2023-02-08 11:04:11 +00:00
|
|
|
//
|
|
|
|
// PBKDF2Engine.h
|
|
|
|
//
|
|
|
|
// Library: Foundation
|
|
|
|
// Package: Crypt
|
|
|
|
// Module: PBKDF2Engine
|
|
|
|
//
|
|
|
|
// Definition of the PBKDF2Engine class.
|
|
|
|
//
|
|
|
|
// Copyright (c) 2014, Applied Informatics Software Engineering GmbH.
|
|
|
|
// and Contributors.
|
|
|
|
//
|
|
|
|
// SPDX-License-Identifier: BSL-1.0
|
|
|
|
//
|
|
|
|
|
|
|
|
|
|
|
|
#ifndef Foundation_PBKDF2Engine_INCLUDED
|
|
|
|
#define Foundation_PBKDF2Engine_INCLUDED
|
|
|
|
|
|
|
|
|
|
|
|
#include <algorithm>
|
2023-02-13 09:22:33 +00:00
|
|
|
#include "Poco/ByteOrder.h"
|
|
|
|
#include "Poco/DigestEngine.h"
|
|
|
|
#include "Poco/Foundation.h"
|
2023-02-08 11:04:11 +00:00
|
|
|
|
|
|
|
|
2023-02-13 09:22:33 +00:00
|
|
|
namespace Poco
|
|
|
|
{
|
2023-02-08 11:04:11 +00:00
|
|
|
|
|
|
|
|
|
|
|
template <class PRF>
|
2023-02-13 09:22:33 +00:00
|
|
|
class PBKDF2Engine : public DigestEngine
|
|
|
|
/// This class implements the Password-Based Key Derivation Function 2,
|
|
|
|
/// as specified in RFC 2898. The underlying DigestEngine (HMACEngine, etc.),
|
|
|
|
/// which must accept the passphrase as constructor argument (std::string),
|
|
|
|
/// must be given as template argument.
|
|
|
|
///
|
|
|
|
/// PBKDF2 (Password-Based Key Derivation Function 2) is a key derivation function
|
|
|
|
/// that is part of RSA Laboratories' Public-Key Cryptography Standards (PKCS) series,
|
|
|
|
/// specifically PKCS #5 v2.0, also published as Internet Engineering Task Force's
|
|
|
|
/// RFC 2898. It replaces an earlier standard, PBKDF1, which could only produce
|
|
|
|
/// derived keys up to 160 bits long.
|
|
|
|
///
|
|
|
|
/// PBKDF2 applies a pseudorandom function, such as a cryptographic hash, cipher, or
|
|
|
|
/// HMAC to the input password or passphrase along with a salt value and repeats the
|
|
|
|
/// process many times to produce a derived key, which can then be used as a
|
|
|
|
/// cryptographic key in subsequent operations. The added computational work makes
|
|
|
|
/// password cracking much more difficult, and is known as key stretching.
|
|
|
|
/// When the standard was written in 2000, the recommended minimum number of
|
|
|
|
/// iterations was 1000, but the parameter is intended to be increased over time as
|
|
|
|
/// CPU speeds increase. Having a salt added to the password reduces the ability to
|
|
|
|
/// use precomputed hashes (rainbow tables) for attacks, and means that multiple
|
|
|
|
/// passwords have to be tested individually, not all at once. The standard
|
|
|
|
/// recommends a salt length of at least 64 bits. [Wikipedia]
|
|
|
|
///
|
|
|
|
/// The PBKDF2 algorithm is implemented as a DigestEngine. The passphrase is specified
|
|
|
|
/// by calling update().
|
|
|
|
///
|
|
|
|
/// Example (WPA2):
|
|
|
|
/// PBKDF2Engine<HMACEngine<SHA1Engine> > pbkdf2(ssid, 4096, 256);
|
|
|
|
/// pbkdf2.update(passphrase);
|
|
|
|
/// DigestEngine::Digest d = pbkdf2.digest();
|
2023-02-08 11:04:11 +00:00
|
|
|
{
|
|
|
|
public:
|
2023-02-13 09:22:33 +00:00
|
|
|
enum
|
|
|
|
{
|
|
|
|
PRF_DIGEST_SIZE = PRF::DIGEST_SIZE
|
|
|
|
};
|
|
|
|
|
|
|
|
PBKDF2Engine(const std::string & salt, unsigned c = 4096, Poco::UInt32 dkLen = PRF_DIGEST_SIZE) : _s(salt), _c(c), _dkLen(dkLen)
|
|
|
|
{
|
|
|
|
_result.reserve(_dkLen + PRF_DIGEST_SIZE);
|
|
|
|
}
|
|
|
|
|
|
|
|
~PBKDF2Engine() { }
|
|
|
|
|
|
|
|
std::size_t digestLength() const { return _dkLen; }
|
|
|
|
|
|
|
|
void reset()
|
|
|
|
{
|
|
|
|
_p.clear();
|
|
|
|
_result.clear();
|
|
|
|
}
|
|
|
|
|
|
|
|
const DigestEngine::Digest & digest()
|
|
|
|
{
|
|
|
|
Poco::UInt32 i = 1;
|
|
|
|
while (_result.size() < _dkLen)
|
|
|
|
{
|
|
|
|
f(i++);
|
|
|
|
}
|
|
|
|
_result.resize(_dkLen);
|
|
|
|
return _result;
|
|
|
|
}
|
2023-02-08 11:04:11 +00:00
|
|
|
|
|
|
|
protected:
|
2023-02-13 09:22:33 +00:00
|
|
|
void updateImpl(const void * data, std::size_t length) { _p.append(reinterpret_cast<const char *>(data), length); }
|
|
|
|
|
|
|
|
void f(Poco::UInt32 i)
|
|
|
|
{
|
|
|
|
PRF prf(_p);
|
|
|
|
prf.update(_s);
|
|
|
|
Poco::UInt32 iBE = Poco::ByteOrder::toBigEndian(i);
|
|
|
|
prf.update(&iBE, sizeof(iBE));
|
|
|
|
Poco::DigestEngine::Digest up = prf.digest();
|
|
|
|
Poco::DigestEngine::Digest ux = up;
|
|
|
|
poco_assert_dbg(ux.size() == PRF_DIGEST_SIZE);
|
|
|
|
for (unsigned k = 1; k < _c; k++)
|
|
|
|
{
|
|
|
|
prf.reset();
|
|
|
|
prf.update(&up[0], up.size());
|
|
|
|
Poco::DigestEngine::Digest u = prf.digest();
|
|
|
|
poco_assert_dbg(u.size() == PRF_DIGEST_SIZE);
|
|
|
|
for (int ui = 0; ui < PRF_DIGEST_SIZE; ui++)
|
|
|
|
{
|
|
|
|
ux[ui] ^= u[ui];
|
|
|
|
}
|
|
|
|
std::swap(up, u);
|
|
|
|
}
|
|
|
|
_result.insert(_result.end(), ux.begin(), ux.end());
|
|
|
|
}
|
2023-02-08 11:04:11 +00:00
|
|
|
|
|
|
|
private:
|
2023-02-13 09:22:33 +00:00
|
|
|
PBKDF2Engine();
|
|
|
|
PBKDF2Engine(const PBKDF2Engine &);
|
|
|
|
PBKDF2Engine & operator=(const PBKDF2Engine &);
|
|
|
|
|
|
|
|
std::string _p;
|
|
|
|
std::string _s;
|
|
|
|
unsigned _c;
|
|
|
|
Poco::UInt32 _dkLen;
|
|
|
|
DigestEngine::Digest _result;
|
2023-02-08 11:04:11 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
} // namespace Poco
|
|
|
|
|
|
|
|
|
|
|
|
#endif // Foundation_PBKDF2Engine_INCLUDED
|