| Jaeden Amero | e54e693 | 2018-08-06 16:19:58 +0100 | [diff] [blame] | 1 | /** |
| 2 | * \file pkcs5.h |
| 3 | * |
| 4 | * \brief PKCS#5 functions |
| 5 | * |
| 6 | * \author Mathias Olsson <mathias@kompetensum.com> |
| 7 | */ |
| 8 | /* |
| 9 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved |
| 10 | * SPDX-License-Identifier: Apache-2.0 |
| 11 | * |
| 12 | * Licensed under the Apache License, Version 2.0 (the "License"); you may |
| 13 | * not use this file except in compliance with the License. |
| 14 | * You may obtain a copy of the License at |
| 15 | * |
| 16 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 17 | * |
| 18 | * Unless required by applicable law or agreed to in writing, software |
| 19 | * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT |
| 20 | * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 21 | * See the License for the specific language governing permissions and |
| 22 | * limitations under the License. |
| 23 | * |
| 24 | * This file is part of Mbed Crypto (https://tls.mbed.org) |
| 25 | */ |
| 26 | #ifndef MBEDCRYPTO_PKCS5_H |
| 27 | #define MBEDCRYPTO_PKCS5_H |
| 28 | |
| 29 | #include "asn1.h" |
| 30 | #include "md.h" |
| 31 | |
| 32 | #include <stddef.h> |
| 33 | #include <stdint.h> |
| 34 | |
| 35 | #define MBEDCRYPTO_ERR_PKCS5_BAD_INPUT_DATA -0x2f80 /**< Bad input parameters to function. */ |
| 36 | #define MBEDCRYPTO_ERR_PKCS5_INVALID_FORMAT -0x2f00 /**< Unexpected ASN.1 data. */ |
| 37 | #define MBEDCRYPTO_ERR_PKCS5_FEATURE_UNAVAILABLE -0x2e80 /**< Requested encryption or digest alg not available. */ |
| 38 | #define MBEDCRYPTO_ERR_PKCS5_PASSWORD_MISMATCH -0x2e00 /**< Given private key password does not allow for correct decryption. */ |
| 39 | |
| 40 | #define MBEDCRYPTO_PKCS5_DECRYPT 0 |
| 41 | #define MBEDCRYPTO_PKCS5_ENCRYPT 1 |
| 42 | |
| 43 | #ifdef __cplusplus |
| 44 | extern "C" { |
| 45 | #endif |
| 46 | |
| 47 | /** |
| 48 | * \brief PKCS#5 PBES2 function |
| 49 | * |
| 50 | * \param pbe_params the ASN.1 algorithm parameters |
| 51 | * \param mode either MBEDCRYPTO_PKCS5_DECRYPT or MBEDCRYPTO_PKCS5_ENCRYPT |
| 52 | * \param pwd password to use when generating key |
| 53 | * \param pwdlen length of password |
| 54 | * \param data data to process |
| 55 | * \param datalen length of data |
| 56 | * \param output output buffer |
| 57 | * |
| 58 | * \returns 0 on success, or a MBEDCRYPTO_ERR_XXX code if verification fails. |
| 59 | */ |
| 60 | int mbedcrypto_pkcs5_pbes2( const mbedcrypto_asn1_buf *pbe_params, int mode, |
| 61 | const unsigned char *pwd, size_t pwdlen, |
| 62 | const unsigned char *data, size_t datalen, |
| 63 | unsigned char *output ); |
| 64 | |
| 65 | /** |
| 66 | * \brief PKCS#5 PBKDF2 using HMAC |
| 67 | * |
| 68 | * \param ctx Generic HMAC context |
| 69 | * \param password Password to use when generating key |
| 70 | * \param plen Length of password |
| 71 | * \param salt Salt to use when generating key |
| 72 | * \param slen Length of salt |
| 73 | * \param iteration_count Iteration count |
| 74 | * \param key_length Length of generated key in bytes |
| 75 | * \param output Generated key. Must be at least as big as key_length |
| 76 | * |
| 77 | * \returns 0 on success, or a MBEDCRYPTO_ERR_XXX code if verification fails. |
| 78 | */ |
| 79 | int mbedcrypto_pkcs5_pbkdf2_hmac( mbedcrypto_md_context_t *ctx, const unsigned char *password, |
| 80 | size_t plen, const unsigned char *salt, size_t slen, |
| 81 | unsigned int iteration_count, |
| 82 | uint32_t key_length, unsigned char *output ); |
| 83 | |
| 84 | /** |
| 85 | * \brief Checkup routine |
| 86 | * |
| 87 | * \return 0 if successful, or 1 if the test failed |
| 88 | */ |
| 89 | int mbedcrypto_pkcs5_self_test( int verbose ); |
| 90 | |
| 91 | #ifdef __cplusplus |
| 92 | } |
| 93 | #endif |
| 94 | |
| 95 | #endif /* pkcs5.h */ |