| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221 |
- unit ClpDigestExample;
- interface
- uses
- SysUtils,
- ClpIDigest,
- ClpIMac,
- ClpDigestUtilities,
- ClpMacUtilities,
- ClpEncoders,
- ClpConverters,
- ClpKeyParameter,
- ClpPkcs5S2ParametersGenerator,
- ClpIPkcs5S2ParametersGenerator,
- ClpArgon2ParametersGenerator,
- ClpIArgon2ParametersGenerator,
- ClpScryptParametersGenerator,
- ClpIScryptParametersGenerator,
- ClpICipherParameters,
- ClpIKeyParameter,
- ClpCryptoLibTypes,
- ClpExampleBase;
- type
- TDigestExample = class(TExampleBase)
- public
- procedure Run; override;
- private
- procedure RunHash(const ADigestAlgorithm: string);
- procedure RunHmac(const AHmacAlgorithm: string);
- procedure RunPbkdf2(const ADigestAlgorithm: string);
- procedure RunArgon2D;
- procedure RunArgon2I;
- procedure RunArgon2Id;
- procedure RunScrypt;
- end;
- implementation
- procedure TDigestExample.RunHash(const ADigestAlgorithm: string);
- var
- LDigest: IDigest;
- LInput, LHash: TBytes;
- begin
- Logger.LogInformation('Digest: ' + ADigestAlgorithm);
- LInput := TConverters.ConvertStringToBytes('Hello CryptoLib', TEncoding.UTF8);
- LDigest := TDigestUtilities.GetDigest(ADigestAlgorithm);
- if LDigest = nil then
- begin
- Logger.LogWarning('Digest "' + ADigestAlgorithm + '" not available.');
- Exit;
- end;
- System.SetLength(LHash, LDigest.GetDigestSize);
- LDigest.BlockUpdate(LInput, 0, System.Length(LInput));
- LDigest.DoFinal(LHash, 0);
- Logger.LogInformation(Format('Hash %s: %s', [ADigestAlgorithm, THexEncoder.Encode(LHash, False)]));
- end;
- procedure TDigestExample.RunHmac(const AHmacAlgorithm: string);
- var
- LMac: IMac;
- LKey, LMsg, LResult: TBytes;
- begin
- Logger.LogInformation('HMAC: ' + AHmacAlgorithm);
- LKey := TConverters.ConvertStringToBytes('secret-key', TEncoding.UTF8);
- LMsg := TConverters.ConvertStringToBytes('message to authenticate', TEncoding.UTF8);
- LMac := TMacUtilities.GetMac(AHmacAlgorithm);
- if LMac = nil then
- begin
- Logger.LogWarning('HMAC "' + AHmacAlgorithm + '" not available.');
- Exit;
- end;
- LMac.Init(TKeyParameter.Create(LKey) as IKeyParameter);
- LMac.BlockUpdate(LMsg, 0, System.Length(LMsg));
- LResult := LMac.DoFinal;
- Logger.LogInformation(Format('%s: %s', [AHmacAlgorithm, THexEncoder.Encode(LResult, False)]));
- end;
- procedure TDigestExample.RunPbkdf2(const ADigestAlgorithm: string);
- var
- LGen: IPkcs5S2ParametersGenerator;
- LDigest: IDigest;
- LPassword, LSalt: TBytes;
- LParams: ICipherParameters;
- LKey: IKeyParameter;
- LDerived: TBytes;
- LIters: Int32;
- begin
- LIters := 10000;
- Logger.LogInformation(Format('PBKDF2: digest %s, %d iterations', [ADigestAlgorithm, LIters]));
- LPassword := TConverters.ConvertStringToBytes('password', TEncoding.UTF8);
- LSalt := TConverters.ConvertStringToBytes('salt', TEncoding.UTF8);
- LDigest := TDigestUtilities.GetDigest(ADigestAlgorithm);
- if LDigest = nil then
- begin
- Logger.LogWarning('Digest "' + ADigestAlgorithm + '" not available for PBKDF2.');
- Exit;
- end;
- LGen := TPkcs5S2ParametersGenerator.Create(LDigest) as IPkcs5S2ParametersGenerator;
- LGen.Init(LPassword, LSalt, LIters);
- LParams := LGen.GenerateDerivedParameters('AES', 256);
- if Supports(LParams, IKeyParameter, LKey) then
- begin
- LDerived := LKey.GetKey();
- Logger.LogInformation(Format('PBKDF2-HMAC-%s (%d iters) derived %d bytes: %s', [ADigestAlgorithm, LIters, System.Length(LDerived), THexEncoder.Encode(LDerived, False)]));
- end
- else
- Logger.LogWarning('PBKDF2: could not get key parameter.');
- end;
- procedure TDigestExample.RunArgon2D;
- var
- LGen: IArgon2ParametersGenerator;
- LPassword, LSalt: TBytes;
- LParams: ICipherParameters;
- LKey: IKeyParameter;
- LDerived: TBytes;
- begin
- LPassword := TConverters.ConvertStringToBytes('password', TEncoding.UTF8);
- LSalt := TConverters.ConvertStringToBytes('salt', TEncoding.UTF8);
- LGen := TArgon2ParametersGenerator.Create() as IArgon2ParametersGenerator;
- LGen.Init(TCryptoLibArgon2Type.Argon2D, TCryptoLibArgon2Version.Argon2Version13,
- LPassword, LSalt, nil, nil, 2, 65536, 1, TCryptoLibArgon2MemoryCostType.MemoryAsKB);
- LParams := LGen.GenerateDerivedParameters('AES', 256);
- if Supports(LParams, IKeyParameter, LKey) then
- begin
- LDerived := LKey.GetKey();
- Logger.LogInformation(Format('Argon2d (2 iters, 64 MiB, 1 lane) derived %d bytes: %s', [System.Length(LDerived), THexEncoder.Encode(LDerived, False)]));
- end
- else
- Logger.LogWarning('Argon2d: could not get key parameter.');
- end;
- procedure TDigestExample.RunArgon2I;
- var
- LGen: IArgon2ParametersGenerator;
- LPassword, LSalt: TBytes;
- LParams: ICipherParameters;
- LKey: IKeyParameter;
- LDerived: TBytes;
- begin
- LPassword := TConverters.ConvertStringToBytes('password', TEncoding.UTF8);
- LSalt := TConverters.ConvertStringToBytes('salt', TEncoding.UTF8);
- LGen := TArgon2ParametersGenerator.Create() as IArgon2ParametersGenerator;
- LGen.Init(TCryptoLibArgon2Type.Argon2I, TCryptoLibArgon2Version.Argon2Version13,
- LPassword, LSalt, nil, nil, 2, 65536, 1, TCryptoLibArgon2MemoryCostType.MemoryAsKB);
- LParams := LGen.GenerateDerivedParameters('AES', 256);
- if Supports(LParams, IKeyParameter, LKey) then
- begin
- LDerived := LKey.GetKey();
- Logger.LogInformation(Format('Argon2i (2 iters, 64 MiB, 1 lane) derived %d bytes: %s', [System.Length(LDerived), THexEncoder.Encode(LDerived, False)]));
- end
- else
- Logger.LogWarning('Argon2i: could not get key parameter.');
- end;
- procedure TDigestExample.RunArgon2Id;
- var
- LGen: IArgon2ParametersGenerator;
- LPassword, LSalt: TBytes;
- LParams: ICipherParameters;
- LKey: IKeyParameter;
- LDerived: TBytes;
- begin
- LPassword := TConverters.ConvertStringToBytes('password', TEncoding.UTF8);
- LSalt := TConverters.ConvertStringToBytes('salt', TEncoding.UTF8);
- LGen := TArgon2ParametersGenerator.Create() as IArgon2ParametersGenerator;
- LGen.Init(TCryptoLibArgon2Type.Argon2ID, TCryptoLibArgon2Version.Argon2Version13,
- LPassword, LSalt, nil, nil, 2, 65536, 1, TCryptoLibArgon2MemoryCostType.MemoryAsKB);
- LParams := LGen.GenerateDerivedParameters('AES', 256);
- if Supports(LParams, IKeyParameter, LKey) then
- begin
- LDerived := LKey.GetKey();
- Logger.LogInformation(Format('Argon2id (2 iters, 64 MiB, 1 lane) derived %d bytes: %s', [System.Length(LDerived), THexEncoder.Encode(LDerived, False)]));
- end
- else
- Logger.LogWarning('Argon2id: could not get key parameter.');
- end;
- procedure TDigestExample.RunScrypt;
- var
- LGen: IScryptParametersGenerator;
- LPassword, LSalt: TBytes;
- LParams: ICipherParameters;
- LKey: IKeyParameter;
- LDerived: TBytes;
- begin
- LPassword := TConverters.ConvertStringToBytes('password', TEncoding.UTF8);
- LSalt := TConverters.ConvertStringToBytes('salt', TEncoding.UTF8);
- LGen := TScryptParametersGenerator.Create() as IScryptParametersGenerator;
- LGen.Init(LPassword, LSalt, 16384, 8, 1);
- LParams := LGen.GenerateDerivedParameters('AES', 256);
- if Supports(LParams, IKeyParameter, LKey) then
- begin
- LDerived := LKey.GetKey();
- Logger.LogInformation(Format('Scrypt (N=16384, r=8, p=1) derived %d bytes: %s', [System.Length(LDerived), THexEncoder.Encode(LDerived, False)]));
- end
- else
- Logger.LogWarning('Scrypt: could not get key parameter.');
- end;
- procedure TDigestExample.Run;
- begin
- Logger.LogInformation('--- Digest example: Hash ---');
- RunHash('SHA-256');
- Logger.LogInformation('--- Digest example: HMAC ---');
- RunHmac('HMAC-SHA256');
- Logger.LogInformation('--- Digest example: Key derivation (PBKDF2) ---');
- RunPbkdf2('SHA-256');
- Logger.LogInformation('--- Digest example: Key derivation (Argon2d) ---');
- RunArgon2D;
- Logger.LogInformation('--- Digest example: Key derivation (Argon2i) ---');
- RunArgon2I;
- Logger.LogInformation('--- Digest example: Key derivation (Argon2id) ---');
- RunArgon2Id;
- Logger.LogInformation('--- Digest example: Key derivation (Scrypt) ---');
- RunScrypt;
- end;
- end.
|