Update: Provide PBKDF2-based algorithms publically (#139)

linuxwolf · web-flow · commit 0a6e324eb5d1 · 2017-09-29T11:31:21.000-06:00
diff --git a/lib/algorithms/pbes2.js b/lib/algorithms/pbes2.js
@@ -23,6 +23,120 @@ function fixSalt(hmac, kw, salt) {
   return Buffer.concat(output);
 }
 
+function pbkdf2Fn(hash) {
+  function prepareProps(props) {
+    props = props || {};
+    var keyLen = props.length || 0;
+    var salt = util.asBuffer(props.salt || new Buffer(0), "base64u4l"),
+        itrs = props.iterations || 0;
+
+    if (0 >= keyLen) {
+      throw new Error("invalid key length");
+    }
+    if (0 >= itrs) {
+      throw new Error("invalid iteration count");
+    }
+
+    props.length = keyLen;
+    props.salt = salt;
+    props.iterations = itrs;
+
+    return props;
+  }
+
+  var fallback = function(key, props) {
+    try {
+      props = prepareProps(props);
+    } catch (err) {
+      return Promise.reject(err);
+    }
+
+    var keyLen = props.length,
+        salt = props.salt,
+        itrs = props.iterations;
+
+    var promise = new Promise(function(resolve, reject) {
+      var md = forge.md[hash.replace("-", "").toLowerCase()].create();
+      var cb = function(err, dk) {
+        if (err) {
+          reject(err);
+        } else {
+          dk = new Buffer(dk, "binary");
+          resolve(dk);
+        }
+      };
+
+      forge.pkcs5.pbkdf2(key.toString("binary"),
+                         salt.toString("binary"),
+                         itrs,
+                         keyLen,
+                         md,
+                         cb);
+    });
+    return promise;
+  };
+  var webcrypto = function(key, props) {
+    try {
+      props = prepareProps(props);
+    } catch (err) {
+      return Promise.reject(err);
+    }
+
+    var keyLen = props.length,
+        salt = props.salt,
+        itrs = props.iterations;
+
+    var promise = Promise.resolve(key);
+    promise = promise.then(function(keyval) {
+      return helpers.subtleCrypto.importKey("raw", keyval, "PBKDF2", false, ["deriveBits"]);
+    });
+    promise = promise.then(function(key) {
+      var mainAlgo = {
+        name: "PBKDF2",
+        salt: salt,
+        iterations: itrs,
+        hash: hash
+      };
+
+      return helpers.subtleCrypto.deriveBits(mainAlgo, key, keyLen * 8);
+    });
+    promise = promise.then(function(result) {
+      return util.asBuffer(result);
+    });
+    return promise;
+  };
+  var nodejs = function(key, props) {
+    if (6 > helpers.nodeCrypto.pbkdf2.length) {
+      throw new Error("unsupported algorithm: PBES2-" + hmac + "+" + kw);
+    }
+
+    try {
+      props = prepareProps(props);
+    } catch (err) {
+      return Promise.reject(err);
+    }
+
+    var keyLen = props.length,
+        salt = props.salt,
+        itrs = props.iterations;
+
+        var md = hash.replace("-", "");
+    var promise = new Promise(function(resolve, reject) {
+      function cb(err, dk) {
+        if (err) {
+          reject(err);
+        } else {
+          resolve(dk);
+        }
+      }
+      helpers.nodeCrypto.pbkdf2(key, salt, itrs, keyLen, md, cb);
+    });
+    return promise;
+  };
+
+  return helpers.setupFallback(nodejs, webcrypto, fallback);
+}
+
 function pbes2EncryptFN(hmac, kw) {
   var keyLen = CONSTANTS.KEYLENGTH[kw] / 8;
 
@@ -33,11 +147,10 @@ function pbes2EncryptFN(hmac, kw) {
         itrs = props.p2c || 0;
 
     if (0 >= itrs) {
-      return Promise.reject(new Error("invalid iteration count"));
+      throw new Error("invalid iteration count");
     }
-
     if (8 > salt.length) {
-      return Promise.reject(new Error("salt too small"));
+      throw new Error("salt too small");
     }
     salt = fixSalt(hmac, kw, salt);
 
@@ -71,14 +184,16 @@ function pbes2EncryptFN(hmac, kw) {
   };
 
   var webcrypto = function(key, pdata, props) {
+    props = props || {};
+
     var salt = util.asBuffer(props.p2s || new Buffer(0), "base64url"),
         itrs = props.p2c || 0;
 
     if (0 >= itrs) {
-      return Promise.reject(new Error("invalid iteration count"));
+      throw new Error("invalid iteration count");
     }
     if (8 > salt.length) {
-      return Promise.reject(new Error("salt too small"));
+      throw new Error("salt too small");
     }
     salt = fixSalt(hmac, kw, salt);
 
@@ -139,11 +254,10 @@ function pbes2EncryptFN(hmac, kw) {
         itrs = props.p2c || 0;
 
     if (0 >= itrs) {
-      return Promise.reject(new Error("invalid iteration count"));
+      throw new Error("invalid iteration count");
     }
-
     if (8 > salt.length) {
-      return Promise.reject(new Error("salt too small"));
+      throw new Error("salt too small");
     }
     salt = fixSalt(hmac, kw, salt);
 
@@ -316,9 +430,22 @@ function pbes2DecryptFN(hmac, kw) {
 }
 
 // ### Public API
+var pbes2 = {};
+
+// * [name].derive
+[
+  "PBKDF2-SHA-256",
+  "PBKDF2-SHA-384",
+  "PBKDF2-SHA-512"
+].forEach(function(alg) {
+  var hash = alg.replace("PBKDF2-", "");
+  pbes2[alg] = {
+    derive: pbkdf2Fn(hash)
+  };
+});
+
 // [name].encrypt
 // [name].decrypt
-var pbes2 = {};
 [
   "PBES2-HS256+A128KW",
   "PBES2-HS384+A192KW",
diff --git a/test/algorithms/pbes2-test.js b/test/algorithms/pbes2-test.js
@@ -11,7 +11,63 @@ var algorithms = require("../../lib/algorithms/"),
     util = require("../../lib/util");
 
 describe("algorithms/pbes2", function() {
-  var vectors = [
+  var deriveVectors = [
+    {
+      alg: "PBKDF2-SHA-256",
+      desc: "Password-based Key Derivation using HMAC-SHA-256 {password=password, salt=salt, iterations=1}",
+      password: new Buffer("password"),
+      salt: new Buffer("salt"),
+      iterations: 1,
+      length: 32,
+      derived: "120fb6cffcf8b32c43e7225256c4f837a86548c92ccc35480805987cb70be17b"
+    },
+    {
+      alg: "PBKDF2-SHA-256",
+      desc: "Password-based Key Derivation using HMAC-SHA-256 {password=password, salt=salt, iterations=2}",
+      password: new Buffer("password"),
+      salt: new Buffer("salt"),
+      iterations: 2,
+      length: 32,
+      derived: "ae4d0c95af6b46d32d0adff928f06dd02a303f8ef3c251dfd6e2d85a95474c43"
+    },
+    {
+      alg: "PBKDF2-SHA-256",
+      desc: "Password-based Key Derivation using HMAC-SHA-256 {password=password, salt=salt, iterations=4096}",
+      password: new Buffer("password"),
+      salt: new Buffer("salt"),
+      iterations: 4096,
+      length: 32,
+      derived: "c5e478d59288c841aa530db6845c4c8d962893a001ce4e11a4963873aa98134a"
+    },
+    {
+      alg: "PBKDF2-SHA-256",
+      desc: "Password-based Key Derivation using HMAC-SHA-256 {password=passwordPASSWORDpassword, salt=saltSALTsaltSALTsaltSALTsaltSALTsalt, iterations=4096}",
+      password: new Buffer("passwordPASSWORDpassword"),
+      salt: new Buffer("saltSALTsaltSALTsaltSALTsaltSALTsalt"),
+      iterations: 4096,
+      length: 40,
+      derived: "348c89dbcbd32b2f32d814b8116e84cf2b17347ebc1800181c4e2a1fb8dd53e1c635518c7dac47e9"
+    }
+  ];
+  deriveVectors.forEach(function(v) {
+    var key = v.password,
+        props = {
+          salt: v.salt,
+          iterations: v.iterations,
+          length: v.length
+        },
+        derived = v.derived;
+
+    it("performs " + v.alg + " (" + v.desc + ")", function() {
+      var promise = algorithms.derive(v.alg, key, props);
+      promise = promise.then(function(result) {
+        assert.equal(result.toString("hex"), derived);
+      });
+      return promise;
+    });
+  });
+
+  var encVectors = [
     {
       alg: "PBES2-HS256+A128KW",
       desc: "Password-Based Encryption using HMAC-SHA-256 and AES-128-KW",
@@ -43,7 +99,7 @@ describe("algorithms/pbes2", function() {
     }
   ];
 
-  vectors.forEach(function(v) {
+  encVectors.forEach(function(v) {
     var key = v.password,
         props = {
           p2s: v.salt,
