In preparation of an implementation of the bcrypt_pbkdf (a
variant of PBKDF2 used by OpenSSH) algorithm,
certain low-level operations of the Blowfish algorithm need to
be generalized and exposed.
The Blowfish.Primitive module has already been extended to
account for the requirements imposed by the BCrypt algorithm,
but the salt length was limited to 16 bytes and the BCrypt
specific key schedule setup has been hard-coded into the Blowfish
module.
This commit makes a clear distintion between the expandKey and
expandKeyWithSalt operation. Both take arbitrary sized salts
and keys now. The specialized operation for 16 byte salts as used
by BCrypt has been preserved and is selected automatically.
Also, the BCrypt specific parts have been move to the BCrypt
module with regard to separation of concern.
A benchmark for generating BCrypt hashes with cost 10 shows a
performance improvement from 158 to 141ms on average (Intel i5-6500)
after this refactoring.
Further experiments suggest that the specialized expandKeyWithSalt128
does not have any advantage over the generalized version
and might be removed in favour of less branches and exceptional
behaviour.
Raises an error (as the original doc claimed) if the salt is not the
required length of 16 bytes.
validatePasswordEither doesn't require separate checking since the hash
length as a whole is checked, implicitly ensuring the salt is the right
length. Therefore it shouldn't be possible to trigger the error by
calling this function.
Fixes#93.
This modifies the standard blowfish key schedule function to accept an
optional salt and cost as used in bcrypt and modifies the algorithm
accordingly to implement the "expensive" version.
The standard blowfish version is just the same but with a salt value of
zero and a single call to the expandKey function. See the original
bcrypt paper for more details.
