| Paul Bakker | 19bd297 | 2013-06-14 12:06:45 +0200 | [diff] [blame] | 1 | /** |
| 2 | * \file pkcs#5.h |
| 3 | * |
| 4 | * \brief PKCS#5 functions |
| 5 | * |
| 6 | * \author Mathias Olsson <mathias@kompetensum.com> |
| 7 | * |
| Paul Bakker | 530927b | 2015-02-13 14:24:10 +0100 | [diff] [blame^] | 8 | * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved |
| Paul Bakker | 19bd297 | 2013-06-14 12:06:45 +0200 | [diff] [blame] | 9 | * |
| Manuel Pégourié-Gonnard | e12abf9 | 2015-01-28 17:13:45 +0000 | [diff] [blame] | 10 | * This file is part of mbed TLS (https://polarssl.org) |
| Paul Bakker | 19bd297 | 2013-06-14 12:06:45 +0200 | [diff] [blame] | 11 | * |
| 12 | * This program is free software; you can redistribute it and/or modify |
| 13 | * it under the terms of the GNU General Public License as published by |
| 14 | * the Free Software Foundation; either version 2 of the License, or |
| 15 | * (at your option) any later version. |
| 16 | * |
| 17 | * This program is distributed in the hope that it will be useful, |
| 18 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 19 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 20 | * GNU General Public License for more details. |
| 21 | * |
| 22 | * You should have received a copy of the GNU General Public License along |
| 23 | * with this program; if not, write to the Free Software Foundation, Inc., |
| 24 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. |
| 25 | */ |
| 26 | #ifndef POLARSSL_PKCS5_H |
| 27 | #define POLARSSL_PKCS5_H |
| 28 | |
| 29 | #include <string.h> |
| 30 | |
| Paul Bakker | 1fd4321 | 2013-06-17 15:14:42 +0200 | [diff] [blame] | 31 | #include "asn1.h" |
| Paul Bakker | 19bd297 | 2013-06-14 12:06:45 +0200 | [diff] [blame] | 32 | #include "md.h" |
| 33 | |
| 34 | #ifdef _MSC_VER |
| 35 | #include <basetsd.h> |
| 36 | typedef UINT32 uint32_t; |
| 37 | #else |
| 38 | #include <inttypes.h> |
| 39 | #endif |
| 40 | |
| Paul Bakker | 1fd4321 | 2013-06-17 15:14:42 +0200 | [diff] [blame] | 41 | #define POLARSSL_ERR_PKCS5_BAD_INPUT_DATA -0x3f80 /**< Bad input parameters to function. */ |
| 42 | #define POLARSSL_ERR_PKCS5_INVALID_FORMAT -0x3f00 /**< Unexpected ASN.1 data. */ |
| 43 | #define POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE -0x3e80 /**< Requested encryption or digest alg not available. */ |
| 44 | #define POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH -0x3e00 /**< Given private key password does not allow for correct decryption. */ |
| 45 | |
| 46 | #define PKCS5_DECRYPT 0 |
| 47 | #define PKCS5_ENCRYPT 1 |
| 48 | |
| 49 | /* |
| 50 | * PKCS#5 OIDs |
| 51 | */ |
| 52 | #define OID_PKCS5 "\x2a\x86\x48\x86\xf7\x0d\x01\x05" |
| 53 | #define OID_PKCS5_PBES2 OID_PKCS5 "\x0d" |
| 54 | #define OID_PKCS5_PBKDF2 OID_PKCS5 "\x0c" |
| 55 | |
| 56 | /* |
| 57 | * Encryption Algorithm OIDs |
| 58 | */ |
| 59 | #define OID_DES_CBC "\x2b\x0e\x03\x02\x07" |
| 60 | #define OID_DES_EDE3_CBC "\x2a\x86\x48\x86\xf7\x0d\x03\x07" |
| 61 | |
| 62 | /* |
| 63 | * Digest Algorithm OIDs |
| 64 | */ |
| 65 | #define OID_HMAC_SHA1 "\x2a\x86\x48\x86\xf7\x0d\x02\x07" |
| Paul Bakker | 19bd297 | 2013-06-14 12:06:45 +0200 | [diff] [blame] | 66 | |
| 67 | #ifdef __cplusplus |
| 68 | extern "C" { |
| 69 | #endif |
| 70 | |
| 71 | /** |
| Paul Bakker | 1fd4321 | 2013-06-17 15:14:42 +0200 | [diff] [blame] | 72 | * \brief PKCS#5 PBES2 function |
| 73 | * |
| 74 | * \param pbe_params the ASN.1 algorithm parameters |
| 75 | * \param mode either PKCS5_DECRYPT or PKCS5_ENCRYPT |
| 76 | * \param pwd password to use when generating key |
| Manuel Pégourié-Gonnard | 7bf9f7e | 2014-11-17 11:20:21 +0100 | [diff] [blame] | 77 | * \param pwdlen length of password |
| Paul Bakker | 1fd4321 | 2013-06-17 15:14:42 +0200 | [diff] [blame] | 78 | * \param data data to process |
| 79 | * \param datalen length of data |
| 80 | * \param output output buffer |
| 81 | * |
| 82 | * \returns 0 on success, or a PolarSSL error code if verification fails. |
| 83 | */ |
| 84 | int pkcs5_pbes2( asn1_buf *pbe_params, int mode, |
| 85 | const unsigned char *pwd, size_t pwdlen, |
| 86 | const unsigned char *data, size_t datalen, |
| 87 | unsigned char *output ); |
| 88 | |
| 89 | /** |
| Paul Bakker | 19bd297 | 2013-06-14 12:06:45 +0200 | [diff] [blame] | 90 | * \brief PKCS#5 PBKDF2 using HMAC |
| 91 | * |
| 92 | * \param ctx Generic HMAC context |
| 93 | * \param password Password to use when generating key |
| 94 | * \param plen Length of password |
| 95 | * \param salt Salt to use when generating key |
| 96 | * \param slen Length of salt |
| 97 | * \param iteration_count Iteration count |
| 98 | * \param key_length Length of generated key |
| 99 | * \param output Generated key. Must be at least as big as key_length |
| 100 | * |
| 101 | * \returns 0 on success, or a PolarSSL error code if verification fails. |
| 102 | */ |
| 103 | int pkcs5_pbkdf2_hmac( md_context_t *ctx, const unsigned char *password, |
| 104 | size_t plen, const unsigned char *salt, size_t slen, |
| 105 | unsigned int iteration_count, |
| 106 | uint32_t key_length, unsigned char *output ); |
| 107 | |
| 108 | /** |
| 109 | * \brief Checkup routine |
| 110 | * |
| 111 | * \return 0 if successful, or 1 if the test failed |
| 112 | */ |
| 113 | int pkcs5_self_test( int verbose ); |
| 114 | |
| 115 | #ifdef __cplusplus |
| 116 | } |
| 117 | #endif |
| 118 | |
| 119 | #endif /* pkcs5.h */ |