PKCS#5 functions.
More...
#include "mbedtls/build_info.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/asn1.h"
#include "mbedtls/md.h"
#include "mbedtls/cipher.h"
#include <stddef.h>
#include <stdint.h>
Go to the source code of this file.
|
int MBEDTLS_DEPRECATED | mbedtls_pkcs5_pbes2 (const mbedtls_asn1_buf *pbe_params, int mode, const unsigned char *pwd, size_t pwdlen, const unsigned char *data, size_t datalen, unsigned char *output) |
| PKCS#5 PBES2 function.
|
|
int | mbedtls_pkcs5_pbes2_ext (const mbedtls_asn1_buf *pbe_params, int mode, const unsigned char *pwd, size_t pwdlen, const unsigned char *data, size_t datalen, unsigned char *output, size_t output_size, size_t *output_len) |
| PKCS#5 PBES2 function.
|
|
int | mbedtls_pkcs5_pbkdf2_hmac_ext (mbedtls_md_type_t md_type, const unsigned char *password, size_t plen, const unsigned char *salt, size_t slen, unsigned int iteration_count, uint32_t key_length, unsigned char *output) |
| PKCS#5 PBKDF2 using HMAC without using the HMAC context.
|
|
int MBEDTLS_DEPRECATED | mbedtls_pkcs5_pbkdf2_hmac (mbedtls_md_context_t *ctx, const unsigned char *password, size_t plen, const unsigned char *salt, size_t slen, unsigned int iteration_count, uint32_t key_length, unsigned char *output) |
| PKCS#5 PBKDF2 using HMAC.
|
|
int | mbedtls_pkcs5_self_test (int verbose) |
| Checkup routine.
|
|
◆ MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA
#define MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA -0x2f80 |
Bad input parameters to function.
Definition at line 26 of file pkcs5.h.
◆ MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE
#define MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE -0x2e80 |
Requested encryption or digest alg not available.
Definition at line 30 of file pkcs5.h.
◆ MBEDTLS_ERR_PKCS5_INVALID_FORMAT
#define MBEDTLS_ERR_PKCS5_INVALID_FORMAT -0x2f00 |
Unexpected ASN.1 data.
Definition at line 28 of file pkcs5.h.
◆ MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH
#define MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH -0x2e00 |
Given private key password does not allow for correct decryption.
Definition at line 32 of file pkcs5.h.
◆ MBEDTLS_PKCS5_DECRYPT
◆ MBEDTLS_PKCS5_ENCRYPT
◆ mbedtls_pkcs5_pbes2()
int MBEDTLS_DEPRECATED mbedtls_pkcs5_pbes2 |
( |
const mbedtls_asn1_buf * | pbe_params, |
|
|
int | mode, |
|
|
const unsigned char * | pwd, |
|
|
size_t | pwdlen, |
|
|
const unsigned char * | data, |
|
|
size_t | datalen, |
|
|
unsigned char * | output ) |
PKCS#5 PBES2 function.
- Note
- When encrypting, MBEDTLS_CIPHER_PADDING_PKCS7 must be enabled at compile time.
- Deprecated
- This function is deprecated and will be removed in a future version of the library. Please use mbedtls_pkcs5_pbes2_ext() instead.
- Warning
- When decrypting:
- if MBEDTLS_CIPHER_PADDING_PKCS7 is enabled at compile time, this function validates the CBC padding and returns MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH if the padding is invalid. Note that this can help active adversaries attempting to brute-forcing the password. Note also that there is no guarantee that an invalid password will be detected (the chances of a valid padding with a random password are about 1/255).
- if MBEDTLS_CIPHER_PADDING_PKCS7 is disabled at compile time, this function does not validate the CBC padding.
- Parameters
-
pbe_params | the ASN.1 algorithm parameters |
mode | either MBEDTLS_PKCS5_DECRYPT or MBEDTLS_PKCS5_ENCRYPT |
pwd | password to use when generating key |
pwdlen | length of password |
data | data to process |
datalen | length of data |
output | Output buffer. On success, it contains the encrypted or decrypted data, possibly followed by the CBC padding. On failure, the content is indeterminate. For decryption, there must be enough room for datalen bytes. For encryption, there must be enough room for datalen + 1 bytes, rounded up to the block size of the block cipher identified by pbe_params . |
- Returns
- 0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
◆ mbedtls_pkcs5_pbes2_ext()
int mbedtls_pkcs5_pbes2_ext |
( |
const mbedtls_asn1_buf * | pbe_params, |
|
|
int | mode, |
|
|
const unsigned char * | pwd, |
|
|
size_t | pwdlen, |
|
|
const unsigned char * | data, |
|
|
size_t | datalen, |
|
|
unsigned char * | output, |
|
|
size_t | output_size, |
|
|
size_t * | output_len ) |
PKCS#5 PBES2 function.
- Warning
- When decrypting:
- This function validates the CBC padding and returns MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH if the padding is invalid. Note that this can help active adversaries attempting to brute-forcing the password. Note also that there is no guarantee that an invalid password will be detected (the chances of a valid padding with a random password are about 1/255).
- Parameters
-
pbe_params | the ASN.1 algorithm parameters |
mode | either MBEDTLS_PKCS5_DECRYPT or MBEDTLS_PKCS5_ENCRYPT |
pwd | password to use when generating key |
pwdlen | length of password |
data | data to process |
datalen | length of data |
output | Output buffer. On success, it contains the decrypted data. On failure, the content is indetermidate. For decryption, there must be enough room for datalen bytes. For encryption, there must be enough room for datalen + 1 bytes, rounded up to the block size of the block cipher identified by pbe_params . |
output_size | size of output buffer. This must be big enough to accommodate for output plus padding data. |
output_len | On success, length of actual data written to the output buffer. |
- Returns
- 0 on success, or a MBEDTLS_ERR_XXX code if parsing or decryption fails.
◆ mbedtls_pkcs5_pbkdf2_hmac()
int MBEDTLS_DEPRECATED mbedtls_pkcs5_pbkdf2_hmac |
( |
mbedtls_md_context_t * | ctx, |
|
|
const unsigned char * | password, |
|
|
size_t | plen, |
|
|
const unsigned char * | salt, |
|
|
size_t | slen, |
|
|
unsigned int | iteration_count, |
|
|
uint32_t | key_length, |
|
|
unsigned char * | output ) |
PKCS#5 PBKDF2 using HMAC.
- Deprecated
- Superseded by mbedtls_pkcs5_pbkdf2_hmac_ext().
- Parameters
-
ctx | Generic HMAC context |
password | Password to use when generating key |
plen | Length of password |
salt | Salt to use when generating key |
slen | Length of salt |
iteration_count | Iteration count |
key_length | Length of generated key in bytes |
output | Generated key. Must be at least as big as key_length |
- Returns
- 0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
◆ mbedtls_pkcs5_pbkdf2_hmac_ext()
int mbedtls_pkcs5_pbkdf2_hmac_ext |
( |
mbedtls_md_type_t | md_type, |
|
|
const unsigned char * | password, |
|
|
size_t | plen, |
|
|
const unsigned char * | salt, |
|
|
size_t | slen, |
|
|
unsigned int | iteration_count, |
|
|
uint32_t | key_length, |
|
|
unsigned char * | output ) |
PKCS#5 PBKDF2 using HMAC without using the HMAC context.
- Parameters
-
md_type | Hash algorithm used |
password | Password to use when generating key |
plen | Length of password |
salt | Salt to use when generating key |
slen | Length of salt |
iteration_count | Iteration count |
key_length | Length of generated key in bytes |
output | Generated key. Must be at least as big as key_length |
- Returns
- 0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
◆ mbedtls_pkcs5_self_test()
int mbedtls_pkcs5_self_test |
( |
int | verbose | ) |
|
Checkup routine.
- Returns
- 0 if successful, or 1 if the test failed