1 unit KeyDeriv; 2 3 {Key Derivation Function with SHAxx and Whirlpool, obsolete: use pb_kdf!} 4 5 6 interface 7 8 (************************************************************************* 9 10 DESCRIPTION : RFC 2898: Password Based Key Derivation Function 2 11 12 REQUIREMENTS : TP5-7, D1-D7/D9-D10, FPC, VP 13 14 EXTERNAL DATA : --- 15 16 MEMORY USAGE : --- 17 18 DISPLAY MODE : --- 19 20 REFERENCES : http://www.faqs.org/rfcs/rfc2898.html 21 http://www.faqs.org/rfcs/rfc3211.html [includes test vectors] 22 23 Version Date Author Modification 24 ------- -------- ------- ------------------------------------------ 25 1.00 09.03.03 W.Ehrhardt Initial version (BP7 port of Gladman code) 26 1.10 14.08.03 we Use HMACSHA1 vers 1.01 27 1.11 15.08.03 we Complete rewrite close to RFC PBKDF2, 28 only one ctx (no need to optimize speed!) 29 1.12 15.08.03 we TP 5.5, TP6.0 30 1.13 27.09.03 we FPC/go32v2 31 1.21 05.10.03 we with STD.INC, TP5 32 1.22 04.12.03 we comments, version for strings 33 1.23 12.04.04 we Delphi 7 34 1.24 07.07.04 we PBKDF2S with THMACSHA1_string, stdcall for DLL 35 1.25 04.01.05 we with HMAC256, IncMSB, TKD_String 36 1.26 04.01.05 we Counter C now longint (on user request) 37 1.27 04.01.05 we with HMAC512 38 1.28 05.05.05 we $ifndef SHA1ONLY to avoid SHA256/512 overhead 39 1.29 11.12.05 we Whirlpool 40 1.30 17.01.06 we Obsolete/legacy: shell for pb_kdf; HaltOnError 41 **************************************************************************) 42 43 44 (*------------------------------------------------------------------------- 45 (C) Copyright 2002-2006 Wolfgang Ehrhardt 46 47 This software is provided 'as-is', without any express or implied warranty. 48 In no event will the authors be held liable for any damages arising from 49 the use of this software. 50 51 Permission is granted to anyone to use this software for any purpose, 52 including commercial applications, and to alter it and redistribute it 53 freely, subject to the following restrictions: 54 55 1. The origin of this software must not be misrepresented; you must not 56 claim that you wrote the original software. If you use this software in 57 a product, an acknowledgment in the product documentation would be 58 appreciated but is not required. 59 60 2. Altered source versions must be plainly marked as such, and must not be 61 misrepresented as being the original software. 62 63 3. This notice may not be removed or altered from any source distribution. 64 ----------------------------------------------------------------------------*) 65 66 {$i STD.INC} 67 68 uses 69 Hash,HMAC,pb_kdf, 70 {$ifndef SHA1ONLY} 71 SHA256, SHA512, Whirl512, 72 {$endif} 73 SHA1; 74 75 76 type 77 TKD_String = string[255]; 78 79 const 80 HaltOnError : boolean = true; {RunError(255) on error return from kdf2} 81 82 83 procedure PBKDF2(pPW: pointer; pLen: word; salt: pointer; sLen: word; C: longint; var DK; dkLen: word); 84 {-Derive key DK from password pPW using salt and iteration count C, uses HMACSHA1} 85 {$ifdef DLL} stdcall; {$endif} 86 87 procedure PBKDF2S(sPW: TKD_String; salt: pointer; sLen: word; C: longint; var DK; dkLen: word); 88 {-Derive key DK from password string sPW using salt and iteration count C, uses HMACSHA} 89 {$ifdef DLL} stdcall; {$endif} 90 91 {$ifndef SHA1ONLY} 92 procedure PBKDF2_256(pPW: pointer; pLen: word; salt: pointer; sLen: word; C: longint; var DK; dkLen: word); 93 {-Derive key DK from password pPW using salt and iteration count C, uses HMACSHA256} 94 {$ifdef DLL} stdcall; {$endif} 95 96 procedure PBKDF2S_256(sPW: TKD_String; salt: pointer; sLen: word; C: longint; var DK; dkLen: word); 97 {-Derive key DK from password string sPW using salt and iteration count C, uses HMACSHA256} 98 {$ifdef DLL} stdcall; {$endif} 99 100 procedure PBKDF2_512(pPW: pointer; pLen: word; salt: pointer; sLen: word; C: longint; var DK; dkLen: word); 101 {-Derive key DK from password pPW using salt and iteration count C, uses HMACSHA512} 102 {$ifdef DLL} stdcall; {$endif} 103 104 procedure PBKDF2S_512(sPW: TKD_String; salt: pointer; sLen: word; C: longint; var DK; dkLen: word); 105 {-Derive key DK from password string sPW using salt and iteration count C, uses HMACSHA512} 106 {$ifdef DLL} stdcall; {$endif} 107 108 procedure PBKDF2_Whirl(pPW: pointer; pLen: word; salt: pointer; sLen: word; C: longint; var DK; dkLen: word); 109 {-Derive key DK from password pPW using salt and iteration count C, uses HMAC_Whirl} 110 {$ifdef DLL} stdcall; {$endif} 111 112 procedure PBKDF2S_Whirl(sPW: TKD_String; salt: pointer; sLen: word; C: longint; var DK; dkLen: word); 113 {-Derive key DK from password string sPW using salt and iteration count C, uses HMAC-Whirl} 114 {$ifdef DLL} stdcall; {$endif} 115 {$endif} 116 117 118 119 implementation 120 121 122 {---------------------------------------------------------------------------} 123 procedure PBKDF2(pPW: pointer; pLen: word; salt: pointer; sLen: word; C: longint; var DK; dkLen: word); 124 {-Derive key DK from password pPW using salt and iteration count C, uses HMACSHA} 125 begin 126 if kdf2(FindHash_by_ID(_SHA1),pPW,pLen,salt,sLen,C,DK,dkLen)<>0 then begin 127 if HaltOnError then RunError(254); 128 end; 129 end; 130 131 132 {---------------------------------------------------------------------------} 133 procedure PBKDF2S(sPW: TKD_String; salt: pointer; sLen: word; C: longint; var DK; dkLen: word); 134 {-Derive key DK from password string sPW using salt and iteration count C, uses HMACSHA} 135 begin 136 PBKDF2(@sPW[1], length(sPW), salt, sLen, C, DK, dkLen); 137 end; 138 139 140 {$ifndef SHA1ONLY} 141 142 {---------------------------------------------------------------------------} 143 procedure PBKDF2_256(pPW: pointer; pLen: word; salt: pointer; sLen: word; C: longint; var DK; dkLen: word); 144 {-Derive key DK from password pPW using salt and iteration count C, uses HMACSHA256} 145 begin 146 if kdf2(FindHash_by_ID(_SHA256),pPW,pLen,salt,sLen,C,DK,dkLen)<>0 then begin 147 if HaltOnError then RunError(254); 148 end; 149 end; 150 151 152 {---------------------------------------------------------------------------} 153 procedure PBKDF2S_256(sPW: TKD_String; salt: pointer; sLen: word; C: longint; var DK; dkLen: word); 154 {-Derive key DK from password string sPW using salt and iteration count C, uses HMACSHA256} 155 begin 156 PBKDF2_256(@sPW[1], length(sPW), salt, sLen, C, DK, dkLen); 157 end; 158 159 {---------------------------------------------------------------------------} 160 procedure PBKDF2_512(pPW: pointer; pLen: word; salt: pointer; sLen: word; C: longint; var DK; dkLen: word); 161 {-Derive key DK from password pPW using salt and iteration count C, uses HMACSHA512} 162 begin 163 if kdf2(FindHash_by_ID(_SHA512),pPW,pLen,salt,sLen,C,DK,dkLen)<>0 then begin 164 if HaltOnError then RunError(254); 165 end; 166 end; 167 168 169 {---------------------------------------------------------------------------} 170 procedure PBKDF2S_512(sPW: TKD_String; salt: pointer; sLen: word; C: longint; var DK; dkLen: word); 171 {-Derive key DK from password string sPW using salt and iteration count C, uses HMACSHA512} 172 begin 173 PBKDF2_512(@sPW[1], length(sPW), salt, sLen, C, DK, dkLen); 174 end; 175 176 177 {---------------------------------------------------------------------------} 178 procedure PBKDF2_Whirl(pPW: pointer; pLen: word; salt: pointer; sLen: word; C: longint; var DK; dkLen: word); 179 {-Derive key DK from password pPW using salt and iteration count C, uses HMAC_Whirl} 180 begin 181 if kdf2(FindHash_by_ID(_Whirlpool),pPW,pLen,salt,sLen,C,DK,dkLen)<>0 then begin 182 if HaltOnError then RunError(254); 183 end; 184 end; 185 186 187 {---------------------------------------------------------------------------} 188 procedure PBKDF2S_Whirl(sPW: TKD_String; salt: pointer; sLen: word; C: longint; var DK; dkLen: word); 189 {-Derive key DK from password string sPW using salt and iteration count C, uses HMAC-Whirl} 190 begin 191 PBKDF2_Whirl(@sPW[1], length(sPW), salt, sLen, C, DK, dkLen); 192 end; 193 194 {$endif} 195 196 end. 197