1 package File
::KDBX
::KDF
;
2 # ABSTRACT: A key derivation function
7 use Crypt
::PRNG
qw(random_bytes);
8 use File
::KDBX
::Constants
qw(:version :kdf);
10 use File
::KDBX
::Util
qw(format_uuid);
12 use Scalar
::Util
qw(blessed);
15 our $VERSION = '999.999'; # VERSION
20 KDF_UUID_ARGON2D
() => {p
=> KDF_PARAM_ARGON2_ITERATIONS
, d
=> KDF_DEFAULT_ARGON2_ITERATIONS
},
21 KDF_UUID_ARGON2ID
() => {p
=> KDF_PARAM_ARGON2_ITERATIONS
, d
=> KDF_DEFAULT_ARGON2_ITERATIONS
},
23 our $DEFAULT_ROUNDS_INFO = {
24 p
=> KDF_PARAM_AES_ROUNDS
,
25 d
=> KDF_DEFAULT_AES_ROUNDS
,
30 $kdf = File
::KDBX
::KDF-
>new(parameters
=> \
%params);
40 my $uuid = $args{+KDF_PARAM_UUID
} //= delete $args{uuid
} or throw
'Missing KDF UUID', args
=> \
%args;
41 my $formatted_uuid = format_uuid
($uuid);
43 my $kdf = $KDFS{$uuid} or throw
"Unsupported KDF ($formatted_uuid)", uuid
=> $uuid;
44 ($class, my %registration_args) = @$kdf;
47 my $self = bless {KDF_PARAM_UUID
() => $uuid}, $class;
48 return $self->init(%args, %registration_args);
53 $kdf = $kdf->init(%attributes);
55 Called by L
</new
> to set attributes
. You normally shouldn
't call this. Returns itself to allow method
64 @$self{keys %args} = values %args;
73 Get the UUID used to determine which function to use.
77 sub uuid { $_[0]->{+KDF_PARAM_UUID} }
83 Get the seed (or salt, depending on the function).
87 sub seed { die 'Not implemented
' }
91 $transformed_key = $kdf->transform($key);
92 $transformed_key = $kdf->transform($key, $challenge);
94 Transform a key. The input key can be either a L<File::KDBX::Key> or a raw binary key, and the
95 transformed key will be a raw key.
97 This can take awhile, depending on the KDF parameters.
99 If a challenge is provided (and the KDF is AES except for the KeePassXC variant), it will be passed to the key
100 so challenge-response keys can produce raw keys. See L<File::KDBX::Key/raw_key>.
108 if (blessed $key && $key->can('raw_key
')) {
109 return $self->_transform($key->raw_key) if $self->uuid eq KDF_UUID_AES;
110 return $self->_transform($key->raw_key($self->seed, @_));
113 return $self->_transform($key);
116 sub _transform { die 'Not implemented
' }
118 =method randomize_seed
120 $kdf->randomize_seed;
122 Generate and set a new random seed/salt.
128 $self->{+KDF_PARAM_AES_SEED} = random_bytes(length($self->seed));
133 File::KDBX::KDF->register($uuid => $package, %args);
135 Register a KDF. Registered KDFs can be used to encrypt and decrypt KDBX databases. A KDF's UUID B
<must
> be
136 unique
and B
<musn
't change>. A KDF UUID is written into each KDBX file and the associated KDF must be
137 registered with the same UUID in order to decrypt the KDBX file.
139 C<$package> should be a Perl package relative to C<File::KDBX::KDF::> or prefixed with a C<+> if it is
140 a fully-qualified package. C<%args> are passed as-is to the KDF's L
</init
> method.
150 my $formatted_id = format_uuid
($id);
151 $package = "${class}::${package}" if $package !~ s/^\+// && $package !~ /^\Q${class}::\E/;
153 my %blacklist = map { File
::KDBX
::Util
::uuid
($_) => 1 } split(/,/, $ENV{FILE_KDBX_KDF_BLACKLIST
} // '');
154 if ($blacklist{$id} || $blacklist{$package}) {
155 alert
"Ignoring blacklisted KDF ($formatted_id)", id
=> $id, package => $package;
159 if (defined $KDFS{$id}) {
160 alert
"Overriding already-registered KDF ($formatted_id) with package $package",
165 $KDFS{$id} = [$package, @args];
170 File
::KDBX
::KDF-
>unregister($uuid);
172 Unregister a KDF
. Unregistered KDFs can
no longer be used to encrypt
and decrypt KDBX databases
, until
173 reregistered
(see L
</register
>).
178 delete $KDFS{$_} for @_;
182 __PACKAGE__-
>register(KDF_UUID_AES
, 'AES');
183 __PACKAGE__-
>register(KDF_UUID_AES_CHALLENGE_RESPONSE
, 'AES');
184 __PACKAGE__-
>register(KDF_UUID_ARGON2D
, 'Argon2');
185 __PACKAGE__-
>register(KDF_UUID_ARGON2ID
, 'Argon2');
193 A KDF (key derivation function) is used in the transformation of a master key (i.e. one or more component
194 keys) to produce the final encryption key protecting a KDBX database. The L<File::KDBX> distribution comes
195 with several pre-registered KDFs ready to go:
198 * C<C9D9F39A-628A-4460-BF74-0D08C18A4FEA> - AES
199 * C<7C02BB82-79A7-4AC0-927D-114A00648238> - AES (challenge-response variant)
200 * C<EF636DDF-8C29-444B-91F7-A9A403E30A0C> - Argon2d
201 * C<9E298B19-56DB-4773-B23D-FC3EC6F0A1E6> - Argon2id
203 B<NOTE:> If you want your KDBX file to be readable by other KeePass implementations, you must use a UUID and
204 algorithm that they support. From the list above, all are well-supported except the AES challenge-response
205 variant which is kind of a pseudo KDF and isn't usually written into files. All of these are good. AES has
206 a longer track record, but Argon2 has better ASIC resistance.
208 You can also L</register> your own KDF. Here is a skeleton:
210 package File::KDBX::KDF::MyKDF;
212 use parent 'File::KDBX::KDF';
214 File::KDBX::KDF->register(
215 # $uuid, $package, %args
216 "\x12\x34\x56\x78\x9a\xbc\xde\xfg\x12\x34\x56\x78\x9a\xbc\xde\xfg" => __PACKAGE__,
219 sub init { ... } # optional
221 sub _transform { my ($key) = @_; ... }