24#ifndef MYSQLROUTER_KDF_PBKDF2_INCLUDED
25#define MYSQLROUTER_KDF_PBKDF2_INCLUDED
60 enum class Type { Sha_256, Sha_512 };
61 static std::vector<uint8_t> salt();
62 static std::vector<uint8_t> derive(
Type type,
unsigned long rounds,
63 const std::vector<uint8_t> &salt,
64 const std::string &
key);
88 return std::make_pair(
false, std::string{});
91 static std::pair<bool, Type>
type(
const std::string &
name)
noexcept {
98 return std::make_pair(
false,
Type{});
124 static constexpr unsigned long kDefaultRounds = 1000;
128 static constexpr unsigned long kMinRounds = 1;
132 static constexpr unsigned long kMaxRounds = 999999999;
138 static constexpr size_t kMaxSaltLength = 16;
141 const std::vector<uint8_t> &salt,
142 const std::vector<uint8_t> &checksum)
143 : type_{
type}, rounds_{rounds}, salt_{salt}, checksum_{checksum} {
145 if (salt_.size() > kMaxSaltLength) {
146 salt_.resize(kMaxSaltLength);
150 if (rounds_ < kMinRounds) rounds_ = kMinRounds;
151 if (rounds_ > kMaxRounds) rounds_ = kMaxRounds;
162 if (
r.first)
return r.second;
164 throw std::invalid_argument(
"failed to map digest to a name");
172 std::vector<uint8_t>
checksum()
const {
return checksum_; }
179 std::vector<uint8_t>
salt()
const {
return salt_; }
191 unsigned long rounds()
const {
return rounds_; }
218 std::string to_mcf()
const;
236 static std::string
base64_encode(
const std::vector<uint8_t> &encoded);
244 checksum_ = kdf_type::derive(type_, rounds(), salt(),
key);
248 return mcf_type::supports_name(mcf_id);
251 static std::error_code
validate(
const std::string &mcf_line,
254 auto mcf = from_mcf(mcf_line);
255 if (kdf_type::derive(mcf.digest(), mcf.rounds(), mcf.salt(),
password) ==
261 }
catch (
const std::exception &) {
MCF reader/writer for PBKDF2.
Definition: kdf_pbkdf2.h:115
std::vector< uint8_t > checksum() const
checksum.
Definition: kdf_pbkdf2.h:172
void derive(const std::string &key)
derive a checksum from a key.
Definition: kdf_pbkdf2.h:243
unsigned long rounds_
Definition: kdf_pbkdf2.h:269
static std::error_code validate(const std::string &mcf_line, const std::string &password)
Definition: kdf_pbkdf2.h:251
std::vector< uint8_t > salt() const
salt.
Definition: kdf_pbkdf2.h:179
std::vector< uint8_t > salt_
Definition: kdf_pbkdf2.h:270
unsigned long rounds() const
rounds.
Definition: kdf_pbkdf2.h:191
std::vector< uint8_t > checksum_
Definition: kdf_pbkdf2.h:271
std::string mcf_id() const
name of the digest according to MCF.
Definition: kdf_pbkdf2.h:160
static bool supports_mcf_id(const std::string mcf_id)
Definition: kdf_pbkdf2.h:247
Type digest() const
Definition: kdf_pbkdf2.h:184
Type type_
Definition: kdf_pbkdf2.h:268
Pbkdf2McfAdaptor(Type type, unsigned long rounds, const std::vector< uint8_t > &salt, const std::vector< uint8_t > &checksum)
Definition: kdf_pbkdf2.h:140
map the MCF name to internal types.
Definition: kdf_pbkdf2.h:74
static bool supports_name(const std::string &name) noexcept
Definition: kdf_pbkdf2.h:101
static constexpr char kTypeSha256[]
Definition: kdf_pbkdf2.h:77
static std::pair< bool, std::string > name(Type type) noexcept
Definition: kdf_pbkdf2.h:80
static std::pair< bool, Type > type(const std::string &name) noexcept
Definition: kdf_pbkdf2.h:91
static constexpr char kTypeSha512[]
Definition: kdf_pbkdf2.h:78
Key Derivation Function for PBKDF2.
Definition: kdf_pbkdf2.h:58
Type
Definition: kdf_pbkdf2.h:60
#define HTTP_AUTH_BACKEND_LIB_EXPORT
Definition: http_auth_backend_lib_export.h:15
static int64 base64_decode(const char *src_base, size_t len, void *dst, const char **end_ptr, int flags)
Decode a base64 string The base64-encoded data in the range ['src','*end_ptr') will be decoded and st...
Definition: base64.h:303
static int base64_encode(const void *src, size_t src_len, char *dst)
Definition: base64.h:242
static char * password
Definition: mysql_secure_installation.cc:57
constexpr value_type binary
Definition: classic_protocol_constants.h:274
std::error_code make_error_code(DynamicLoaderErrc ec)
make error_code from a DynamicLoaderErrc.
Definition: dynamic_loader.cc:78
Type
Definition: resource_group_basic_types.h:32
const mysql_service_registry_t * r
Definition: pfs_example_plugin_employee.cc:85
required string key
Definition: replication_asynchronous_connection_failover.proto:59
required string type
Definition: replication_group_member_actions.proto:33
case opt name
Definition: sslopt-case.h:32