Mbed TLS v3.6.3
Loading...
Searching...
No Matches
Macros | Functions
pkcs5.h File Reference

PKCS#5 functions. More...

#include "mbedtls/build_info.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/asn1.h"
#include "mbedtls/md.h"
#include "mbedtls/cipher.h"
#include <stddef.h>
#include <stdint.h>
Include dependency graph for pkcs5.h:

Go to the source code of this file.

Macros

#define MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA   -0x2f80
 
#define MBEDTLS_ERR_PKCS5_INVALID_FORMAT   -0x2f00
 
#define MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE   -0x2e80
 
#define MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH   -0x2e00
 
#define MBEDTLS_PKCS5_DECRYPT   MBEDTLS_DECRYPT
 
#define MBEDTLS_PKCS5_ENCRYPT   MBEDTLS_ENCRYPT
 

Functions

int MBEDTLS_DEPRECATED mbedtls_pkcs5_pbes2 (const mbedtls_asn1_buf *pbe_params, int mode, const unsigned char *pwd, size_t pwdlen, const unsigned char *data, size_t datalen, unsigned char *output)
 PKCS#5 PBES2 function.
 
int mbedtls_pkcs5_pbes2_ext (const mbedtls_asn1_buf *pbe_params, int mode, const unsigned char *pwd, size_t pwdlen, const unsigned char *data, size_t datalen, unsigned char *output, size_t output_size, size_t *output_len)
 PKCS#5 PBES2 function.
 
int mbedtls_pkcs5_pbkdf2_hmac_ext (mbedtls_md_type_t md_type, const unsigned char *password, size_t plen, const unsigned char *salt, size_t slen, unsigned int iteration_count, uint32_t key_length, unsigned char *output)
 PKCS#5 PBKDF2 using HMAC without using the HMAC context.
 
int MBEDTLS_DEPRECATED mbedtls_pkcs5_pbkdf2_hmac (mbedtls_md_context_t *ctx, const unsigned char *password, size_t plen, const unsigned char *salt, size_t slen, unsigned int iteration_count, uint32_t key_length, unsigned char *output)
 PKCS#5 PBKDF2 using HMAC.
 
int mbedtls_pkcs5_self_test (int verbose)
 Checkup routine.
 

Detailed Description

PKCS#5 functions.

Author
Mathias Olsson mathi.nosp@m.as@k.nosp@m.ompet.nosp@m.ensu.nosp@m.m.com

Definition in file pkcs5.h.

Macro Definition Documentation

◆ MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA

#define MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA   -0x2f80

Bad input parameters to function.

Definition at line 26 of file pkcs5.h.

◆ MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE

#define MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE   -0x2e80

Requested encryption or digest alg not available.

Definition at line 30 of file pkcs5.h.

◆ MBEDTLS_ERR_PKCS5_INVALID_FORMAT

#define MBEDTLS_ERR_PKCS5_INVALID_FORMAT   -0x2f00

Unexpected ASN.1 data.

Definition at line 28 of file pkcs5.h.

◆ MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH

#define MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH   -0x2e00

Given private key password does not allow for correct decryption.

Definition at line 32 of file pkcs5.h.

◆ MBEDTLS_PKCS5_DECRYPT

#define MBEDTLS_PKCS5_DECRYPT   MBEDTLS_DECRYPT

Definition at line 34 of file pkcs5.h.

◆ MBEDTLS_PKCS5_ENCRYPT

#define MBEDTLS_PKCS5_ENCRYPT   MBEDTLS_ENCRYPT

Definition at line 35 of file pkcs5.h.

Function Documentation

◆ mbedtls_pkcs5_pbes2()

int MBEDTLS_DEPRECATED mbedtls_pkcs5_pbes2 ( const mbedtls_asn1_buf pbe_params,
int  mode,
const unsigned char *  pwd,
size_t  pwdlen,
const unsigned char *  data,
size_t  datalen,
unsigned char *  output 
)

PKCS#5 PBES2 function.

Note
When encrypting, MBEDTLS_CIPHER_PADDING_PKCS7 must be enabled at compile time.
Deprecated:
This function is deprecated and will be removed in a future version of the library. Please use mbedtls_pkcs5_pbes2_ext() instead.
Warning
When decrypting:
  • if MBEDTLS_CIPHER_PADDING_PKCS7 is enabled at compile time, this function validates the CBC padding and returns MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH if the padding is invalid. Note that this can help active adversaries attempting to brute-forcing the password. Note also that there is no guarantee that an invalid password will be detected (the chances of a valid padding with a random password are about 1/255).
  • if MBEDTLS_CIPHER_PADDING_PKCS7 is disabled at compile time, this function does not validate the CBC padding.
Parameters
pbe_paramsthe ASN.1 algorithm parameters
modeeither MBEDTLS_PKCS5_DECRYPT or MBEDTLS_PKCS5_ENCRYPT
pwdpassword to use when generating key
pwdlenlength of password
datadata to process
datalenlength of data
outputOutput buffer. On success, it contains the encrypted or decrypted data, possibly followed by the CBC padding. On failure, the content is indeterminate. For decryption, there must be enough room for datalen bytes. For encryption, there must be enough room for datalen + 1 bytes, rounded up to the block size of the block cipher identified by pbe_params.
Returns
0 on success, or a MBEDTLS_ERR_XXX code if verification fails.

◆ mbedtls_pkcs5_pbes2_ext()

int mbedtls_pkcs5_pbes2_ext ( const mbedtls_asn1_buf pbe_params,
int  mode,
const unsigned char *  pwd,
size_t  pwdlen,
const unsigned char *  data,
size_t  datalen,
unsigned char *  output,
size_t  output_size,
size_t *  output_len 
)

PKCS#5 PBES2 function.

Warning
When decrypting:
  • This function validates the CBC padding and returns MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH if the padding is invalid. Note that this can help active adversaries attempting to brute-forcing the password. Note also that there is no guarantee that an invalid password will be detected (the chances of a valid padding with a random password are about 1/255).
Parameters
pbe_paramsthe ASN.1 algorithm parameters
modeeither MBEDTLS_PKCS5_DECRYPT or MBEDTLS_PKCS5_ENCRYPT
pwdpassword to use when generating key
pwdlenlength of password
datadata to process
datalenlength of data
outputOutput buffer. On success, it contains the decrypted data. On failure, the content is indetermidate. For decryption, there must be enough room for datalen bytes. For encryption, there must be enough room for datalen + 1 bytes, rounded up to the block size of the block cipher identified by pbe_params.
output_sizesize of output buffer. This must be big enough to accommodate for output plus padding data.
output_lenOn success, length of actual data written to the output buffer.
Returns
0 on success, or a MBEDTLS_ERR_XXX code if parsing or decryption fails.

◆ mbedtls_pkcs5_pbkdf2_hmac()

int MBEDTLS_DEPRECATED mbedtls_pkcs5_pbkdf2_hmac ( mbedtls_md_context_t ctx,
const unsigned char *  password,
size_t  plen,
const unsigned char *  salt,
size_t  slen,
unsigned int  iteration_count,
uint32_t  key_length,
unsigned char *  output 
)

PKCS#5 PBKDF2 using HMAC.

Deprecated:
Superseded by mbedtls_pkcs5_pbkdf2_hmac_ext().
Parameters
ctxGeneric HMAC context
passwordPassword to use when generating key
plenLength of password
saltSalt to use when generating key
slenLength of salt
iteration_countIteration count
key_lengthLength of generated key in bytes
outputGenerated key. Must be at least as big as key_length
Returns
0 on success, or a MBEDTLS_ERR_XXX code if verification fails.

◆ mbedtls_pkcs5_pbkdf2_hmac_ext()

int mbedtls_pkcs5_pbkdf2_hmac_ext ( mbedtls_md_type_t  md_type,
const unsigned char *  password,
size_t  plen,
const unsigned char *  salt,
size_t  slen,
unsigned int  iteration_count,
uint32_t  key_length,
unsigned char *  output 
)

PKCS#5 PBKDF2 using HMAC without using the HMAC context.

Parameters
md_typeHash algorithm used
passwordPassword to use when generating key
plenLength of password
saltSalt to use when generating key
slenLength of salt
iteration_countIteration count
key_lengthLength of generated key in bytes
outputGenerated key. Must be at least as big as key_length
Returns
0 on success, or a MBEDTLS_ERR_XXX code if verification fails.

◆ mbedtls_pkcs5_self_test()

int mbedtls_pkcs5_self_test ( int  verbose)

Checkup routine.

Returns
0 if successful, or 1 if the test failed