diff options
Diffstat (limited to 'src/lib/pbkdf')
| -rw-r--r-- | src/lib/pbkdf/info.txt | 3 | ||||
| -rw-r--r-- | src/lib/pbkdf/pbkdf.cpp | 44 | ||||
| -rw-r--r-- | src/lib/pbkdf/pbkdf.h | 124 | ||||
| -rw-r--r-- | src/lib/pbkdf/pbkdf1/info.txt | 5 | ||||
| -rw-r--r-- | src/lib/pbkdf/pbkdf1/pbkdf1.cpp | 58 | ||||
| -rw-r--r-- | src/lib/pbkdf/pbkdf1/pbkdf1.h | 61 | ||||
| -rw-r--r-- | src/lib/pbkdf/pbkdf2/info.txt | 5 | ||||
| -rw-r--r-- | src/lib/pbkdf/pbkdf2/pbkdf2.cpp | 111 | ||||
| -rw-r--r-- | src/lib/pbkdf/pbkdf2/pbkdf2.h | 55 |
9 files changed, 466 insertions, 0 deletions
diff --git a/src/lib/pbkdf/info.txt b/src/lib/pbkdf/info.txt new file mode 100644 index 000000000..d991577f7 --- /dev/null +++ b/src/lib/pbkdf/info.txt @@ -0,0 +1,3 @@ +<requires> +algo_base +</requires> diff --git a/src/lib/pbkdf/pbkdf.cpp b/src/lib/pbkdf/pbkdf.cpp new file mode 100644 index 000000000..ccd203dbd --- /dev/null +++ b/src/lib/pbkdf/pbkdf.cpp @@ -0,0 +1,44 @@ +/* +* PBKDF +* (C) 2012 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/pbkdf.h> +#include <stdexcept> + +namespace Botan { + +OctetString PBKDF::derive_key(size_t output_len, + const std::string& passphrase, + const byte salt[], size_t salt_len, + size_t iterations) const + { + if(iterations == 0) + throw std::invalid_argument(name() + ": Invalid iteration count"); + + auto derived = key_derivation(output_len, passphrase, + salt, salt_len, iterations, + std::chrono::milliseconds(0)); + + BOTAN_ASSERT(derived.first == iterations, + "PBKDF used the correct number of iterations"); + + return derived.second; + } + +OctetString PBKDF::derive_key(size_t output_len, + const std::string& passphrase, + const byte salt[], size_t salt_len, + std::chrono::milliseconds ms, + size_t& iterations) const + { + auto derived = key_derivation(output_len, passphrase, salt, salt_len, 0, ms); + + iterations = derived.first; + + return derived.second; + } + +} diff --git a/src/lib/pbkdf/pbkdf.h b/src/lib/pbkdf/pbkdf.h new file mode 100644 index 000000000..65ad8e83a --- /dev/null +++ b/src/lib/pbkdf/pbkdf.h @@ -0,0 +1,124 @@ +/* +* PBKDF +* (C) 1999-2007,2012 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_PBKDF_H__ +#define BOTAN_PBKDF_H__ + +#include <botan/algo_base.h> +#include <botan/symkey.h> +#include <chrono> + +namespace Botan { + +/** +* Base class for PBKDF (password based key derivation function) +* implementations. Converts a password into a key using a salt +* and iterated hashing to make brute force attacks harder. +*/ +class BOTAN_DLL PBKDF : public Algorithm + { + public: + + /** + * @return new instance of this same algorithm + */ + virtual PBKDF* clone() const = 0; + + void clear() {} + + /** + * Derive a key from a passphrase + * @param output_len the desired length of the key to produce + * @param passphrase the password to derive the key from + * @param salt a randomly chosen salt + * @param salt_len length of salt in bytes + * @param iterations the number of iterations to use (use 10K or more) + */ + OctetString derive_key(size_t output_len, + const std::string& passphrase, + const byte salt[], size_t salt_len, + size_t iterations) const; + + /** + * Derive a key from a passphrase + * @param output_len the desired length of the key to produce + * @param passphrase the password to derive the key from + * @param salt a randomly chosen salt + * @param iterations the number of iterations to use (use 10K or more) + */ + template<typename Alloc> + OctetString derive_key(size_t output_len, + const std::string& passphrase, + const std::vector<byte, Alloc>& salt, + size_t iterations) const + { + return derive_key(output_len, passphrase, &salt[0], salt.size(), iterations); + } + + /** + * Derive a key from a passphrase + * @param output_len the desired length of the key to produce + * @param passphrase the password to derive the key from + * @param salt a randomly chosen salt + * @param salt_len length of salt in bytes + * @param msec is how long to run the PBKDF + * @param iterations is set to the number of iterations used + */ + OctetString derive_key(size_t output_len, + const std::string& passphrase, + const byte salt[], size_t salt_len, + std::chrono::milliseconds msec, + size_t& iterations) const; + + /** + * Derive a key from a passphrase using a certain amount of time + * @param output_len the desired length of the key to produce + * @param passphrase the password to derive the key from + * @param salt a randomly chosen salt + * @param msec is how long to run the PBKDF + * @param iterations is set to the number of iterations used + */ + template<typename Alloc> + OctetString derive_key(size_t output_len, + const std::string& passphrase, + const std::vector<byte, Alloc>& salt, + std::chrono::milliseconds msec, + size_t& iterations) const + { + return derive_key(output_len, passphrase, &salt[0], salt.size(), msec, iterations); + } + + /** + * Derive a key from a passphrase for a number of iterations + * specified by either iterations or if iterations == 0 then + * running until seconds time has elapsed. + * + * @param output_len the desired length of the key to produce + * @param passphrase the password to derive the key from + * @param salt a randomly chosen salt + * @param salt_len length of salt in bytes + * @param iterations the number of iterations to use (use 10K or more) + * @param msec if iterations is zero, then instead the PBKDF is + * run until msec milliseconds has passed. + * @return the number of iterations performed and the derived key + */ + virtual std::pair<size_t, OctetString> + key_derivation(size_t output_len, + const std::string& passphrase, + const byte salt[], size_t salt_len, + size_t iterations, + std::chrono::milliseconds msec) const = 0; + }; + +/** +* For compatability with 1.8 +*/ +typedef PBKDF S2K; + +} + +#endif diff --git a/src/lib/pbkdf/pbkdf1/info.txt b/src/lib/pbkdf/pbkdf1/info.txt new file mode 100644 index 000000000..1ec626cac --- /dev/null +++ b/src/lib/pbkdf/pbkdf1/info.txt @@ -0,0 +1,5 @@ +define PBKDF1 20131128 + +<requires> +hash +</requires> diff --git a/src/lib/pbkdf/pbkdf1/pbkdf1.cpp b/src/lib/pbkdf/pbkdf1/pbkdf1.cpp new file mode 100644 index 000000000..9d1672529 --- /dev/null +++ b/src/lib/pbkdf/pbkdf1/pbkdf1.cpp @@ -0,0 +1,58 @@ +/* +* PBKDF1 +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/pbkdf1.h> +#include <botan/exceptn.h> + +namespace Botan { + +/* +* Return a PKCS#5 PBKDF1 derived key +*/ +std::pair<size_t, OctetString> +PKCS5_PBKDF1::key_derivation(size_t key_len, + const std::string& passphrase, + const byte salt[], size_t salt_len, + size_t iterations, + std::chrono::milliseconds msec) const + { + if(key_len > hash->output_length()) + throw Invalid_Argument("PKCS5_PBKDF1: Requested output length too long"); + + hash->update(passphrase); + hash->update(salt, salt_len); + secure_vector<byte> key = hash->final(); + + const auto start = std::chrono::high_resolution_clock::now(); + size_t iterations_performed = 1; + + while(true) + { + if(iterations == 0) + { + if(iterations_performed % 10000 == 0) + { + auto time_taken = std::chrono::high_resolution_clock::now() - start; + auto msec_taken = std::chrono::duration_cast<std::chrono::milliseconds>(time_taken); + if(msec_taken > msec) + break; + } + } + else if(iterations_performed == iterations) + break; + + hash->update(key); + hash->final(&key[0]); + + ++iterations_performed; + } + + return std::make_pair(iterations_performed, + OctetString(&key[0], std::min(key_len, key.size()))); + } + +} diff --git a/src/lib/pbkdf/pbkdf1/pbkdf1.h b/src/lib/pbkdf/pbkdf1/pbkdf1.h new file mode 100644 index 000000000..783b70ed9 --- /dev/null +++ b/src/lib/pbkdf/pbkdf1/pbkdf1.h @@ -0,0 +1,61 @@ +/* +* PBKDF1 +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_PBKDF1_H__ +#define BOTAN_PBKDF1_H__ + +#include <botan/pbkdf.h> +#include <botan/hash.h> + +namespace Botan { + +/** +* PKCS #5 v1 PBKDF, aka PBKDF1 +* Can only generate a key up to the size of the hash output. +* Unless needed for backwards compatability, use PKCS5_PBKDF2 +*/ +class BOTAN_DLL PKCS5_PBKDF1 : public PBKDF + { + public: + /** + * Create a PKCS #5 instance using the specified hash function. + * @param hash_in pointer to a hash function object to use + */ + PKCS5_PBKDF1(HashFunction* hash_in) : hash(hash_in) {} + + /** + * Copy constructor + * @param other the object to copy + */ + PKCS5_PBKDF1(const PKCS5_PBKDF1& other) : + PBKDF(), hash(other.hash->clone()) {} + + ~PKCS5_PBKDF1() { delete hash; } + + std::string name() const + { + return "PBKDF1(" + hash->name() + ")"; + } + + PBKDF* clone() const + { + return new PKCS5_PBKDF1(hash->clone()); + } + + std::pair<size_t, OctetString> + key_derivation(size_t output_len, + const std::string& passphrase, + const byte salt[], size_t salt_len, + size_t iterations, + std::chrono::milliseconds msec) const override; + private: + HashFunction* hash; + }; + +} + +#endif diff --git a/src/lib/pbkdf/pbkdf2/info.txt b/src/lib/pbkdf/pbkdf2/info.txt new file mode 100644 index 000000000..b13168c53 --- /dev/null +++ b/src/lib/pbkdf/pbkdf2/info.txt @@ -0,0 +1,5 @@ +define PBKDF2 20131128 + +<requires> +mac +</requires> diff --git a/src/lib/pbkdf/pbkdf2/pbkdf2.cpp b/src/lib/pbkdf/pbkdf2/pbkdf2.cpp new file mode 100644 index 000000000..c24bcaff8 --- /dev/null +++ b/src/lib/pbkdf/pbkdf2/pbkdf2.cpp @@ -0,0 +1,111 @@ +/* +* PBKDF2 +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/pbkdf2.h> +#include <botan/get_byte.h> +#include <botan/internal/xor_buf.h> +#include <botan/internal/rounding.h> + +namespace Botan { + +/* +* Return a PKCS #5 PBKDF2 derived key +*/ +std::pair<size_t, OctetString> +PKCS5_PBKDF2::key_derivation(size_t key_len, + const std::string& passphrase, + const byte salt[], size_t salt_len, + size_t iterations, + std::chrono::milliseconds msec) const + { + if(key_len == 0) + return std::make_pair(iterations, OctetString()); + + try + { + mac->set_key(reinterpret_cast<const byte*>(passphrase.data()), + passphrase.length()); + } + catch(Invalid_Key_Length) + { + throw Exception(name() + " cannot accept passphrases of length " + + std::to_string(passphrase.length())); + } + + secure_vector<byte> key(key_len); + + byte* T = &key[0]; + + secure_vector<byte> U(mac->output_length()); + + const size_t blocks_needed = round_up(key_len, mac->output_length()) / mac->output_length(); + + std::chrono::microseconds usec_per_block = + std::chrono::duration_cast<std::chrono::microseconds>(msec) / blocks_needed; + + u32bit counter = 1; + while(key_len) + { + size_t T_size = std::min<size_t>(mac->output_length(), key_len); + + mac->update(salt, salt_len); + mac->update_be(counter); + mac->final(&U[0]); + + xor_buf(T, &U[0], T_size); + + if(iterations == 0) + { + /* + If no iterations set, run the first block to calibrate based + on how long hashing takes on whatever machine we're running on. + */ + + const auto start = std::chrono::high_resolution_clock::now(); + + iterations = 1; // the first iteration we did above + + while(true) + { + mac->update(U); + mac->final(&U[0]); + xor_buf(T, &U[0], T_size); + iterations++; + + /* + Only break on relatively 'even' iterations. For one it + avoids confusion, and likely some broken implementations + break on getting completely randomly distributed values + */ + if(iterations % 10000 == 0) + { + auto time_taken = std::chrono::high_resolution_clock::now() - start; + auto usec_taken = std::chrono::duration_cast<std::chrono::microseconds>(time_taken); + if(usec_taken > usec_per_block) + break; + } + } + } + else + { + for(size_t i = 1; i != iterations; ++i) + { + mac->update(U); + mac->final(&U[0]); + xor_buf(T, &U[0], T_size); + } + } + + key_len -= T_size; + T += T_size; + ++counter; + } + + return std::make_pair(iterations, key); + } + +} diff --git a/src/lib/pbkdf/pbkdf2/pbkdf2.h b/src/lib/pbkdf/pbkdf2/pbkdf2.h new file mode 100644 index 000000000..8bc271fcf --- /dev/null +++ b/src/lib/pbkdf/pbkdf2/pbkdf2.h @@ -0,0 +1,55 @@ +/* +* PBKDF2 +* (C) 1999-2007,2012 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#ifndef BOTAN_PBKDF2_H__ +#define BOTAN_PBKDF2_H__ + +#include <botan/pbkdf.h> +#include <botan/mac.h> + +namespace Botan { + +/** +* PKCS #5 PBKDF2 +*/ +class BOTAN_DLL PKCS5_PBKDF2 : public PBKDF + { + public: + std::string name() const override + { + return "PBKDF2(" + mac->name() + ")"; + } + + PBKDF* clone() const override + { + return new PKCS5_PBKDF2(mac->clone()); + } + + std::pair<size_t, OctetString> + key_derivation(size_t output_len, + const std::string& passphrase, + const byte salt[], size_t salt_len, + size_t iterations, + std::chrono::milliseconds msec) const override; + + /** + * Create a PKCS #5 instance using the specified message auth code + * @param mac_fn the MAC to use + */ + PKCS5_PBKDF2(MessageAuthenticationCode* mac_fn) : mac(mac_fn) {} + + /** + * Destructor + */ + ~PKCS5_PBKDF2() { delete mac; } + private: + MessageAuthenticationCode* mac; + }; + +} + +#endif |