1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
#ifndef PKCS5_H
#define PKCS5_H 1
enum pkcs5_pbkdf_mode {
PKCS5_PBKDF1,
PKCS5_PBKDF2
};
/*
mode - v1.0 or v2.0
hash - hash_method_lookup return value
password - private password for generation
password_len - length of password in octets
salt - salt for generation
salt_len - length of salt in octets
iterations - number of iterations to hash (use at least 1000, a very large number => very very slow)
dk_len - number of bytes to return from derived key
result - buffer_t to hold the result, either use dynamic or make sure it fits dk_len
non-zero return value indicates that either iterations was less than 1 or dk_len was too large
Sample code:
buffer_t *result = t_buffer_create(256);
if (pkcs5_pbkdf(PKCS5_PBKDF2, hash_method_lookup("sha256"), "password", 8, "salt", 4, 4096, 256, result) != 0) { // error }
*/
int pkcs5_pbkdf(enum pkcs5_pbkdf_mode mode, const struct hash_method *hash,
const unsigned char *password, size_t password_len,
const unsigned char *salt, size_t salt_len,
unsigned int iterations, uint32_t dk_len,
buffer_t *result);
#endif
|
