de.rtner.security.auth.spi

Class PBKDF2Engine

java.lang.Object

de.rtner.security.auth.spi.PBKDF2Engine

All Implemented Interfaces:

PBKDF2

Direct Known Subclasses:

SimplePBKDF2

public class PBKDF2Engine
extends java.lang.Object
implements PBKDF2

This Password Based Key Derivation Function 2 implementation. Request for Comments: 2898 PKCS #5: Password-Based Cryptography Specification

Version 2.0

PBKDF2 (P, S, c, dkLen)

Options:

• PRF underlying pseudorandom function (hLen denotes the length in octets of the pseudorandom function output). PRF is pluggable.

Input:

• P password, an octet string
• S salt, an octet string
• c iteration count, a positive integer
• dkLen intended length in octets of the derived key, a positive integer, at most (2^32 - 1) * hLen

Output:

• DK derived key, a dkLen-octet string

See Also:

RFC 2898

Field Summary

Fields

Modifier and Type	Field and Description
protected PBKDF2Parameters	parameters
protected PRF	prf

Constructor Summary

Constructors

Constructor and Description
PBKDF2Engine() Constructor for PBKDF2 implementation object.
PBKDF2Engine(PBKDF2Parameters parameters) Constructor for PBKDF2 implementation object.
PBKDF2Engine(PBKDF2Parameters parameters, PRF prf) Constructor for PBKDF2 implementation object.

Method Summary

Modifier and Type	Method and Description
protected void	_F(byte[] dest, int offset, PRF prf, byte[] S, int c, int blockIndex) Function F.
protected void	assertPRF(byte[] P) Factory method.
protected int	ceil(int a, int b) Integer division with ceiling function.
byte[]	deriveKey(java.lang.String inputPassword) Convert String-based input to internal byte array, then invoke PBKDF2.
byte[]	deriveKey(java.lang.String inputPassword, int dkLen) Convert String-based input to internal byte array, then invoke PBKDF2.
PBKDF2Parameters	getParameters() Allow reading of configured parameters.
PRF	getPseudoRandomFunction() Get currently set Pseudo Random Function.
protected void	INT(byte[] dest, int offset, int i) Four-octet encoding of the integer i, most significant octet first.
static void	main(java.lang.String[] args) Convenience client function.
protected byte[]	PBKDF2(PRF prf, byte[] S, int c, int dkLen) Core Password Based Key Derivation Function 2.
void	setParameters(PBKDF2Parameters parameters) Allow setting of configured parameters.
void	setPseudoRandomFunction(PRF prf) Set the Pseudo Random Function to use.
boolean	verifyKey(java.lang.String inputPassword) Convert String-based input to internal byte arrays, then invoke PBKDF2 and verify result against the reference data that is supplied in the PBKDF2Parameters.
protected void	xor(byte[] dest, byte[] src) Block-Xor.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

parameters

protected PBKDF2Parameters parameters

prf

protected PRF prf

Constructor Detail

PBKDF2Engine

public PBKDF2Engine()

Constructor for PBKDF2 implementation object. PBKDF2 parameters must be passed later.

PBKDF2Engine

public PBKDF2Engine(PBKDF2Parameters parameters)

Constructor for PBKDF2 implementation object. PBKDF2 parameters are passed so that this implementation knows iteration count, method to use and String encoding.

Parameters:

parameters - Data holder for iteration count, method to use et cetera.

PBKDF2Engine

public PBKDF2Engine(PBKDF2Parameters parameters,
                    PRF prf)

Constructor for PBKDF2 implementation object. PBKDF2 parameters are passed so that this implementation knows iteration count, method to use and String encoding.

Parameters:

parameters - Data holder for iteration count, method to use et cetera.

prf - Supply customer Pseudo Random Function.

Method Detail

deriveKey

public byte[] deriveKey(java.lang.String inputPassword)

Description copied from interface: PBKDF2

Convert String-based input to internal byte array, then invoke PBKDF2. Desired key length defaults to Pseudo Random Function block size.

Specified by:

deriveKey in interface PBKDF2

Parameters:

inputPassword - Candidate password to compute the derived key for.

Returns:

internal byte array

deriveKey

public byte[] deriveKey(java.lang.String inputPassword,
                        int dkLen)

Description copied from interface: PBKDF2

Convert String-based input to internal byte array, then invoke PBKDF2.

Specified by:

deriveKey in interface PBKDF2

Parameters:

inputPassword - Candidate password to compute the derived key for.

dkLen - Specify desired key length

Returns:

internal byte array

verifyKey

public boolean verifyKey(java.lang.String inputPassword)

Description copied from interface: PBKDF2

Convert String-based input to internal byte arrays, then invoke PBKDF2 and verify result against the reference data that is supplied in the PBKDF2Parameters.

Specified by:

verifyKey in interface PBKDF2

Parameters:

inputPassword - Candidate password to compute the derived key for.

Returns:

true password match; false incorrect password

assertPRF

protected void assertPRF(byte[] P)

Factory method. Default implementation is (H)MAC-based. To be overridden in derived classes.

Parameters:

P - User-supplied candidate password as array of bytes.

getPseudoRandomFunction

public PRF getPseudoRandomFunction()

Description copied from interface: PBKDF2

Get currently set Pseudo Random Function.

Specified by:

getPseudoRandomFunction in interface PBKDF2

Returns:

Currently set Pseudo Random Function

PBKDF2

protected byte[] PBKDF2(PRF prf,
                        byte[] S,
                        int c,
                        int dkLen)

Core Password Based Key Derivation Function 2.

Parameters:

prf - Pseudo Random Function (i.e. HmacSHA1)

S - Salt as array of bytes. null means no salt.

c - Iteration count (see RFC 2898 4.2)

dkLen - desired length of derived key.

Returns:

internal byte array

See Also:

RFC 2898 5.2

ceil

protected int ceil(int a,
                   int b)

Integer division with ceiling function.

Parameters:

a - Numerator

b - Denominator

Returns:

ceil(a/b)

See Also:

RFC 2898 5.2 Step 2.

_F

protected void _F(byte[] dest,
                  int offset,
                  PRF prf,
                  byte[] S,
                  int c,
                  int blockIndex)

Function F.

Parameters:

dest - Destination byte buffer

offset - Offset into destination byte buffer

prf - Pseudo Random Function

S - Salt as array of bytes

c - Iteration count

blockIndex - The block index (>= 1).

See Also:

RFC 2898 5.2 Step 3.

xor

protected void xor(byte[] dest,
                   byte[] src)

Block-Xor. Xor source bytes into destination byte buffer. Destination buffer must be same length or less than source buffer.

Parameters:

dest - destination byte buffer

src - source bytes

INT

protected void INT(byte[] dest,
                   int offset,
                   int i)

Four-octet encoding of the integer i, most significant octet first.

Parameters:

dest - destination byte buffer

offset - zero-based offset into dest

i - the integer to encode

See Also:

RFC 2898 5.2 Step 3.

getParameters

public PBKDF2Parameters getParameters()

Description copied from interface: PBKDF2

Allow reading of configured parameters.

Specified by:

getParameters in interface PBKDF2

Returns:

Currently set parameters.

setParameters

public void setParameters(PBKDF2Parameters parameters)

Description copied from interface: PBKDF2

Allow setting of configured parameters.

Specified by:

setParameters in interface PBKDF2

Parameters:

parameters - The parameters object to set.

setPseudoRandomFunction

public void setPseudoRandomFunction(PRF prf)

Description copied from interface: PBKDF2

Set the Pseudo Random Function to use. Note that deriveKeys/getPRF does init this object using the supplied candidate password. If this is undesired, one has to override getPRF.

Specified by:

setPseudoRandomFunction in interface PBKDF2

Parameters:

prf - Pseudo Random Function to set.

main

public static void main(java.lang.String[] args)
                 throws java.io.IOException,
                        java.security.NoSuchAlgorithmException

Convenience client function. Convert supplied password with random 8-byte salt and 1000 iterations (default) using HMacSHA1. Assume that password is in ISO-8559-1 encoding. Output result as "Salt:iteration-count:PBKDF2" with binary data in hexadecimal encoding.

Example: Password "password" (without the quotes) leads to 48290A0B96C426C3:1000:973899B1D4AFEB3ED371060D0797E0EE0142BD04

The iteration count is configurable. In verification mode, the iteration count supplied in the candidate string must be no less than the

Parameters:

args - Supply the password as argument.

Throws:

java.io.IOException - apparently declared, but never thrown

java.security.NoSuchAlgorithmException - Thrown if underlying crypto library does not support requested algorithms (SHA1PRNG, HmacSHA1).