diff options
| author | lloyd <[email protected]> | 2008-09-28 18:03:20 +0000 |
|---|---|---|
| committer | lloyd <[email protected]> | 2008-09-28 18:03:20 +0000 |
| commit | 47ffeed7f8270855596c4f1d7b2d405172d78e8c (patch) | |
| tree | 371535473f023f310a9c9c0281d5f62b3faedad0 /modules | |
| parent | 389dd2cdf55a57960581f686a8a766475a1f5d38 (diff) | |
Modularize KDFs, PBKDFs, and PRFs
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/kdf/kdf2/kdf2.h | 29 | ||||
| -rw-r--r-- | modules/kdf/pbkdf2/pbkdf2.cpp | 81 | ||||
| -rw-r--r-- | modules/kdf/pbkdf2/pbkdf2.h | 30 | ||||
| -rw-r--r-- | modules/kdf/pgps2k/pgp_s2k.cpp | 82 | ||||
| -rw-r--r-- | modules/kdf/pgps2k/pgp_s2k.h | 30 | ||||
| -rw-r--r-- | modules/kdf/sslv3/prf_ssl3.cpp | 71 | ||||
| -rw-r--r-- | modules/kdf/tlsv1/prf_tls.cpp | 63 | ||||
| -rw-r--r-- | modules/kdf/x942/prf_x942.cpp | 89 |
8 files changed, 475 insertions, 0 deletions
diff --git a/modules/kdf/kdf2/kdf2.h b/modules/kdf/kdf2/kdf2.h new file mode 100644 index 000000000..003f0fc45 --- /dev/null +++ b/modules/kdf/kdf2/kdf2.h @@ -0,0 +1,29 @@ +/************************************************* +* KDF2 Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_KDF2_H__ +#define BOTAN_KDF2_H__ + +#include <botan/pk_util.h> + +namespace Botan { + +/************************************************* +* KDF2 * +*************************************************/ +class BOTAN_DLL KDF2 : public KDF + { + public: + SecureVector<byte> derive(u32bit, const byte[], u32bit, + const byte[], u32bit) const; + + KDF2(const std::string&); + private: + const std::string hash_name; + }; + +} + +#endif diff --git a/modules/kdf/pbkdf2/pbkdf2.cpp b/modules/kdf/pbkdf2/pbkdf2.cpp new file mode 100644 index 000000000..09d51d2a6 --- /dev/null +++ b/modules/kdf/pbkdf2/pbkdf2.cpp @@ -0,0 +1,81 @@ +/************************************************* +* PBKDF2 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/pbkdf2.h> +#include <botan/loadstor.h> +#include <botan/hmac.h> +#include <botan/lookup.h> +#include <botan/xor_buf.h> + +namespace Botan { + +/************************************************* +* Return a PKCS#5 PBKDF2 derived key * +*************************************************/ +OctetString PKCS5_PBKDF2::derive(u32bit key_len, + const std::string& passphrase, + const byte salt[], u32bit salt_size, + u32bit iterations) const + { + if(iterations == 0) + throw Invalid_Argument("PKCS#5 PBKDF2: Invalid iteration count"); + + if(passphrase.length() == 0) + throw Invalid_Argument("PKCS#5 PBKDF2: Empty passphrase is invalid"); + + HMAC hmac(hash_name); + + hmac.set_key(reinterpret_cast<const byte*>(passphrase.data()), + passphrase.length()); + + SecureVector<byte> key(key_len); + + byte* T = key.begin(); + + u32bit counter = 1; + while(key_len) + { + u32bit T_size = std::min(hmac.OUTPUT_LENGTH, key_len); + SecureVector<byte> U(hmac.OUTPUT_LENGTH); + + hmac.update(salt, salt_size); + for(u32bit j = 0; j != 4; ++j) + hmac.update(get_byte(j, counter)); + hmac.final(U); + xor_buf(T, U, T_size); + + for(u32bit j = 1; j != iterations; ++j) + { + hmac.update(U); + hmac.final(U); + xor_buf(T, U, T_size); + } + + key_len -= T_size; + T += T_size; + ++counter; + } + + return key; + } + +/************************************************* +* Return the name of this type * +*************************************************/ +std::string PKCS5_PBKDF2::name() const + { + return "PBKDF2(" + hash_name + ")"; + } + +/************************************************* +* PKCS5_PBKDF2 Constructor * +*************************************************/ +PKCS5_PBKDF2::PKCS5_PBKDF2(const std::string& h_name) : hash_name(h_name) + { + if(!have_hash(hash_name)) + throw Algorithm_Not_Found(hash_name); + } + +} diff --git a/modules/kdf/pbkdf2/pbkdf2.h b/modules/kdf/pbkdf2/pbkdf2.h new file mode 100644 index 000000000..dc6e41b9e --- /dev/null +++ b/modules/kdf/pbkdf2/pbkdf2.h @@ -0,0 +1,30 @@ +/************************************************* +* PBKDF2 Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_PBKDF2_H__ +#define BOTAN_PBKDF2_H__ + +#include <botan/s2k.h> + +namespace Botan { + +/************************************************* +* PKCS #5 PBKDF2 * +*************************************************/ +class BOTAN_DLL PKCS5_PBKDF2 : public S2K + { + public: + std::string name() const; + S2K* clone() const { return new PKCS5_PBKDF2(hash_name); } + PKCS5_PBKDF2(const std::string&); + private: + OctetString derive(u32bit, const std::string&, + const byte[], u32bit, u32bit) const; + const std::string hash_name; + }; + +} + +#endif diff --git a/modules/kdf/pgps2k/pgp_s2k.cpp b/modules/kdf/pgps2k/pgp_s2k.cpp new file mode 100644 index 000000000..66a243e45 --- /dev/null +++ b/modules/kdf/pgps2k/pgp_s2k.cpp @@ -0,0 +1,82 @@ +/************************************************* +* OpenPGP S2K Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/pgp_s2k.h> +#include <botan/lookup.h> +#include <algorithm> +#include <memory> + +namespace Botan { + +/************************************************* +* Derive a key using the OpenPGP S2K algorithm * +*************************************************/ +OctetString OpenPGP_S2K::derive(u32bit key_len, const std::string& passphrase, + const byte salt_buf[], u32bit salt_size, + u32bit iterations) const + { + SecureVector<byte> key(key_len), hash_buf; + + u32bit pass = 0, generated = 0, + total_size = passphrase.size() + salt_size; + u32bit to_hash = std::max(iterations, total_size); + + std::auto_ptr<HashFunction> hash(get_hash(hash_name)); + + hash->clear(); + while(key_len > generated) + { + for(u32bit j = 0; j != pass; ++j) + hash->update(0); + + u32bit left = to_hash; + while(left >= total_size) + { + hash->update(salt_buf, salt_size); + hash->update(passphrase); + left -= total_size; + } + if(left <= salt_size) + hash->update(salt_buf, left); + else + { + hash->update(salt_buf, salt_size); + left -= salt_size; + hash->update(reinterpret_cast<const byte*>(passphrase.data()), left); + } + + hash_buf = hash->final(); + key.copy(generated, hash_buf, hash->OUTPUT_LENGTH); + generated += hash->OUTPUT_LENGTH; + ++pass; + } + + return key; + } + +/************************************************* +* Return the name of this type * +*************************************************/ +std::string OpenPGP_S2K::name() const + { + return "OpenPGP-S2K(" + hash_name + ")"; + } + +/************************************************* +* Return a clone of this object * +*************************************************/ +S2K* OpenPGP_S2K::clone() const + { + return new OpenPGP_S2K(hash_name); + } + +/************************************************* +* OpenPGP S2K Constructor * +*************************************************/ +OpenPGP_S2K::OpenPGP_S2K(const std::string& h) : hash_name(h) + { + } + +} diff --git a/modules/kdf/pgps2k/pgp_s2k.h b/modules/kdf/pgps2k/pgp_s2k.h new file mode 100644 index 000000000..cd263a735 --- /dev/null +++ b/modules/kdf/pgps2k/pgp_s2k.h @@ -0,0 +1,30 @@ +/************************************************* +* OpenPGP S2K Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_OPENPGP_S2K_H__ +#define BOTAN_OPENPGP_S2K_H__ + +#include <botan/s2k.h> + +namespace Botan { + +/************************************************* +* OpenPGP S2K * +*************************************************/ +class BOTAN_DLL OpenPGP_S2K : public S2K + { + public: + std::string name() const; + S2K* clone() const; + OpenPGP_S2K(const std::string&); + private: + OctetString derive(u32bit, const std::string&, + const byte[], u32bit, u32bit) const; + const std::string hash_name; + }; + +} + +#endif diff --git a/modules/kdf/sslv3/prf_ssl3.cpp b/modules/kdf/sslv3/prf_ssl3.cpp new file mode 100644 index 000000000..b241bf60f --- /dev/null +++ b/modules/kdf/sslv3/prf_ssl3.cpp @@ -0,0 +1,71 @@ +/************************************************* +* SSLv3 PRF Source File * +* (C) 2004-2006 Jack Lloyd * +*************************************************/ + +#include <botan/prf_ssl3.h> +#include <botan/lookup.h> +#include <memory> + +namespace Botan { + +namespace { + +/************************************************* +* Return the next inner hash * +*************************************************/ +OctetString next_hash(u32bit where, u32bit want, + HashFunction* md5, HashFunction* sha1, + const byte secret[], u32bit secret_len, + const byte seed[], u32bit seed_len) + { + if(want > md5->OUTPUT_LENGTH) + throw Internal_Error("SSL3_PRF:next_hash: want is too big"); + + const byte ASCII_A_CHAR = 0x41; + + for(u32bit j = 0; j != where + 1; j++) + sha1->update(ASCII_A_CHAR + where); + sha1->update(secret, secret_len); + sha1->update(seed, seed_len); + SecureVector<byte> sha1_hash = sha1->final(); + + md5->update(secret, secret_len); + md5->update(sha1_hash); + SecureVector<byte> md5_hash = md5->final(); + + return OctetString(md5_hash, want); + } + +} + +/************************************************* +* SSL3 PRF * +*************************************************/ +SecureVector<byte> SSL3_PRF::derive(u32bit key_len, + const byte secret[], u32bit secret_len, + const byte seed[], u32bit seed_len) const + { + if(key_len > 416) + throw Internal_Error("SSL3_PRF: Requested key length is too large"); + + std::auto_ptr<HashFunction> md5(get_hash("MD5")); + std::auto_ptr<HashFunction> sha1(get_hash("SHA-1")); + + OctetString output; + + int counter = 0; + while(key_len) + { + const u32bit produce = std::min(key_len, md5->OUTPUT_LENGTH); + + output = output + next_hash(counter++, produce, md5.get(), sha1.get(), + secret, secret_len, seed, seed_len); + + key_len -= produce; + } + + return output.bits_of(); + } + +} diff --git a/modules/kdf/tlsv1/prf_tls.cpp b/modules/kdf/tlsv1/prf_tls.cpp new file mode 100644 index 000000000..e035ac85e --- /dev/null +++ b/modules/kdf/tlsv1/prf_tls.cpp @@ -0,0 +1,63 @@ +/************************************************* +* TLS PRF Source File * +* (C) 2004-2006 Jack Lloyd * +*************************************************/ + +#include <botan/prf_tls.h> +#include <botan/lookup.h> +#include <botan/xor_buf.h> +#include <botan/hmac.h> + +namespace Botan { + +/************************************************* +* TLS PRF * +*************************************************/ +SecureVector<byte> TLS_PRF::derive(u32bit key_len, + const byte secret[], u32bit secret_len, + const byte seed[], u32bit seed_len) const + { + u32bit S1_len = (secret_len + 1) / 2, + S2_len = (secret_len + 1) / 2; + const byte* S1 = secret; + const byte* S2 = secret + (secret_len - S2_len); + + SecureVector<byte> key1, key2; + key1 = P_hash("MD5", key_len, S1, S1_len, seed, seed_len); + key2 = P_hash("SHA-1", key_len, S2, S2_len, seed, seed_len); + + xor_buf(key1.begin(), key2.begin(), key2.size()); + + return key1; + } + +/************************************************* +* TLS PRF P_hash function * +*************************************************/ +SecureVector<byte> TLS_PRF::P_hash(const std::string& hash, u32bit len, + const byte secret[], u32bit secret_len, + const byte seed[], u32bit seed_len) const + { + SecureVector<byte> out; + + HMAC hmac(hash); + hmac.set_key(secret, secret_len); + + SecureVector<byte> A(seed, seed_len); + while(len) + { + const u32bit this_block_len = std::min(hmac.OUTPUT_LENGTH, len); + + A = hmac.process(A); + + hmac.update(A); + hmac.update(seed, seed_len); + SecureVector<byte> block = hmac.final(); + + out.append(block, this_block_len); + len -= this_block_len; + } + return out; + } + +} diff --git a/modules/kdf/x942/prf_x942.cpp b/modules/kdf/x942/prf_x942.cpp new file mode 100644 index 000000000..3a7298771 --- /dev/null +++ b/modules/kdf/x942/prf_x942.cpp @@ -0,0 +1,89 @@ +/************************************************* +* X9.42 PRF Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/prf_x942.h> +#include <botan/der_enc.h> +#include <botan/oids.h> +#include <botan/lookup.h> +#include <botan/loadstor.h> +#include <algorithm> +#include <memory> + +namespace Botan { + +namespace { + +/************************************************* +* Encode an integer as an OCTET STRING * +*************************************************/ +MemoryVector<byte> encode_x942_int(u32bit n) + { + byte n_buf[4] = { 0 }; + store_be(n, n_buf); + return DER_Encoder().encode(n_buf, 4, OCTET_STRING).get_contents(); + } + +} + +/************************************************* +* X9.42 PRF * +*************************************************/ +SecureVector<byte> X942_PRF::derive(u32bit key_len, + const byte secret[], u32bit secret_len, + const byte salt[], u32bit salt_len) const + { + std::auto_ptr<HashFunction> hash(get_hash("SHA-1")); + const OID kek_algo(key_wrap_oid); + + SecureVector<byte> key; + u32bit counter = 1; + + while(key.size() != key_len && counter) + { + hash->update(secret, secret_len); + + hash->update( + DER_Encoder().start_cons(SEQUENCE) + + .start_cons(SEQUENCE) + .encode(kek_algo) + .raw_bytes(encode_x942_int(counter)) + .end_cons() + + .encode_if(salt_len != 0, + DER_Encoder() + .start_explicit(0) + .encode(salt, salt_len, OCTET_STRING) + .end_explicit() + ) + + .start_explicit(2) + .raw_bytes(encode_x942_int(8 * key_len)) + .end_explicit() + + .end_cons().get_contents() + ); + + SecureVector<byte> digest = hash->final(); + key.append(digest, std::min(digest.size(), key_len - key.size())); + + ++counter; + } + + return key; + } + +/************************************************* +* X9.42 Constructor * +*************************************************/ +X942_PRF::X942_PRF(const std::string& oid) + { + if(OIDS::have_oid(oid)) + key_wrap_oid = OIDS::lookup(oid).as_string(); + else + key_wrap_oid = oid; + } + +} |