summaryrefslogtreecommitdiffstats
path: root/src/lib/pkcs5.h
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/pkcs5.h35
1 files changed, 35 insertions, 0 deletions
diff --git a/src/lib/pkcs5.h b/src/lib/pkcs5.h
new file mode 100644
index 0000000..5cc0650
--- /dev/null
+++ b/src/lib/pkcs5.h
@@ -0,0 +1,35 @@
+#ifndef PKCS5_H
+#define PKCS5_H 1
+
+enum pkcs5_pbkdf_mode {
+ PKCS5_PBKDF1,
+ PKCS5_PBKDF2
+};
+
+/*
+
+ mode - v1.0 or v2.0
+ hash - hash_method_lookup return value
+ password - private password for generation
+ password_len - length of password in octets
+ salt - salt for generation
+ salt_len - length of salt in octets
+ iterations - number of iterations to hash (use at least 1000, a very large number => very very slow)
+ dk_len - number of bytes to return from derived key
+ result - buffer_t to hold the result, either use dynamic or make sure it fits dk_len
+
+ non-zero return value indicates that either iterations was less than 1 or dk_len was too large
+
+ Sample code:
+
+ buffer_t *result = t_buffer_create(256);
+ if (pkcs5_pbkdf(PKCS5_PBKDF2, hash_method_lookup("sha256"), "password", 8, "salt", 4, 4096, 256, result) != 0) { // error }
+
+*/
+
+int pkcs5_pbkdf(enum pkcs5_pbkdf_mode mode, const struct hash_method *hash,
+ const unsigned char *password, size_t password_len,
+ const unsigned char *salt, size_t salt_len,
+ unsigned int iterations, uint32_t dk_len,
+ buffer_t *result);
+#endif