EIC code displayed by LXR |
|
|
|
|||
File indexing completed on 2025-08-27 09:37:32
0001 /** 0002 * \file pkcs5.h 0003 * 0004 * \brief PKCS#5 functions 0005 * 0006 * \author Mathias Olsson <mathias@kompetensum.com> 0007 */ 0008 /* 0009 * Copyright The Mbed TLS Contributors 0010 * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 0011 */ 0012 #ifndef MBEDTLS_PKCS5_H 0013 #define MBEDTLS_PKCS5_H 0014 0015 #include "mbedtls/build_info.h" 0016 #include "mbedtls/platform_util.h" 0017 0018 #include "mbedtls/asn1.h" 0019 #include "mbedtls/md.h" 0020 #include "mbedtls/cipher.h" 0021 0022 #include <stddef.h> 0023 #include <stdint.h> 0024 0025 /** Bad input parameters to function. */ 0026 #define MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA -0x2f80 0027 /** Unexpected ASN.1 data. */ 0028 #define MBEDTLS_ERR_PKCS5_INVALID_FORMAT -0x2f00 0029 /** Requested encryption or digest alg not available. */ 0030 #define MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE -0x2e80 0031 /** Given private key password does not allow for correct decryption. */ 0032 #define MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH -0x2e00 0033 0034 #define MBEDTLS_PKCS5_DECRYPT MBEDTLS_DECRYPT 0035 #define MBEDTLS_PKCS5_ENCRYPT MBEDTLS_ENCRYPT 0036 0037 #ifdef __cplusplus 0038 extern "C" { 0039 #endif 0040 0041 #if defined(MBEDTLS_ASN1_PARSE_C) && defined(MBEDTLS_CIPHER_C) 0042 0043 #if !defined(MBEDTLS_DEPRECATED_REMOVED) 0044 /** 0045 * \brief PKCS#5 PBES2 function 0046 * 0047 * \note When encrypting, #MBEDTLS_CIPHER_PADDING_PKCS7 must 0048 * be enabled at compile time. 0049 * 0050 * \deprecated This function is deprecated and will be removed in a 0051 * future version of the library. 0052 * Please use mbedtls_pkcs5_pbes2_ext() instead. 0053 * 0054 * \warning When decrypting: 0055 * - if #MBEDTLS_CIPHER_PADDING_PKCS7 is enabled at compile 0056 * time, this function validates the CBC padding and returns 0057 * #MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH if the padding is 0058 * invalid. Note that this can help active adversaries 0059 * attempting to brute-forcing the password. Note also that 0060 * there is no guarantee that an invalid password will be 0061 * detected (the chances of a valid padding with a random 0062 * password are about 1/255). 0063 * - if #MBEDTLS_CIPHER_PADDING_PKCS7 is disabled at compile 0064 * time, this function does not validate the CBC padding. 0065 * 0066 * \param pbe_params the ASN.1 algorithm parameters 0067 * \param mode either #MBEDTLS_PKCS5_DECRYPT or #MBEDTLS_PKCS5_ENCRYPT 0068 * \param pwd password to use when generating key 0069 * \param pwdlen length of password 0070 * \param data data to process 0071 * \param datalen length of data 0072 * \param output Output buffer. 0073 * On success, it contains the encrypted or decrypted data, 0074 * possibly followed by the CBC padding. 0075 * On failure, the content is indeterminate. 0076 * For decryption, there must be enough room for \p datalen 0077 * bytes. 0078 * For encryption, there must be enough room for 0079 * \p datalen + 1 bytes, rounded up to the block size of 0080 * the block cipher identified by \p pbe_params. 0081 * 0082 * \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails. 0083 */ 0084 int MBEDTLS_DEPRECATED mbedtls_pkcs5_pbes2(const mbedtls_asn1_buf *pbe_params, int mode, 0085 const unsigned char *pwd, size_t pwdlen, 0086 const unsigned char *data, size_t datalen, 0087 unsigned char *output); 0088 #endif /* MBEDTLS_DEPRECATED_REMOVED */ 0089 0090 #if defined(MBEDTLS_CIPHER_PADDING_PKCS7) 0091 0092 /** 0093 * \brief PKCS#5 PBES2 function 0094 * 0095 * \warning When decrypting: 0096 * - This function validates the CBC padding and returns 0097 * #MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH if the padding is 0098 * invalid. Note that this can help active adversaries 0099 * attempting to brute-forcing the password. Note also that 0100 * there is no guarantee that an invalid password will be 0101 * detected (the chances of a valid padding with a random 0102 * password are about 1/255). 0103 * 0104 * \param pbe_params the ASN.1 algorithm parameters 0105 * \param mode either #MBEDTLS_PKCS5_DECRYPT or #MBEDTLS_PKCS5_ENCRYPT 0106 * \param pwd password to use when generating key 0107 * \param pwdlen length of password 0108 * \param data data to process 0109 * \param datalen length of data 0110 * \param output Output buffer. 0111 * On success, it contains the decrypted data. 0112 * On failure, the content is indetermidate. 0113 * For decryption, there must be enough room for \p datalen 0114 * bytes. 0115 * For encryption, there must be enough room for 0116 * \p datalen + 1 bytes, rounded up to the block size of 0117 * the block cipher identified by \p pbe_params. 0118 * \param output_size size of output buffer. 0119 * This must be big enough to accommodate for output plus 0120 * padding data. 0121 * \param output_len On success, length of actual data written to the output buffer. 0122 * 0123 * \returns 0 on success, or a MBEDTLS_ERR_XXX code if parsing or decryption fails. 0124 */ 0125 int mbedtls_pkcs5_pbes2_ext(const mbedtls_asn1_buf *pbe_params, int mode, 0126 const unsigned char *pwd, size_t pwdlen, 0127 const unsigned char *data, size_t datalen, 0128 unsigned char *output, size_t output_size, 0129 size_t *output_len); 0130 0131 #endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */ 0132 0133 #endif /* MBEDTLS_ASN1_PARSE_C && MBEDTLS_CIPHER_C*/ 0134 0135 /** 0136 * \brief PKCS#5 PBKDF2 using HMAC without using the HMAC context 0137 * 0138 * \param md_type Hash algorithm used 0139 * \param password Password to use when generating key 0140 * \param plen Length of password 0141 * \param salt Salt to use when generating key 0142 * \param slen Length of salt 0143 * \param iteration_count Iteration count 0144 * \param key_length Length of generated key in bytes 0145 * \param output Generated key. Must be at least as big as key_length 0146 * 0147 * \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails. 0148 */ 0149 int mbedtls_pkcs5_pbkdf2_hmac_ext(mbedtls_md_type_t md_type, 0150 const unsigned char *password, 0151 size_t plen, const unsigned char *salt, size_t slen, 0152 unsigned int iteration_count, 0153 uint32_t key_length, unsigned char *output); 0154 0155 #if defined(MBEDTLS_MD_C) 0156 #if !defined(MBEDTLS_DEPRECATED_REMOVED) 0157 /** 0158 * \brief PKCS#5 PBKDF2 using HMAC 0159 * 0160 * \deprecated Superseded by mbedtls_pkcs5_pbkdf2_hmac_ext(). 0161 * 0162 * \param ctx Generic HMAC context 0163 * \param password Password to use when generating key 0164 * \param plen Length of password 0165 * \param salt Salt to use when generating key 0166 * \param slen Length of salt 0167 * \param iteration_count Iteration count 0168 * \param key_length Length of generated key in bytes 0169 * \param output Generated key. Must be at least as big as key_length 0170 * 0171 * \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails. 0172 */ 0173 int MBEDTLS_DEPRECATED mbedtls_pkcs5_pbkdf2_hmac(mbedtls_md_context_t *ctx, 0174 const unsigned char *password, 0175 size_t plen, 0176 const unsigned char *salt, 0177 size_t slen, 0178 unsigned int iteration_count, 0179 uint32_t key_length, 0180 unsigned char *output); 0181 #endif /* !MBEDTLS_DEPRECATED_REMOVED */ 0182 #endif /* MBEDTLS_MD_C */ 0183 #if defined(MBEDTLS_SELF_TEST) 0184 0185 /** 0186 * \brief Checkup routine 0187 * 0188 * \return 0 if successful, or 1 if the test failed 0189 */ 0190 int mbedtls_pkcs5_self_test(int verbose); 0191 0192 #endif /* MBEDTLS_SELF_TEST */ 0193 0194 #ifdef __cplusplus 0195 } 0196 #endif 0197 0198 #endif /* pkcs5.h */
| [ Source navigation ] | [ Diff markup ] | [ Identifier search ] | [ general search ] |
|
This page was automatically generated by the 2.3.7 LXR engine. The LXR team |
|