4 * \brief PKCS#5 functions
6 * \author Mathias Olsson <mathias@kompetensum.com>
8 * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
9 * SPDX-License-Identifier: GPL-2.0
11 * This program is free software; you can redistribute it and/or modify
12 * it under the terms of the GNU General Public License as published by
13 * the Free Software Foundation; either version 2 of the License, or
14 * (at your option) any later version.
16 * This program is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 * GNU General Public License for more details.
21 * You should have received a copy of the GNU General Public License along
22 * with this program; if not, write to the Free Software Foundation, Inc.,
23 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
25 * This file is part of mbed TLS (https://tls.mbed.org)
27 #ifndef MBEDTLS_PKCS5_H
28 #define MBEDTLS_PKCS5_H
36 #define MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA -0x2f80 /**< Bad input parameters to function. */
37 #define MBEDTLS_ERR_PKCS5_INVALID_FORMAT -0x2f00 /**< Unexpected ASN.1 data. */
38 #define MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE -0x2e80 /**< Requested encryption or digest alg not available. */
39 #define MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH -0x2e00 /**< Given private key password does not allow for correct decryption. */
41 #define MBEDTLS_PKCS5_DECRYPT 0
42 #define MBEDTLS_PKCS5_ENCRYPT 1
49 * \brief PKCS#5 PBES2 function
51 * \param pbe_params the ASN.1 algorithm parameters
52 * \param mode either MBEDTLS_PKCS5_DECRYPT or MBEDTLS_PKCS5_ENCRYPT
53 * \param pwd password to use when generating key
54 * \param pwdlen length of password
55 * \param data data to process
56 * \param datalen length of data
57 * \param output output buffer
59 * \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
61 int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf
*pbe_params
, int mode
,
62 const unsigned char *pwd
, size_t pwdlen
,
63 const unsigned char *data
, size_t datalen
,
64 unsigned char *output
);
67 * \brief PKCS#5 PBKDF2 using HMAC
69 * \param ctx Generic HMAC context
70 * \param password Password to use when generating key
71 * \param plen Length of password
72 * \param salt Salt to use when generating key
73 * \param slen Length of salt
74 * \param iteration_count Iteration count
75 * \param key_length Length of generated key in bytes
76 * \param output Generated key. Must be at least as big as key_length
78 * \returns 0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
80 int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t
*ctx
, const unsigned char *password
,
81 size_t plen
, const unsigned char *salt
, size_t slen
,
82 unsigned int iteration_count
,
83 uint32_t key_length
, unsigned char *output
);
86 * \brief Checkup routine
88 * \return 0 if successful, or 1 if the test failed
90 int mbedtls_pkcs5_self_test( int verbose
);