5495699348

Committed 08 Jul 2023 05:56PM UTC coverage: 91.736% (+0.006%) from 91.73%

Build # 5495699348

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #3617 from Rohde-Schwarz/tls13/psk_preparations

[TLS 1.3] Preparations for externally provided PSKs

Run Details

78235 of 85283 relevant lines covered (91.74%)

12425340.96 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

75.76

/src/lib/pbkdf/argon2/argon2pwhash.cpp

/**
* (C) 2019 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/argon2.h>

#include <botan/exceptn.h>
#include <botan/internal/fmt.h>
#include <botan/internal/timer.h>
#include <algorithm>

namespace Botan {

Argon2::Argon2(uint8_t family, size_t M, size_t t, size_t p) : m_family(family), m_M(M), m_t(t), m_p(p) {
   BOTAN_ARG_CHECK(m_p >= 1 && m_p <= 128, "Invalid Argon2 threads parameter");
   BOTAN_ARG_CHECK(m_M >= 8 * m_p && m_M <= 8192 * 1024, "Invalid Argon2 M parameter");
   BOTAN_ARG_CHECK(m_t >= 1, "Invalid Argon2 t parameter");
}

void Argon2::derive_key(uint8_t output[],
                        size_t output_len,
                        const char* password,
                        size_t password_len,
                        const uint8_t salt[],
                        size_t salt_len) const {
   argon2(output, output_len, password, password_len, salt, salt_len, nullptr, 0, nullptr, 0);
}

void Argon2::derive_key(uint8_t output[],
                        size_t output_len,
                        const char* password,
                        size_t password_len,
                        const uint8_t salt[],
                        size_t salt_len,
                        const uint8_t ad[],
                        size_t ad_len,
                        const uint8_t key[],
                        size_t key_len) const {
   argon2(output, output_len, password, password_len, salt, salt_len, key, key_len, ad, ad_len);
}

namespace {

std::string argon2_family_name(uint8_t f) {
   switch(f) {
      case 0:
         return "Argon2d";
      case 1:
         return "Argon2i";
      case 2:
         return "Argon2id";
      default:
         throw Invalid_Argument("Unknown Argon2 parameter");
   }
}

}  // namespace

std::string Argon2::to_string() const {
   return fmt("{}({},{},{})", argon2_family_name(m_family), m_M, m_t, m_p);
}

Argon2_Family::Argon2_Family(uint8_t family) : m_family(family) {
   if(m_family != 0 && m_family != 1 && m_family != 2) {
      throw Invalid_Argument("Unknown Argon2 family identifier");
   }
}

std::string Argon2_Family::name() const {
   return argon2_family_name(m_family);
}

std::unique_ptr<PasswordHash> Argon2_Family::tune(size_t /*output_length*/,
                                                  std::chrono::milliseconds msec,
                                                  size_t max_memory,
                                                  std::chrono::milliseconds tune_time) const {
   const size_t max_kib = (max_memory == 0) ? 256 * 1024 : max_memory * 1024;

   // Tune with a large memory otherwise we measure cache vs RAM speeds and underestimate
   // costs for larger params. Default is 36 MiB, or use 128 for long times.
   const size_t tune_M = (msec >= std::chrono::milliseconds(200) ? 128 : 36) * 1024;
   const size_t p = 1;
   size_t t = 1;

   Timer timer("Argon2");

   auto pwhash = this->from_params(tune_M, t, p);

   timer.run_until_elapsed(tune_time, [&]() {
      uint8_t output[64] = {0};
      pwhash->derive_key(output, sizeof(output), "test", 4, nullptr, 0);
   });

   if(timer.events() == 0 || timer.value() == 0) {
      return default_params();
   }

   size_t M = 4 * 1024;

   const uint64_t measured_time = timer.value() / (timer.events() * (tune_M / M));

   const uint64_t target_nsec = msec.count() * static_cast<uint64_t>(1000000);

   /*
   * Argon2 scaling rules:
   * k*M, k*t, k*p all increase cost by about k
   *
   * Since we don't even take advantage of p > 1, we prefer increasing
   * t or M instead.
   *
   * If possible to increase M, prefer that.
   */

   uint64_t est_nsec = measured_time;

   if(est_nsec < target_nsec && M < max_kib) {
      const uint64_t desired_cost_increase = (target_nsec + est_nsec - 1) / est_nsec;
      const uint64_t mem_headroom = max_kib / M;

      const uint64_t M_mult = std::min(desired_cost_increase, mem_headroom);
      M *= static_cast<size_t>(M_mult);
      est_nsec *= M_mult;
   }

   if(est_nsec < target_nsec / 2) {
      const uint64_t desired_cost_increase = (target_nsec + est_nsec - 1) / est_nsec;
      t *= static_cast<size_t>(desired_cost_increase);
   }

   return this->from_params(M, t, p);
}

std::unique_ptr<PasswordHash> Argon2_Family::default_params() const {
   return this->from_params(128 * 1024, 1, 1);
}

std::unique_ptr<PasswordHash> Argon2_Family::from_iterations(size_t iter) const {
   /*
   These choices are arbitrary, but should not change in future
   releases since they will break applications expecting deterministic
   mapping from iteration count to params
   */
   const size_t M = iter;
   const size_t t = 1;
   const size_t p = 1;
   return this->from_params(M, t, p);
}

std::unique_ptr<PasswordHash> Argon2_Family::from_params(size_t M, size_t t, size_t p) const {
   return std::make_unique<Argon2>(m_family, M, t, p);
}

}  // namespace Botan

1	/**
2	* (C) 2019 Jack Lloyd
3	*
4	* Botan is released under the Simplified BSD License (see license.txt)
5	*/
6
7	#include <botan/argon2.h>
8
9	#include <botan/exceptn.h>
10	#include <botan/internal/fmt.h>
11	#include <botan/internal/timer.h>
12	#include <algorithm>
13
14	namespace Botan {
15
16	Argon2::Argon2(uint8_t family, size_t M, size_t t, size_t p) : m_family(family), m_M(M), m_t(t), m_p(p) {	1,116✔
17	BOTAN_ARG_CHECK(m_p >= 1 && m_p <= 128, "Invalid Argon2 threads parameter");	1,116✔
18	BOTAN_ARG_CHECK(m_M >= 8 * m_p && m_M <= 8192 * 1024, "Invalid Argon2 M parameter");	1,116✔
19	BOTAN_ARG_CHECK(m_t >= 1, "Invalid Argon2 t parameter");	1,116✔
20	}	1,116✔
21
22	void Argon2::derive_key(uint8_t output[],	45✔
23	size_t output_len,
24	const char* password,
25	size_t password_len,
26	const uint8_t salt[],
27	size_t salt_len) const {
28	argon2(output, output_len, password, password_len, salt, salt_len, nullptr, 0, nullptr, 0);	45✔
29	}	45✔
30
31	void Argon2::derive_key(uint8_t output[],	1,071✔
32	size_t output_len,
33	const char* password,
34	size_t password_len,
35	const uint8_t salt[],
36	size_t salt_len,
37	const uint8_t ad[],
38	size_t ad_len,
39	const uint8_t key[],
40	size_t key_len) const {
41	argon2(output, output_len, password, password_len, salt, salt_len, key, key_len, ad, ad_len);	1,071✔
42	}	1,071✔
43
44	namespace {
45
46	std::string argon2_family_name(uint8_t f) {	22✔
47	switch(f) {	22✔
48	case 0:	2✔
49	return "Argon2d";	2✔
50	case 1:	2✔
51	return "Argon2i";	2✔
52	case 2:	18✔
53	return "Argon2id";	18✔
54	default:	×
55	throw Invalid_Argument("Unknown Argon2 parameter");	×
56	}
57	}
58
59	} // namespace
60
61	std::string Argon2::to_string() const {	16✔
62	return fmt("{}({},{},{})", argon2_family_name(m_family), m_M, m_t, m_p);	16✔
63	}
64
65	Argon2_Family::Argon2_Family(uint8_t family) : m_family(family) {	1,090✔
66	if(m_family != 0 && m_family != 1 && m_family != 2) {	1,090✔
67	throw Invalid_Argument("Unknown Argon2 family identifier");	×
68	}
69	}	1,090✔
70
71	std::string Argon2_Family::name() const {	6✔
72	return argon2_family_name(m_family);	6✔
73	}
74
75	std::unique_ptr<PasswordHash> Argon2_Family::tune(size_t /output_length/,	6✔
76	std::chrono::milliseconds msec,
77	size_t max_memory,
78	std::chrono::milliseconds tune_time) const {
79	const size_t max_kib = (max_memory == 0) ? 256 * 1024 : max_memory * 1024;	6✔
80
81	// Tune with a large memory otherwise we measure cache vs RAM speeds and underestimate
82	// costs for larger params. Default is 36 MiB, or use 128 for long times.
83	const size_t tune_M = (msec >= std::chrono::milliseconds(200) ? 128 : 36) * 1024;	12✔
84	const size_t p = 1;	6✔
85	size_t t = 1;	6✔
86
87	Timer timer("Argon2");	6✔
88
89	auto pwhash = this->from_params(tune_M, t, p);	6✔
90
91	timer.run_until_elapsed(tune_time, [&]() {	6✔
92	uint8_t output[64] = {0};	6✔
93	pwhash->derive_key(output, sizeof(output), "test", 4, nullptr, 0);	6✔
94	});	6✔
95
96	if(timer.events() == 0 \|\| timer.value() == 0) {	6✔
97	return default_params();	×
98	}
99
100	size_t M = 4 * 1024;	6✔
101
102	const uint64_t measured_time = timer.value() / (timer.events() * (tune_M / M));	6✔
103
104	const uint64_t target_nsec = msec.count() * static_cast<uint64_t>(1000000);	6✔
105
106	/*
107	* Argon2 scaling rules:
108	* kM, kt, k*p all increase cost by about k
109	*
110	* Since we don't even take advantage of p > 1, we prefer increasing
111	* t or M instead.
112	*
113	* If possible to increase M, prefer that.
114	*/
115
116	uint64_t est_nsec = measured_time;	6✔
117
118	if(est_nsec < target_nsec && M < max_kib) {	6✔
119	const uint64_t desired_cost_increase = (target_nsec + est_nsec - 1) / est_nsec;	×
120	const uint64_t mem_headroom = max_kib / M;	×
121
122	const uint64_t M_mult = std::min(desired_cost_increase, mem_headroom);	×
123	M *= static_cast<size_t>(M_mult);	×
124	est_nsec *= M_mult;	×
125	}
126
127	if(est_nsec < target_nsec / 2) {	6✔
128	const uint64_t desired_cost_increase = (target_nsec + est_nsec - 1) / est_nsec;	×
129	t *= static_cast<size_t>(desired_cost_increase);	×
130	}
131
132	return this->from_params(M, t, p);	6✔
133	}	6✔
134
135	std::unique_ptr<PasswordHash> Argon2_Family::default_params() const {	4✔
136	return this->from_params(128 * 1024, 1, 1);	4✔
137	}
138
139	std::unique_ptr<PasswordHash> Argon2_Family::from_iterations(size_t iter) const {	×
140	/*
141	These choices are arbitrary, but should not change in future
142	releases since they will break applications expecting deterministic
143	mapping from iteration count to params
144	*/
145	const size_t M = iter;	×
146	const size_t t = 1;	×
147	const size_t p = 1;	×
148	return this->from_params(M, t, p);	×
149	}
150
151	std::unique_ptr<PasswordHash> Argon2_Family::from_params(size_t M, size_t t, size_t p) const {	1,116✔
152	return std::make_unique<Argon2>(m_family, M, t, p);	1,116✔
153	}
154
155	} // namespace Botan

randombit / botan / 5495699348

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous