1 package File
::KDBX
::KDF
;
2 # ABSTRACT: A key derivation function
7 use Crypt
::PRNG
qw(random_bytes);
8 use File
::KDBX
::Constants
qw(:version :kdf);
10 use File
::KDBX
::Util
qw(format_uuid);
12 use Scalar
::Util
qw(blessed);
15 our $VERSION = '999.999'; # VERSION
21 $kdf = File
::KDBX
::KDF-
>new(parameters
=> \
%params);
31 my $uuid = $args{+KDF_PARAM_UUID
} //= delete $args{uuid
} or throw
'Missing KDF UUID', args
=> \
%args;
32 my $formatted_uuid = format_uuid
($uuid);
34 my $kdf = $KDFS{$uuid} or throw
"Unsupported KDF ($formatted_uuid)", uuid
=> $uuid;
35 ($class, my %registration_args) = @$kdf;
38 my $self = bless {KDF_PARAM_UUID
() => $uuid}, $class;
39 return $self->init(%args, %registration_args);
44 $kdf = $kdf->init(%attributes);
46 Called by
method to set attributes
. You normally shouldn
't call this.
54 @$self{keys %args} = values %args;
63 Get the UUID used to determine which function to use.
67 sub uuid { $_[0]->{+KDF_PARAM_UUID} }
73 Get the seed (or salt, depending on the function).
77 sub seed { die 'Not implemented
' }
81 $transformed_key = $kdf->transform($key);
82 $transformed_key = $kdf->transform($key, $challenge);
84 Transform a key. The input key can be either a L<File::KDBX::Key> or a raw binary key, and the
85 transformed key will be a raw key.
87 This can take awhile, depending on the KDF parameters.
89 If a challenge is provided (and the KDF is AES except for the KeePassXC variant), it will be passed to the key
90 so challenge-response keys can produce raw keys. See L<File::KDBX::Key/raw_key>.
98 if (blessed $key && $key->can('raw_key
')) {
99 return $self->_transform($key->raw_key) if $self->uuid eq KDF_UUID_AES;
100 return $self->_transform($key->raw_key($self->seed, @_));
103 return $self->_transform($key);
106 sub _transform { die 'Not implemented
' }
108 =method randomize_seed
110 $kdf->randomize_seed;
112 Generate a new random seed/salt.
118 $self->{+KDF_PARAM_AES_SEED} = random_bytes(length($self->seed));
123 File::KDBX::KDF->register($uuid => $package, %args);
125 Register a KDF. Registered KDFs can be used to encrypt and decrypt KDBX databases. A KDF's UUID B
<must
> be
126 unique
and B
<musn
't change>. A KDF UUID is written into each KDBX file and the associated KDF must be
127 registered with the same UUID in order to decrypt the KDBX file.
129 C<$package> should be a Perl package relative to C<File::KDBX::KDF::> or prefixed with a C<+> if it is
130 a fully-qualified package. C<%args> are passed as-is to the KDF's L
</init
> method.
140 my $formatted_id = format_uuid
($id);
141 $package = "${class}::${package}" if $package !~ s/^\+// && $package !~ /^\Q${class}::\E/;
143 my %blacklist = map { File
::KDBX
::Util
::uuid
($_) => 1 } split(/,/, $ENV{FILE_KDBX_KDF_BLACKLIST
} // '');
144 if ($blacklist{$id} || $blacklist{$package}) {
145 alert
"Ignoring blacklisted KDF ($formatted_id)", id
=> $id, package => $package;
149 if (defined $KDFS{$id}) {
150 alert
"Overriding already-registered KDF ($formatted_id) with package $package",
155 $KDFS{$id} = [$package, @args];
160 File
::KDBX
::KDF-
>unregister($uuid);
162 Unregister a KDF
. Unregistered KDFs can
no longer be used to encrypt
and decrypt KDBX databases
, until
163 reregistered
(see L
</register
>).
168 delete $KDFS{$_} for @_;
172 __PACKAGE__-
>register(KDF_UUID_AES
, 'AES');
173 __PACKAGE__-
>register(KDF_UUID_AES_CHALLENGE_RESPONSE
, 'AES');
174 __PACKAGE__-
>register(KDF_UUID_ARGON2D
, 'Argon2');
175 __PACKAGE__-
>register(KDF_UUID_ARGON2ID
, 'Argon2');
183 A KDF (key derivation function) is used in the transformation of a master key (i.e. one or more component
184 keys) to produce the final encryption key protecting a KDBX database. The L<File::KDBX> distribution comes
185 with several pre-registered KDFs ready to go:
188 * C<C9D9F39A-628A-4460-BF74-0D08C18A4FEA> - AES
189 * C<7C02BB82-79A7-4AC0-927D-114A00648238> - AES (challenge-response variant)
190 * C<EF636DDF-8C29-444B-91F7-A9A403E30A0C> - Argon2d
191 * C<9E298B19-56DB-4773-B23D-FC3EC6F0A1E6> - Argon2id
193 B<NOTE:> If you want your KDBX file to be readable by other KeePass implementations, you must use a UUID and
194 algorithm that they support. From the list above, all are well-supported except the AES challenge-response
195 variant which is kind of a pseudo KDF and isn't usually written into files. All of these are good. AES has
196 a longer track record, but Argon2 has better ASIC resistance.
198 You can also L</register> your own KDF. Here is a skeleton:
200 package File::KDBX::KDF::MyKDF;
202 use parent 'File::KDBX::KDF';
204 File::KDBX::KDF->register(
205 # $uuid, $package, %args
206 "\x12\x34\x56\x78\x9a\xbc\xde\xfg\x12\x34\x56\x78\x9a\xbc\xde\xfg" => __PACKAGE__,
209 sub init { ... } # optional
211 sub _transform { my ($key) = @_; ... }