d4/d2d/qpassworddigestor_8cpp_source.html

// Copyright (C) 2018 The Qt Company Ltd.

// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only


#include "qpassworddigestor.h"


#include <QtCore/QDebug>

#include <QtCore/QMessageAuthenticationCode>

#include <QtCore/QtEndian>

#include <QtCore/QList>


#include "qtcore-config_p.h"


#include <limits>


#if QT_CONFIG(opensslv30) && QT_CONFIG(openssl_linked)

#define USING_OPENSSL30

#include <openssl/core_names.h>

#include <openssl/kdf.h>

#include <openssl/params.h>

#include <openssl/provider.h>

#endif


QT_BEGIN_NAMESPACE

namespace QPasswordDigestor {


Q_NETWORK_EXPORT QByteArray deriveKeyPbkdf1(QCryptographicHash::Algorithm algorithm,

                                            const QByteArray &data, const QByteArray &salt,

                                            int iterations, quint64 dkLen)

{

    // https://tools.ietf.org/html/rfc8018#section-5.1


    if (algorithm != QCryptographicHash::Sha1

#ifndef QT_CRYPTOGRAPHICHASH_ONLY_SHA1

        && algorithm != QCryptographicHash::Md5

#endif

    ) {

        qWarning("The only supported algorithms for pbkdf1 are SHA-1 and MD5!");

        return QByteArray();

    }


    if (salt.size() != 8) {

        qWarning("The salt must be 8 bytes long!");

        return QByteArray();

    }

    if (iterations < 1 || dkLen < 1)

        return QByteArray();


    if (dkLen > quint64(QCryptographicHash::hashLength(algorithm))) {

        qWarning() << "Derived key too long:\n"

                   << algorithm << "was chosen which produces output of length"

                   << QCryptographicHash::hashLength(algorithm) << "but" << dkLen

                   << "was requested.";

        return QByteArray();

    }


    QCryptographicHash hash(algorithm);

    hash.addData(data);

    hash.addData(salt);

    QByteArray key = hash.result();


    for (int i = 1; i < iterations; i++) {

        hash.reset();

        hash.addData(key);

        key = hash.result();

    }

    return key.left(dkLen);

}


#ifdef USING_OPENSSL30

// Copied from QCryptographicHashPrivate

static constexpr const char * methodToName(QCryptographicHash::Algorithm method) noexcept

{

    switch (method) {

#define CASE(Enum, Name) \

    case QCryptographicHash:: Enum : \

        return Name \

    /*end*/

    CASE(Sha1, "SHA1");

    CASE(Md4, "MD4");

    CASE(Md5, "MD5");

    CASE(Sha224, "SHA224");

    CASE(Sha256, "SHA256");

    CASE(Sha384, "SHA384");

    CASE(Sha512, "SHA512");

    CASE(RealSha3_224, "SHA3-224");

    CASE(RealSha3_256, "SHA3-256");

    CASE(RealSha3_384, "SHA3-384");

    CASE(RealSha3_512, "SHA3-512");

    CASE(Keccak_224, "SHA3-224");

    CASE(Keccak_256, "SHA3-256");

    CASE(Keccak_384, "SHA3-384");

    CASE(Keccak_512, "SHA3-512");

    CASE(Blake2b_512, "BLAKE2B512");

    CASE(Blake2s_256, "BLAKE2S256");

#undef CASE

    default: return nullptr;

    }

}


static QByteArray opensslDeriveKeyPbkdf2(QCryptographicHash::Algorithm algorithm,

                                         const QByteArray &data, const QByteArray &salt,

                                         uint64_t iterations, quint64 dkLen)

{

    EVP_KDF *kdf = EVP_KDF_fetch(nullptr, "PBKDF2", nullptr);


    if (!kdf)

        return QByteArray();


    auto cleanUpKdf = qScopeGuard([kdf] {

        EVP_KDF_free(kdf);

    });


    EVP_KDF_CTX *ctx = EVP_KDF_CTX_new(kdf);


    if (!ctx)

        return QByteArray();


    auto cleanUpCtx = qScopeGuard([ctx] {

        EVP_KDF_CTX_free(ctx);

    });


    // Do not enable SP800-132 compliance check, otherwise we will require:

    // - the iteration count is at least 1000

    // - the salt length is at least 128 bits

    // - the derived key length is at least 112 bits

    // This would be a different behavior from the original implementation.

    int checkDisabled = 1;

    QList<OSSL_PARAM> params;

    params.append(OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, const_cast<char*>(methodToName(algorithm)), 0));

    params.append(OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, const_cast<char*>(salt.data()), salt.size()));

    params.append(OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, const_cast<char*>(data.data()), data.size()));

    params.append(OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_ITER, &iterations));

    params.append(OSSL_PARAM_construct_int(OSSL_KDF_PARAM_PKCS5, &checkDisabled));

    params.append(OSSL_PARAM_construct_end());


    if (EVP_KDF_CTX_set_params(ctx, params.data()) <= 0)

        return QByteArray();


    QByteArray derived(dkLen, '\0');


    if (!EVP_KDF_derive(ctx, reinterpret_cast<unsigned char*>(derived.data()), derived.size(), nullptr))

        return QByteArray();


    return derived;

}

#endif


Q_NETWORK_EXPORT QByteArray deriveKeyPbkdf2(QCryptographicHash::Algorithm algorithm,

                                            const QByteArray &data, const QByteArray &salt,

                                            int iterations, quint64 dkLen)

{

    // The RFC recommends checking that 'dkLen' is not greater than '(2^32 - 1) * hLen'

    int hashLen = QCryptographicHash::hashLength(algorithm);

    const quint64 maxLen = quint64(std::numeric_limits<quint32>::max() - 1) * hashLen;

    if (dkLen > maxLen) {

        qWarning().nospace() << "Derived key too long:\n"

                             << algorithm << " was chosen which produces output of length "

                             << maxLen << " but " << dkLen << " was requested.";

        return QByteArray();

    }


    if (iterations < 1 || dkLen < 1)

        return QByteArray();


#ifdef USING_OPENSSL30

    if (methodToName(algorithm))

        return opensslDeriveKeyPbkdf2(algorithm, data, salt, iterations, dkLen);

#endif


    // https://tools.ietf.org/html/rfc8018#section-5.2

    QByteArray key;

    quint32 currentIteration = 1;

    QMessageAuthenticationCode hmac(algorithm, data);

    QByteArray index(4, Qt::Uninitialized);

    while (quint64(key.size()) < dkLen) {

        hmac.addData(salt);


        qToBigEndian(currentIteration, index.data());

        hmac.addData(index);


        QByteArray u = hmac.result();

        hmac.reset();

        QByteArray tkey = u;

        for (int iter = 1; iter < iterations; iter++) {

            hmac.addData(u);

            u = hmac.result();

            hmac.reset();

            std::transform(tkey.cbegin(), tkey.cend(), u.cbegin(), tkey.begin(),

                           std::bit_xor<char>());

        }

        key += tkey;

        currentIteration++;

    }

    return key.left(dkLen);

}

} // namespace QPasswordDigestor

QT_END_NAMESPACE

QByteArray
\inmodule QtCore
Definition qbytearray.h:57

QByteArray::data
char * data()
\macro QT_NO_CAST_FROM_BYTEARRAY
Definition qbytearray.h:534

QByteArray::size
qsizetype size() const noexcept
Returns the number of bytes in this byte array.
Definition qbytearray.h:474

QByteArray::cbegin
const_iterator cbegin() const noexcept
Definition qbytearray.h:430

QByteArray::cend
const_iterator cend() const noexcept
Definition qbytearray.h:434

QByteArray::left
QByteArray left(qsizetype len) const
Returns a byte array that contains the first len bytes of this byte array.
Definition qbytearray.cpp:3039

QByteArray::begin
iterator begin()
Returns an \l{STL-style iterators}{STL-style iterator} pointing to the first byte in the byte-array.
Definition qbytearray.h:428

QCryptographicHash
\inmodule QtCore
Definition qcryptographichash.h:19

QCryptographicHash::Algorithm
Algorithm
Definition qcryptographichash.h:22

QCryptographicHash::Sha1
@ Sha1
Definition qcryptographichash.h:27

QCryptographicHash::Md5
@ Md5
Definition qcryptographichash.h:25

QCryptographicHash::hashLength
static int hashLength(Algorithm method)
Returns the size of the output of the selected hash method in bytes.
Definition qcryptographichash.cpp:1134

QList
Definition qlist.h:74

QMessageAuthenticationCode
\inmodule QtCore
Definition qmessageauthenticationcode.h:17

QMessageAuthenticationCode::addData
void addData(const char *data, qsizetype length)
This is an overloaded member function, provided for convenience. It differs from the above function o...
Definition qcryptographichash.cpp:1513

QMessageAuthenticationCode::result
QByteArray result() const
Returns the final authentication code.
Definition qcryptographichash.cpp:1562

QMessageAuthenticationCode::reset
void reset() noexcept
Resets message data.
Definition qcryptographichash.cpp:1465

ctx
EGLContext ctx
Definition dmabufserverbufferintegration.h:20

hash
QHash< int, QWidget * > hash
[35multi]
Definition doc_src_containers.cpp:112

i
i
[1]
Definition doc_src_containers.cpp:167

QPasswordDigestor
\inmodule QtNetwork
Definition qpassworddigestor.cpp:24

QPasswordDigestor::deriveKeyPbkdf1
Q_NETWORK_EXPORT QByteArray deriveKeyPbkdf1(QCryptographicHash::Algorithm algorithm, const QByteArray &data, const QByteArray &salt, int iterations, quint64 dkLen)
Definition qpassworddigestor.cpp:57

QPasswordDigestor::deriveKeyPbkdf2
Q_NETWORK_EXPORT QByteArray deriveKeyPbkdf2(QCryptographicHash::Algorithm algorithm, const QByteArray &data, const QByteArray &salt, int iterations, quint64 dkLen)
Definition qpassworddigestor.cpp:196

QT_BEGIN_NAMESPACE
Combined button and popup list for selecting options.
Definition qstandardpaths_haiku.cpp:21

QT_END_NAMESPACE
Definition qsharedpointer.cpp:1545

Qt::Uninitialized
constexpr Initialization Uninitialized
Definition qnamespace.h:1587

CASE
#define CASE(Enum, Size)

iter
DBusConnection const char DBusError DBusBusType DBusError return DBusConnection DBusHandleMessageFunction void DBusFreeFunction return DBusConnection return DBusConnection return const char DBusError return DBusConnection DBusMessage dbus_uint32_t return DBusConnection dbus_bool_t DBusConnection DBusAddWatchFunction DBusRemoveWatchFunction DBusWatchToggledFunction void DBusFreeFunction return DBusConnection DBusDispatchStatusFunction void DBusFreeFunction DBusTimeout return DBusTimeout return DBusWatch return DBusWatch unsigned int return DBusError const DBusError return const DBusMessage return DBusMessage return DBusMessage return DBusMessage return DBusMessage return DBusMessage return DBusMessageIter * iter
Definition qdbus_symbols_p.h:302

method
DBusConnection const char DBusError DBusBusType DBusError return DBusConnection DBusHandleMessageFunction void DBusFreeFunction return DBusConnection return DBusConnection return const char DBusError return DBusConnection DBusMessage dbus_uint32_t return DBusConnection dbus_bool_t DBusConnection DBusAddWatchFunction DBusRemoveWatchFunction DBusWatchToggledFunction void DBusFreeFunction return DBusConnection DBusDispatchStatusFunction void DBusFreeFunction DBusTimeout return DBusTimeout return DBusWatch return DBusWatch unsigned int return DBusError const DBusError return const DBusMessage return DBusMessage return DBusMessage return DBusMessage return DBusMessage return DBusMessage return DBusMessageIter int const void return DBusMessageIter DBusMessageIter return DBusMessageIter void DBusMessageIter void int return DBusMessage DBusMessageIter return DBusMessageIter return DBusMessageIter DBusMessageIter const char const char const char const char * method
Definition qdbus_symbols_p.h:348

qToBigEndian
constexpr T qToBigEndian(T source)
Definition qendian.h:172

qWarning
#define qWarning
Definition qlogging.h:162

key
GLuint64 key
Definition qopengles2ext.h:2268

index
GLuint index
[2]
Definition qopengles2ext.h:331

data
GLint GLsizei GLsizei GLenum GLenum GLsizei void * data
Definition qopengles2ext.h:206

params
void ** params
Definition qopengles2ext.h:160

qpassworddigestor.h

qScopeGuard
QScopeGuard< typename std::decay< F >::type > qScopeGuard(F &&f)
[qScopeGuard]
Definition qscopeguard.h:60

quint32
unsigned int quint32
Definition qtypes.h:45

quint64
unsigned long long quint64
Definition qtypes.h:56

derived
QExplicitlySharedDataPointer< Derived > derived(base)