arne
/
cryptopp
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Cutover PBKDF to KeyDerivationFunction interface (GH #610, PR #612)

pull/614/head
Jeffrey Walton 2018-03-29 23:13:56 -04:00 committed by GitHub
parent 32abab75f2
commit 7b33bc5e04
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 322 additions and 132 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cryptlib.cpp
View File

@ -333,11 +333,6 @@ void RandomNumberGenerator::GenerateIntoBufferedTransformation(BufferedTransform
} }
} }
const Algorithm & KeyDerivationFunction::GetAlgorithm() const
{
return *this;
}
size_t KeyDerivationFunction::MinDerivedLength() const size_t KeyDerivationFunction::MinDerivedLength() const
{ {
return 0; return 0;

14
cryptlib.h
View File

@ -1419,8 +1419,6 @@ class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE KeyDerivationFunction : public Algorithm
public: public:
virtual ~KeyDerivationFunction() {} virtual ~KeyDerivationFunction() {}
virtual const Algorithm & GetAlgorithm() const =0;
/// \brief Provides the name of this algorithm /// \brief Provides the name of this algorithm
/// \return the standard algorithm name /// \return the standard algorithm name
virtual std::string AlgorithmName() const =0; virtual std::string AlgorithmName() const =0;
@ -1452,15 +1450,14 @@ public:
/// \param secret the seed input buffer /// \param secret the seed input buffer
/// \param secretLen the size of the secret buffer, in bytes /// \param secretLen the size of the secret buffer, in bytes
/// \param params additional initialization parameters to configure this object /// \param params additional initialization parameters to configure this object
/// \returns the number of bytes derived /// \returns the number of iterations performed
/// \throws InvalidDerivedLength if <tt>derivedLen</tt> is invalid for the scheme /// \throws InvalidDerivedLength if <tt>derivedLen</tt> is invalid for the scheme
/// \details DeriveKey() provides a standard interface to derive a key from /// \details DeriveKey() provides a standard interface to derive a key from
/// a secret seed and other parameters. Each class that derives from KeyDerivationFunction /// a secret seed and other parameters. Each class that derives from KeyDerivationFunction
/// provides an overload that accepts most parameters used by the derivation function. /// provides an overload that accepts most parameters used by the derivation function.
/// \details the number of bytes derived by DeriveKey() may be less than the number /// \details the number of iterations performed by DeriveKey() may be 1. For example, a
/// requested in <tt>derivedLen</tt>. For example, a scheme may be limited to a // scheme like HKDF does not use the iteration count so it returns 1.
/// certain amount of time for derivation. virtual size_t DeriveKey(byte *derived, size_t derivedLen, const byte *secret, size_t secretLen, const NameValuePairs& params = g_nullNameValuePairs) const =0;
virtual size_t DeriveKey(byte *derived, size_t derivedLen, const byte *secret, size_t secretLen, const NameValuePairs& params) const =0;
/// \brief Set or change parameters /// \brief Set or change parameters
/// \param params additional initialization parameters to configure this object /// \param params additional initialization parameters to configure this object
@ -1469,6 +1466,9 @@ public:
virtual void SetParameters(const NameValuePairs& params); virtual void SetParameters(const NameValuePairs& params);
protected: protected:
/// \brief Returns the base class Algorithm
/// \return the base class Algorithm
virtual const Algorithm & GetAlgorithm() const =0;
/// \brief Validates the derived key length /// \brief Validates the derived key length
/// \param length the size of the derived key material, in bytes /// \param length the size of the derived key material, in bytes

95
hkdf.h
View File

@ -30,10 +30,6 @@ public:
return name; return name;
} }
const Algorithm & GetAlgorithm() const {
return *this;
}
std::string AlgorithmName() const { std::string AlgorithmName() const {
return StaticAlgorithmName(); return StaticAlgorithmName();
} }
@ -57,18 +53,26 @@ public:
/// \param saltLen the size of the salt buffer, in bytes /// \param saltLen the size of the salt buffer, in bytes
/// \param info the additional input buffer /// \param info the additional input buffer
/// \param infoLen the size of the info buffer, in bytes /// \param infoLen the size of the info buffer, in bytes
/// \returns the number of iterations performed
/// \throws InvalidDerivedLength if <tt>derivedLen</tt> is invalid for the scheme /// \throws InvalidDerivedLength if <tt>derivedLen</tt> is invalid for the scheme
/// \details DeriveKey() provides a standard interface to derive a key from /// \details DeriveKey() provides a standard interface to derive a key from
/// a seed and other parameters. Each class that derives from KeyDerivationFunction /// a seed and other parameters. Each class that derives from KeyDerivationFunction
/// provides an overload that accepts most parameters used by the derivation function. /// provides an overload that accepts most parameters used by the derivation function.
/// \details <tt>salt</tt> and <tt>info</tt> can be <tt>nullptr</tt> with 0 length. /// \details <tt>salt</tt> and <tt>info</tt> can be <tt>nullptr</tt> with 0 length.
/// HDF is unusual in that a non-NULL salt with length 0 is different than a /// HKDF is unusual in that a non-NULL salt with length 0 is different than a
/// NULL <tt>salt</tt>. A NULL <tt>salt</tt> causes HDF to use a string of 0's /// NULL <tt>salt</tt>. A NULL <tt>salt</tt> causes HKDF to use a string of 0's
/// of length <tt>T::DIGESTSIZE</tt> for the <tt>salt</tt>. /// of length <tt>T::DIGESTSIZE</tt> for the <tt>salt</tt>.
/// \details HKDF always returns 1 because it only performs 1 iteration. Other
/// derivation functions, like PBKDF's, will return more interesting values.
size_t DeriveKey(byte *derived, size_t derivedLen, const byte *secret, size_t secretLen, size_t DeriveKey(byte *derived, size_t derivedLen, const byte *secret, size_t secretLen,
const byte *salt, size_t saltLen, const byte* info, size_t infoLen) const; const byte *salt, size_t saltLen, const byte* info, size_t infoLen) const;
protected: protected:
// KeyDerivationFunction interface
const Algorithm & GetAlgorithm() const {
return *this;
}
// If salt is absent (NULL), then use the NULL vector. Missing is different than // If salt is absent (NULL), then use the NULL vector. Missing is different than
// EMPTY (Non-NULL, 0 length). The length of s_NullVector used depends on the Hash // EMPTY (Non-NULL, 0 length). The length of s_NullVector used depends on the Hash
// function. SHA-256 will use 32 bytes of s_NullVector. // function. SHA-256 will use 32 bytes of s_NullVector.
@ -110,56 +114,53 @@ size_t HKDF<T>::DeriveKey(byte *derived, size_t derivedLen,
p = ConstByteArrayParameter(GetNullVector(), 0); p = ConstByteArrayParameter(GetNullVector(), 0);
SecByteBlock info(p.begin(), p.size()); SecByteBlock info(p.begin(), p.size());
// key is PRK from the RFC, salt is IKM from the RFC return DeriveKey(derived, derivedLen, secret, secretLen, salt.begin(), salt.size(), info.begin(), info.size());
HMAC<T> hmac;
SecByteBlock key(T::DIGESTSIZE), buffer(T::DIGESTSIZE);
// Extract
hmac.SetKey(salt.begin(), salt.size());
hmac.CalculateDigest(key, secret, secretLen);
// Key
hmac.SetKey(key.begin(), key.size());
byte block = 0;
size_t bytesRemaining = derivedLen;
size_t digestSize = static_cast<size_t>(T::DIGESTSIZE);
// Expand
while (bytesRemaining > 0)
{
if (block++) {hmac.Update(buffer, buffer.size());}
if (info.size()) {hmac.Update(info.begin(), info.size());}
hmac.CalculateDigest(buffer, &block, 1);
#if CRYPTOPP_MSC_VERSION
const size_t segmentLen = STDMIN(bytesRemaining, digestSize);
memcpy_s(derived, segmentLen, buffer, segmentLen);
#else
const size_t segmentLen = STDMIN(bytesRemaining, digestSize);
std::memcpy(derived, buffer, segmentLen);
#endif
derived += segmentLen;
bytesRemaining -= segmentLen;
}
return derivedLen;
} }
template <class T> template <class T>
size_t HKDF<T>::DeriveKey(byte *derived, size_t derivedLen, const byte *secret, size_t secretLen, size_t HKDF<T>::DeriveKey(byte *derived, size_t derivedLen, const byte *secret, size_t secretLen,
const byte *salt, size_t saltLen, const byte* info, size_t infoLen) const const byte *salt, size_t saltLen, const byte* info, size_t infoLen) const
{ {
AlgorithmParameters params; CRYPTOPP_ASSERT(secret && secretLen);
CRYPTOPP_ASSERT(derived && derivedLen);
CRYPTOPP_ASSERT(derivedLen <= MaxDerivedLength());
if (salt != NULLPTR) // Non-NULL and 0 length is valid for HKDF salt ThrowIfInvalidDerivedLength(derivedLen);
params.operator()(Name::Salt(), ConstByteArrayParameter(salt, saltLen));
if (info != NULLPTR) // Non-NULL and 0 length is valid for HKDF salt // key is PRK from the RFC, salt is IKM from the RFC
params.operator()("Info", ConstByteArrayParameter(info, infoLen)); HMAC<T> hmac;
SecByteBlock key(T::DIGESTSIZE), buffer(T::DIGESTSIZE);
return DeriveKey(derived, derivedLen, secret, secretLen, params); // Extract
hmac.SetKey(salt, saltLen);
hmac.CalculateDigest(key, secret, secretLen);
// Key
hmac.SetKey(key.begin(), key.size());
byte block = 0;
// Expand
while (derivedLen > 0)
{
if (block++) {hmac.Update(buffer, buffer.size());}
if (infoLen) {hmac.Update(info, infoLen);}
hmac.CalculateDigest(buffer, &block, 1);
#if CRYPTOPP_MSC_VERSION
const size_t digestSize = static_cast<size_t>(T::DIGESTSIZE);
const size_t segmentLen = STDMIN(derivedLen, digestSize);
memcpy_s(derived, segmentLen, buffer, segmentLen);
#else
const size_t digestSize = static_cast<size_t>(T::DIGESTSIZE);
const size_t segmentLen = STDMIN(derivedLen, digestSize);
std::memcpy(derived, buffer, segmentLen);
#endif
derived += segmentLen;
derivedLen -= segmentLen;
}
return 1;
} }
NAMESPACE_END NAMESPACE_END

332
pwdbased.h
View File

@ -1,4 +1,6 @@
// pwdbased.h - originally written and placed in the public domain by Wei Dai // pwdbased.h - originally written and placed in the public domain by Wei Dai
// Cutover to KeyDerivationFunction interface by Uri Blumenthal
// Marcel Raad and Jeffrey Walton in March 2018.
/// \file pwdbased.h /// \file pwdbased.h
/// \brief Password based key derivation functions /// \brief Password based key derivation functions
@ -13,82 +15,103 @@
NAMESPACE_BEGIN(CryptoPP) NAMESPACE_BEGIN(CryptoPP)
/// \brief Abstract base class for password based key derivation function struct PasswordBasedKeyDerivationFunction : public KeyDerivationFunction
class PasswordBasedKeyDerivationFunction
{ {
public:
virtual ~PasswordBasedKeyDerivationFunction() {}
/// \brief Provides the maximum derived key length
/// \returns maximum derived key length, in bytes
virtual size_t MaxDerivedKeyLength() const =0;
/// \brief Determines if the derivation function uses the purpose byte
/// \returns true if the derivation function uses the purpose byte, false otherwise
virtual bool UsesPurposeByte() const =0;
/// \brief Derive key from the password
/// \param derived the byte buffer to receive the derived password
/// \param derivedLen the size of the byte buffer to receive the derived password
/// \param purpose an octet indicating the purpose of the derivation
/// \param password the byte buffer with the password
/// \param passwordLen the size of the password, in bytes
/// \param salt the byte buffer with the salt
/// \param saltLen the size of the salt, in bytes
/// \param iterations the number of iterations to attempt
/// \param timeInSeconds the length of time the derivation function should execute
/// \returns iteration count achieved
/// \details DeriveKey returns the actual iteration count achieved. If <tt>timeInSeconds == 0</tt>, then the complete number
/// of iterations will be obtained. If <tt>timeInSeconds != 0</tt>, then DeriveKey will iterate until time elapsed, as
/// measured by ThreadUserTimer.
virtual unsigned int DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *password, size_t passwordLen, const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds=0) const =0;
}; };
// ******************** PBKDF1 ********************
/// \brief PBKDF1 from PKCS #5 /// \brief PBKDF1 from PKCS #5
/// \tparam T a HashTransformation class /// \tparam T a HashTransformation class
template <class T> template <class T>
class PKCS5_PBKDF1 : public PasswordBasedKeyDerivationFunction class PKCS5_PBKDF1 : public PasswordBasedKeyDerivationFunction
{ {
public: public:
size_t MaxDerivedKeyLength() const {return T::DIGESTSIZE;} virtual ~PKCS5_PBKDF1() {}
bool UsesPurposeByte() const {return false;}
// PKCS #5 says PBKDF1 should only take 8-byte salts. This implementation allows salts of any length.
unsigned int DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *password, size_t passwordLen, const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds=0) const;
};
/// \brief PBKDF2 from PKCS #5 static std::string StaticAlgorithmName () {
/// \tparam T a HashTransformation class const std::string name(std::string("PBKDF1(") +
template <class T> std::string(T::StaticAlgorithmName()) + std::string(")"));
class PKCS5_PBKDF2_HMAC : public PasswordBasedKeyDerivationFunction return name;
{ }
public:
size_t MaxDerivedKeyLength() const {return 0xffffffffU;} // should multiply by T::DIGESTSIZE, but gets overflow that way
bool UsesPurposeByte() const {return false;}
unsigned int DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *password, size_t passwordLen, const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds=0) const;
};
/* // KeyDerivationFunction interface
class PBKDF2Params std::string AlgorithmName() const {
{ return StaticAlgorithmName();
public: }
SecByteBlock m_salt;
unsigned int m_interationCount; // KeyDerivationFunction interface
ASNOptional<ASNUnsignedWrapper<word32> > m_keyLength; size_t MaxDerivedKeyLength() const {
return static_cast<size_t>(T::DIGESTSIZE);
}
// KeyDerivationFunction interface
size_t GetValidDerivedLength(size_t keylength) const;
// KeyDerivationFunction interface
virtual size_t DeriveKey(byte *derived, size_t derivedLen, const byte *secret, size_t secretLen,
const NameValuePairs& params = g_nullNameValuePairs) const;
/// \brief Derive a key from a secret seed
/// \param derived the derived output buffer
/// \param derivedLen the size of the derived buffer, in bytes
/// \param purpose a purpose byte
/// \param secret the seed input buffer
/// \param secretLen the size of the secret buffer, in bytes
/// \param salt the salt input buffer
/// \param saltLen the size of the salt buffer, in bytes
/// \param iterations the number of iterations
/// \param timeInSeconds the in seconds
/// \returns the number of iterations performed
/// \throws InvalidDerivedLength if <tt>derivedLen</tt> is invalid for the scheme
/// \details DeriveKey() provides a standard interface to derive a key from
/// a seed and other parameters. Each class that derives from KeyDerivationFunction
/// provides an overload that accepts most parameters used by the derivation function.
/// \details If <tt>timeInSeconds</tt> is <tt>&gt; 0.0</tt> then DeriveKey will run for
/// that amount of time. If <tt>timeInSeconds</tt> is <tt>0.0</tt> then DeriveKey will
/// run for the specified number of iterations.
/// \details PKCS #5 says PBKDF1 should only take 8-byte salts. This implementation
/// allows salts of any length.
size_t DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *secret, size_t secretLen, const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds=0) const;
protected:
// KeyDerivationFunction interface
const Algorithm & GetAlgorithm() const {
return *this;
}
}; };
*/
template <class T> template <class T>
unsigned int PKCS5_PBKDF1<T>::DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *password, size_t passwordLen, const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds) const size_t PKCS5_PBKDF1<T>::GetValidDerivedLength(size_t keylength) const
{ {
CRYPTOPP_UNUSED(purpose); if (keylength > MaxDerivedLength())
return MaxDerivedLength();
return keylength;
}
template <class T>
size_t PKCS5_PBKDF1<T>::DeriveKey(byte *derived, size_t derivedLen,
const byte *secret, size_t secretLen, const NameValuePairs& params) const
{
return derivedLen;
}
template <class T>
size_t PKCS5_PBKDF1<T>::DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *secret, size_t secretLen, const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds) const
{
CRYPTOPP_ASSERT(derived && derivedLen);
CRYPTOPP_ASSERT(secret && secretLen);
CRYPTOPP_ASSERT(derivedLen <= MaxDerivedKeyLength()); CRYPTOPP_ASSERT(derivedLen <= MaxDerivedKeyLength());
CRYPTOPP_ASSERT(iterations > 0 || timeInSeconds > 0); CRYPTOPP_ASSERT(iterations > 0 || timeInSeconds > 0);
CRYPTOPP_UNUSED(purpose);
if (!iterations) ThrowIfInvalidDerivedLength(derivedLen);
iterations = 1;
// Business logic
if (!iterations) { iterations = 1; }
T hash; T hash;
hash.Update(password, passwordLen); hash.Update(secret, secretLen);
hash.Update(salt, saltLen); hash.Update(salt, saltLen);
SecByteBlock buffer(hash.DigestSize()); SecByteBlock buffer(hash.DigestSize());
@ -107,17 +130,107 @@ unsigned int PKCS5_PBKDF1<T>::DeriveKey(byte *derived, size_t derivedLen, byte p
return i; return i;
} }
// ******************** PKCS5_PBKDF2_HMAC ********************
/// \brief PBKDF2 from PKCS #5
/// \tparam T a HashTransformation class
template <class T> template <class T>
unsigned int PKCS5_PBKDF2_HMAC<T>::DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *password, size_t passwordLen, const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds) const class PKCS5_PBKDF2_HMAC : public PasswordBasedKeyDerivationFunction
{ {
CRYPTOPP_UNUSED(purpose); public:
CRYPTOPP_ASSERT(derivedLen <= MaxDerivedKeyLength()); virtual ~PKCS5_PBKDF2_HMAC() {}
static std::string StaticAlgorithmName () {
const std::string name(std::string("PBKDF2_HMAC(") +
std::string(T::StaticAlgorithmName()) + std::string(")"));
return name;
}
// KeyDerivationFunction interface
std::string AlgorithmName() const {
return StaticAlgorithmName();
}
// KeyDerivationFunction interface
// should multiply by T::DIGESTSIZE, but gets overflow that way
size_t MaxDerivedKeyLength() const {
return 0xffffffffU;
}
// KeyDerivationFunction interface
size_t GetValidDerivedLength(size_t keylength) const;
// KeyDerivationFunction interface
size_t DeriveKey(byte *derived, size_t derivedLen, const byte *secret, size_t secretLen,
const NameValuePairs& params = g_nullNameValuePairs) const;
/// \brief Derive a key from a secret seed
/// \param derived the derived output buffer
/// \param derivedLen the size of the derived buffer, in bytes
/// \param purpose a purpose byte
/// \param secret the seed input buffer
/// \param secretLen the size of the secret buffer, in bytes
/// \param salt the salt input buffer
/// \param saltLen the size of the salt buffer, in bytes
/// \param iterations the number of iterations
/// \param timeInSeconds the in seconds
/// \returns the number of iterations performed
/// \throws InvalidDerivedLength if <tt>derivedLen</tt> is invalid for the scheme
/// \details DeriveKey() provides a standard interface to derive a key from
/// a seed and other parameters. Each class that derives from KeyDerivationFunction
/// provides an overload that accepts most parameters used by the derivation function.
/// \details If <tt>timeInSeconds</tt> is <tt>&gt; 0.0</tt> then DeriveKey will run for
/// that amount of time. If <tt>timeInSeconds</tt> is <tt>0.0</tt> then DeriveKey will
/// run for the specified number of iterations.
size_t DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *secret, size_t secretLen,
const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds=0) const;
protected:
// KeyDerivationFunction interface
const Algorithm & GetAlgorithm() const {
return *this;
}
};
template <class T>
size_t PKCS5_PBKDF2_HMAC<T>::GetValidDerivedLength(size_t keylength) const
{
if (keylength > MaxDerivedLength())
return MaxDerivedLength();
return keylength;
}
template <class T>
size_t PKCS5_PBKDF2_HMAC<T>::DeriveKey(byte *derived, size_t derivedLen,
const byte *secret, size_t secretLen, const NameValuePairs& params) const
{
CRYPTOPP_ASSERT(derived && derivedLen);
CRYPTOPP_ASSERT(secret && secretLen);
byte purpose = (byte)params.GetIntValueWithDefault("Purpose", 0);
unsigned int iterations = (unsigned int)params.GetIntValueWithDefault("Iterations", 1);
ConstByteArrayParameter salt;
(void)params.GetValue(Name::Salt(), salt);
return DeriveKey(derived, derivedLen, purpose, secret, secretLen, salt.begin(), salt.size(), iterations, 0.0f);
}
template <class T>
size_t PKCS5_PBKDF2_HMAC<T>::DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *secret, size_t secretLen, const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds) const
{
CRYPTOPP_ASSERT(derived && derivedLen);
CRYPTOPP_ASSERT(secret && secretLen);
CRYPTOPP_ASSERT(derivedLen <= MaxDerivedLength());
CRYPTOPP_ASSERT(iterations > 0 || timeInSeconds > 0); CRYPTOPP_ASSERT(iterations > 0 || timeInSeconds > 0);
CRYPTOPP_UNUSED(purpose);
if (!iterations) ThrowIfInvalidDerivedLength(derivedLen);
iterations = 1;
HMAC<T> hmac(password, passwordLen); // Business logic
if (!iterations) { iterations = 1; }
HMAC<T> hmac(secret, secretLen);
SecByteBlock buffer(hmac.DigestSize()); SecByteBlock buffer(hmac.DigestSize());
ThreadUserTimer timer; ThreadUserTimer timer;
@ -167,29 +280,107 @@ unsigned int PKCS5_PBKDF2_HMAC<T>::DeriveKey(byte *derived, size_t derivedLen, b
return iterations; return iterations;
} }
// ******************** PKCS12_PBKDF ********************
/// \brief PBKDF from PKCS #12, appendix B /// \brief PBKDF from PKCS #12, appendix B
/// \tparam T a HashTransformation class /// \tparam T a HashTransformation class
template <class T> template <class T>
class PKCS12_PBKDF : public PasswordBasedKeyDerivationFunction class PKCS12_PBKDF : public PasswordBasedKeyDerivationFunction
{ {
public: public:
size_t MaxDerivedKeyLength() const {return size_t(0)-1;} virtual ~PKCS12_PBKDF() {}
bool UsesPurposeByte() const {return true;}
unsigned int DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *password, size_t passwordLen, const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds) const; static std::string StaticAlgorithmName () {
const std::string name(std::string("PBKDF_PKCS12(") +
std::string(T::StaticAlgorithmName()) + std::string(")"));
return name;
}
// KeyDerivationFunction interface
std::string AlgorithmName() const {
return StaticAlgorithmName();
}
// TODO - check this
size_t MaxDerivedKeyLength() const {
return static_cast<size_t>(-1);
}
// KeyDerivationFunction interface
size_t GetValidDerivedLength(size_t keylength) const;
// KeyDerivationFunction interface
size_t DeriveKey(byte *derived, size_t derivedLen, const byte *secret, size_t secretLen,
const NameValuePairs& params = g_nullNameValuePairs) const;
/// \brief Derive a key from a secret seed
/// \param derived the derived output buffer
/// \param derivedLen the size of the derived buffer, in bytes
/// \param purpose a purpose byte
/// \param secret the seed input buffer
/// \param secretLen the size of the secret buffer, in bytes
/// \param salt the salt input buffer
/// \param saltLen the size of the salt buffer, in bytes
/// \param iterations the number of iterations
/// \param timeInSeconds the in seconds
/// \returns the number of iterations performed
/// \throws InvalidDerivedLength if <tt>derivedLen</tt> is invalid for the scheme
/// \details DeriveKey() provides a standard interface to derive a key from
/// a seed and other parameters. Each class that derives from KeyDerivationFunction
/// provides an overload that accepts most parameters used by the derivation function.
/// \details If <tt>timeInSeconds</tt> is <tt>&gt; 0.0</tt> then DeriveKey will run for
/// that amount of time. If <tt>timeInSeconds</tt> is <tt>0.0</tt> then DeriveKey will
/// run for the specified number of iterations.
size_t DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *secret, size_t secretLen,
const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds) const;
protected:
// KeyDerivationFunction interface
const Algorithm & GetAlgorithm() const {
return *this;
}
}; };
template <class T> template <class T>
unsigned int PKCS12_PBKDF<T>::DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *password, size_t passwordLen, const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds) const size_t PKCS12_PBKDF<T>::GetValidDerivedLength(size_t keylength) const
{
if (keylength > MaxDerivedLength())
return MaxDerivedLength();
return keylength;
}
template <class T>
size_t PKCS12_PBKDF<T>::DeriveKey(byte *derived, size_t derivedLen,
const byte *secret, size_t secretLen, const NameValuePairs& params) const
{
CRYPTOPP_ASSERT(derived && derivedLen);
CRYPTOPP_ASSERT(secret && secretLen);
CRYPTOPP_ASSERT(derivedLen <= MaxDerivedLength());
byte purpose = (byte)params.GetIntValueWithDefault("Purpose", 0);
unsigned int iterations = (unsigned int)params.GetIntValueWithDefault("Iterations", 1);
// NULL or 0 length salt OK
ConstByteArrayParameter salt;
(void)params.GetValue(Name::Salt(), salt);
return DeriveKey(derived, derivedLen, purpose, secret, secretLen, salt.begin(), salt.size(), iterations, 0.0f);
}
template <class T>
size_t PKCS12_PBKDF<T>::DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *secret, size_t secretLen, const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds) const
{ {
CRYPTOPP_ASSERT(derivedLen <= MaxDerivedKeyLength()); CRYPTOPP_ASSERT(derivedLen <= MaxDerivedKeyLength());
CRYPTOPP_ASSERT(iterations > 0 || timeInSeconds > 0); CRYPTOPP_ASSERT(iterations > 0 || timeInSeconds > 0);
if (!iterations) ThrowIfInvalidDerivedLength(derivedLen);
iterations = 1;
// Business logic
if (!iterations) { iterations = 1; }
const size_t v = T::BLOCKSIZE; // v is in bytes rather than bits as in PKCS #12 const size_t v = T::BLOCKSIZE; // v is in bytes rather than bits as in PKCS #12
const size_t DLen = v, SLen = RoundUpToMultipleOf(saltLen, v); const size_t DLen = v, SLen = RoundUpToMultipleOf(saltLen, v);
const size_t PLen = RoundUpToMultipleOf(passwordLen, v), ILen = SLen + PLen; const size_t PLen = RoundUpToMultipleOf(secretLen, v), ILen = SLen + PLen;
SecByteBlock buffer(DLen + SLen + PLen); SecByteBlock buffer(DLen + SLen + PLen);
byte *D = buffer, *S = buffer+DLen, *P = buffer+DLen+SLen, *I = S; byte *D = buffer, *S = buffer+DLen, *P = buffer+DLen+SLen, *I = S;
@ -198,8 +389,7 @@ unsigned int PKCS12_PBKDF<T>::DeriveKey(byte *derived, size_t derivedLen, byte p
for (i=0; i<SLen; i++) for (i=0; i<SLen; i++)
S[i] = salt[i % saltLen]; S[i] = salt[i % saltLen];
for (i=0; i<PLen; i++) for (i=0; i<PLen; i++)
P[i] = password[i % passwordLen]; P[i] = secret[i % secretLen];
T hash; T hash;
SecByteBlock Ai(T::DIGESTSIZE), B(v); SecByteBlock Ai(T::DIGESTSIZE), B(v);

8
validat3.cpp
View File

@ -570,7 +570,7 @@ struct PBKDF_TestTuple
const char *hexPassword, *hexSalt, *hexDerivedKey; const char *hexPassword, *hexSalt, *hexDerivedKey;
}; };
bool TestPBKDF(PasswordBasedKeyDerivationFunction &pbkdf, const PBKDF_TestTuple *testSet, unsigned int testSetSize) bool TestPBKDF(KeyDerivationFunction &pbkdf, const PBKDF_TestTuple *testSet, unsigned int testSetSize)
{ {
bool pass = true; bool pass = true;
@ -583,8 +583,12 @@ bool TestPBKDF(PasswordBasedKeyDerivationFunction &pbkdf, const PBKDF_TestTuple
StringSource(tuple.hexSalt, true, new HexDecoder(new StringSink(salt))); StringSource(tuple.hexSalt, true, new HexDecoder(new StringSink(salt)));
StringSource(tuple.hexDerivedKey, true, new HexDecoder(new StringSink(derivedKey))); StringSource(tuple.hexDerivedKey, true, new HexDecoder(new StringSink(derivedKey)));
AlgorithmParameters params = MakeParameters("Purpose", (int)tuple.purpose)
(Name::Salt(), ConstByteArrayParameter((const byte*)&salt[0], salt.size()))
("Iterations", (int)tuple.iterations);
SecByteBlock derived(derivedKey.size()); SecByteBlock derived(derivedKey.size());
pbkdf.DeriveKey(derived, derived.size(), tuple.purpose, (byte *)password.data(), password.size(), (byte *)salt.data(), salt.size(), tuple.iterations); pbkdf.DeriveKey(derived, derived.size(), (const byte *)password.data(), password.size(), params);
bool fail = !!memcmp(derived, derivedKey.data(), derived.size()) != 0; bool fail = !!memcmp(derived, derivedKey.data(), derived.size()) != 0;
pass = pass && !fail; pass = pass && !fail;