| 1 | =pod
|
|---|
| 2 |
|
|---|
| 3 | =head1 NAME
|
|---|
| 4 |
|
|---|
| 5 | PKCS5_PBKDF2_HMAC, PKCS5_PBKDF2_HMAC_SHA1 - password based derivation routines with salt and iteration count
|
|---|
| 6 |
|
|---|
| 7 | =head1 SYNOPSIS
|
|---|
| 8 |
|
|---|
| 9 | #include <openssl/evp.h>
|
|---|
| 10 |
|
|---|
| 11 | int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
|
|---|
| 12 | const unsigned char *salt, int saltlen, int iter,
|
|---|
| 13 | const EVP_MD *digest,
|
|---|
| 14 | int keylen, unsigned char *out);
|
|---|
| 15 |
|
|---|
| 16 | int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
|
|---|
| 17 | const unsigned char *salt, int saltlen, int iter,
|
|---|
| 18 | int keylen, unsigned char *out);
|
|---|
| 19 |
|
|---|
| 20 | =head1 DESCRIPTION
|
|---|
| 21 |
|
|---|
| 22 | PKCS5_PBKDF2_HMAC() derives a key from a password using a salt and iteration count
|
|---|
| 23 | as specified in RFC 2898.
|
|---|
| 24 |
|
|---|
| 25 | B<pass> is the password used in the derivation of length B<passlen>. B<pass>
|
|---|
| 26 | is an optional parameter and can be NULL. If B<passlen> is -1, then the
|
|---|
| 27 | function will calculate the length of B<pass> using strlen().
|
|---|
| 28 |
|
|---|
| 29 | B<salt> is the salt used in the derivation of length B<saltlen>. If the
|
|---|
| 30 | B<salt> is NULL, then B<saltlen> must be 0. The function will not
|
|---|
| 31 | attempt to calculate the length of the B<salt> because it is not assumed to
|
|---|
| 32 | be NULL terminated.
|
|---|
| 33 |
|
|---|
| 34 | B<iter> is the iteration count and its value should be greater than or
|
|---|
| 35 | equal to 1. RFC 2898 suggests an iteration count of at least 1000. Any
|
|---|
| 36 | B<iter> value less than 1 is invalid; such values will result in failure
|
|---|
| 37 | and raise the PROV_R_INVALID_ITERATION_COUNT error.
|
|---|
| 38 |
|
|---|
| 39 | B<digest> is the message digest function used in the derivation.
|
|---|
| 40 | PKCS5_PBKDF2_HMAC_SHA1() calls PKCS5_PBKDF2_HMAC() with EVP_sha1().
|
|---|
| 41 |
|
|---|
| 42 | The derived key will be written to B<out>. The size of the B<out> buffer
|
|---|
| 43 | is specified via B<keylen>.
|
|---|
| 44 |
|
|---|
| 45 | =head1 NOTES
|
|---|
| 46 |
|
|---|
| 47 | A typical application of this function is to derive keying material for an
|
|---|
| 48 | encryption algorithm from a password in the B<pass>, a salt in B<salt>,
|
|---|
| 49 | and an iteration count.
|
|---|
| 50 |
|
|---|
| 51 | Increasing the B<iter> parameter slows down the algorithm which makes it
|
|---|
| 52 | harder for an attacker to perform a brute force attack using a large number
|
|---|
| 53 | of candidate passwords.
|
|---|
| 54 |
|
|---|
| 55 | These functions make no assumption regarding the given password.
|
|---|
| 56 | It will simply be treated as a byte sequence.
|
|---|
| 57 |
|
|---|
| 58 | =head1 RETURN VALUES
|
|---|
| 59 |
|
|---|
| 60 | PKCS5_PBKDF2_HMAC() and PBKCS5_PBKDF2_HMAC_SHA1() return 1 on success or 0 on error.
|
|---|
| 61 |
|
|---|
| 62 | =head1 SEE ALSO
|
|---|
| 63 |
|
|---|
| 64 | L<evp(7)>, L<RAND_bytes(3)>,
|
|---|
| 65 | L<EVP_BytesToKey(3)>,
|
|---|
| 66 | L<passphrase-encoding(7)>
|
|---|
| 67 |
|
|---|
| 68 | =head1 COPYRIGHT
|
|---|
| 69 |
|
|---|
| 70 | Copyright 2014-2023 The OpenSSL Project Authors. All Rights Reserved.
|
|---|
| 71 |
|
|---|
| 72 | Licensed under the Apache License 2.0 (the "License"). You may not use
|
|---|
| 73 | this file except in compliance with the License. You can obtain a copy
|
|---|
| 74 | in the file LICENSE in the source distribution or at
|
|---|
| 75 | L<https://www.openssl.org/source/license.html>.
|
|---|
| 76 |
|
|---|
| 77 | =cut
|
|---|
