• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1=pod
2
3=head1 NAME
4
5EVP_PKEY_CTX_set1_scrypt_salt,
6EVP_PKEY_CTX_set_scrypt_N,
7EVP_PKEY_CTX_set_scrypt_r,
8EVP_PKEY_CTX_set_scrypt_p,
9EVP_PKEY_CTX_set_scrypt_maxmem_bytes
10- EVP_PKEY scrypt KDF support functions
11
12=head1 SYNOPSIS
13
14 #include <openssl/kdf.h>
15
16 int EVP_PKEY_CTX_set1_scrypt_salt(EVP_PKEY_CTX *pctx, unsigned char *salt,
17                                   int saltlen);
18
19 int EVP_PKEY_CTX_set_scrypt_N(EVP_PKEY_CTX *pctx, uint64_t N);
20
21 int EVP_PKEY_CTX_set_scrypt_r(EVP_PKEY_CTX *pctx, uint64_t r);
22
23 int EVP_PKEY_CTX_set_scrypt_p(EVP_PKEY_CTX *pctx, uint64_t p);
24
25 int EVP_PKEY_CTX_set_scrypt_maxmem_bytes(EVP_PKEY_CTX *pctx,
26                                          uint64_t maxmem);
27
28=head1 DESCRIPTION
29
30These functions are used to set up the necessary data to use the
31scrypt KDF.
32For more information on scrypt, see L<scrypt(7)>.
33
34EVP_PKEY_CTX_set1_scrypt_salt() sets the B<saltlen> bytes long salt
35value.
36
37EVP_PKEY_CTX_set_scrypt_N(), EVP_PKEY_CTX_set_scrypt_r() and
38EVP_PKEY_CTX_set_scrypt_p() configure the work factors N, r and p.
39
40EVP_PKEY_CTX_set_scrypt_maxmem_bytes() sets how much RAM key
41derivation may maximally use, given in bytes.
42If RAM is exceeded because the load factors are chosen too high, the
43key derivation will fail.
44
45=head1 STRING CTRLS
46
47scrypt also supports string based control operations via
48L<EVP_PKEY_CTX_ctrl_str(3)>.
49Similarly, the B<salt> can either be specified using the B<type>
50parameter "salt" or in hex encoding by using the "hexsalt" parameter.
51The work factors B<N>, B<r> and B<p> as well as B<maxmem_bytes> can be
52set by using the parameters "N", "r", "p" and "maxmem_bytes",
53respectively.
54
55=head1 NOTES
56
57The scrypt KDF also uses EVP_PKEY_CTX_set1_pbe_pass() as well as
58the value from the string controls "pass" and "hexpass".
59See L<EVP_PKEY_CTX_set1_pbe_pass(3)>.
60
61All the functions described here are implemented as macros.
62
63=head1 RETURN VALUES
64
65All these functions return 1 for success and 0 or a negative value for
66failure.
67In particular a return value of -2 indicates the operation is not
68supported by the public key algorithm.
69
70=head1 SEE ALSO
71
72L<scrypt(7)>,
73L<EVP_PKEY_CTX_new(3)>,
74L<EVP_PKEY_CTX_ctrl_str(3)>,
75L<EVP_PKEY_derive(3)>
76
77=head1 COPYRIGHT
78
79Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
80
81Licensed under the OpenSSL license (the "License").  You may not use
82this file except in compliance with the License.  You can obtain a copy
83in the file LICENSE in the source distribution or at
84L<https://www.openssl.org/source/license.html>.
85
86=cut
87