|
20252
|
1 #ifndef PKCS5_H
|
|
|
2 #define PKCS5_H 1
|
|
|
3
|
|
|
4 enum pkcs5_pbkdf_mode {
|
|
|
5 PKCS5_PBKDF1,
|
|
|
6 PKCS5_PBKDF2
|
|
|
7 };
|
|
|
8
|
|
|
9 /*
|
|
|
10
|
|
|
11 mode - v1.0 or v2.0
|
|
|
12 hash - hash_method_lookup return value
|
|
|
13 password - private password for generation
|
|
|
14 password_len - length of password in octets
|
|
|
15 salt - salt for generation
|
|
|
16 salt_len - length of salt in octets
|
|
|
17 iterations - number of iterations to hash (use at least 1000, a very large number => very very slow)
|
|
|
18 dk_len - number of bytes to return from derived key
|
|
|
19 result - buffer_t to hold the result, either use dynamic or make sure it fits dk_len
|
|
|
20
|
|
|
21 non-zero return value indicates that either iterations was less than 1 or dk_len was too large
|
|
|
22
|
|
|
23 Sample code:
|
|
|
24
|
|
|
25 buffer_t *result = buffer_create_dynamic(pool_datastack_create(), 256);
|
|
|
26 if (pkcs5_pbkdf(PKCS5_PBKDF2, hash_method_lookup("sha256"), "password", 8, "salt", 4, 4096, 256, result) != 0) { // error }
|
|
|
27
|
|
|
28 */
|
|
|
29
|
|
|
30 int pkcs5_pbkdf(enum pkcs5_pbkdf_mode mode, const struct hash_method *hash,
|
|
|
31 const unsigned char *password, size_t password_len,
|
|
|
32 const unsigned char *salt, size_t salt_len,
|
|
|
33 unsigned int iterations, uint32_t dk_len,
|
|
|
34 buffer_t *result);
|
|
|
35 #endif
|
