1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
|
//
// PBKDF2Engine.h
//
// Library: Foundation
// Package: Crypt
// Module: PBKDF2Engine
//
// Definition of the PBKDF2Engine class.
//
// Copyright (c) 2014, Applied Informatics Software Engineering GmbH.
// and Contributors.
//
// SPDX-License-Identifier: BSL-1.0
//
#ifndef Foundation_PBKDF2Engine_INCLUDED
#define Foundation_PBKDF2Engine_INCLUDED
#include "Poco/Foundation.h"
#include "Poco/DigestEngine.h"
#include "Poco/ByteOrder.h"
#include <algorithm>
namespace Poco {
template <class PRF>
class PBKDF2Engine: public DigestEngine
/// This class implementes the Password-Based Key Derivation Function 2,
/// as specified in RFC 2898. The underlying DigestEngine (HMACEngine, etc.),
/// which must accept the passphrase as constructor argument (std::string),
/// must be given as template argument.
///
/// PBKDF2 (Password-Based Key Derivation Function 2) is a key derivation function
/// that is part of RSA Laboratories' Public-Key Cryptography Standards (PKCS) series,
/// specifically PKCS #5 v2.0, also published as Internet Engineering Task Force's
/// RFC 2898. It replaces an earlier standard, PBKDF1, which could only produce
/// derived keys up to 160 bits long.
///
/// PBKDF2 applies a pseudorandom function, such as a cryptographic hash, cipher, or
/// HMAC to the input password or passphrase along with a salt value and repeats the
/// process many times to produce a derived key, which can then be used as a
/// cryptographic key in subsequent operations. The added computational work makes
/// password cracking much more difficult, and is known as key stretching.
/// When the standard was written in 2000, the recommended minimum number of
/// iterations was 1000, but the parameter is intended to be increased over time as
/// CPU speeds increase. Having a salt added to the password reduces the ability to
/// use precomputed hashes (rainbow tables) for attacks, and means that multiple
/// passwords have to be tested individually, not all at once. The standard
/// recommends a salt length of at least 64 bits. [Wikipedia]
///
/// The PBKDF2 algorithm is implemented as a DigestEngine. The passphrase is specified
/// by calling update().
///
/// Example (WPA2):
/// PBKDF2Engine<HMACEngine<SHA1Engine> > pbkdf2(ssid, 4096, 256);
/// pbkdf2.update(passphrase);
/// DigestEngine::Digest d = pbkdf2.digest();
{
public:
enum
{
PRF_DIGEST_SIZE = PRF::DIGEST_SIZE
};
PBKDF2Engine(const std::string& salt, unsigned c = 4096, Poco::UInt32 dkLen = PRF_DIGEST_SIZE):
_s(salt),
_c(c),
_dkLen(dkLen)
{
_result.reserve(_dkLen + PRF_DIGEST_SIZE);
}
~PBKDF2Engine()
{
}
std::size_t digestLength() const
{
return _dkLen;
}
void reset()
{
_p.clear();
_result.clear();
}
const DigestEngine::Digest& digest()
{
Poco::UInt32 i = 1;
while (_result.size() < _dkLen)
{
f(i++);
}
_result.resize(_dkLen);
return _result;
}
protected:
void updateImpl(const void* data, std::size_t length)
{
_p.append(reinterpret_cast<const char*>(data), length);
}
void f(Poco::UInt32 i)
{
PRF prf(_p);
prf.update(_s);
Poco::UInt32 iBE = Poco::ByteOrder::toBigEndian(i);
prf.update(&iBE, sizeof(iBE));
Poco::DigestEngine::Digest up = prf.digest();
Poco::DigestEngine::Digest ux = up;
poco_assert_dbg(ux.size() == PRF_DIGEST_SIZE);
for (unsigned k = 1; k < _c; k++)
{
prf.reset();
prf.update(&up[0], up.size());
Poco::DigestEngine::Digest u = prf.digest();
poco_assert_dbg(u.size() == PRF_DIGEST_SIZE);
for (int ui = 0; ui < PRF_DIGEST_SIZE; ui++)
{
ux[ui] ^= u[ui];
}
std::swap(up, u);
}
_result.insert(_result.end(), ux.begin(), ux.end());
}
private:
PBKDF2Engine();
PBKDF2Engine(const PBKDF2Engine&);
PBKDF2Engine& operator = (const PBKDF2Engine&);
std::string _p;
std::string _s;
unsigned _c;
Poco::UInt32 _dkLen;
DigestEngine::Digest _result;
};
} // namespace Poco
#endif // Foundation_PBKDF2Engine_INCLUDED
|
