org.apache.nifi.security.util.crypto

Class PBKDF2SecureHasher

java.lang.Object

org.apache.nifi.security.util.crypto.AbstractSecureHasher

org.apache.nifi.security.util.crypto.PBKDF2SecureHasher

All Implemented Interfaces:

SecureHasher

public class PBKDF2SecureHasher
extends AbstractSecureHasher

Provides an implementation of PBKDF2 for secure password hashing.

One critical difference is that this implementation uses a static universal salt unless instructed otherwise, which provides strict determinism across nodes in a cluster. The purpose for this is to allow for blind equality comparison of sensitive values hashed on different nodes (with potentially different nifi.sensitive.props.key values) during flow inheritance (see FingerprintFactory).

The resulting output is referred to as a hash to be consistent with SecureHasher terminology.

Field Summary

Fields

Modifier and Type	Field and Description
private static int	DEFAULT_DK_LENGTH
private static int	DEFAULT_ITERATION_COUNT This can be calculated automatically using the code PBKDF2CipherProviderGroovyTest#calculateMinimumIterationCount or manually updated by a maintainer
private static String	DEFAULT_PRF
private static int	DEFAULT_SALT_LENGTH
private int	dkLength
private Integer	iterationCount
private static org.slf4j.Logger	logger
private static int	MIN_DK_LENGTH
private static int	MIN_ITERATION_COUNT
private static int	MIN_SALT_LENGTH
private org.bouncycastle.crypto.Digest	prf

Fields inherited from class org.apache.nifi.security.util.crypto.AbstractSecureHasher

saltLength, UPPER_BOUNDARY

Constructor Summary

Constructors

Constructor and Description
PBKDF2SecureHasher() Instantiates a PBKDF2 secure hasher with the default number of iterations and the default PRF.
PBKDF2SecureHasher(int dkLength) Instantiates a PBKDF2 secure hasher with the default number of iterations and the default PRF using the specified derived key length.
PBKDF2SecureHasher(int iterationCount, int dkLength) Instantiates a PBKDF2 secure hasher with the provided number of iterations and derived key (output) length in bytes, using the default PRF (SHA512).
PBKDF2SecureHasher(String prf, Integer iterationCount, int saltLength, int dkLength) Instantiates a PBKDF2 secure hasher using the provided cost parameters.

Method Summary

Modifier and Type	Method and Description
(package private) boolean	acceptsEmptyInput() Returns true if the algorithm can accept empty (non-null) inputs.
(package private) String	getAlgorithmName() Returns the algorithm-specific name for logging and messages.
(package private) int	getDefaultSaltLength() Returns the algorithm-specific default salt length in bytes.
private static int	getMaxDKLength(int hLen) Returns the maximum length of the derived key in bytes given the digest length in bytes of the underlying PRF.
(package private) int	getMaxSaltLength() Returns the algorithm-specific maximum salt length in bytes.
(package private) int	getMinSaltLength() Returns the algorithm-specific minimum salt length in bytes.
(package private) byte[]	hash(byte[] input) Internal method to hash the raw bytes.
(package private) byte[]	hash(byte[] input, byte[] rawSalt) Internal method to hash the raw bytes.
static boolean	isDKLengthValid(int hLen, Integer dkLength) Returns whether the provided hash (derived key) length is within boundaries given the configured PRF.
static boolean	isIterationCountValid(Integer iterationCount) Returns true if the provided cost factor is within boundaries.
private org.bouncycastle.crypto.Digest	resolvePRF(String prf)
private void	validateParameters(String prf, Integer iterationCount, int saltLength, int dkLength) Enforces valid PBKDF2 secure hasher cost parameters are provided.

Methods inherited from class org.apache.nifi.security.util.crypto.AbstractSecureHasher

getSalt, hashBase64, hashBase64, hashHex, hashHex, hashRaw, hashRaw, initializeSalt, isSaltLengthValid, isUsingStaticSalt

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

logger

private static final org.slf4j.Logger logger

DEFAULT_PRF

private static final String DEFAULT_PRF

See Also:

Constant Field Values

DEFAULT_SALT_LENGTH

private static final int DEFAULT_SALT_LENGTH

See Also:

Constant Field Values

DEFAULT_ITERATION_COUNT

private static final int DEFAULT_ITERATION_COUNT

This can be calculated automatically using the code PBKDF2CipherProviderGroovyTest#calculateMinimumIterationCount or manually updated by a maintainer

See Also:

Constant Field Values

DEFAULT_DK_LENGTH

private static final int DEFAULT_DK_LENGTH

See Also:

Constant Field Values

MIN_ITERATION_COUNT

private static final int MIN_ITERATION_COUNT

See Also:

Constant Field Values

MIN_DK_LENGTH

private static final int MIN_DK_LENGTH

See Also:

Constant Field Values

MIN_SALT_LENGTH

private static final int MIN_SALT_LENGTH

See Also:

Constant Field Values

prf

private final org.bouncycastle.crypto.Digest prf

iterationCount

private final Integer iterationCount

dkLength

private final int dkLength

Constructor Detail

PBKDF2SecureHasher

public PBKDF2SecureHasher()

Instantiates a PBKDF2 secure hasher with the default number of iterations and the default PRF. Currently 160,000 iterations and SHA-512.

PBKDF2SecureHasher

public PBKDF2SecureHasher(int dkLength)

Instantiates a PBKDF2 secure hasher with the default number of iterations and the default PRF using the specified derived key length.

Parameters:

dkLength - Derived Key Length in bytes

PBKDF2SecureHasher

public PBKDF2SecureHasher(int iterationCount,
                          int dkLength)

Instantiates a PBKDF2 secure hasher with the provided number of iterations and derived key (output) length in bytes, using the default PRF (SHA512).

Parameters:

iterationCount - the number of iterations

dkLength - the desired output length in bytes

PBKDF2SecureHasher

public PBKDF2SecureHasher(String prf,
                          Integer iterationCount,
                          int saltLength,
                          int dkLength)

Instantiates a PBKDF2 secure hasher using the provided cost parameters. A unique salt of the specified length will be generated on every hash request. Currently supported PRFs are MD5 (deprecated), SHA1 (deprecated), SHA256, SHA384, and SHA512. Unknown PRFs will default to SHA512.

Parameters:

prf - a String representation of the PRF name, e.g. "SHA256", "SHA-384" "sha_512"

iterationCount - the number of iterations

saltLength - the salt length in bytes (>= 8, 0 indicates a static salt)

dkLength - the output length in bytes (1 to (2^32 - 1) * hLen)

Method Detail

validateParameters

private void validateParameters(String prf,
                                Integer iterationCount,
                                int saltLength,
                                int dkLength)

Enforces valid PBKDF2 secure hasher cost parameters are provided.

Parameters:

iterationCount - the (log) number of key expansion rounds

saltLength - the salt length in bytes >= 8)

dkLength - the output length in bytes (1 to (2^32 - 1) * hLen)

getAlgorithmName

String getAlgorithmName()

Returns the algorithm-specific name for logging and messages.

Specified by:

getAlgorithmName in class AbstractSecureHasher

Returns:

the algorithm name

acceptsEmptyInput

boolean acceptsEmptyInput()

Returns true if the algorithm can accept empty (non-null) inputs.

Specified by:

acceptsEmptyInput in class AbstractSecureHasher

Returns:

the true if "" is allowable input

isIterationCountValid

public static boolean isIterationCountValid(Integer iterationCount)

Returns true if the provided cost factor is within boundaries. The lower bound >= 1.

Parameters:

iterationCount - the (log) number of key expansion rounds

Returns:

true if cost factor is within boundaries

getDefaultSaltLength

int getDefaultSaltLength()

Returns the algorithm-specific default salt length in bytes.

Specified by:

getDefaultSaltLength in class AbstractSecureHasher

Returns:

the default salt length

getMinSaltLength

int getMinSaltLength()

Returns the algorithm-specific minimum salt length in bytes.

Specified by:

getMinSaltLength in class AbstractSecureHasher

Returns:

the min salt length

getMaxSaltLength

int getMaxSaltLength()

Returns the algorithm-specific maximum salt length in bytes.

Specified by:

getMaxSaltLength in class AbstractSecureHasher

Returns:

the max salt length

isDKLengthValid

public static boolean isDKLengthValid(int hLen,
                                      Integer dkLength)

Returns whether the provided hash (derived key) length is within boundaries given the configured PRF. The lower bound >= 1 and the upper bound <= ((2^32 - 1) * 32) * hLen.

Parameters:

hLen - the PRF digest size in bytes

dkLength - the output length in bytes

Returns:

true if dkLength is within boundaries

getMaxDKLength

private static int getMaxDKLength(int hLen)

Returns the maximum length of the derived key in bytes given the digest length in bytes of the underlying PRF. If the calculated maximum exceeds Integer.MAX_VALUE, that is returned instead, as RFC 8018 specifies keyLength INTEGER (1..MAX) OPTIONAL.

Parameters:

hLen - the length of the PRF digest output in bytes

Returns:

the maximum possible length of the derived key in bytes

hash

byte[] hash(byte[] input)

Internal method to hash the raw bytes.

Specified by:

hash in class AbstractSecureHasher

Parameters:

input - the raw bytes to hash (can be length 0)

Returns:

the generated hash

hash

byte[] hash(byte[] input,
            byte[] rawSalt)

Internal method to hash the raw bytes.

Specified by:

hash in class AbstractSecureHasher

Parameters:

input - the raw bytes to hash (can be length 0)

rawSalt - the raw bytes to salt

Returns:

the generated hash

resolvePRF

private org.bouncycastle.crypto.Digest resolvePRF(String prf)