PBKDF2Engine (PBKDF2 1.1.1 API)

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

de.rtner.security.auth.spi
Class PBKDF2Engine

java.lang.Object
  de.rtner.security.auth.spi.PBKDF2Engine

All Implemented Interfaces:: PBKDF2

Direct Known Subclasses:: SimplePBKDF2

public class PBKDF2Engine
extends java.lang.Object
implements PBKDF2
extends java.lang.Object
implements PBKDF2

This Password Based Key Derivation Function 2 implementation.

Request for Comments: 2898 PKCS #5: Password-Based Cryptography Specification

Version 2.0

PBKDF2 (P, S, c, dkLen)

Options:

PRF underlying pseudorandom function (hLen denotes the length in octets of the pseudorandom function output). PRF is pluggable.

Input:

P password, an octet string
S salt, an octet string
c iteration count, a positive integer
dkLen intended length in octets of the derived key, a positive integer, at most (2^32 - 1) * hLen

Output:

DK derived key, a dkLen-octet string

See Also:: RFC 2898

Field Summary
`protected PBKDF2Parameters`	`parameters`
`protected PRF`	`prf`

Constructor Summary
`PBKDF2Engine()` Constructor for PBKDF2 implementation object.
`PBKDF2Engine(PBKDF2Parameters parameters)` Constructor for PBKDF2 implementation object.
`PBKDF2Engine(PBKDF2Parameters parameters, PRF prf)` Constructor for PBKDF2 implementation object.

Method Summary
`protected void`	`_F(byte[] dest, int offset, PRF prf, byte[] S, int c, int blockIndex)` Function F.
`protected void`	`assertPRF(byte[] P)` Factory method.
`protected int`	`ceil(int a, int b)` Integer division with ceiling function.
`byte[]`	`deriveKey(java.lang.String inputPassword)` Convert String-based input to internal byte array, then invoke PBKDF2.
`byte[]`	`deriveKey(java.lang.String inputPassword, int dkLen)` Convert String-based input to internal byte array, then invoke PBKDF2.
`PBKDF2Parameters`	`getParameters()` Allow reading of configured parameters.
`PRF`	`getPseudoRandomFunction()` Get currently set Pseudo Random Function.
`protected void`	`INT(byte[] dest, int offset, int i)` Four-octet encoding of the integer i, most significant octet first.
`static void`	`main(java.lang.String[] args)` Convenience client function.
`protected byte[]`	`PBKDF2(PRF prf, byte[] S, int c, int dkLen)` Core Password Based Key Derivation Function 2.
`void`	`setParameters(PBKDF2Parameters parameters)` Allow setting of configured parameters.
`void`	`setPseudoRandomFunction(PRF prf)` Set the Pseudo Random Function to use.
`boolean`	`verifyKey(java.lang.String inputPassword)` Convert String-based input to internal byte arrays, then invoke PBKDF2 and verify result against the reference data that is supplied in the PBKDF2Parameters.
`protected void`	`xor(byte[] dest, byte[] src)` Block-Xor.

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

parameters

protected PBKDF2Parameters parameters

prf

protected PRF prf

Constructor Detail

PBKDF2Engine

public PBKDF2Engine()

Constructor for PBKDF2 implementation object. PBKDF2 parameters must be passed later.

PBKDF2Engine

public PBKDF2Engine(PBKDF2Parameters parameters)

Constructor for PBKDF2 implementation object. PBKDF2 parameters are passed so that this implementation knows iteration count, method to use and String encoding.

Parameters:: parameters - Data holder for iteration count, method to use et cetera.

PBKDF2Engine

public PBKDF2Engine(PBKDF2Parameters parameters,
                    PRF prf)

Constructor for PBKDF2 implementation object. PBKDF2 parameters are passed so that this implementation knows iteration count, method to use and String encoding.

Parameters:: parameters - Data holder for iteration count, method to use et cetera.; prf - Supply customer Pseudo Random Function.

Method Detail

deriveKey

public byte[] deriveKey(java.lang.String inputPassword)

Description copied from interface: PBKDF2

Convert String-based input to internal byte array, then invoke PBKDF2. Desired key length defaults to Pseudo Random Function block size.

Specified by:: deriveKey in interface PBKDF2

Parameters:: inputPassword - Candidate password to compute the derived key for.
Returns:: internal byte array

deriveKey

public byte[] deriveKey(java.lang.String inputPassword,
                        int dkLen)

Description copied from interface: PBKDF2

Convert String-based input to internal byte array, then invoke PBKDF2.

Specified by:: deriveKey in interface PBKDF2

Parameters:: inputPassword - Candidate password to compute the derived key for.; dkLen - Specify desired key length
Returns:: internal byte array

verifyKey

public boolean verifyKey(java.lang.String inputPassword)

Description copied from interface: PBKDF2

Convert String-based input to internal byte arrays, then invoke PBKDF2 and verify result against the reference data that is supplied in the PBKDF2Parameters.

Specified by:: verifyKey in interface PBKDF2

Parameters:: inputPassword - Candidate password to compute the derived key for.
Returns:: true password match; false incorrect password

assertPRF

protected void assertPRF(byte[] P)

Factory method. Default implementation is (H)MAC-based. To be overridden in derived classes.

Parameters:: P - User-supplied candidate password as array of bytes.

getPseudoRandomFunction

public PRF getPseudoRandomFunction()

Description copied from interface: PBKDF2

Get currently set Pseudo Random Function.

Specified by:: getPseudoRandomFunction in interface PBKDF2

Returns:: Currently set Pseudo Random Function

PBKDF2

protected byte[] PBKDF2(PRF prf,
                        byte[] S,
                        int c,
                        int dkLen)

Core Password Based Key Derivation Function 2.

Parameters:: prf - Pseudo Random Function (i.e. HmacSHA1); S - Salt as array of bytes. null means no salt.; c - Iteration count (see RFC 2898 4.2); dkLen - desired length of derived key.
Returns:: internal byte array
See Also:: RFC 2898 5.2

ceil

protected int ceil(int a,
                   int b)

Integer division with ceiling function.

Parameters:: a - Numerator; b - Denominator
Returns:: ceil(a/b)
See Also:: RFC 2898 5.2 Step 2.

_F

protected void _F(byte[] dest,
                  int offset,
                  PRF prf,
                  byte[] S,
                  int c,
                  int blockIndex)

Function F.

Parameters:: dest - Destination byte buffer; offset - Offset into destination byte buffer; prf - Pseudo Random Function; S - Salt as array of bytes; c - Iteration count; blockIndex - The block index (>= 1).
See Also:: RFC 2898 5.2 Step 3.

xor

protected void xor(byte[] dest,
                   byte[] src)

Block-Xor. Xor source bytes into destination byte buffer. Destination buffer must be same length or less than source buffer.

Parameters:: dest - destination byte buffer; src - source bytes

INT

protected void INT(byte[] dest,
                   int offset,
                   int i)

Four-octet encoding of the integer i, most significant octet first.

Parameters:: dest - destination byte buffer; offset - zero-based offset into dest; i - the integer to encode
See Also:: RFC 2898 5.2 Step 3.

getParameters

public PBKDF2Parameters getParameters()

Description copied from interface: PBKDF2

Allow reading of configured parameters.

Specified by:: getParameters in interface PBKDF2

Returns:: Currently set parameters.

setParameters

public void setParameters(PBKDF2Parameters parameters)

Description copied from interface: PBKDF2

Allow setting of configured parameters.

Specified by:: setParameters in interface PBKDF2

Parameters:: parameters - The parameters object to set.

setPseudoRandomFunction

public void setPseudoRandomFunction(PRF prf)

Description copied from interface: PBKDF2

Set the Pseudo Random Function to use. Note that deriveKeys/getPRF does init this object using the supplied candidate password. If this is undesired, one has to override getPRF.

Specified by:: setPseudoRandomFunction in interface PBKDF2

Parameters:: prf - Pseudo Random Function to set.

main

public static void main(java.lang.String[] args)
                 throws java.io.IOException,
                        java.security.NoSuchAlgorithmException

Convenience client function. Convert supplied password with random 8-byte salt and 1000 iterations using HMacSHA1. Assume that password is in ISO-8559-1 encoding. Output result as "Salt:iteration-count:PBKDF2" with binary data in hexadecimal encoding. Example: Password "password" (without the quotes) leads to 48290A0B96C426C3:1000:973899B1D4AFEB3ED371060D0797E0EE0142BD04

Parameters:: args - Supply the password as argument.
Throws:: java.io.IOException - apparently declared, but never thrown; java.security.NoSuchAlgorithmException - Thrown if underlying crypto library does not support requested algorithms (SHA1PRNG, HmacSHA1).

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

de.rtner.security.auth.spi Class PBKDF2Engine

parameters

prf

PBKDF2Engine

PBKDF2Engine

PBKDF2Engine

deriveKey

deriveKey

verifyKey

assertPRF

getPseudoRandomFunction

PBKDF2

ceil

_F

xor

INT

getParameters

setParameters

setPseudoRandomFunction

main

de.rtner.security.auth.spi
Class PBKDF2Engine