1 | // |
2 | // PBKDF2Engine.h |
3 | // |
4 | // Library: Foundation |
5 | // Package: Crypt |
6 | // Module: PBKDF2Engine |
7 | // |
8 | // Definition of the PBKDF2Engine class. |
9 | // |
10 | // Copyright (c) 2014, Applied Informatics Software Engineering GmbH. |
11 | // and Contributors. |
12 | // |
13 | // SPDX-License-Identifier: BSL-1.0 |
14 | // |
15 | |
16 | |
17 | #ifndef Foundation_PBKDF2Engine_INCLUDED |
18 | #define Foundation_PBKDF2Engine_INCLUDED |
19 | |
20 | |
21 | #include "Poco/Foundation.h" |
22 | #include "Poco/DigestEngine.h" |
23 | #include "Poco/ByteOrder.h" |
24 | #include <algorithm> |
25 | |
26 | |
27 | namespace Poco { |
28 | |
29 | |
30 | template <class PRF> |
31 | class PBKDF2Engine: public DigestEngine |
32 | /// This class implements the Password-Based Key Derivation Function 2, |
33 | /// as specified in RFC 2898. The underlying DigestEngine (HMACEngine, etc.), |
34 | /// which must accept the passphrase as constructor argument (std::string), |
35 | /// must be given as template argument. |
36 | /// |
37 | /// PBKDF2 (Password-Based Key Derivation Function 2) is a key derivation function |
38 | /// that is part of RSA Laboratories' Public-Key Cryptography Standards (PKCS) series, |
39 | /// specifically PKCS #5 v2.0, also published as Internet Engineering Task Force's |
40 | /// RFC 2898. It replaces an earlier standard, PBKDF1, which could only produce |
41 | /// derived keys up to 160 bits long. |
42 | /// |
43 | /// PBKDF2 applies a pseudorandom function, such as a cryptographic hash, cipher, or |
44 | /// HMAC to the input password or passphrase along with a salt value and repeats the |
45 | /// process many times to produce a derived key, which can then be used as a |
46 | /// cryptographic key in subsequent operations. The added computational work makes |
47 | /// password cracking much more difficult, and is known as key stretching. |
48 | /// When the standard was written in 2000, the recommended minimum number of |
49 | /// iterations was 1000, but the parameter is intended to be increased over time as |
50 | /// CPU speeds increase. Having a salt added to the password reduces the ability to |
51 | /// use precomputed hashes (rainbow tables) for attacks, and means that multiple |
52 | /// passwords have to be tested individually, not all at once. The standard |
53 | /// recommends a salt length of at least 64 bits. [Wikipedia] |
54 | /// |
55 | /// The PBKDF2 algorithm is implemented as a DigestEngine. The passphrase is specified |
56 | /// by calling update(). |
57 | /// |
58 | /// Example (WPA2): |
59 | /// PBKDF2Engine<HMACEngine<SHA1Engine> > pbkdf2(ssid, 4096, 256); |
60 | /// pbkdf2.update(passphrase); |
61 | /// DigestEngine::Digest d = pbkdf2.digest(); |
62 | { |
63 | public: |
64 | enum |
65 | { |
66 | PRF_DIGEST_SIZE = PRF::DIGEST_SIZE |
67 | }; |
68 | |
69 | PBKDF2Engine(const std::string& salt, unsigned c = 4096, Poco::UInt32 dkLen = PRF_DIGEST_SIZE): |
70 | _s(salt), |
71 | _c(c), |
72 | _dkLen(dkLen) |
73 | { |
74 | _result.reserve(_dkLen + PRF_DIGEST_SIZE); |
75 | } |
76 | |
77 | ~PBKDF2Engine() |
78 | { |
79 | } |
80 | |
81 | std::size_t digestLength() const |
82 | { |
83 | return _dkLen; |
84 | } |
85 | |
86 | void reset() |
87 | { |
88 | _p.clear(); |
89 | _result.clear(); |
90 | } |
91 | |
92 | const DigestEngine::Digest& digest() |
93 | { |
94 | Poco::UInt32 i = 1; |
95 | while (_result.size() < _dkLen) |
96 | { |
97 | f(i++); |
98 | } |
99 | _result.resize(_dkLen); |
100 | return _result; |
101 | } |
102 | |
103 | protected: |
104 | void updateImpl(const void* data, std::size_t length) |
105 | { |
106 | _p.append(reinterpret_cast<const char*>(data), length); |
107 | } |
108 | |
109 | void f(Poco::UInt32 i) |
110 | { |
111 | PRF prf(_p); |
112 | prf.update(_s); |
113 | Poco::UInt32 iBE = Poco::ByteOrder::toBigEndian(i); |
114 | prf.update(&iBE, sizeof(iBE)); |
115 | Poco::DigestEngine::Digest up = prf.digest(); |
116 | Poco::DigestEngine::Digest ux = up; |
117 | poco_assert_dbg(ux.size() == PRF_DIGEST_SIZE); |
118 | for (unsigned k = 1; k < _c; k++) |
119 | { |
120 | prf.reset(); |
121 | prf.update(&up[0], up.size()); |
122 | Poco::DigestEngine::Digest u = prf.digest(); |
123 | poco_assert_dbg(u.size() == PRF_DIGEST_SIZE); |
124 | for (int ui = 0; ui < PRF_DIGEST_SIZE; ui++) |
125 | { |
126 | ux[ui] ^= u[ui]; |
127 | } |
128 | std::swap(up, u); |
129 | } |
130 | _result.insert(_result.end(), ux.begin(), ux.end()); |
131 | } |
132 | |
133 | private: |
134 | PBKDF2Engine(); |
135 | PBKDF2Engine(const PBKDF2Engine&); |
136 | PBKDF2Engine& operator = (const PBKDF2Engine&); |
137 | |
138 | std::string _p; |
139 | std::string _s; |
140 | unsigned _c; |
141 | Poco::UInt32 _dkLen; |
142 | DigestEngine::Digest _result; |
143 | }; |
144 | |
145 | |
146 | } // namespace Poco |
147 | |
148 | |
149 | #endif // Foundation_PBKDF2Engine_INCLUDED |
150 | |