Skip to content

Cooperative Cancellation in PasswordHash #5124

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 14 commits into
base: master
Choose a base branch
from
+85 −46
Draft

Cooperative Cancellation in PasswordHash #5124

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
3c6bd37
Add CI builder for macOS 26 / XCode 26
randombit Sep 12, 2025
06846bc
Added stop_token to Argon2 (draft)
huven Oct 19, 2025
76a7ccc
Added supports_cooperative_cancellation()
huven Oct 20, 2025
c33254d
Move stop_token to derive_key and hash signature
huven Oct 20, 2025
b6d7e2a
Added <optional> include
huven Oct 20, 2025
e9d021c
Added [[maybe_unused]] to PasswordHash subclasses that don't support …
huven Oct 20, 2025
c1c8ec9
Update Android NDK to r29 (October 2025)
reneme Oct 21, 2025
6034864
Merge pull request #1 from randombit/jack/add-macos-26-ci
huven Oct 21, 2025
623198a
Merge pull request #2 from Rohde-Schwarz/chore/update_ndk
huven Oct 21, 2025
9f17b81
macOS changes
huven Oct 21, 2025
a3483af
Added macOS 26 amalgamation CI
huven Oct 21, 2025
a22b729
Use macOS 26 for iOS cross CI
huven Oct 21, 2025
ccb364a
Add -latomic on arm32
huven Oct 21, 2025
304f43e
Add -latomic on arm32 (one more)
huven Oct 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
28 changes: 17 additions & 11 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -115,20 +115,26 @@ jobs:

matrix:
include:
# - target: shared
# compiler: xcode
# os: macos-13 # x86
# - target: amalgamation
# compiler: xcode
# os: macos-13 # x86
# make_tool: ninja
# - target: shared
# compiler: xcode
# os: macos-14
# make_tool: ninja
# - target: amalgamation
# compiler: xcode
# os: macos-14
- target: shared
compiler: xcode
os: macos-13
os: macos-26
- target: amalgamation
compiler: xcode
os: macos-13
make_tool: ninja
- target: shared
compiler: xcode
os: macos-14 # uses Apple Silicon
make_tool: ninja
- target: amalgamation
compiler: xcode
os: macos-14 # uses Apple Silicon
os: macos-26

runs-on: ${{ matrix.os }}

Expand Down Expand Up @@ -330,7 +336,7 @@ jobs:
make_tool: make
- target: cross-ios-arm64
compiler: xcode
host_os: macos-13
host_os: macos-26
- target: cross-arm32-baremetal
compiler: gcc
host_os: ubuntu-24.04
Expand Down
2 changes: 1 addition & 1 deletion src/configs/repo_config.env
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ BORINGSSL_REPO="randombit/boringssl"
BORINGSSL_BRANCH="rene/runner-20241016"

# The Android NDK to for the cross platform builds to Android
ANDROID_NDK="android-ndk-r28"
ANDROID_NDK="android-ndk-r29"

# Jitterentropy library version to be used for testing the 'jitter_rng' module
JITTERENTROPY_VERSION="3.6.2"
Expand Down
17 changes: 11 additions & 6 deletions src/lib/pbkdf/argon2/argon2.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -279,7 +279,8 @@ void process_block(secure_vector<uint64_t>& B,
size_t threads,
uint8_t mode,
size_t memory,
size_t time) {
size_t time,
const std::optional<std::stop_token>& stop_token) {
uint64_t T[128];
size_t index = 0;
if(n == 0 && slice == 0) {
Expand All @@ -296,6 +297,9 @@ void process_block(secure_vector<uint64_t>& B,
}

while(index < segments) {
if ((index & 63) == 0 && stop_token.has_value() && stop_token->stop_requested())
throw Botan::Invalid_State("Cancelled");

const size_t offset = lane * lanes + slice * segments + index;

size_t prev = offset - 1;
Expand Down Expand Up @@ -326,7 +330,7 @@ void process_block(secure_vector<uint64_t>& B,
}
}

void process_blocks(secure_vector<uint64_t>& B, size_t t, size_t memory, size_t threads, uint8_t mode) {
void process_blocks(secure_vector<uint64_t>& B, size_t t, size_t memory, size_t threads, uint8_t mode, const std::optional<std::stop_token>& stop_token) {
const size_t lanes = memory / threads;
const size_t segments = lanes / SYNC_POINTS;

Expand All @@ -341,7 +345,7 @@ void process_blocks(secure_vector<uint64_t>& B, size_t t, size_t memory, size_t

for(size_t lane = 0; lane != threads; ++lane) {
fut_results.push_back(thread_pool.run(
process_block, std::ref(B), n, slice, lane, lanes, segments, threads, mode, memory, t));
process_block, std::ref(B), n, slice, lane, lanes, segments, threads, mode, memory, t, stop_token));
}

for(auto& fut : fut_results) {
Expand All @@ -357,7 +361,7 @@ void process_blocks(secure_vector<uint64_t>& B, size_t t, size_t memory, size_t
for(size_t n = 0; n != t; ++n) {
for(size_t slice = 0; slice != SYNC_POINTS; ++slice) {
for(size_t lane = 0; lane != threads; ++lane) {
process_block(B, n, slice, lane, lanes, segments, threads, mode, memory, t);
process_block(B, n, slice, lane, lanes, segments, threads, mode, memory, t, stop_token);
}
}
}
Expand All @@ -374,7 +378,8 @@ void Argon2::argon2(uint8_t output[],
const uint8_t key[],
size_t key_len,
const uint8_t ad[],
size_t ad_len) const {
size_t ad_len,
const std::optional<std::stop_token>& stop_token) const {
BOTAN_ARG_CHECK(output_len >= 4 && output_len <= std::numeric_limits<uint32_t>::max(),
"Invalid Argon2 output length");
BOTAN_ARG_CHECK(password_len <= std::numeric_limits<uint32_t>::max(), "Invalid Argon2 password length");
Expand Down Expand Up @@ -406,7 +411,7 @@ void Argon2::argon2(uint8_t output[],
secure_vector<uint64_t> B(memory * 1024 / 8);

init_blocks(B, *blake2, H0, memory, m_p);
process_blocks(B, m_t, memory, m_p, m_family);
process_blocks(B, m_t, memory, m_p, m_family, stop_token);

clear_mem(output, output_len);
extract_key(output, output_len, B, memory, m_p);
Expand Down
11 changes: 8 additions & 3 deletions src/lib/pbkdf/argon2/argon2.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,8 @@ class BOTAN_PUBLIC_API(2, 11) Argon2 final : public PasswordHash {
const char* password,
size_t password_len,
const uint8_t salt[],
size_t salt_len) const override;
size_t salt_len,
const std::optional<std::stop_token>& stop_token) const override;

void derive_key(uint8_t out[],
size_t out_len,
Expand All @@ -46,7 +47,8 @@ class BOTAN_PUBLIC_API(2, 11) Argon2 final : public PasswordHash {
const uint8_t ad[],
size_t ad_len,
const uint8_t key[],
size_t key_len) const override;
size_t key_len,
const std::optional<std::stop_token>& stop_token) const override;

std::string to_string() const override;

Expand All @@ -60,6 +62,8 @@ class BOTAN_PUBLIC_API(2, 11) Argon2 final : public PasswordHash {

bool supports_associated_data() const override { return true; }

bool supports_cooperative_cancellation() const override { return true; }

size_t iterations() const override { return t(); }

size_t parallelism() const override { return p(); }
Expand Down Expand Up @@ -91,7 +95,8 @@ class BOTAN_PUBLIC_API(2, 11) Argon2 final : public PasswordHash {
const uint8_t key[],
size_t key_len,
const uint8_t ad[],
size_t ad_len) const;
size_t ad_len,
const std::optional<std::stop_token>& stop_token) const;

uint8_t m_family;
size_t m_M, m_t, m_p;
Expand Down
10 changes: 6 additions & 4 deletions src/lib/pbkdf/argon2/argon2pwhash.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,9 @@ void Argon2::derive_key(uint8_t output[],
const char* password,
size_t password_len,
const uint8_t salt[],
size_t salt_len) const {
argon2(output, output_len, password, password_len, salt, salt_len, nullptr, 0, nullptr, 0);
size_t salt_len,
const std::optional<std::stop_token>& stop_token) const {
argon2(output, output_len, password, password_len, salt, salt_len, nullptr, 0, nullptr, 0, stop_token);
}

void Argon2::derive_key(uint8_t output[],
Expand All @@ -39,8 +40,9 @@ void Argon2::derive_key(uint8_t output[],
const uint8_t ad[],
size_t ad_len,
const uint8_t key[],
size_t key_len) const {
argon2(output, output_len, password, password_len, salt, salt_len, key, key_len, ad, ad_len);
size_t key_len,
const std::optional<std::stop_token>& stop_token) const {
argon2(output, output_len, password, password_len, salt, salt_len, key, key_len, ad, ad_len, stop_token);
}

namespace {
Expand Down
3 changes: 2 additions & 1 deletion src/lib/pbkdf/bcrypt_pbkdf/bcrypt_pbkdf.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,8 @@ void Bcrypt_PBKDF::derive_key(uint8_t output[],
const char* password,
size_t password_len,
const uint8_t salt[],
size_t salt_len) const {
size_t salt_len,
[[maybe_unused]] const std::optional<std::stop_token>& stop_token) const {
// No output desired, so we are all done already...
if(output_len == 0) {
return;
Expand Down
3 changes: 2 additions & 1 deletion src/lib/pbkdf/bcrypt_pbkdf/bcrypt_pbkdf.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,8 @@ class BOTAN_PUBLIC_API(2, 11) Bcrypt_PBKDF final : public PasswordHash {
const char* password,
size_t password_len,
const uint8_t salt[],
size_t salt_len) const override;
size_t salt_len,
const std::optional<std::stop_token>& stop_token) const override;

std::string to_string() const override;

Expand Down
7 changes: 4 additions & 3 deletions src/lib/pbkdf/pbkdf2/pbkdf2.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,7 +83,7 @@ size_t pbkdf2(MessageAuthenticationCode& prf,

PBKDF2 pbkdf2(prf, iterations);

pbkdf2.derive_key(out, out_len, password.data(), password.size(), salt, salt_len);
pbkdf2.derive_key(out, out_len, password.data(), password.size(), salt, salt_len, std::nullopt);

return iterations;
}
Expand Down Expand Up @@ -144,7 +144,7 @@ size_t PKCS5_PBKDF2::pbkdf(uint8_t key[],

PBKDF2 pbkdf2(*m_mac, iterations);

pbkdf2.derive_key(key, key_len, password.data(), password.size(), salt, salt_len);
pbkdf2.derive_key(key, key_len, password.data(), password.size(), salt, salt_len, std::nullopt);

return iterations;
}
Expand All @@ -171,7 +171,8 @@ void PBKDF2::derive_key(uint8_t out[],
const char* password,
const size_t password_len,
const uint8_t salt[],
size_t salt_len) const {
size_t salt_len,
[[maybe_unused]] const std::optional<std::stop_token>& stop_token) const {
pbkdf2_set_key(*m_prf, password, password_len);
pbkdf2(*m_prf, out, out_len, salt, salt_len, m_iterations);
}
Expand Down
3 changes: 2 additions & 1 deletion src/lib/pbkdf/pbkdf2/pbkdf2.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,8 @@ class BOTAN_PUBLIC_API(2, 8) PBKDF2 final : public PasswordHash {
const char* password,
size_t password_len,
const uint8_t salt[],
size_t salt_len) const override;
size_t salt_len,
const std::optional<std::stop_token>& stop_token) const override;

private:
std::unique_ptr<MessageAuthenticationCode> m_prf;
Expand Down
3 changes: 2 additions & 1 deletion src/lib/pbkdf/pgp_s2k/pgp_s2k.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -140,7 +140,8 @@ void RFC4880_S2K::derive_key(uint8_t out[],
const char* password,
const size_t password_len,
const uint8_t salt[],
size_t salt_len) const {
size_t salt_len,
[[maybe_unused]] const std::optional<std::stop_token>& stop_token) const {
pgp_s2k(*m_hash, out, out_len, password, password_len, salt, salt_len, m_iterations);
}

Expand Down
3 changes: 2 additions & 1 deletion src/lib/pbkdf/pgp_s2k/pgp_s2k.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,8 @@ class BOTAN_PUBLIC_API(2, 8) RFC4880_S2K final : public PasswordHash {
const char* password,
size_t password_len,
const uint8_t salt[],
size_t salt_len) const override;
size_t salt_len,
const std::optional<std::stop_token>& stop_token) const override;

private:
std::unique_ptr<HashFunction> m_hash;
Expand Down
3 changes: 2 additions & 1 deletion src/lib/pbkdf/pwdhash.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,8 @@ void PasswordHash::derive_key(uint8_t out[],
const uint8_t ad[],
size_t ad_len,
const uint8_t key[],
size_t key_len) const {
size_t key_len,
[[maybe_unused]] const std::optional<std::stop_token>& stop_token) const {
BOTAN_UNUSED(ad, key);

if(ad_len == 0 && key_len == 0) {
Expand Down
19 changes: 15 additions & 4 deletions src/lib/pbkdf/pwdhash.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@
#include <span>
#include <string>
#include <vector>
#include <stop_token>
#include <optional>

namespace Botan {

Expand Down Expand Up @@ -68,6 +70,11 @@ class BOTAN_PUBLIC_API(2, 8) PasswordHash /* NOLINT(*-special-member-functions)
*/
virtual bool supports_associated_data() const { return false; }

/**
* @returns true if this password hash supports cancelling a key derivation operation using a stop_token
*/
virtual bool supports_cooperative_cancellation() const { return false; }

/**
* Hash a password into a bitstring
*
Expand Down Expand Up @@ -106,7 +113,8 @@ class BOTAN_PUBLIC_API(2, 8) PasswordHash /* NOLINT(*-special-member-functions)
std::string_view password,
std::span<const uint8_t> salt,
std::span<const uint8_t> associated_data,
std::span<const uint8_t> key) const {
std::span<const uint8_t> key,
const std::optional<std::stop_token>& stop_token = std::nullopt) const {
this->derive_key(out.data(),
out.size(),
password.data(),
Expand All @@ -116,7 +124,8 @@ class BOTAN_PUBLIC_API(2, 8) PasswordHash /* NOLINT(*-special-member-functions)
associated_data.data(),
associated_data.size(),
key.data(),
key.size());
key.size(),
stop_token);
}

/**
Expand All @@ -137,7 +146,8 @@ class BOTAN_PUBLIC_API(2, 8) PasswordHash /* NOLINT(*-special-member-functions)
const char* password,
size_t password_len,
const uint8_t salt[],
size_t salt_len) const = 0;
size_t salt_len,
const std::optional<std::stop_token>& stop_token = std::nullopt) const = 0;

/**
* Derive a key from a password plus additional data and/or a secret key
Expand Down Expand Up @@ -168,7 +178,8 @@ class BOTAN_PUBLIC_API(2, 8) PasswordHash /* NOLINT(*-special-member-functions)
const uint8_t ad[],
size_t ad_len,
const uint8_t key[],
size_t key_len) const;
size_t key_len,
const std::optional<std::stop_token>& stop_token = std::nullopt) const;
};

class BOTAN_PUBLIC_API(2, 8) PasswordHashFamily /* NOLINT(*-special-member-functions) */ {
Expand Down
3 changes: 2 additions & 1 deletion src/lib/pbkdf/scrypt/scrypt.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -198,7 +198,8 @@ void Scrypt::derive_key(uint8_t output[],
const char* password,
size_t password_len,
const uint8_t salt[],
size_t salt_len) const {
size_t salt_len,
[[maybe_unused]] const std::optional<std::stop_token>& stop_token) const {
const size_t N = memory_param();
const size_t p = parallelism();
const size_t r = iterations();
Expand Down
3 changes: 2 additions & 1 deletion src/lib/pbkdf/scrypt/scrypt.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,8 @@ class BOTAN_PUBLIC_API(2, 8) Scrypt final : public PasswordHash {
const char* password,
size_t password_len,
const uint8_t salt[],
size_t salt_len) const override;
size_t salt_len,
const std::optional<std::stop_token>& stop_token) const override;

std::string to_string() const override;

Expand Down
4 changes: 2 additions & 2 deletions src/lib/x509/certstor_system_macos/certstor_macos.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ class BOTAN_PUBLIC_API(2, 10) Certificate_Store_MacOS final : public Certificate
std::optional<X509_Certificate> find_cert_by_pubkey_sha1(const std::vector<uint8_t>& key_hash) const override;

/**
* @throws Not_Implemented
* @throws Not_Implemented as this functionality is not available
*/
std::optional<X509_Certificate> find_cert_by_raw_subject_dn_sha256(
const std::vector<uint8_t>& subject_hash) const override;
Expand All @@ -78,4 +78,4 @@ class BOTAN_PUBLIC_API(2, 10) Certificate_Store_MacOS final : public Certificate

} // namespace Botan

#endif
#endif
2 changes: 1 addition & 1 deletion src/scripts/ci/setup_gh_actions.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ else

if [ -d '/Applications/Xcode_16.1.app/Contents/Developer' ]; then
sudo xcrun xcode-select --switch '/Applications/Xcode_16.1.app/Contents/Developer'
else
elif [ -d '/Applications/Xcode_15.2.app/Contents/Developer' ]; then
sudo xcrun xcode-select --switch '/Applications/Xcode_15.2.app/Contents/Developer'
fi
fi
Expand Down
4 changes: 2 additions & 2 deletions src/scripts/ci_build.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -367,7 +367,7 @@ def sanitize_kv(some_string):
test_prefix = ['wine']
else:
if target == 'cross-arm32':
flags += ['--cpu=armv7', '--extra-cxxflags=-D_FILE_OFFSET_BITS=64']
flags += ['--cpu=armv7', '--extra-cxxflags=-D_FILE_OFFSET_BITS=64', '--extra-libs=atomic']
cc_bin = 'arm-linux-gnueabihf-g++'
test_prefix = ['qemu-arm', '-L', '/usr/arm-linux-gnueabihf/']
elif target in ['cross-arm64', 'cross-arm64-amalgamation']:
Expand Down Expand Up @@ -425,7 +425,7 @@ def sanitize_kv(some_string):
cc_bin = 'mips64-linux-gnuabi64-g++'
test_prefix = ['qemu-mips64', '-L', '/usr/mips64-linux-gnuabi64/']
elif target in ['cross-arm32-baremetal']:
flags += ['--cpu=arm32', '--disable-neon', '--without-stack-protector', '--ldflags=-specs=nosys.specs']
flags += ['--cpu=arm32', '--disable-neon', '--without-stack-protector', '--ldflags=-specs=nosys.specs', '--extra-libs=atomic']
cc_bin = 'arm-none-eabi-c++'
test_cmd = None
else:
Expand Down
Loading
Loading