const; - - /** - * Derive a key from a passphrase - * @param output_len the desired length of the key to produce - * @param passphrase the password to derive the key from - * @param salt a randomly chosen salt - * @param iterations the number of iterations to use (use 10K or more) - */ - template<typename Alloc> - OctetString derive_key(size_t output_len, - const std::string& passphrase, - const std::vector<byte, Alloc>& salt, - size_t iterations) const - { - return derive_key(output_len, passphrase, &salt[0], salt.size(), iterations); - } - - /** - * Derive a key from a passphrase - * @param output_len the desired length of the key to produce - * @param passphrase the password to derive the key from - * @param salt a randomly chosen salt - * @param salt_len length of salt in bytes - * @param msec is how long to run the PBKDF - * @param iterations is set to the number of iterations used - */ - OctetString derive_key(size_t output_len, - const std::string& passphrase, - const byte salt[], size_t salt_len, - std::chrono::milliseconds msec, - size_t& iterations) const; - - /** - * Derive a key from a passphrase using a certain amount of time - * @param output_len the desired length of the key to produce - * @param passphrase the password to derive the key from - * @param salt a randomly chosen salt - * @param msec is how long to run the PBKDF - * @param iterations is set to the number of iterations used - */ - template<typename Alloc> - OctetString derive_key(size_t output_len, - const std::string& passphrase, - const std::vector<byte, Alloc>& salt, - std::chrono::milliseconds msec, - size_t& iterations) const - { - return derive_key(output_len, passphrase, &salt[0], salt.size(), msec, iterations); - } - - /** - * Derive a key from a passphrase for a number of iterations - * specified by either iterations or if iterations == 0 then - * running until seconds time has elapsed. - * - * @param output_len the desired length of the key to produce - * @param passphrase the password to derive the key from - * @param salt a randomly chosen salt - * @param salt_len length of salt in bytes - * @param iterations the number of iterations to use (use 10K or more) - * @param msec if iterations is zero, then instead the PBKDF is - * run until msec milliseconds has passed. - * @return the number of iterations performed and the derived key - */ - virtual std::pair<size_t, OctetString> - key_derivation(size_t output_len, - const std::string& passphrase, - const byte salt[], size_t salt_len, - size_t iterations, - std::chrono::milliseconds msec) const = 0; - }; - -/** -* For compatability with 1.8 -*/ -typedef PBKDF S2K; - -} - -#endif diff --git a/src/pbkdf/pbkdf1/info.txt b/src/pbkdf/pbkdf1/info.txt deleted file mode 100644 index 1ec626cac..000000000 --- a/src/pbkdf/pbkdf1/info.txt +++ /dev/null @@ -1,5 +0,0 @@ -define PBKDF1 20131128 - -<requires> -hash -</requires> diff --git a/src/pbkdf/pbkdf1/pbkdf1.cpp b/src/pbkdf/pbkdf1/pbkdf1.cpp deleted file mode 100644 index 9d1672529..000000000 --- a/src/pbkdf/pbkdf1/pbkdf1.cpp +++ /dev/null @@ -1,58 +0,0 @@ -/* -* PBKDF1 -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include <botan/pbkdf1.h> -#include <botan/exceptn.h> - -namespace Botan { - -/* -* Return a PKCS#5 PBKDF1 derived key -*/ -std::pair<size_t, OctetString> -PKCS5_PBKDF1::key_derivation(size_t key_len, - const std::string& passphrase, - const byte salt[], size_t salt_len, - size_t iterations, - std::chrono::milliseconds msec) const - { - if(key_len > hash->output_length()) - throw Invalid_Argument("PKCS5_PBKDF1: Requested output length too long"); - - hash->update(passphrase); - hash->update(salt, salt_len); - secure_vector<byte> key = hash->final(); - - const auto start = std::chrono::high_resolution_clock::now(); - size_t iterations_performed = 1; - - while(true) - { - if(iterations == 0) - { - if(iterations_performed % 10000 == 0) - { - auto time_taken = std::chrono::high_resolution_clock::now() - start; - auto msec_taken = std::chrono::duration_cast<std::chrono::milliseconds>(time_taken); - if(msec_taken > msec) - break; - } - } - else if(iterations_performed == iterations) - break; - - hash->update(key); - hash->final(&key[0]); - - ++iterations_performed; - } - - return std::make_pair(iterations_performed, - OctetString(&key[0], std::min(key_len, key.size()))); - } - -} diff --git a/src/pbkdf/pbkdf1/pbkdf1.h b/src/pbkdf/pbkdf1/pbkdf1.h deleted file mode 100644 index 783b70ed9..000000000 --- a/src/pbkdf/pbkdf1/pbkdf1.h +++ /dev/null @@ -1,61 +0,0 @@ -/* -* PBKDF1 -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_PBKDF1_H__ -#define BOTAN_PBKDF1_H__ - -#include <botan/pbkdf.h> -#include <botan/hash.h> - -namespace Botan { - -/** -* PKCS #5 v1 PBKDF, aka PBKDF1 -* Can only generate a key up to the size of the hash output. -* Unless needed for backwards compatability, use PKCS5_PBKDF2 -*/ -class BOTAN_DLL PKCS5_PBKDF1 : public PBKDF - { - public: - /** - * Create a PKCS #5 instance using the specified hash function. - * @param hash_in pointer to a hash function object to use - */ - PKCS5_PBKDF1(HashFunction* hash_in) : hash(hash_in) {} - - /** - * Copy constructor - * @param other the object to copy - */ - PKCS5_PBKDF1(const PKCS5_PBKDF1& other) : - PBKDF(), hash(other.hash->clone()) {} - - ~PKCS5_PBKDF1() { delete hash; } - - std::string name() const - { - return "PBKDF1(" + hash->name() + ")"; - } - - PBKDF* clone() const - { - return new PKCS5_PBKDF1(hash->clone()); - } - - std::pair<size_t, OctetString> - key_derivation(size_t output_len, - const std::string& passphrase, - const byte salt[], size_t salt_len, - size_t iterations, - std::chrono::milliseconds msec) const override; - private: - HashFunction* hash; - }; - -} - -#endif diff --git a/src/pbkdf/pbkdf2/info.txt b/src/pbkdf/pbkdf2/info.txt deleted file mode 100644 index b13168c53..000000000 --- a/src/pbkdf/pbkdf2/info.txt +++ /dev/null @@ -1,5 +0,0 @@ -define PBKDF2 20131128 - -<requires> -mac -</requires> diff --git a/src/pbkdf/pbkdf2/pbkdf2.cpp b/src/pbkdf/pbkdf2/pbkdf2.cpp deleted file mode 100644 index c24bcaff8..000000000 --- a/src/pbkdf/pbkdf2/pbkdf2.cpp +++ /dev/null @@ -1,111 +0,0 @@ -/* -* PBKDF2 -* (C) 1999-2007 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#include <botan/pbkdf2.h> -#include <botan/get_byte.h> -#include <botan/internal/xor_buf.h> -#include <botan/internal/rounding.h> - -namespace Botan { - -/* -* Return a PKCS #5 PBKDF2 derived key -*/ -std::pair<size_t, OctetString> -PKCS5_PBKDF2::key_derivation(size_t key_len, - const std::string& passphrase, - const byte salt[], size_t salt_len, - size_t iterations, - std::chrono::milliseconds msec) const - { - if(key_len == 0) - return std::make_pair(iterations, OctetString()); - - try - { - mac->set_key(reinterpret_cast<const byte*>(passphrase.data()), - passphrase.length()); - } - catch(Invalid_Key_Length) - { - throw Exception(name() + " cannot accept passphrases of length " + - std::to_string(passphrase.length())); - } - - secure_vector<byte> key(key_len); - - byte* T = &key[0]; - - secure_vector<byte> U(mac->output_length()); - - const size_t blocks_needed = round_up(key_len, mac->output_length()) / mac->output_length(); - - std::chrono::microseconds usec_per_block = - std::chrono::duration_cast<std::chrono::microseconds>(msec) / blocks_needed; - - u32bit counter = 1; - while(key_len) - { - size_t T_size = std::min<size_t>(mac->output_length(), key_len); - - mac->update(salt, salt_len); - mac->update_be(counter); - mac->final(&U[0]); - - xor_buf(T, &U[0], T_size); - - if(iterations == 0) - { - /* - If no iterations set, run the first block to calibrate based - on how long hashing takes on whatever machine we're running on. - */ - - const auto start = std::chrono::high_resolution_clock::now(); - - iterations = 1; // the first iteration we did above - - while(true) - { - mac->update(U); - mac->final(&U[0]); - xor_buf(T, &U[0], T_size); - iterations++; - - /* - Only break on relatively 'even' iterations. For one it - avoids confusion, and likely some broken implementations - break on getting completely randomly distributed values - */ - if(iterations % 10000 == 0) - { - auto time_taken = std::chrono::high_resolution_clock::now() - start; - auto usec_taken = std::chrono::duration_cast<std::chrono::microseconds>(time_taken); - if(usec_taken > usec_per_block) - break; - } - } - } - else - { - for(size_t i = 1; i != iterations; ++i) - { - mac->update(U); - mac->final(&U[0]); - xor_buf(T, &U[0], T_size); - } - } - - key_len -= T_size; - T += T_size; - ++counter; - } - - return std::make_pair(iterations, key); - } - -} diff --git a/src/pbkdf/pbkdf2/pbkdf2.h b/src/pbkdf/pbkdf2/pbkdf2.h deleted file mode 100644 index 8bc271fcf..000000000 --- a/src/pbkdf/pbkdf2/pbkdf2.h +++ /dev/null @@ -1,55 +0,0 @@ -/* -* PBKDF2 -* (C) 1999-2007,2012 Jack Lloyd -* -* Distributed under the terms of the Botan license -*/ - -#ifndef BOTAN_PBKDF2_H__ -#define BOTAN_PBKDF2_H__ - -#include <botan/pbkdf.h> -#include <botan/mac.h> - -namespace Botan { - -/** -* PKCS #5 PBKDF2 -*/ -class BOTAN_DLL PKCS5_PBKDF2 : public PBKDF - { - public: - std::string name() const override - { - return "PBKDF2(" + mac->name() + ")"; - } - - PBKDF* clone() const override - { - return new PKCS5_PBKDF2(mac->clone()); - } - - std::pair<size_t, OctetString> - key_derivation(size_t output_len, - const std::string& passphrase, - const byte salt[], size_t salt_len, - size_t iterations, - std::chrono::milliseconds msec) const override; - - /** - * Create a PKCS #5 instance using the specified message auth code - * @param mac_fn the MAC to use - */ - PKCS5_PBKDF2(MessageAuthenticationCode* mac_fn) : mac(mac_fn) {} - - /** - * Destructor - */ - ~PKCS5_PBKDF2() { delete mac; } - private: - MessageAuthenticationCode* mac; - }; - -} - -#endif |