9#include <botan/pbkdf2.h>
10#include <botan/exceptn.h>
11#include <botan/internal/rounding.h>
12#include <botan/internal/timer.h>
18void pbkdf2_set_key(MessageAuthenticationCode& prf,
26 catch(Invalid_Key_Length&)
28 throw Invalid_Argument(
"PBKDF2 cannot accept passphrase of the given size");
38 const std::string& password,
39 const uint8_t salt[],
size_t salt_len,
41 std::chrono::milliseconds msec)
50 pbkdf2.derive_key(out, out_len,
51 password.c_str(), password.size(),
59size_t tune_pbkdf2(MessageAuthenticationCode& prf,
63 if(output_length == 0)
66 const size_t prf_sz = prf.output_length();
68 secure_vector<uint8_t> U(prf_sz);
70 const size_t trial_iterations = 2000;
74 Timer timer(
"PBKDF2");
76 const auto tune_time = BOTAN_PBKDF_TUNING_TIME;
78 prf.set_key(
nullptr, 0);
80 timer.run_until_elapsed(tune_time, [&]() {
81 uint8_t out[12] = { 0 };
82 uint8_t salt[12] = { 0 };
83 pbkdf2(prf, out,
sizeof(out), salt,
sizeof(salt), trial_iterations);
86 if(timer.events() == 0)
87 return trial_iterations;
89 const uint64_t duration_nsec = timer.value() / timer.events();
91 const uint64_t desired_nsec =
static_cast<uint64_t
>(msec) * 1000000;
93 if(duration_nsec > desired_nsec)
94 return trial_iterations;
96 const size_t blocks_needed = (output_length + prf_sz - 1) / prf_sz;
98 const size_t multiplier =
static_cast<size_t>(desired_nsec / duration_nsec / blocks_needed);
101 return trial_iterations;
103 return trial_iterations * multiplier;
111 const uint8_t salt[],
128 uint32_t counter = 1;
131 const size_t prf_output = std::min<size_t>(prf_sz, out_len);
137 xor_buf(out, U.data(), prf_output);
139 for(
size_t i = 1; i != iterations; ++i)
143 xor_buf(out, U.data(), prf_output);
146 out_len -= prf_output;
154 const std::string& password,
155 const uint8_t salt[],
size_t salt_len,
157 std::chrono::milliseconds msec)
const
166 pbkdf2.derive_key(key, key_len,
167 password.c_str(), password.size(),
175 return "PBKDF2(" + m_mac->name() +
")";
187 m_iterations(tune_pbkdf2(*m_prf, olen, static_cast<uint32_t>(msec.count())))
192 return "PBKDF2(" + m_prf->name() +
"," + std::to_string(m_iterations) +
")";
196 const char* password,
const size_t password_len,
197 const uint8_t salt[],
size_t salt_len)
const
199 pbkdf2_set_key(*m_prf, password, password_len);
205 return "PBKDF2(" + m_prf->name() +
")";
208std::unique_ptr<PasswordHash>
PBKDF2_Family::tune(
size_t output_len, std::chrono::milliseconds msec,
size_t)
const
210 return std::unique_ptr<PasswordHash>(
new PBKDF2(*m_prf, output_len, msec));
215 return std::unique_ptr<PasswordHash>(
new PBKDF2(*m_prf, 150000));
220 return std::unique_ptr<PasswordHash>(
new PBKDF2(*m_prf, iter));
225 return std::unique_ptr<PasswordHash>(
new PBKDF2(*m_prf, iter));
#define BOTAN_ASSERT_NOMSG(expr)
void update(const uint8_t in[], size_t length)
virtual size_t output_length() const =0
void update_be(uint16_t val)
void final(uint8_t out[])
std::string name() const override
std::unique_ptr< PasswordHash > default_params() const override
std::unique_ptr< PasswordHash > tune(size_t output_len, std::chrono::milliseconds msec, size_t max_memory) const override
std::unique_ptr< PasswordHash > from_iterations(size_t iter) const override
std::unique_ptr< PasswordHash > from_params(size_t iter, size_t, size_t) const override
PBKDF2(const MessageAuthenticationCode &prf, size_t iter)
void derive_key(uint8_t out[], size_t out_len, const char *password, size_t password_len, const uint8_t salt[], size_t salt_len) const override
std::string to_string() const override
size_t iterations() const override
std::string name() const override
PBKDF * clone() const override
size_t pbkdf(uint8_t output_buf[], size_t output_len, const std::string &passphrase, const uint8_t salt[], size_t salt_len, size_t iterations, std::chrono::milliseconds msec) const override
size_t pbkdf2(MessageAuthenticationCode &prf, uint8_t out[], size_t out_len, const std::string &password, const uint8_t salt[], size_t salt_len, size_t iterations, std::chrono::milliseconds msec)
void xor_buf(uint8_t out[], const uint8_t in[], size_t length)
std::vector< T, secure_allocator< T > > secure_vector
void clear_mem(T *ptr, size_t n)
const uint8_t * cast_char_ptr_to_uint8(const char *s)