7#include <botan/bcrypt_pbkdf.h>
8#include <botan/loadstor.h>
9#include <botan/blowfish.h>
10#include <botan/hash.h>
11#include <botan/internal/timer.h>
16 const char* password,
size_t password_len,
17 const uint8_t salt[],
size_t salt_len)
const
20 password, password_len,
27 return "Bcrypt-PBKDF(" + std::to_string(m_iterations) +
")";
32 return "Bcrypt-PBKDF";
36 std::chrono::milliseconds msec,
39 Timer timer(
"Bcrypt_PBKDF");
40 const auto tune_time = BOTAN_PBKDF_TUNING_TIME;
42 const size_t blocks = (output_length + 32 - 1) / 32;
47 const size_t starting_iter = 2;
50 uint8_t output[32] = { 0 };
51 bcrypt_pbkdf(output,
sizeof(output),
"test", 4,
nullptr, 0, starting_iter);
57 const uint64_t measured_time = timer.
value() / (timer.
events() / blocks);
59 const uint64_t target_nsec = msec.count() *
static_cast<uint64_t
>(1000000);
61 const uint64_t desired_increase = target_nsec / measured_time;
63 if(desired_increase == 0)
66 return this->
from_iterations(
static_cast<size_t>(desired_increase * starting_iter));
76 return std::unique_ptr<PasswordHash>(
new Bcrypt_PBKDF(iter));
92 const size_t BCRYPT_PBKDF_OUTPUT = 32;
95 static const uint8_t BCRYPT_PBKDF_MAGIC[BCRYPT_PBKDF_OUTPUT] = {
96 0x4F, 0x78, 0x79, 0x63, 0x68, 0x72, 0x6F, 0x6D,
97 0x61, 0x74, 0x69, 0x63, 0x42, 0x6C, 0x6F, 0x77,
98 0x66, 0x69, 0x73, 0x68, 0x53, 0x77, 0x61, 0x74,
99 0x44, 0x79, 0x6E, 0x61, 0x6D, 0x69, 0x74, 0x65
102 const size_t BCRYPT_PBKDF_WORKFACTOR = 6;
103 const size_t BCRYPT_PBKDF_ROUNDS = 64;
106 salt_hash.data(), salt_hash.size(),
107 BCRYPT_PBKDF_WORKFACTOR,
true);
109 copy_mem(tmp.data(), BCRYPT_PBKDF_MAGIC, BCRYPT_PBKDF_OUTPUT);
110 for(
size_t i = 0; i != BCRYPT_PBKDF_ROUNDS; ++i)
119 for(
size_t i = 0; i != 32/4; ++i)
122 store_be(w, &tmp[
sizeof(uint32_t)*i]);
125 xor_buf(out.data(), tmp.data(), BCRYPT_PBKDF_OUTPUT);
131 const char* pass,
size_t pass_len,
132 const uint8_t salt[],
size_t salt_len,
141 BOTAN_ARG_CHECK(output_len <= 10*1024*1024,
"Too much output for Bcrypt PBKDF");
143 const size_t BCRYPT_BLOCK_SIZE = 32;
144 const size_t blocks = (output_len + BCRYPT_BLOCK_SIZE - 1) / BCRYPT_BLOCK_SIZE;
147 const secure_vector<uint8_t> pass_hash = sha512->process(
reinterpret_cast<const uint8_t*
>(pass), pass_len);
155 for(
size_t block = 0; block != blocks; ++block)
160 sha512->update_be(
static_cast<uint32_t
>(block + 1));
161 sha512->final(salt_hash.data());
163 bcrypt_round(blowfish, pass_hash, salt_hash, out, tmp);
165 for(
size_t r = 1; r != rounds; ++r)
169 sha512->final(salt_hash.data());
171 bcrypt_round(blowfish, pass_hash, salt_hash, out, tmp);
174 for(
size_t i = 0; i != BCRYPT_BLOCK_SIZE; ++i)
176 const size_t dest = i * blocks + block;
177 if(dest < output_len)
178 output[dest] = out[i];
#define BOTAN_ARG_CHECK(expr, msg)
std::unique_ptr< PasswordHash > from_params(size_t i, size_t, size_t) const override
std::unique_ptr< PasswordHash > default_params() const override
std::string name() const override
std::unique_ptr< PasswordHash > from_iterations(size_t iter) const override
std::unique_ptr< PasswordHash > tune(size_t output_length, std::chrono::milliseconds msec, size_t max_memory) const override
void derive_key(uint8_t out[], size_t out_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len) const override
std::string to_string() const override
void encrypt(const uint8_t in[], uint8_t out[]) const
void salted_set_key(const uint8_t key[], size_t key_length, const uint8_t salt[], size_t salt_length, const size_t workfactor, bool salt_first=false)
static std::unique_ptr< HashFunction > create_or_throw(const std::string &algo_spec, const std::string &provider="")
void run_until_elapsed(std::chrono::milliseconds msec, F f)
void bcrypt_pbkdf(uint8_t output[], size_t output_len, const char *pass, size_t pass_len, const uint8_t salt[], size_t salt_len, size_t rounds)
void store_be(uint16_t in, uint8_t out[2])
uint32_t load_le< uint32_t >(const uint8_t in[], size_t off)
void copy_mem(T *out, const T *in, size_t n)
void xor_buf(uint8_t out[], const uint8_t in[], size_t length)
std::vector< T, secure_allocator< T > > secure_vector
void clear_mem(T *ptr, size_t n)