1 /** 2 * \file pkcs5.h 3 * 4 * \brief PKCS#5 functions 5 * 6 * \author Mathias Olsson <mathias@kompetensum.com> 7 */ 8 /* 9 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved 10 * SPDX-License-Identifier: Apache-2.0 11 * 12 * Licensed under the Apache License, Version 2.0 (the "License"); you may 13 * not use this file except in compliance with the License. 14 * You may obtain a copy of the License at 15 * 16 * http://www.apache.org/licenses/LICENSE-2.0 17 * 18 * Unless required by applicable law or agreed to in writing, software 19 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 20 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 21 * See the License for the specific language governing permissions and 22 * limitations under the License. 23 * 24 * This file is part of mbed TLS (https://tls.mbed.org) 25 */ 26 #ifndef MBEDTLS_PKCS5_H 27 #define MBEDTLS_PKCS5_H 28 29 #if !defined(MBEDTLS_CONFIG_FILE) 30 #include "config.h" 31 #else 32 #include MBEDTLS_CONFIG_FILE 33 #endif 34 35 #include "asn1.h" 36 #include "md.h" 37 38 #include <stddef.h> 39 #include <stdint.h> 40 41 #define MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA -0x2f80 /**< Bad input parameters to function. */ 42 #define MBEDTLS_ERR_PKCS5_INVALID_FORMAT -0x2f00 /**< Unexpected ASN.1 data. */ 43 #define MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE -0x2e80 /**< Requested encryption or digest alg not available. */ 44 #define MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH -0x2e00 /**< Given private key password does not allow for correct decryption. */ 45 46 #define MBEDTLS_PKCS5_DECRYPT 0 47 #define MBEDTLS_PKCS5_ENCRYPT 1 48 49 #ifdef __cplusplus 50 extern "C" { 51 #endif 52 53 #if defined(MBEDTLS_ASN1_PARSE_C) 54 55 /** 56 * \brief PKCS#5 PBES2 function 57 * 58 * \param pbe_params the ASN.1 algorithm parameters 59 * \param mode either MBEDTLS_PKCS5_DECRYPT or MBEDTLS_PKCS5_ENCRYPT 60 * \param pwd password to use when generating key 61 * \param pwdlen length of password 62 * \param data data to process 63 * \param datalen length of data 64 * \param output output buffer 65 * 66 * \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails. 67 */ 68 int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode, 69 const unsigned char *pwd, size_t pwdlen, 70 const unsigned char *data, size_t datalen, 71 unsigned char *output ); 72 73 #endif /* MBEDTLS_ASN1_PARSE_C */ 74 75 /** 76 * \brief PKCS#5 PBKDF2 using HMAC 77 * 78 * \param ctx Generic HMAC context 79 * \param password Password to use when generating key 80 * \param plen Length of password 81 * \param salt Salt to use when generating key 82 * \param slen Length of salt 83 * \param iteration_count Iteration count 84 * \param key_length Length of generated key in bytes 85 * \param output Generated key. Must be at least as big as key_length 86 * 87 * \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails. 88 */ 89 int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *password, 90 size_t plen, const unsigned char *salt, size_t slen, 91 unsigned int iteration_count, 92 uint32_t key_length, unsigned char *output ); 93 94 #if defined(MBEDTLS_SELF_TEST) 95 96 /** 97 * \brief Checkup routine 98 * 99 * \return 0 if successful, or 1 if the test failed 100 */ 101 int mbedtls_pkcs5_self_test( int verbose ); 102 103 #endif /* MBEDTLS_SELF_TEST */ 104 105 #ifdef __cplusplus 106 } 107 #endif 108 109 #endif /* pkcs5.h */ 110