1//
2// PBKDF2Engine.h
3//
4// Library: Foundation
5// Package: Crypt
6// Module: PBKDF2Engine
7//
8// Definition of the PBKDF2Engine class.
9//
10// Copyright (c) 2014, Applied Informatics Software Engineering GmbH.
11// and Contributors.
12//
13// SPDX-License-Identifier: BSL-1.0
14//
15
16
17#ifndef Foundation_PBKDF2Engine_INCLUDED
18#define Foundation_PBKDF2Engine_INCLUDED
19
20
21#include "Poco/Foundation.h"
22#include "Poco/DigestEngine.h"
23#include "Poco/ByteOrder.h"
24#include <algorithm>
25
26
27namespace Poco {
28
29
30template <class PRF>
31class PBKDF2Engine: public DigestEngine
32 /// This class implements the Password-Based Key Derivation Function 2,
33 /// as specified in RFC 2898. The underlying DigestEngine (HMACEngine, etc.),
34 /// which must accept the passphrase as constructor argument (std::string),
35 /// must be given as template argument.
36 ///
37 /// PBKDF2 (Password-Based Key Derivation Function 2) is a key derivation function
38 /// that is part of RSA Laboratories' Public-Key Cryptography Standards (PKCS) series,
39 /// specifically PKCS #5 v2.0, also published as Internet Engineering Task Force's
40 /// RFC 2898. It replaces an earlier standard, PBKDF1, which could only produce
41 /// derived keys up to 160 bits long.
42 ///
43 /// PBKDF2 applies a pseudorandom function, such as a cryptographic hash, cipher, or
44 /// HMAC to the input password or passphrase along with a salt value and repeats the
45 /// process many times to produce a derived key, which can then be used as a
46 /// cryptographic key in subsequent operations. The added computational work makes
47 /// password cracking much more difficult, and is known as key stretching.
48 /// When the standard was written in 2000, the recommended minimum number of
49 /// iterations was 1000, but the parameter is intended to be increased over time as
50 /// CPU speeds increase. Having a salt added to the password reduces the ability to
51 /// use precomputed hashes (rainbow tables) for attacks, and means that multiple
52 /// passwords have to be tested individually, not all at once. The standard
53 /// recommends a salt length of at least 64 bits. [Wikipedia]
54 ///
55 /// The PBKDF2 algorithm is implemented as a DigestEngine. The passphrase is specified
56 /// by calling update().
57 ///
58 /// Example (WPA2):
59 /// PBKDF2Engine<HMACEngine<SHA1Engine> > pbkdf2(ssid, 4096, 256);
60 /// pbkdf2.update(passphrase);
61 /// DigestEngine::Digest d = pbkdf2.digest();
62{
63public:
64 enum
65 {
66 PRF_DIGEST_SIZE = PRF::DIGEST_SIZE
67 };
68
69 PBKDF2Engine(const std::string& salt, unsigned c = 4096, Poco::UInt32 dkLen = PRF_DIGEST_SIZE):
70 _s(salt),
71 _c(c),
72 _dkLen(dkLen)
73 {
74 _result.reserve(_dkLen + PRF_DIGEST_SIZE);
75 }
76
77 ~PBKDF2Engine()
78 {
79 }
80
81 std::size_t digestLength() const
82 {
83 return _dkLen;
84 }
85
86 void reset()
87 {
88 _p.clear();
89 _result.clear();
90 }
91
92 const DigestEngine::Digest& digest()
93 {
94 Poco::UInt32 i = 1;
95 while (_result.size() < _dkLen)
96 {
97 f(i++);
98 }
99 _result.resize(_dkLen);
100 return _result;
101 }
102
103protected:
104 void updateImpl(const void* data, std::size_t length)
105 {
106 _p.append(reinterpret_cast<const char*>(data), length);
107 }
108
109 void f(Poco::UInt32 i)
110 {
111 PRF prf(_p);
112 prf.update(_s);
113 Poco::UInt32 iBE = Poco::ByteOrder::toBigEndian(i);
114 prf.update(&iBE, sizeof(iBE));
115 Poco::DigestEngine::Digest up = prf.digest();
116 Poco::DigestEngine::Digest ux = up;
117 poco_assert_dbg(ux.size() == PRF_DIGEST_SIZE);
118 for (unsigned k = 1; k < _c; k++)
119 {
120 prf.reset();
121 prf.update(&up[0], up.size());
122 Poco::DigestEngine::Digest u = prf.digest();
123 poco_assert_dbg(u.size() == PRF_DIGEST_SIZE);
124 for (int ui = 0; ui < PRF_DIGEST_SIZE; ui++)
125 {
126 ux[ui] ^= u[ui];
127 }
128 std::swap(up, u);
129 }
130 _result.insert(_result.end(), ux.begin(), ux.end());
131 }
132
133private:
134 PBKDF2Engine();
135 PBKDF2Engine(const PBKDF2Engine&);
136 PBKDF2Engine& operator = (const PBKDF2Engine&);
137
138 std::string _p;
139 std::string _s;
140 unsigned _c;
141 Poco::UInt32 _dkLen;
142 DigestEngine::Digest _result;
143};
144
145
146} // namespace Poco
147
148
149#endif // Foundation_PBKDF2Engine_INCLUDED
150