-
Notifications
You must be signed in to change notification settings - Fork 970
Expand file tree
/
Copy pathpwdbased.h
More file actions
343 lines (298 loc) · 12.1 KB
/
pwdbased.h
File metadata and controls
343 lines (298 loc) · 12.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
/*!
\ingroup Password
\brief This function implements the Password Based Key Derivation
Function 1 (PBKDF1), converting an input password with a concatenated salt
into a more secure key, which it stores in output. It allows the user to
select between SHA and MD5 as hash functions.
\return 0 Returned on successfully deriving a key from the input password
\return BAD_FUNC_ARG Returned if there is an invalid hash type given
(valid type are: MD5 and SHA), iterations is less than 1, or the key
length (kLen) requested is greater than the hash length of the provided hash
\return MEMORY_E Returned if there is an error allocating memory for a
SHA or MD5 object
\param output pointer to the buffer in which to store the generated key.
Should be at least kLen long
\param passwd pointer to the buffer containing the password to use for
the key derivation
\param pLen length of the password to use for key derivation
\param salt pointer to the buffer containing the salt to use for
key derivation
\param sLen length of the salt
\param iterations number of times to process the hash
\param kLen desired length of the derived key. Should not be longer
than the digest size of the hash chosen
\param hashType the hashing algorithm to use. Valid choices are WC_MD5 and WC_SHA
_Example_
\code
int ret;
byte key[WC_MD5_DIGEST_SIZE];
byte pass[] = { }; // initialize with password
byte salt[] = { }; // initialize with salt
ret = wc_PBKDF1(key, pass, sizeof(pass), salt, sizeof(salt), 1000,
sizeof(key), WC_MD5);
if ( ret != 0 ) {
// error deriving key from password
}
\endcode
\sa wc_PBKDF2
\sa wc_PKCS12_PBKDF
*/
int wc_PBKDF1(byte* output, const byte* passwd, int pLen,
const byte* salt, int sLen, int iterations, int kLen,
int hashType);
/*!
\ingroup Password
\brief This function implements the Password Based Key Derivation
Function 2 (PBKDF2), converting an input password with a concatenated
salt into a more secure key, which it stores in output. It allows the user
to select any of the supported HMAC hash functions, including: WC_MD5,
WC_SHA, WC_SHA256, WC_SHA384, WC_SHA512, WC_SHA3_224, WC_SHA3_256,
WC_SHA3_384 or WC_SHA3_512
\return 0 Returned on successfully deriving a key from the input password
\return BAD_FUNC_ARG Returned if there is an invalid hash type given or
iterations is less than 1
\return MEMORY_E Returned if there is an allocating memory for
the HMAC object
\param output pointer to the buffer in which to store the generated key.
Should be kLen long
\param passwd pointer to the buffer containing the password to use for
the key derivation
\param pLen length of the password to use for key derivation
\param salt pointer to the buffer containing the salt to use for
key derivation
\param sLen length of the salt
\param iterations number of times to process the hash
\param kLen desired length of the derived key
\param hashType the hashing algorithm to use. Valid choices are: WC_MD5,
WC_SHA, WC_SHA256, WC_SHA384, WC_SHA512, WC_SHA3_224, WC_SHA3_256,
WC_SHA3_384 or WC_SHA3_512
_Example_
\code
int ret;
byte key[64];
byte pass[] = { }; // initialize with password
byte salt[] = { }; // initialize with salt
ret = wc_PBKDF2(key, pass, sizeof(pass), salt, sizeof(salt), 2048, sizeof(key),
WC_SHA512);
if ( ret != 0 ) {
// error deriving key from password
}
\endcode
\sa wc_PBKDF1
\sa wc_PKCS12_PBKDF
*/
int wc_PBKDF2(byte* output, const byte* passwd, int pLen,
const byte* salt, int sLen, int iterations, int kLen,
int hashType);
/*!
\ingroup Password
\brief This function implements the Password Based Key Derivation Function
(PBKDF) described in RFC 7292 Appendix B. This function converts an input
password with a concatenated salt into a more secure key, which it stores
in output. It allows the user to select any of the supported HMAC hash
functions, including: WC_MD5, WC_SHA, WC_SHA256, WC_SHA384, WC_SHA512,
WC_SHA3_224, WC_SHA3_256, WC_SHA3_384 or WC_SHA3_512
\return 0 Returned on successfully deriving a key from the input password
\return BAD_FUNC_ARG Returned if there is an invalid hash type given,
iterations is less than 1, or the key length (kLen) requested is greater
than the hash length of the provided hash
\return MEMORY_E Returned if there is an allocating memory
\return MP_INIT_E may be returned if there is an error during key generation
\return MP_READ_E may be returned if there is an error during key generation
\return MP_CMP_E may be returned if there is an error during key generation
\return MP_INVMOD_E may be returned if there is an error during
key generation
\return MP_EXPTMOD_E may be returned if there is an error during
key generation
\return MP_MOD_E may be returned if there is an error during key generation
\return MP_MUL_E may be returned if there is an error during key generation
\return MP_ADD_E may be returned if there is an error during key generation
\return MP_MULMOD_E may be returned if there is an error during
key generation
\return MP_TO_E may be returned if there is an error during key generation
\return MP_MEM may be returned if there is an error during key generation
\param output pointer to the buffer in which to store the generated key.
Should be kLen long
\param passwd pointer to the buffer containing the password to use for
the key derivation
\param passLen length of the password to use for key derivation
\param salt pointer to the buffer containing the salt to use
for key derivation
\param saltLen length of the salt
\param iterations number of times to process the hash
\param kLen desired length of the derived key
\param hashType the hashing algorithm to use. Valid choices are: WC_MD5,
WC_SHA, WC_SHA256, WC_SHA384, WC_SHA512, WC_SHA3_224, WC_SHA3_256,
WC_SHA3_384 or WC_SHA3_512
\param id this is a byte identifier indicating the purpose of key
generation. It is used to diversify the key output, and should be
assigned as follows: ID=1: pseudorandom bits are to be used as key
material for performing encryption or decryption. ID=2: pseudorandom
bits are to be used an IV (Initial Value) for encryption or decryption.
ID=3: pseudorandom bits are to be used as an integrity key for MACing.
_Example_
\code
int ret;
byte key[64];
byte pass[] = { }; // initialize with password
byte salt[] = { }; // initialize with salt
ret = wc_PKCS12_PBKDF(key, pass, sizeof(pass), salt, sizeof(salt), 2048,
sizeof(key), WC_SHA512, 1);
if ( ret != 0 ) {
// error deriving key from password
}
\endcode
\sa wc_PBKDF1
\sa wc_PBKDF2
*/
int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,
const byte* salt, int saltLen, int iterations,
int kLen, int hashType, int id);
/*!
\ingroup Password
\brief Extended version of PBKDF1 with heap hint.
\return 0 on success
\return BAD_FUNC_ARG on invalid arguments or iterations is greater than
WC_PBKDF_MAX_ITERATIONS
\return MEMORY_E on memory allocation error
\param key Output key buffer
\param keyLen Key length
\param iv Output IV buffer
\param ivLen IV length
\param passwd Password buffer
\param passwdLen Password length
\param salt Salt buffer
\param saltLen Salt length
\param iterations Iteration count
\param hashType Hash algorithm type
\param heap Heap hint for memory allocation
_Example_
\code
byte key[16], iv[16];
byte pass[] = "password";
byte salt[] = "salt";
int ret = wc_PBKDF1_ex(key, sizeof(key), iv, sizeof(iv),
pass, sizeof(pass), salt, sizeof(salt), 1000, WC_SHA, NULL);
\endcode
\sa wc_PBKDF1
*/
int wc_PBKDF1_ex(byte* key, int keyLen, byte* iv, int ivLen,
const byte* passwd, int passwdLen, const byte* salt, int saltLen,
int iterations, int hashType, void* heap);
/*!
\ingroup Password
\brief Extended version of PBKDF2 with heap hint and device ID.
\return 0 on success
\return BAD_FUNC_ARG on invalid arguments or iterations is greater than
WC_PBKDF_MAX_ITERATIONS
\return MEMORY_E on memory allocation error
\param output Output key buffer
\param passwd Password buffer
\param pLen Password length
\param salt Salt buffer
\param sLen Salt length
\param iterations Iteration count
\param kLen Key length
\param hashType Hash algorithm type
\param heap Heap hint for memory allocation
\param devId Device ID for hardware acceleration
_Example_
\code
byte key[32];
byte pass[] = "password";
byte salt[] = "salt";
int ret = wc_PBKDF2_ex(key, pass, sizeof(pass), salt,
sizeof(salt), 2048, sizeof(key), WC_SHA256, NULL,
INVALID_DEVID);
\endcode
\sa wc_PBKDF2
*/
int wc_PBKDF2_ex(byte* output, const byte* passwd, int pLen,
const byte* salt, int sLen, int iterations, int kLen,
int hashType, void* heap, int devId);
/*!
\ingroup Password
\brief Extended version of PKCS12_PBKDF with heap hint.
\return 0 on success
\return BAD_FUNC_ARG on invalid arguments or iterations is greater than
WC_PBKDF_MAX_ITERATIONS
\return MEMORY_E on memory allocation error
\param output Output key buffer
\param passwd Password buffer
\param passLen Password length
\param salt Salt buffer
\param saltLen Salt length
\param iterations Iteration count
\param kLen Key length
\param hashType Hash algorithm type
\param id Purpose identifier (1=key, 2=IV, 3=MAC)
\param heap Heap hint for memory allocation
_Example_
\code
byte key[32];
byte pass[] = "password";
byte salt[] = "salt";
int ret = wc_PKCS12_PBKDF_ex(key, pass, sizeof(pass), salt,
sizeof(salt), 2048, sizeof(key), WC_SHA256, 1, NULL);
\endcode
\sa wc_PKCS12_PBKDF
*/
int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd,int passLen,
const byte* salt, int saltLen, int iterations, int kLen,
int hashType, int id, void* heap);
/*!
\ingroup Password
\brief Implements scrypt key derivation function.
\return 0 on success
\return BAD_FUNC_ARG on invalid arguments
\return MEMORY_E on memory allocation error
\param output Output key buffer
\param passwd Password buffer
\param passLen Password length
\param salt Salt buffer
\param saltLen Salt length
\param cost CPU/memory cost parameter (N)
\param blockSize Block size parameter (r)
\param parallel Parallelization parameter (p)
\param dkLen Derived key length
_Example_
\code
byte key[32];
byte pass[] = "password";
byte salt[] = "salt";
int ret = wc_scrypt(key, pass, sizeof(pass), salt,
sizeof(salt), 16384, 8, 1, sizeof(key));
\endcode
\sa wc_scrypt_ex
*/
int wc_scrypt(byte* output, const byte* passwd, int passLen,
const byte* salt, int saltLen, int cost, int blockSize,
int parallel, int dkLen);
/*!
\ingroup Password
\brief Extended scrypt with iteration count instead of cost.
\return 0 on success
\return BAD_FUNC_ARG on invalid arguments
\return MEMORY_E on memory allocation error
\param output Output key buffer
\param passwd Password buffer
\param passLen Password length
\param salt Salt buffer
\param saltLen Salt length
\param iterations Iteration count
\param blockSize Block size parameter (r)
\param parallel Parallelization parameter (p)
\param dkLen Derived key length
_Example_
\code
byte key[32];
byte pass[] = "password";
byte salt[] = "salt";
int ret = wc_scrypt_ex(key, pass, sizeof(pass), salt,
sizeof(salt), 16384, 8, 1, sizeof(key));
\endcode
\sa wc_scrypt
*/
int wc_scrypt_ex(byte* output, const byte* passwd, int passLen,
const byte* salt, int saltLen, word32 iterations, int blockSize,
int parallel, int dkLen);