Crypto: Add any digest to key generation.

Benoît Bleuzé · Benoît Bleuzé · commit 2aa6657717b8 · 2015-08-31T09:25:34.000+02:00
diff --git a/Crypto/include/Poco/Crypto/CipherKey.h b/Crypto/include/Poco/Crypto/CipherKey.h
@@ -47,6 +47,16 @@ class Crypto_API CipherKey
 	///     std::string salt("asdff8723lasdf(**923412");
 	///     CipherKey key("aes-256", password, salt);
 	///
+	/// You may also control the digest and the number of iterations used to generate the key
+	/// by specifying the specific values. Here we create a key with the same data as before,
+	/// except that we use 100 iterations instead of DEFAULT_ITERATION_COUNT, and sha1 instead of
+	/// the default md5:
+	///
+	///     std::string password = "secret";
+	///     std::string salt("asdff8723lasdf(**923412");
+	///     std::string digest ("sha1");
+	///     CipherKey key("aes-256", password, salt, 100, digest);
+	///
 {
 public:
 	typedef CipherKeyImpl::Mode Mode;
@@ -63,9 +73,10 @@ class Crypto_API CipherKey
 	CipherKey(const std::string& name, 
 		const std::string& passphrase, 
 		const std::string& salt = "",
-		int iterationCount = DEFAULT_ITERATION_COUNT);
+		int iterationCount = DEFAULT_ITERATION_COUNT,
+		const std::string& digest = "md5");
 		/// Creates a new CipherKeyImpl object using the given
-		/// cipher name, passphrase, salt value and iteration count.
+		/// cipher name, passphrase, salt value, iteration count and digest.
 
 	CipherKey(const std::string& name, 
 		const ByteVec& key, 
diff --git a/Crypto/include/Poco/Crypto/CipherKeyImpl.h b/Crypto/include/Poco/Crypto/CipherKeyImpl.h
@@ -53,17 +53,19 @@ class CipherKeyImpl: public RefCountedObject
 		MODE_OFB			/// Output feedback
 	};
 
-	CipherKeyImpl(const std::string& name, 
-		const std::string& passphrase, 
+	CipherKeyImpl(const std::string& name,
+		const std::string& passphrase,
 		const std::string& salt,
-		int iterationCount);
+		int iterationCount,
+		const std::string &digest);
 		/// Creates a new CipherKeyImpl object, using
 		/// the given cipher name, passphrase, salt value
 		/// and iteration count.
 
 	CipherKeyImpl(const std::string& name, 
 		const ByteVec& key, 
-		const ByteVec& iv);
+		const ByteVec& iv
+	);
 		/// Creates a new CipherKeyImpl object, using the 
 		/// given cipher name, key and initialization vector.
 
@@ -118,6 +120,7 @@ class CipherKeyImpl: public RefCountedObject
 
 private:
 	const EVP_CIPHER*  _pCipher;
+	const EVP_MD*      _pDigest;
 	std::string	       _name;
 	ByteVec		       _key;
 	ByteVec		       _iv;
diff --git a/Crypto/src/CipherKey.cpp b/Crypto/src/CipherKey.cpp
@@ -21,8 +21,9 @@ namespace Poco {
 namespace Crypto {
 
 
-CipherKey::CipherKey(const std::string& name, const std::string& passphrase,  const std::string& salt, int iterationCount):
-	_pImpl(new CipherKeyImpl(name, passphrase, salt, iterationCount))
+CipherKey::CipherKey(const std::string& name, const std::string& passphrase,  const std::string& salt, int iterationCount,
+	const std::string &digest):
+	_pImpl(new CipherKeyImpl(name, passphrase, salt, iterationCount, digest))
 {
 }
 
diff --git a/Crypto/src/CipherKeyImpl.cpp b/Crypto/src/CipherKeyImpl.cpp
@@ -27,11 +27,13 @@ namespace Poco {
 namespace Crypto {
 
 
-CipherKeyImpl::CipherKeyImpl(const std::string& name, 
+CipherKeyImpl::CipherKeyImpl(const std::string& name,
 	const std::string& passphrase, 
 	const std::string& salt,
-	int iterationCount):
+	int iterationCount,
+	const std::string& digest):
 	_pCipher(0),
+	_pDigest(0),
 	_name(name),
 	_key(),
 	_iv()
@@ -42,6 +44,13 @@ CipherKeyImpl::CipherKeyImpl(const std::string& name,
 
 	if (!_pCipher)
 		throw Poco::NotFoundException("Cipher " + name + " was not found");
+
+	_pDigest = EVP_get_digestbyname(digest.c_str());
+
+	if (!_pDigest)
+		throw Poco::NotFoundException("Digest " + name + " was not found");
+
+
 	_key = ByteVec(keySize());
 	_iv = ByteVec(ivSize());
 	generateKey(passphrase, salt, iterationCount);
@@ -145,7 +154,6 @@ void CipherKeyImpl::generateKey(
 
 	// OpenSSL documentation specifies that the salt must be an 8-byte array.
 	unsigned char saltBytes[8];
-
 	if (!salt.empty())
 	{
 		int len = static_cast<int>(salt.size());
@@ -156,10 +164,10 @@ void CipherKeyImpl::generateKey(
 			saltBytes[i % 8] ^= salt.at(i);
 	}
 
-	// Now create the key and IV, using the MD5 digest algorithm.
+	// Now create the key and IV, using the digest set in the constructor.
 	int keySize = EVP_BytesToKey(
 		_pCipher,
-		EVP_md5(),
+		_pDigest,
 		(salt.empty() ? 0 : saltBytes),
 		reinterpret_cast<const unsigned char*>(password.data()),
 		static_cast<int>(password.size()),

Original file line number	Diff line number	Diff line change
`@@ -21,8 +21,9 @@ namespace Poco {`
`21`	`21`	`namespace Crypto {`
`22`	`22`
`23`	`23`
`24`		`-CipherKey::CipherKey(const std::string& name, const std::string& passphrase, const std::string& salt, int iterationCount):`
`25`		`- _pImpl(new CipherKeyImpl(name, passphrase, salt, iterationCount))`
	`24`	`+CipherKey::CipherKey(const std::string& name, const std::string& passphrase, const std::string& salt, int iterationCount,`
	`25`	`+ const std::string &digest):`
	`26`	`+ _pImpl(new CipherKeyImpl(name, passphrase, salt, iterationCount, digest))`
`26`	`27`	`{`
`27`	`28`	`}`
`28`	`29`