| 1 | // |
|---|---|
| 2 | // PBKDF2Engine.h |
| 3 | // |
| 4 | // Library: Foundation |
| 5 | // Package: Crypt |
| 6 | // Module: PBKDF2Engine |
| 7 | // |
| 8 | // Definition of the PBKDF2Engine class. |
| 9 | // |
| 10 | // Copyright (c) 2014, Applied Informatics Software Engineering GmbH. |
| 11 | // and Contributors. |
| 12 | // |
| 13 | // SPDX-License-Identifier: BSL-1.0 |
| 14 | // |
| 15 | |
| 16 | |
| 17 | #ifndef Foundation_PBKDF2Engine_INCLUDED |
| 18 | #define Foundation_PBKDF2Engine_INCLUDED |
| 19 | |
| 20 | |
| 21 | #include "Poco/Foundation.h" |
| 22 | #include "Poco/DigestEngine.h" |
| 23 | #include "Poco/ByteOrder.h" |
| 24 | #include <algorithm> |
| 25 | |
| 26 | |
| 27 | namespace Poco { |
| 28 | |
| 29 | |
| 30 | template <class PRF> |
| 31 | class PBKDF2Engine: public DigestEngine |
| 32 | /// This class implements the Password-Based Key Derivation Function 2, |
| 33 | /// as specified in RFC 2898. The underlying DigestEngine (HMACEngine, etc.), |
| 34 | /// which must accept the passphrase as constructor argument (std::string), |
| 35 | /// must be given as template argument. |
| 36 | /// |
| 37 | /// PBKDF2 (Password-Based Key Derivation Function 2) is a key derivation function |
| 38 | /// that is part of RSA Laboratories' Public-Key Cryptography Standards (PKCS) series, |
| 39 | /// specifically PKCS #5 v2.0, also published as Internet Engineering Task Force's |
| 40 | /// RFC 2898. It replaces an earlier standard, PBKDF1, which could only produce |
| 41 | /// derived keys up to 160 bits long. |
| 42 | /// |
| 43 | /// PBKDF2 applies a pseudorandom function, such as a cryptographic hash, cipher, or |
| 44 | /// HMAC to the input password or passphrase along with a salt value and repeats the |
| 45 | /// process many times to produce a derived key, which can then be used as a |
| 46 | /// cryptographic key in subsequent operations. The added computational work makes |
| 47 | /// password cracking much more difficult, and is known as key stretching. |
| 48 | /// When the standard was written in 2000, the recommended minimum number of |
| 49 | /// iterations was 1000, but the parameter is intended to be increased over time as |
| 50 | /// CPU speeds increase. Having a salt added to the password reduces the ability to |
| 51 | /// use precomputed hashes (rainbow tables) for attacks, and means that multiple |
| 52 | /// passwords have to be tested individually, not all at once. The standard |
| 53 | /// recommends a salt length of at least 64 bits. [Wikipedia] |
| 54 | /// |
| 55 | /// The PBKDF2 algorithm is implemented as a DigestEngine. The passphrase is specified |
| 56 | /// by calling update(). |
| 57 | /// |
| 58 | /// Example (WPA2): |
| 59 | /// PBKDF2Engine<HMACEngine<SHA1Engine> > pbkdf2(ssid, 4096, 256); |
| 60 | /// pbkdf2.update(passphrase); |
| 61 | /// DigestEngine::Digest d = pbkdf2.digest(); |
| 62 | { |
| 63 | public: |
| 64 | enum |
| 65 | { |
| 66 | PRF_DIGEST_SIZE = PRF::DIGEST_SIZE |
| 67 | }; |
| 68 | |
| 69 | PBKDF2Engine(const std::string& salt, unsigned c = 4096, Poco::UInt32 dkLen = PRF_DIGEST_SIZE): |
| 70 | _s(salt), |
| 71 | _c(c), |
| 72 | _dkLen(dkLen) |
| 73 | { |
| 74 | _result.reserve(_dkLen + PRF_DIGEST_SIZE); |
| 75 | } |
| 76 | |
| 77 | ~PBKDF2Engine() |
| 78 | { |
| 79 | } |
| 80 | |
| 81 | std::size_t digestLength() const |
| 82 | { |
| 83 | return _dkLen; |
| 84 | } |
| 85 | |
| 86 | void reset() |
| 87 | { |
| 88 | _p.clear(); |
| 89 | _result.clear(); |
| 90 | } |
| 91 | |
| 92 | const DigestEngine::Digest& digest() |
| 93 | { |
| 94 | Poco::UInt32 i = 1; |
| 95 | while (_result.size() < _dkLen) |
| 96 | { |
| 97 | f(i++); |
| 98 | } |
| 99 | _result.resize(_dkLen); |
| 100 | return _result; |
| 101 | } |
| 102 | |
| 103 | protected: |
| 104 | void updateImpl(const void* data, std::size_t length) |
| 105 | { |
| 106 | _p.append(reinterpret_cast<const char*>(data), length); |
| 107 | } |
| 108 | |
| 109 | void f(Poco::UInt32 i) |
| 110 | { |
| 111 | PRF prf(_p); |
| 112 | prf.update(_s); |
| 113 | Poco::UInt32 iBE = Poco::ByteOrder::toBigEndian(i); |
| 114 | prf.update(&iBE, sizeof(iBE)); |
| 115 | Poco::DigestEngine::Digest up = prf.digest(); |
| 116 | Poco::DigestEngine::Digest ux = up; |
| 117 | poco_assert_dbg(ux.size() == PRF_DIGEST_SIZE); |
| 118 | for (unsigned k = 1; k < _c; k++) |
| 119 | { |
| 120 | prf.reset(); |
| 121 | prf.update(&up[0], up.size()); |
| 122 | Poco::DigestEngine::Digest u = prf.digest(); |
| 123 | poco_assert_dbg(u.size() == PRF_DIGEST_SIZE); |
| 124 | for (int ui = 0; ui < PRF_DIGEST_SIZE; ui++) |
| 125 | { |
| 126 | ux[ui] ^= u[ui]; |
| 127 | } |
| 128 | std::swap(up, u); |
| 129 | } |
| 130 | _result.insert(_result.end(), ux.begin(), ux.end()); |
| 131 | } |
| 132 | |
| 133 | private: |
| 134 | PBKDF2Engine(); |
| 135 | PBKDF2Engine(const PBKDF2Engine&); |
| 136 | PBKDF2Engine& operator = (const PBKDF2Engine&); |
| 137 | |
| 138 | std::string _p; |
| 139 | std::string _s; |
| 140 | unsigned _c; |
| 141 | Poco::UInt32 _dkLen; |
| 142 | DigestEngine::Digest _result; |
| 143 | }; |
| 144 | |
| 145 | |
| 146 | } // namespace Poco |
| 147 | |
| 148 | |
| 149 | #endif // Foundation_PBKDF2Engine_INCLUDED |
| 150 |
Generated while processing POCO/Foundation/testsuite/src/PBKDF2EngineTest.cpp
Generated on 2019-Jun-21 from project POCO revision 1.9.1
Powered by 
Code Browser 2.1
Generator usage only permitted with license.