aboutsummaryrefslogtreecommitdiffstats
path: root/src/pbkdf/pbkdf2/pbkdf2.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/pbkdf/pbkdf2/pbkdf2.cpp')
-rw-r--r--src/pbkdf/pbkdf2/pbkdf2.cpp62
1 files changed, 62 insertions, 0 deletions
diff --git a/src/pbkdf/pbkdf2/pbkdf2.cpp b/src/pbkdf/pbkdf2/pbkdf2.cpp
new file mode 100644
index 000000000..e88a5749a
--- /dev/null
+++ b/src/pbkdf/pbkdf2/pbkdf2.cpp
@@ -0,0 +1,62 @@
+/*
+* PBKDF2
+* (C) 1999-2007 Jack Lloyd
+*
+* Distributed under the terms of the Botan license
+*/
+
+#include <botan/pbkdf2.h>
+#include <botan/get_byte.h>
+#include <botan/internal/xor_buf.h>
+
+namespace Botan {
+
+/*
+* Return a PKCS #5 PBKDF2 derived key
+*/
+OctetString PKCS5_PBKDF2::derive_key(u32bit key_len,
+ const std::string& passphrase,
+ const byte salt[], u32bit salt_size,
+ u32bit iterations) const
+ {
+ if(iterations == 0)
+ throw Invalid_Argument("PKCS#5 PBKDF2: Invalid iteration count");
+
+ if(passphrase.length() == 0)
+ throw Invalid_Argument("PKCS#5 PBKDF2: Empty passphrase is invalid");
+
+ mac->set_key(reinterpret_cast<const byte*>(passphrase.data()),
+ passphrase.length());
+
+ SecureVector<byte> key(key_len);
+
+ byte* T = key.begin();
+
+ u32bit counter = 1;
+ while(key_len)
+ {
+ u32bit T_size = std::min(mac->OUTPUT_LENGTH, key_len);
+ SecureVector<byte> U(mac->OUTPUT_LENGTH);
+
+ mac->update(salt, salt_size);
+ for(u32bit j = 0; j != 4; ++j)
+ mac->update(get_byte(j, counter));
+ mac->final(U);
+ xor_buf(T, U, T_size);
+
+ for(u32bit j = 1; j != iterations; ++j)
+ {
+ mac->update(U);
+ mac->final(U);
+ xor_buf(T, U, T_size);
+ }
+
+ key_len -= T_size;
+ T += T_size;
+ ++counter;
+ }
+
+ return key;
+ }
+
+}