source: trip-planner-front/node_modules/node-forge/lib/pbkdf2.js@ eed0bf8

Last change on this file since eed0bf8 was 6a3a178, checked in by Ema <ema_spirova@…>, 3 years ago

initial commit

  • Property mode set to 100644
File size: 5.7 KB
Line 
1/**
2 * Password-Based Key-Derivation Function #2 implementation.
3 *
4 * See RFC 2898 for details.
5 *
6 * @author Dave Longley
7 *
8 * Copyright (c) 2010-2013 Digital Bazaar, Inc.
9 */
10var forge = require('./forge');
11require('./hmac');
12require('./md');
13require('./util');
14
15var pkcs5 = forge.pkcs5 = forge.pkcs5 || {};
16
17var crypto;
18if(forge.util.isNodejs && !forge.options.usePureJavaScript) {
19 crypto = require('crypto');
20}
21
22/**
23 * Derives a key from a password.
24 *
25 * @param p the password as a binary-encoded string of bytes.
26 * @param s the salt as a binary-encoded string of bytes.
27 * @param c the iteration count, a positive integer.
28 * @param dkLen the intended length, in bytes, of the derived key,
29 * (max: 2^32 - 1) * hash length of the PRF.
30 * @param [md] the message digest (or algorithm identifier as a string) to use
31 * in the PRF, defaults to SHA-1.
32 * @param [callback(err, key)] presence triggers asynchronous version, called
33 * once the operation completes.
34 *
35 * @return the derived key, as a binary-encoded string of bytes, for the
36 * synchronous version (if no callback is specified).
37 */
38module.exports = forge.pbkdf2 = pkcs5.pbkdf2 = function(
39 p, s, c, dkLen, md, callback) {
40 if(typeof md === 'function') {
41 callback = md;
42 md = null;
43 }
44
45 // use native implementation if possible and not disabled, note that
46 // some node versions only support SHA-1, others allow digest to be changed
47 if(forge.util.isNodejs && !forge.options.usePureJavaScript &&
48 crypto.pbkdf2 && (md === null || typeof md !== 'object') &&
49 (crypto.pbkdf2Sync.length > 4 || (!md || md === 'sha1'))) {
50 if(typeof md !== 'string') {
51 // default prf to SHA-1
52 md = 'sha1';
53 }
54 p = Buffer.from(p, 'binary');
55 s = Buffer.from(s, 'binary');
56 if(!callback) {
57 if(crypto.pbkdf2Sync.length === 4) {
58 return crypto.pbkdf2Sync(p, s, c, dkLen).toString('binary');
59 }
60 return crypto.pbkdf2Sync(p, s, c, dkLen, md).toString('binary');
61 }
62 if(crypto.pbkdf2Sync.length === 4) {
63 return crypto.pbkdf2(p, s, c, dkLen, function(err, key) {
64 if(err) {
65 return callback(err);
66 }
67 callback(null, key.toString('binary'));
68 });
69 }
70 return crypto.pbkdf2(p, s, c, dkLen, md, function(err, key) {
71 if(err) {
72 return callback(err);
73 }
74 callback(null, key.toString('binary'));
75 });
76 }
77
78 if(typeof md === 'undefined' || md === null) {
79 // default prf to SHA-1
80 md = 'sha1';
81 }
82 if(typeof md === 'string') {
83 if(!(md in forge.md.algorithms)) {
84 throw new Error('Unknown hash algorithm: ' + md);
85 }
86 md = forge.md[md].create();
87 }
88
89 var hLen = md.digestLength;
90
91 /* 1. If dkLen > (2^32 - 1) * hLen, output "derived key too long" and
92 stop. */
93 if(dkLen > (0xFFFFFFFF * hLen)) {
94 var err = new Error('Derived key is too long.');
95 if(callback) {
96 return callback(err);
97 }
98 throw err;
99 }
100
101 /* 2. Let len be the number of hLen-octet blocks in the derived key,
102 rounding up, and let r be the number of octets in the last
103 block:
104
105 len = CEIL(dkLen / hLen),
106 r = dkLen - (len - 1) * hLen. */
107 var len = Math.ceil(dkLen / hLen);
108 var r = dkLen - (len - 1) * hLen;
109
110 /* 3. For each block of the derived key apply the function F defined
111 below to the password P, the salt S, the iteration count c, and
112 the block index to compute the block:
113
114 T_1 = F(P, S, c, 1),
115 T_2 = F(P, S, c, 2),
116 ...
117 T_len = F(P, S, c, len),
118
119 where the function F is defined as the exclusive-or sum of the
120 first c iterates of the underlying pseudorandom function PRF
121 applied to the password P and the concatenation of the salt S
122 and the block index i:
123
124 F(P, S, c, i) = u_1 XOR u_2 XOR ... XOR u_c
125
126 where
127
128 u_1 = PRF(P, S || INT(i)),
129 u_2 = PRF(P, u_1),
130 ...
131 u_c = PRF(P, u_{c-1}).
132
133 Here, INT(i) is a four-octet encoding of the integer i, most
134 significant octet first. */
135 var prf = forge.hmac.create();
136 prf.start(md, p);
137 var dk = '';
138 var xor, u_c, u_c1;
139
140 // sync version
141 if(!callback) {
142 for(var i = 1; i <= len; ++i) {
143 // PRF(P, S || INT(i)) (first iteration)
144 prf.start(null, null);
145 prf.update(s);
146 prf.update(forge.util.int32ToBytes(i));
147 xor = u_c1 = prf.digest().getBytes();
148
149 // PRF(P, u_{c-1}) (other iterations)
150 for(var j = 2; j <= c; ++j) {
151 prf.start(null, null);
152 prf.update(u_c1);
153 u_c = prf.digest().getBytes();
154 // F(p, s, c, i)
155 xor = forge.util.xorBytes(xor, u_c, hLen);
156 u_c1 = u_c;
157 }
158
159 /* 4. Concatenate the blocks and extract the first dkLen octets to
160 produce a derived key DK:
161
162 DK = T_1 || T_2 || ... || T_len<0..r-1> */
163 dk += (i < len) ? xor : xor.substr(0, r);
164 }
165 /* 5. Output the derived key DK. */
166 return dk;
167 }
168
169 // async version
170 var i = 1, j;
171 function outer() {
172 if(i > len) {
173 // done
174 return callback(null, dk);
175 }
176
177 // PRF(P, S || INT(i)) (first iteration)
178 prf.start(null, null);
179 prf.update(s);
180 prf.update(forge.util.int32ToBytes(i));
181 xor = u_c1 = prf.digest().getBytes();
182
183 // PRF(P, u_{c-1}) (other iterations)
184 j = 2;
185 inner();
186 }
187
188 function inner() {
189 if(j <= c) {
190 prf.start(null, null);
191 prf.update(u_c1);
192 u_c = prf.digest().getBytes();
193 // F(p, s, c, i)
194 xor = forge.util.xorBytes(xor, u_c, hLen);
195 u_c1 = u_c;
196 ++j;
197 return forge.util.setImmediate(inner);
198 }
199
200 /* 4. Concatenate the blocks and extract the first dkLen octets to
201 produce a derived key DK:
202
203 DK = T_1 || T_2 || ... || T_len<0..r-1> */
204 dk += (i < len) ? xor : xor.substr(0, r);
205
206 ++i;
207 outer();
208 }
209
210 outer();
211};
Note: See TracBrowser for help on using the repository browser.