1
0
mirror of https://github.com/moparisthebest/mail synced 2024-11-15 13:45:08 -05:00
mail/src/lib/pbkdf2.js

164 lines
4.4 KiB
JavaScript
Raw Normal View History

2013-06-10 11:57:33 -04:00
/**
* Password-Based Key-Derivation Function #2 implementation.
*
* See RFC 2898 for details.
*
* @author Dave Longley
*
* Copyright (c) 2010-2013 Digital Bazaar, Inc.
*/
(function() {
/* ########## Begin module implementation ########## */
function initModule(forge) {
var pkcs5 = forge.pkcs5 = forge.pkcs5 || {};
/**
* Derives a key from a password.
*
* @param p the password as a string of bytes.
* @param s the salt as a string of bytes.
* @param c the iteration count, a positive integer.
* @param dkLen the intended length, in bytes, of the derived key,
* (max: 2^32 - 1) * hash length of the PRF.
* @param md the message digest to use in the PRF, defaults to SHA-1.
*
* @return the derived key, as a string of bytes.
*/
2013-08-05 10:45:02 -04:00
forge.pbkdf2 = pkcs5.pbkdf2 = function(p, s, c, dkLen, md) {
2013-06-10 11:57:33 -04:00
// default prf to SHA-1
2013-09-15 16:35:59 -04:00
if(typeof md === 'undefined' || md === null) {
2013-06-10 11:57:33 -04:00
md = forge.md.sha1.create();
}
var hLen = md.digestLength;
/* 1. If dkLen > (2^32 - 1) * hLen, output "derived key too long" and
stop. */
if(dkLen > (0xFFFFFFFF * hLen)) {
throw {
message: 'Derived key is too long.'
};
}
/* 2. Let len be the number of hLen-octet blocks in the derived key,
rounding up, and let r be the number of octets in the last
block:
len = CEIL(dkLen / hLen),
r = dkLen - (len - 1) * hLen. */
var len = Math.ceil(dkLen / hLen);
var r = dkLen - (len - 1) * hLen;
/* 3. For each block of the derived key apply the function F defined
below to the password P, the salt S, the iteration count c, and
the block index to compute the block:
T_1 = F(P, S, c, 1),
T_2 = F(P, S, c, 2),
...
T_len = F(P, S, c, len),
where the function F is defined as the exclusive-or sum of the
first c iterates of the underlying pseudorandom function PRF
applied to the password P and the concatenation of the salt S
and the block index i:
F(P, S, c, i) = u_1 XOR u_2 XOR ... XOR u_c
where
u_1 = PRF(P, S || INT(i)),
u_2 = PRF(P, u_1),
...
u_c = PRF(P, u_{c-1}).
Here, INT(i) is a four-octet encoding of the integer i, most
significant octet first. */
var prf = forge.hmac.create();
prf.start(md, p);
var dk = '';
var xor, u_c, u_c1;
for(var i = 1; i <= len; ++i) {
// PRF(P, S || INT(i)) (first iteration)
2013-09-15 16:35:59 -04:00
prf.start(null, null);
2013-06-10 11:57:33 -04:00
prf.update(s);
prf.update(forge.util.int32ToBytes(i));
xor = u_c1 = prf.digest().getBytes();
// PRF(P, u_{c-1}) (other iterations)
for(var j = 2; j <= c; ++j) {
prf.start(null, null);
prf.update(u_c1);
u_c = prf.digest().getBytes();
// F(p, s, c, i)
xor = forge.util.xorBytes(xor, u_c, hLen);
u_c1 = u_c;
}
/* 4. Concatenate the blocks and extract the first dkLen octets to
produce a derived key DK:
DK = T_1 || T_2 || ... || T_len<0..r-1> */
dk += (i < len) ? xor : xor.substr(0, r);
}
/* 5. Output the derived key DK. */
return dk;
};
} // end module implementation
/* ########## Begin module wrapper ########## */
var name = 'pbkdf2';
if(typeof define !== 'function') {
// NodeJS -> AMD
if(typeof module === 'object' && module.exports) {
2013-08-05 10:45:02 -04:00
var nodeJS = true;
define = function(ids, factory) {
2013-06-10 11:57:33 -04:00
factory(require, module);
};
}
// <script>
else {
if(typeof forge === 'undefined') {
forge = {};
}
2013-08-05 10:45:02 -04:00
return initModule(forge);
2013-06-10 11:57:33 -04:00
}
}
// AMD
2013-08-05 10:45:02 -04:00
var deps;
var defineFunc = function(require, module) {
module.exports = function(forge) {
var mods = deps.map(function(dep) {
return require(dep);
}).concat(initModule);
// handle circular dependencies
forge = forge || {};
forge.defined = forge.defined || {};
if(forge.defined[name]) {
2013-06-10 11:57:33 -04:00
return forge[name];
2013-08-05 10:45:02 -04:00
}
forge.defined[name] = true;
for(var i = 0; i < mods.length; ++i) {
mods[i](forge);
}
return forge[name];
};
};
var tmpDefine = define;
define = function(ids, factory) {
deps = (typeof ids === 'string') ? factory.slice(2) : ids.slice(2);
if(nodeJS) {
delete define;
return tmpDefine.apply(null, Array.prototype.slice.call(arguments, 0));
}
define = tmpDefine;
return define.apply(null, Array.prototype.slice.call(arguments, 0));
};
define(['require', 'module', './hmac', './md', './util'], function() {
defineFunc.apply(null, Array.prototype.slice.call(arguments, 0));
});
2013-06-10 11:57:33 -04:00
})();