diff options
Diffstat (limited to 'src/pbkdf/pbkdf2/pbkdf2.cpp')
-rw-r--r-- | src/pbkdf/pbkdf2/pbkdf2.cpp | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/src/pbkdf/pbkdf2/pbkdf2.cpp b/src/pbkdf/pbkdf2/pbkdf2.cpp new file mode 100644 index 000000000..e88a5749a --- /dev/null +++ b/src/pbkdf/pbkdf2/pbkdf2.cpp @@ -0,0 +1,62 @@ +/* +* PBKDF2 +* (C) 1999-2007 Jack Lloyd +* +* Distributed under the terms of the Botan license +*/ + +#include <botan/pbkdf2.h> +#include <botan/get_byte.h> +#include <botan/internal/xor_buf.h> + +namespace Botan { + +/* +* Return a PKCS #5 PBKDF2 derived key +*/ +OctetString PKCS5_PBKDF2::derive_key(u32bit key_len, + const std::string& passphrase, + const byte salt[], u32bit salt_size, + u32bit iterations) const + { + if(iterations == 0) + throw Invalid_Argument("PKCS#5 PBKDF2: Invalid iteration count"); + + if(passphrase.length() == 0) + throw Invalid_Argument("PKCS#5 PBKDF2: Empty passphrase is invalid"); + + mac->set_key(reinterpret_cast<const byte*>(passphrase.data()), + passphrase.length()); + + SecureVector<byte> key(key_len); + + byte* T = key.begin(); + + u32bit counter = 1; + while(key_len) + { + u32bit T_size = std::min(mac->OUTPUT_LENGTH, key_len); + SecureVector<byte> U(mac->OUTPUT_LENGTH); + + mac->update(salt, salt_size); + for(u32bit j = 0; j != 4; ++j) + mac->update(get_byte(j, counter)); + mac->final(U); + xor_buf(T, U, T_size); + + for(u32bit j = 1; j != iterations; ++j) + { + mac->update(U); + mac->final(U); + xor_buf(T, U, T_size); + } + + key_len -= T_size; + T += T_size; + ++counter; + } + + return key; + } + +} |