Class | Line # | Actions | |||||
---|---|---|---|---|---|---|---|
PBKDF2Parameters | 30 | 29 | 0% | 24 | 18 |
1 | /* | |
2 | * See the NOTICE file distributed with this work for additional | |
3 | * information regarding copyright ownership. | |
4 | * | |
5 | * This is free software; you can redistribute it and/or modify it | |
6 | * under the terms of the GNU Lesser General Public License as | |
7 | * published by the Free Software Foundation; either version 2.1 of | |
8 | * the License, or (at your option) any later version. | |
9 | * | |
10 | * This software is distributed in the hope that it will be useful, | |
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
13 | * Lesser General Public License for more details. | |
14 | * | |
15 | * You should have received a copy of the GNU Lesser General Public | |
16 | * License along with this software; if not, write to the Free | |
17 | * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA | |
18 | * 02110-1301 USA, or see the FSF site: http://www.fsf.org. | |
19 | */ | |
20 | package org.xwiki.crypto.password.params; | |
21 | ||
22 | import java.security.SecureRandom; | |
23 | ||
24 | /** | |
25 | * Key derivation function parameters for PBKDF2 functions that use an iteration count and a salt. | |
26 | * | |
27 | * @version $Id: 56683fa07ee9bad6281fa9c91fca9e3d045a8503 $ | |
28 | * @since 5.4M1 | |
29 | */ | |
30 | public class PBKDF2Parameters extends KeyDerivationFunctionParameters | |
31 | { | |
32 | private static final int SALT_DEFAULT_SIZE = 16; | |
33 | ||
34 | private static final int DEFAULT_MIN_ITER = 1000; | |
35 | ||
36 | private static final int DEFAULT_ITER_RANGE = 2000; | |
37 | ||
38 | private static final SecureRandom PRND = new SecureRandom(); | |
39 | ||
40 | private final byte[] salt; | |
41 | ||
42 | private final int iterationCount; | |
43 | ||
44 | private final String prf; | |
45 | ||
46 | /** | |
47 | * Initialise parameters with default values. | |
48 | * | |
49 | * Salt of {@value #SALT_DEFAULT_SIZE} bytes is randomized and iteration count is randomized | |
50 | * (between {@value #DEFAULT_MIN_ITER} and ({@value #DEFAULT_MIN_ITER} + {@value #DEFAULT_ITER_RANGE})). | |
51 | * SHA-1 algorithm is used for the key derivation pseudo random function. | |
52 | */ | |
53 | 1 | public PBKDF2Parameters() |
54 | { | |
55 | 1 | this(-1); |
56 | } | |
57 | ||
58 | /** | |
59 | * Initialise parameters with default values. | |
60 | * | |
61 | * Salt of {@value #SALT_DEFAULT_SIZE} bytes is randomized and iteration count is randomized | |
62 | * (between {@value #DEFAULT_MIN_ITER} and ({@value #DEFAULT_MIN_ITER} + {@value #DEFAULT_ITER_RANGE})). | |
63 | * SHA-1 algorithm is used for the key derivation pseudo random function. | |
64 | * | |
65 | * @param random a random source to get randomized values. | |
66 | */ | |
67 | 1 | public PBKDF2Parameters(SecureRandom random) |
68 | { | |
69 | 1 | this(-1, random); |
70 | } | |
71 | ||
72 | /** | |
73 | * Initialise parameters with default or random values and the given pseudo random function. | |
74 | * | |
75 | * Salt of {@value #SALT_DEFAULT_SIZE} bytes is randomized and iteration count is randomized | |
76 | * (between {@value #DEFAULT_MIN_ITER} and ({@value #DEFAULT_MIN_ITER} + {@value #DEFAULT_ITER_RANGE})). | |
77 | * | |
78 | * @param prf a pseudo random function hint. | |
79 | */ | |
80 | 0 | public PBKDF2Parameters(String prf) |
81 | { | |
82 | 0 | this(-1, getRandomIterationCount(PRND), getRandomSalt(PRND), prf); |
83 | } | |
84 | ||
85 | /** | |
86 | * Initialise parameters with default or random values and the given pseudo random function. | |
87 | * | |
88 | * @param prf a pseudo random function hint. | |
89 | * @param random a random source to get randomized values. | |
90 | */ | |
91 | 0 | public PBKDF2Parameters(String prf, SecureRandom random) |
92 | { | |
93 | 0 | this(-1, getRandomIterationCount(random), getRandomSalt(random), prf); |
94 | } | |
95 | ||
96 | /** | |
97 | * Initialise parameters with a key length and default randomized values. | |
98 | * | |
99 | * Salt of {@value #SALT_DEFAULT_SIZE} bytes is randomized and iteration count is randomized | |
100 | * (between {@value #DEFAULT_MIN_ITER} and ({@value #DEFAULT_MIN_ITER} + {@value #DEFAULT_ITER_RANGE})). | |
101 | * SHA-1 algorithm is used for the key derivation pseudo random function. | |
102 | * | |
103 | * @param keySize Size of key to be generated in bytes. A negative value means that the key length should be | |
104 | * smartly deducted from the context of use. | |
105 | * | |
106 | */ | |
107 | 5 | public PBKDF2Parameters(int keySize) |
108 | { | |
109 | 5 | this(keySize, getRandomIterationCount(PRND), getRandomSalt(PRND), null); |
110 | } | |
111 | ||
112 | /** | |
113 | * Initialise parameters with a key length and default randomized values. | |
114 | * | |
115 | * Salt of {@value #SALT_DEFAULT_SIZE} bytes is randomized and iteration count is randomized | |
116 | * (between {@value #DEFAULT_MIN_ITER} and ({@value #DEFAULT_MIN_ITER} + {@value #DEFAULT_ITER_RANGE})). | |
117 | * SHA-1 algorithm is used for the key derivation pseudo random function. | |
118 | * | |
119 | * @param keySize Size of key to be generated in bytes. A negative value means that the key length should be | |
120 | * smartly deducted from the context of use. | |
121 | * @param random a random source to get randomized values. | |
122 | */ | |
123 | 1 | public PBKDF2Parameters(int keySize, SecureRandom random) |
124 | { | |
125 | 1 | this(keySize, getRandomIterationCount(random), getRandomSalt(random), null); |
126 | } | |
127 | ||
128 | /** | |
129 | * Initialise parameters with a key length, a pseudo random function and default randomized values. | |
130 | * | |
131 | * Salt of {@value #SALT_DEFAULT_SIZE} bytes is randomized and iteration count is randomized | |
132 | * (between {@value #DEFAULT_MIN_ITER} and ({@value #DEFAULT_MIN_ITER} + {@value #DEFAULT_ITER_RANGE})). | |
133 | * | |
134 | * @param keySize Size of key to be generated in bytes. A negative value means that the key length should be | |
135 | * smartly deducted from the context of use. | |
136 | * @param prf a pseudo random function hint. | |
137 | */ | |
138 | 0 | public PBKDF2Parameters(int keySize, String prf) |
139 | { | |
140 | 0 | this(keySize, getRandomIterationCount(PRND), getRandomSalt(PRND), null); |
141 | } | |
142 | ||
143 | /** | |
144 | * Initialise parameters with a key length, a pseudo random function and default randomized values. | |
145 | * | |
146 | * Salt of {@value #SALT_DEFAULT_SIZE} bytes is randomized and iteration count is randomized | |
147 | * (between {@value #DEFAULT_MIN_ITER} and ({@value #DEFAULT_MIN_ITER} + {@value #DEFAULT_ITER_RANGE})). | |
148 | * | |
149 | * @param keySize Size of key to be generated in bytes. A negative value means that the key length should be | |
150 | * smartly deducted from the context of use. | |
151 | * @param prf a pseudo random function hint. | |
152 | * @param random a random source to get randomized values. | |
153 | */ | |
154 | 0 | public PBKDF2Parameters(int keySize, String prf, SecureRandom random) |
155 | { | |
156 | 0 | this(keySize, getRandomIterationCount(random), getRandomSalt(random), null); |
157 | } | |
158 | ||
159 | /** | |
160 | * Initialise parameters with a key length, fixed iteration count and a randomized salt. | |
161 | * | |
162 | * Salt of {@value #SALT_DEFAULT_SIZE} bytes is randomized. | |
163 | * SHA-1 algorithm is used for the key derivation pseudo random function. | |
164 | * | |
165 | * @param keySize Size of key to be generated in bytes. A negative value means that the key length should be | |
166 | * smartly deducted from the context of use. | |
167 | * @param iterationCount the number of iterations the "mixing" function is to be applied for. | |
168 | */ | |
169 | 6 | public PBKDF2Parameters(int keySize, int iterationCount) |
170 | { | |
171 | 6 | this(keySize, iterationCount, getRandomSalt(PRND), null); |
172 | } | |
173 | ||
174 | /** | |
175 | * Initialise parameters with a key length, fixed iteration count and a randomized salt. | |
176 | * | |
177 | * Salt of {@value #SALT_DEFAULT_SIZE} bytes is randomized. | |
178 | * SHA-1 algorithm is used for the key derivation pseudo random function. | |
179 | * | |
180 | * @param keySize Size of key to be generated in bytes. A negative value means that the key length should be | |
181 | * smartly deducted from the context of use. | |
182 | * @param iterationCount the number of iterations the "mixing" function is to be applied for. | |
183 | * @param random a random source to get randomized values. | |
184 | */ | |
185 | 0 | public PBKDF2Parameters(int keySize, int iterationCount, SecureRandom random) |
186 | { | |
187 | 0 | this(keySize, iterationCount, getRandomSalt(random), null); |
188 | } | |
189 | ||
190 | /** | |
191 | * Initialise parameters with a key length, fixed iteration count, a pseudo random function and a randomized salt. | |
192 | * | |
193 | * Salt of {@value #SALT_DEFAULT_SIZE} bytes is randomized. | |
194 | * | |
195 | * @param keySize Size of key to be generated in bytes. A negative value means that the key length should be | |
196 | * smartly deducted from the context of use. | |
197 | * @param iterationCount the number of iterations the "mixing" function is to be applied for. | |
198 | * @param prf a pseudo random function hint. | |
199 | */ | |
200 | 4 | public PBKDF2Parameters(int keySize, int iterationCount, String prf) |
201 | { | |
202 | 4 | this(keySize, iterationCount, getRandomSalt(PRND), prf); |
203 | } | |
204 | ||
205 | /** | |
206 | * Initialise parameters with a key length, fixed iteration count, a pseudo random function and a randomized salt. | |
207 | * | |
208 | * Salt of {@value #SALT_DEFAULT_SIZE} bytes is randomized. | |
209 | * | |
210 | * @param keySize Size of key to be generated in bytes. A negative value means that the key length should be | |
211 | * smartly deducted from the context of use. | |
212 | * @param iterationCount the number of iterations the "mixing" function is to be applied for. | |
213 | * @param prf a pseudo random function hint. | |
214 | * @param random a random source to get randomized values. | |
215 | */ | |
216 | 0 | public PBKDF2Parameters(int keySize, int iterationCount, String prf, SecureRandom random) |
217 | { | |
218 | 0 | this(keySize, iterationCount, getRandomSalt(random), prf); |
219 | } | |
220 | ||
221 | /** | |
222 | * Initialise parameters with a key length, a salt and a randomized iteration count. | |
223 | * | |
224 | * Iteration count is randomized | |
225 | * (between {@value #DEFAULT_MIN_ITER} and ({@value #DEFAULT_MIN_ITER} + {@value #DEFAULT_ITER_RANGE})). | |
226 | * SHA-1 algorithm is used for the key derivation pseudo random function. | |
227 | * | |
228 | * @param keySize Size of key to be generated in bytes. A negative value means that the key length should be | |
229 | * smartly deducted from the context of use. | |
230 | * @param salt the salt to be mixed with the password. | |
231 | */ | |
232 | 4 | public PBKDF2Parameters(int keySize, byte[] salt) |
233 | { | |
234 | 4 | this(keySize, getRandomIterationCount(PRND), salt, null); |
235 | } | |
236 | ||
237 | /** | |
238 | * Initialise parameters with a key length, a salt and a randomized iteration count. | |
239 | * | |
240 | * Iteration count is randomized | |
241 | * (between {@value #DEFAULT_MIN_ITER} and ({@value #DEFAULT_MIN_ITER} + {@value #DEFAULT_ITER_RANGE})). | |
242 | * SHA-1 algorithm is used for the key derivation pseudo random function. | |
243 | * | |
244 | * @param keySize Size of key to be generated in bytes. A negative value means that the key length should be | |
245 | * smartly deducted from the context of use. | |
246 | * @param salt the salt to be mixed with the password. | |
247 | * @param random a random source to get randomized values. | |
248 | */ | |
249 | 0 | public PBKDF2Parameters(int keySize, byte[] salt, SecureRandom random) |
250 | { | |
251 | 0 | this(keySize, getRandomIterationCount(random), salt, null); |
252 | } | |
253 | ||
254 | /** | |
255 | * Initialise parameters with a key length, a salt, a pseudo random function and a randomized iteration count. | |
256 | * | |
257 | * Iteration count is randomized | |
258 | * (between {@value #DEFAULT_MIN_ITER} and ({@value #DEFAULT_MIN_ITER} + {@value #DEFAULT_ITER_RANGE})). | |
259 | * | |
260 | * @param keySize Size of key to be generated in bytes. A negative value means that the key length should be | |
261 | * smartly deducted from the context of use. | |
262 | * @param salt the salt to be mixed with the password. | |
263 | * @param prf a pseudo random function hint. | |
264 | */ | |
265 | 0 | public PBKDF2Parameters(int keySize, byte[] salt, String prf) |
266 | { | |
267 | 0 | this(keySize, getRandomIterationCount(PRND), salt, prf); |
268 | } | |
269 | ||
270 | /** | |
271 | * Initialise parameters with a key length, a salt, a pseudo random function and a randomized iteration count. | |
272 | * | |
273 | * Iteration count is randomized | |
274 | * (between {@value #DEFAULT_MIN_ITER} and ({@value #DEFAULT_MIN_ITER} + {@value #DEFAULT_ITER_RANGE})). | |
275 | * | |
276 | * @param keySize Size of key to be generated in bytes. A negative value means that the key length should be | |
277 | * smartly deducted from the context of use. | |
278 | * @param salt the salt to be mixed with the password. | |
279 | * @param prf a pseudo random function hint. | |
280 | * @param random a random source to get randomized values. | |
281 | */ | |
282 | 0 | public PBKDF2Parameters(int keySize, byte[] salt, String prf, SecureRandom random) |
283 | { | |
284 | 0 | this(keySize, getRandomIterationCount(random), salt, prf); |
285 | } | |
286 | ||
287 | /** | |
288 | * Initialise parameters with a key length, an iteration count and a salt. | |
289 | * | |
290 | * @param keySize Size of key to be generated in bytes. A negative value means that the key length should be | |
291 | * smartly deducted from the context of use. | |
292 | * @param iterationCount the number of iterations the "mixing" function is to be applied for. | |
293 | * @param salt the salt to be mixed with the password. | |
294 | */ | |
295 | 11 | public PBKDF2Parameters(int keySize, int iterationCount, byte[] salt) |
296 | { | |
297 | 11 | this(keySize, iterationCount, salt, null); |
298 | } | |
299 | ||
300 | /** | |
301 | * Initialise parameters with a key length, an iteration count and a salt. | |
302 | * | |
303 | * @param keySize Size of key to be generated in bytes. A negative value means that the key length should be | |
304 | * smartly deducted from the context of use. | |
305 | * @param iterationCount the number of iterations the "mixing" function is to be applied for. | |
306 | * @param salt the salt to be mixed with the password. | |
307 | * @param prf the pseudo random function hint to be used to retrieve the pseudo random function. | |
308 | */ | |
309 | 45 | public PBKDF2Parameters(int keySize, int iterationCount, byte[] salt, String prf) |
310 | { | |
311 | 45 | super(keySize); |
312 | 45 | this.salt = salt; |
313 | 45 | this.iterationCount = iterationCount; |
314 | 45 | this.prf = prf; |
315 | } | |
316 | ||
317 | 10 | private static int getRandomIterationCount(SecureRandom random) |
318 | { | |
319 | 10 | return random.nextInt(DEFAULT_ITER_RANGE) + DEFAULT_MIN_ITER; |
320 | } | |
321 | ||
322 | 16 | private static byte[] getRandomSalt(SecureRandom random) |
323 | { | |
324 | 16 | byte[] salt = new byte[SALT_DEFAULT_SIZE]; |
325 | 16 | random.nextBytes(salt); |
326 | 16 | return salt; |
327 | } | |
328 | ||
329 | 13 | @Override |
330 | public String getAlgorithmName() | |
331 | { | |
332 | 13 | return "PKCS5S2"; |
333 | } | |
334 | ||
335 | /** | |
336 | * @return the number of iterations the "mixing" function is to be applied for. | |
337 | */ | |
338 | 81 | public int getIterationCount() |
339 | { | |
340 | 81 | return this.iterationCount; |
341 | } | |
342 | ||
343 | /** | |
344 | * @return the salt to be mixed with the password. | |
345 | */ | |
346 | 81 | public byte[] getSalt() |
347 | { | |
348 | 81 | return this.salt; |
349 | } | |
350 | ||
351 | /** | |
352 | * @return the pseudo random function hint, or null for default. | |
353 | */ | |
354 | 77 | public String getPseudoRandomFuntionHint() |
355 | { | |
356 | 77 | return this.prf; |
357 | } | |
358 | } |