Code cleanup in KeyDerivation

- Rename PRF members to be HMAC functions (which is technically correct)
- Use NotNullAttribute where possible
This commit is contained in:
Levi B 2015-03-17 22:03:43 -07:00
parent 271ec1bd4b
commit ca840d3711
7 changed files with 51 additions and 57 deletions

View File

@ -3,6 +3,7 @@
using System; using System;
using Microsoft.AspNet.Cryptography.KeyDerivation.PBKDF2; using Microsoft.AspNet.Cryptography.KeyDerivation.PBKDF2;
using Microsoft.Framework.Internal;
namespace Microsoft.AspNet.Cryptography.KeyDerivation namespace Microsoft.AspNet.Cryptography.KeyDerivation
{ {
@ -24,18 +25,10 @@ namespace Microsoft.AspNet.Cryptography.KeyDerivation
/// <remarks> /// <remarks>
/// The PBKDF2 algorithm is specified in RFC 2898. /// The PBKDF2 algorithm is specified in RFC 2898.
/// </remarks> /// </remarks>
public static byte[] Pbkdf2(string password, byte[] salt, KeyDerivationPrf prf, int iterationCount, int numBytesRequested) public static byte[] Pbkdf2([NotNull] string password, [NotNull] byte[] salt, KeyDerivationPrf prf, int iterationCount, int numBytesRequested)
{ {
// parameter checking // parameter checking
if (password == null) if (prf < KeyDerivationPrf.HMACSHA1 || prf > KeyDerivationPrf.HMACSHA512)
{
throw new ArgumentNullException(nameof(password));
}
if (salt == null)
{
throw new ArgumentNullException(nameof(salt));
}
if (prf < KeyDerivationPrf.Sha1 || prf > KeyDerivationPrf.Sha512)
{ {
throw new ArgumentOutOfRangeException(nameof(prf)); throw new ArgumentOutOfRangeException(nameof(prf));
} }

View File

@ -11,18 +11,18 @@ namespace Microsoft.AspNet.Cryptography.KeyDerivation
public enum KeyDerivationPrf public enum KeyDerivationPrf
{ {
/// <summary> /// <summary>
/// SHA-1 (FIPS PUB 180-4) /// The HMAC algorithm (RFC 2104) using the SHA-1 hash function (FIPS 180-4).
/// </summary> /// </summary>
Sha1, HMACSHA1,
/// <summary> /// <summary>
/// SHA-256 (FIPS PUB 180-4) /// The HMAC algorithm (RFC 2104) using the SHA-256 hash function (FIPS 180-4).
/// </summary> /// </summary>
Sha256, HMACSHA256,
/// <summary> /// <summary>
/// SHA-512 (FIPS PUB 180-4) /// The HMAC algorithm (RFC 2104) using the SHA-512 hash function (FIPS 180-4).
/// </summary> /// </summary>
Sha512, HMACSHA512,
} }
} }

View File

@ -73,11 +73,11 @@ namespace Microsoft.AspNet.Cryptography.KeyDerivation.PBKDF2
{ {
switch (prf) switch (prf)
{ {
case KeyDerivationPrf.Sha1: case KeyDerivationPrf.HMACSHA1:
return new HMACSHA1(passwordBytes); return new HMACSHA1(passwordBytes);
case KeyDerivationPrf.Sha256: case KeyDerivationPrf.HMACSHA256:
return new HMACSHA256(passwordBytes); return new HMACSHA256(passwordBytes);
case KeyDerivationPrf.Sha512: case KeyDerivationPrf.HMACSHA512:
return new HMACSHA512(passwordBytes); return new HMACSHA512(passwordBytes);
default: default:
throw CryptoUtil.Fail("Unrecognized PRF."); throw CryptoUtil.Fail("Unrecognized PRF.");

View File

@ -86,11 +86,11 @@ namespace Microsoft.AspNet.Cryptography.KeyDerivation.PBKDF2
{ {
switch (prf) switch (prf)
{ {
case KeyDerivationPrf.Sha1: case KeyDerivationPrf.HMACSHA1:
return CachedAlgorithmHandles.HMAC_SHA1; return CachedAlgorithmHandles.HMAC_SHA1;
case KeyDerivationPrf.Sha256: case KeyDerivationPrf.HMACSHA256:
return CachedAlgorithmHandles.HMAC_SHA256; return CachedAlgorithmHandles.HMAC_SHA256;
case KeyDerivationPrf.Sha512: case KeyDerivationPrf.HMACSHA512:
return CachedAlgorithmHandles.HMAC_SHA512; return CachedAlgorithmHandles.HMAC_SHA512;
default: default:
throw CryptoUtil.Fail("Unrecognized PRF."); throw CryptoUtil.Fail("Unrecognized PRF.");

View File

@ -112,13 +112,13 @@ namespace Microsoft.AspNet.Cryptography.KeyDerivation.PBKDF2
BCryptAlgorithmHandle prfAlgorithmHandle; // cached; don't dispose BCryptAlgorithmHandle prfAlgorithmHandle; // cached; don't dispose
switch (prf) switch (prf)
{ {
case KeyDerivationPrf.Sha1: case KeyDerivationPrf.HMACSHA1:
prfAlgorithmHandle = CachedAlgorithmHandles.SHA1; prfAlgorithmHandle = CachedAlgorithmHandles.SHA1;
break; break;
case KeyDerivationPrf.Sha256: case KeyDerivationPrf.HMACSHA256:
prfAlgorithmHandle = CachedAlgorithmHandles.SHA256; prfAlgorithmHandle = CachedAlgorithmHandles.SHA256;
break; break;
case KeyDerivationPrf.Sha512: case KeyDerivationPrf.HMACSHA512:
prfAlgorithmHandle = CachedAlgorithmHandles.SHA512; prfAlgorithmHandle = CachedAlgorithmHandles.SHA512;
break; break;
default: default:
@ -197,11 +197,11 @@ namespace Microsoft.AspNet.Cryptography.KeyDerivation.PBKDF2
{ {
switch (prf) switch (prf)
{ {
case KeyDerivationPrf.Sha1: case KeyDerivationPrf.HMACSHA1:
return Constants.BCRYPT_SHA1_ALGORITHM; return Constants.BCRYPT_SHA1_ALGORITHM;
case KeyDerivationPrf.Sha256: case KeyDerivationPrf.HMACSHA256:
return Constants.BCRYPT_SHA256_ALGORITHM; return Constants.BCRYPT_SHA256_ALGORITHM;
case KeyDerivationPrf.Sha512: case KeyDerivationPrf.HMACSHA512:
return Constants.BCRYPT_SHA512_ALGORITHM; return Constants.BCRYPT_SHA512_ALGORITHM;
default: default:
throw CryptoUtil.Fail("Unrecognized PRF."); throw CryptoUtil.Fail("Unrecognized PRF.");

View File

@ -2,7 +2,8 @@
"version": "1.0.0-*", "version": "1.0.0-*",
"description": "ASP.NET 5 utilities for key derivation.", "description": "ASP.NET 5 utilities for key derivation.",
"dependencies": { "dependencies": {
"Microsoft.AspNet.Cryptography.Internal": "1.0.0-*" "Microsoft.AspNet.Cryptography.Internal": "1.0.0-*",
"Microsoft.Framework.NotNullAttribute.Internal": { "type": "build", "version": "1.0.0-*" }
}, },
"frameworks": { "frameworks": {
"net451": { }, "net451": { },

View File

@ -16,15 +16,15 @@ namespace Microsoft.AspNet.Cryptography.KeyDerivation
// this value straddles the digest length of the PRF. We only use 5 iterations so // this value straddles the digest length of the PRF. We only use 5 iterations so
// that our unit tests are fast. // that our unit tests are fast.
[Theory] [Theory]
[InlineData("my-password", KeyDerivationPrf.Sha1, 5, 160 / 8 - 1, "efmxNcKD/U1urTEDGvsThlPnHA==")] [InlineData("my-password", KeyDerivationPrf.HMACSHA1, 5, 160 / 8 - 1, "efmxNcKD/U1urTEDGvsThlPnHA==")]
[InlineData("my-password", KeyDerivationPrf.Sha1, 5, 160 / 8 + 0, "efmxNcKD/U1urTEDGvsThlPnHDI=")] [InlineData("my-password", KeyDerivationPrf.HMACSHA1, 5, 160 / 8 + 0, "efmxNcKD/U1urTEDGvsThlPnHDI=")]
[InlineData("my-password", KeyDerivationPrf.Sha1, 5, 160 / 8 + 1, "efmxNcKD/U1urTEDGvsThlPnHDLk")] [InlineData("my-password", KeyDerivationPrf.HMACSHA1, 5, 160 / 8 + 1, "efmxNcKD/U1urTEDGvsThlPnHDLk")]
[InlineData("my-password", KeyDerivationPrf.Sha256, 5, 256 / 8 - 1, "JRNz8bPKS02EG1vf7eWjA64IeeI+TI8gBEwb1oVvRA==")] [InlineData("my-password", KeyDerivationPrf.HMACSHA256, 5, 256 / 8 - 1, "JRNz8bPKS02EG1vf7eWjA64IeeI+TI8gBEwb1oVvRA==")]
[InlineData("my-password", KeyDerivationPrf.Sha256, 5, 256 / 8 + 0, "JRNz8bPKS02EG1vf7eWjA64IeeI+TI8gBEwb1oVvRLo=")] [InlineData("my-password", KeyDerivationPrf.HMACSHA256, 5, 256 / 8 + 0, "JRNz8bPKS02EG1vf7eWjA64IeeI+TI8gBEwb1oVvRLo=")]
[InlineData("my-password", KeyDerivationPrf.Sha256, 5, 256 / 8 + 1, "JRNz8bPKS02EG1vf7eWjA64IeeI+TI8gBEwb1oVvRLpk")] [InlineData("my-password", KeyDerivationPrf.HMACSHA256, 5, 256 / 8 + 1, "JRNz8bPKS02EG1vf7eWjA64IeeI+TI8gBEwb1oVvRLpk")]
[InlineData("my-password", KeyDerivationPrf.Sha512, 5, 512 / 8 - 1, "ZTallQJrFn0279xIzaiA1XqatVTGei+ZjKngA7bIMtKMDUw6YJeGUQpFG8iGTgN+ri3LNDktNbzwfcSyZmm9")] [InlineData("my-password", KeyDerivationPrf.HMACSHA512, 5, 512 / 8 - 1, "ZTallQJrFn0279xIzaiA1XqatVTGei+ZjKngA7bIMtKMDUw6YJeGUQpFG8iGTgN+ri3LNDktNbzwfcSyZmm9")]
[InlineData("my-password", KeyDerivationPrf.Sha512, 5, 512 / 8 + 0, "ZTallQJrFn0279xIzaiA1XqatVTGei+ZjKngA7bIMtKMDUw6YJeGUQpFG8iGTgN+ri3LNDktNbzwfcSyZmm90Q==")] [InlineData("my-password", KeyDerivationPrf.HMACSHA512, 5, 512 / 8 + 0, "ZTallQJrFn0279xIzaiA1XqatVTGei+ZjKngA7bIMtKMDUw6YJeGUQpFG8iGTgN+ri3LNDktNbzwfcSyZmm90Q==")]
[InlineData("my-password", KeyDerivationPrf.Sha512, 5, 512 / 8 + 1, "ZTallQJrFn0279xIzaiA1XqatVTGei+ZjKngA7bIMtKMDUw6YJeGUQpFG8iGTgN+ri3LNDktNbzwfcSyZmm90Wk=")] [InlineData("my-password", KeyDerivationPrf.HMACSHA512, 5, 512 / 8 + 1, "ZTallQJrFn0279xIzaiA1XqatVTGei+ZjKngA7bIMtKMDUw6YJeGUQpFG8iGTgN+ri3LNDktNbzwfcSyZmm90Wk=")]
public void RunTest_Normal_Managed(string password, KeyDerivationPrf prf, int iterationCount, int numBytesRequested, string expectedValueAsBase64) public void RunTest_Normal_Managed(string password, KeyDerivationPrf prf, int iterationCount, int numBytesRequested, string expectedValueAsBase64)
{ {
// Arrange // Arrange
@ -43,15 +43,15 @@ namespace Microsoft.AspNet.Cryptography.KeyDerivation
// that our unit tests are fast. // that our unit tests are fast.
[ConditionalTheory] [ConditionalTheory]
[ConditionalRunTestOnlyOnWindows] [ConditionalRunTestOnlyOnWindows]
[InlineData("my-password", KeyDerivationPrf.Sha1, 5, 160 / 8 - 1, "efmxNcKD/U1urTEDGvsThlPnHA==")] [InlineData("my-password", KeyDerivationPrf.HMACSHA1, 5, 160 / 8 - 1, "efmxNcKD/U1urTEDGvsThlPnHA==")]
[InlineData("my-password", KeyDerivationPrf.Sha1, 5, 160 / 8 + 0, "efmxNcKD/U1urTEDGvsThlPnHDI=")] [InlineData("my-password", KeyDerivationPrf.HMACSHA1, 5, 160 / 8 + 0, "efmxNcKD/U1urTEDGvsThlPnHDI=")]
[InlineData("my-password", KeyDerivationPrf.Sha1, 5, 160 / 8 + 1, "efmxNcKD/U1urTEDGvsThlPnHDLk")] [InlineData("my-password", KeyDerivationPrf.HMACSHA1, 5, 160 / 8 + 1, "efmxNcKD/U1urTEDGvsThlPnHDLk")]
[InlineData("my-password", KeyDerivationPrf.Sha256, 5, 256 / 8 - 1, "JRNz8bPKS02EG1vf7eWjA64IeeI+TI8gBEwb1oVvRA==")] [InlineData("my-password", KeyDerivationPrf.HMACSHA256, 5, 256 / 8 - 1, "JRNz8bPKS02EG1vf7eWjA64IeeI+TI8gBEwb1oVvRA==")]
[InlineData("my-password", KeyDerivationPrf.Sha256, 5, 256 / 8 + 0, "JRNz8bPKS02EG1vf7eWjA64IeeI+TI8gBEwb1oVvRLo=")] [InlineData("my-password", KeyDerivationPrf.HMACSHA256, 5, 256 / 8 + 0, "JRNz8bPKS02EG1vf7eWjA64IeeI+TI8gBEwb1oVvRLo=")]
[InlineData("my-password", KeyDerivationPrf.Sha256, 5, 256 / 8 + 1, "JRNz8bPKS02EG1vf7eWjA64IeeI+TI8gBEwb1oVvRLpk")] [InlineData("my-password", KeyDerivationPrf.HMACSHA256, 5, 256 / 8 + 1, "JRNz8bPKS02EG1vf7eWjA64IeeI+TI8gBEwb1oVvRLpk")]
[InlineData("my-password", KeyDerivationPrf.Sha512, 5, 512 / 8 - 1, "ZTallQJrFn0279xIzaiA1XqatVTGei+ZjKngA7bIMtKMDUw6YJeGUQpFG8iGTgN+ri3LNDktNbzwfcSyZmm9")] [InlineData("my-password", KeyDerivationPrf.HMACSHA512, 5, 512 / 8 - 1, "ZTallQJrFn0279xIzaiA1XqatVTGei+ZjKngA7bIMtKMDUw6YJeGUQpFG8iGTgN+ri3LNDktNbzwfcSyZmm9")]
[InlineData("my-password", KeyDerivationPrf.Sha512, 5, 512 / 8 + 0, "ZTallQJrFn0279xIzaiA1XqatVTGei+ZjKngA7bIMtKMDUw6YJeGUQpFG8iGTgN+ri3LNDktNbzwfcSyZmm90Q==")] [InlineData("my-password", KeyDerivationPrf.HMACSHA512, 5, 512 / 8 + 0, "ZTallQJrFn0279xIzaiA1XqatVTGei+ZjKngA7bIMtKMDUw6YJeGUQpFG8iGTgN+ri3LNDktNbzwfcSyZmm90Q==")]
[InlineData("my-password", KeyDerivationPrf.Sha512, 5, 512 / 8 + 1, "ZTallQJrFn0279xIzaiA1XqatVTGei+ZjKngA7bIMtKMDUw6YJeGUQpFG8iGTgN+ri3LNDktNbzwfcSyZmm90Wk=")] [InlineData("my-password", KeyDerivationPrf.HMACSHA512, 5, 512 / 8 + 1, "ZTallQJrFn0279xIzaiA1XqatVTGei+ZjKngA7bIMtKMDUw6YJeGUQpFG8iGTgN+ri3LNDktNbzwfcSyZmm90Wk=")]
public void RunTest_Normal_Win7(string password, KeyDerivationPrf prf, int iterationCount, int numBytesRequested, string expectedValueAsBase64) public void RunTest_Normal_Win7(string password, KeyDerivationPrf prf, int iterationCount, int numBytesRequested, string expectedValueAsBase64)
{ {
// Arrange // Arrange
@ -70,15 +70,15 @@ namespace Microsoft.AspNet.Cryptography.KeyDerivation
// that our unit tests are fast. // that our unit tests are fast.
[ConditionalTheory] [ConditionalTheory]
[ConditionalRunTestOnlyOnWindows8OrLater] [ConditionalRunTestOnlyOnWindows8OrLater]
[InlineData("my-password", KeyDerivationPrf.Sha1, 5, 160 / 8 - 1, "efmxNcKD/U1urTEDGvsThlPnHA==")] [InlineData("my-password", KeyDerivationPrf.HMACSHA1, 5, 160 / 8 - 1, "efmxNcKD/U1urTEDGvsThlPnHA==")]
[InlineData("my-password", KeyDerivationPrf.Sha1, 5, 160 / 8 + 0, "efmxNcKD/U1urTEDGvsThlPnHDI=")] [InlineData("my-password", KeyDerivationPrf.HMACSHA1, 5, 160 / 8 + 0, "efmxNcKD/U1urTEDGvsThlPnHDI=")]
[InlineData("my-password", KeyDerivationPrf.Sha1, 5, 160 / 8 + 1, "efmxNcKD/U1urTEDGvsThlPnHDLk")] [InlineData("my-password", KeyDerivationPrf.HMACSHA1, 5, 160 / 8 + 1, "efmxNcKD/U1urTEDGvsThlPnHDLk")]
[InlineData("my-password", KeyDerivationPrf.Sha256, 5, 256 / 8 - 1, "JRNz8bPKS02EG1vf7eWjA64IeeI+TI8gBEwb1oVvRA==")] [InlineData("my-password", KeyDerivationPrf.HMACSHA256, 5, 256 / 8 - 1, "JRNz8bPKS02EG1vf7eWjA64IeeI+TI8gBEwb1oVvRA==")]
[InlineData("my-password", KeyDerivationPrf.Sha256, 5, 256 / 8 + 0, "JRNz8bPKS02EG1vf7eWjA64IeeI+TI8gBEwb1oVvRLo=")] [InlineData("my-password", KeyDerivationPrf.HMACSHA256, 5, 256 / 8 + 0, "JRNz8bPKS02EG1vf7eWjA64IeeI+TI8gBEwb1oVvRLo=")]
[InlineData("my-password", KeyDerivationPrf.Sha256, 5, 256 / 8 + 1, "JRNz8bPKS02EG1vf7eWjA64IeeI+TI8gBEwb1oVvRLpk")] [InlineData("my-password", KeyDerivationPrf.HMACSHA256, 5, 256 / 8 + 1, "JRNz8bPKS02EG1vf7eWjA64IeeI+TI8gBEwb1oVvRLpk")]
[InlineData("my-password", KeyDerivationPrf.Sha512, 5, 512 / 8 - 1, "ZTallQJrFn0279xIzaiA1XqatVTGei+ZjKngA7bIMtKMDUw6YJeGUQpFG8iGTgN+ri3LNDktNbzwfcSyZmm9")] [InlineData("my-password", KeyDerivationPrf.HMACSHA512, 5, 512 / 8 - 1, "ZTallQJrFn0279xIzaiA1XqatVTGei+ZjKngA7bIMtKMDUw6YJeGUQpFG8iGTgN+ri3LNDktNbzwfcSyZmm9")]
[InlineData("my-password", KeyDerivationPrf.Sha512, 5, 512 / 8 + 0, "ZTallQJrFn0279xIzaiA1XqatVTGei+ZjKngA7bIMtKMDUw6YJeGUQpFG8iGTgN+ri3LNDktNbzwfcSyZmm90Q==")] [InlineData("my-password", KeyDerivationPrf.HMACSHA512, 5, 512 / 8 + 0, "ZTallQJrFn0279xIzaiA1XqatVTGei+ZjKngA7bIMtKMDUw6YJeGUQpFG8iGTgN+ri3LNDktNbzwfcSyZmm90Q==")]
[InlineData("my-password", KeyDerivationPrf.Sha512, 5, 512 / 8 + 1, "ZTallQJrFn0279xIzaiA1XqatVTGei+ZjKngA7bIMtKMDUw6YJeGUQpFG8iGTgN+ri3LNDktNbzwfcSyZmm90Wk=")] [InlineData("my-password", KeyDerivationPrf.HMACSHA512, 5, 512 / 8 + 1, "ZTallQJrFn0279xIzaiA1XqatVTGei+ZjKngA7bIMtKMDUw6YJeGUQpFG8iGTgN+ri3LNDktNbzwfcSyZmm90Wk=")]
public void RunTest_Normal_Win8(string password, KeyDerivationPrf prf, int iterationCount, int numBytesRequested, string expectedValueAsBase64) public void RunTest_Normal_Win8(string password, KeyDerivationPrf prf, int iterationCount, int numBytesRequested, string expectedValueAsBase64)
{ {
// Arrange // Arrange
@ -119,7 +119,7 @@ namespace Microsoft.AspNet.Cryptography.KeyDerivation
string password = new String('x', 50000); // 50,000 char password string password = new String('x', 50000); // 50,000 char password
byte[] salt = Encoding.UTF8.GetBytes("salt"); byte[] salt = Encoding.UTF8.GetBytes("salt");
const string expectedDerivedKeyBase64 = "Sc+V/c3fiZq5Z5qH3iavAiojTsW97FAp2eBNmCQAwCNzA8hfhFFYyQLIMK65qPnBFHOHXQPwAxNQNhaEAH9hzfiaNBSRJpF9V4rpl02d5ZpI6cZbsQFF7TJW7XJzQVpYoPDgJlg0xVmYLhn1E9qMtUVUuXsBjOOdd7K1M+ZI00c="; const string expectedDerivedKeyBase64 = "Sc+V/c3fiZq5Z5qH3iavAiojTsW97FAp2eBNmCQAwCNzA8hfhFFYyQLIMK65qPnBFHOHXQPwAxNQNhaEAH9hzfiaNBSRJpF9V4rpl02d5ZpI6cZbsQFF7TJW7XJzQVpYoPDgJlg0xVmYLhn1E9qMtUVUuXsBjOOdd7K1M+ZI00c=";
const KeyDerivationPrf prf = KeyDerivationPrf.Sha256; const KeyDerivationPrf prf = KeyDerivationPrf.HMACSHA256;
const int iterationCount = 5; const int iterationCount = 5;
const int numBytesRequested = 128; const int numBytesRequested = 128;