Mbed TLS v2.28.5
Macros | Functions
pkcs5.h File Reference

PKCS#5 functions. More...

#include "mbedtls/config.h"
#include "mbedtls/asn1.h"
#include "mbedtls/md.h"
#include <stddef.h>
#include <stdint.h>
Include dependency graph for pkcs5.h:

Go to the source code of this file.

Macros

#define MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA   -0x2f80
 
#define MBEDTLS_ERR_PKCS5_INVALID_FORMAT   -0x2f00
 
#define MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE   -0x2e80
 
#define MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH   -0x2e00
 
#define MBEDTLS_PKCS5_DECRYPT   0
 
#define MBEDTLS_PKCS5_ENCRYPT   1
 

Functions

int mbedtls_pkcs5_pbes2 (const mbedtls_asn1_buf *pbe_params, int mode, const unsigned char *pwd, size_t pwdlen, const unsigned char *data, size_t datalen, unsigned char *output)
 PKCS#5 PBES2 function. More...
 
int mbedtls_pkcs5_pbes2_ext (const mbedtls_asn1_buf *pbe_params, int mode, const unsigned char *pwd, size_t pwdlen, const unsigned char *data, size_t datalen, unsigned char *output, size_t output_size, size_t *output_len)
 PKCS#5 PBES2 function. More...
 
int mbedtls_pkcs5_pbkdf2_hmac (mbedtls_md_context_t *ctx, const unsigned char *password, size_t plen, const unsigned char *salt, size_t slen, unsigned int iteration_count, uint32_t key_length, unsigned char *output)
 PKCS#5 PBKDF2 using HMAC. More...
 
int mbedtls_pkcs5_self_test (int verbose)
 Checkup routine. More...
 

Detailed Description

PKCS#5 functions.

Author
Mathias Olsson mathi.nosp@m.as@k.nosp@m.ompet.nosp@m.ensu.nosp@m.m.com

Definition in file pkcs5.h.

Macro Definition Documentation

◆ MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA

#define MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA   -0x2f80

Bad input parameters to function.

Definition at line 40 of file pkcs5.h.

◆ MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE

#define MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE   -0x2e80

Requested encryption or digest alg not available.

Definition at line 44 of file pkcs5.h.

◆ MBEDTLS_ERR_PKCS5_INVALID_FORMAT

#define MBEDTLS_ERR_PKCS5_INVALID_FORMAT   -0x2f00

Unexpected ASN.1 data.

Definition at line 42 of file pkcs5.h.

◆ MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH

#define MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH   -0x2e00

Given private key password does not allow for correct decryption.

Definition at line 46 of file pkcs5.h.

◆ MBEDTLS_PKCS5_DECRYPT

#define MBEDTLS_PKCS5_DECRYPT   0

Definition at line 48 of file pkcs5.h.

◆ MBEDTLS_PKCS5_ENCRYPT

#define MBEDTLS_PKCS5_ENCRYPT   1

Definition at line 49 of file pkcs5.h.

Function Documentation

◆ mbedtls_pkcs5_pbes2()

int mbedtls_pkcs5_pbes2 ( const mbedtls_asn1_buf pbe_params,
int  mode,
const unsigned char *  pwd,
size_t  pwdlen,
const unsigned char *  data,
size_t  datalen,
unsigned char *  output 
)

PKCS#5 PBES2 function.

Note
When encrypting, MBEDTLS_CIPHER_PADDING_PKCS7 must be enabled at compile time.
Warning
When decrypting:
  • if MBEDTLS_CIPHER_PADDING_PKCS7 is enabled at compile time, this function validates the CBC padding and returns MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH if the padding is invalid. Note that this can help active adversaries attempting to brute-forcing the password. Note also that there is no guarantee that an invalid password will be detected (the chances of a valid padding with a random password are about 1/255).
  • if MBEDTLS_CIPHER_PADDING_PKCS7 is disabled at compile time, this function does not validate the CBC padding.
Parameters
pbe_paramsthe ASN.1 algorithm parameters
modeeither MBEDTLS_PKCS5_DECRYPT or MBEDTLS_PKCS5_ENCRYPT
pwdpassword to use when generating key
pwdlenlength of password
datadata to process
datalenlength of data
outputOutput buffer. On success, it contains the encrypted or decrypted data, possibly followed by the CBC padding. On failure, the content is indeterminate. For decryption, there must be enough room for datalen bytes. For encryption, there must be enough room for datalen + 1 bytes, rounded up to the block size of the block cipher identified by pbe_params.
Returns
0 on success, or a MBEDTLS_ERR_XXX code if verification fails.

◆ mbedtls_pkcs5_pbes2_ext()

int mbedtls_pkcs5_pbes2_ext ( const mbedtls_asn1_buf pbe_params,
int  mode,
const unsigned char *  pwd,
size_t  pwdlen,
const unsigned char *  data,
size_t  datalen,
unsigned char *  output,
size_t  output_size,
size_t *  output_len 
)

PKCS#5 PBES2 function.

Warning
When decrypting:
  • This function validates the CBC padding and returns MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH if the padding is invalid. Note that this can help active adversaries attempting to brute-forcing the password. Note also that there is no guarantee that an invalid password will be detected (the chances of a valid padding with a random password are about 1/255).
Parameters
pbe_paramsthe ASN.1 algorithm parameters
modeeither MBEDTLS_PKCS5_DECRYPT or MBEDTLS_PKCS5_ENCRYPT
pwdpassword to use when generating key
pwdlenlength of password
datadata to process
datalenlength of data
outputOutput buffer. On success, it contains the decrypted data. On failure, the content is indetermidate. For decryption, there must be enough room for datalen bytes. For encryption, there must be enough room for datalen + 1 bytes, rounded up to the block size of the block cipher identified by pbe_params.
output_sizesize of output buffer. This must be big enough to accommodate for output plus padding data.
output_lenOn success, length of actual data written to the output buffer.
Returns
0 on success, or a MBEDTLS_ERR_XXX code if parsing or decryption fails.

◆ mbedtls_pkcs5_pbkdf2_hmac()

int mbedtls_pkcs5_pbkdf2_hmac ( mbedtls_md_context_t ctx,
const unsigned char *  password,
size_t  plen,
const unsigned char *  salt,
size_t  slen,
unsigned int  iteration_count,
uint32_t  key_length,
unsigned char *  output 
)

PKCS#5 PBKDF2 using HMAC.

Parameters
ctxGeneric HMAC context
passwordPassword to use when generating key
plenLength of password
saltSalt to use when generating key
slenLength of salt
iteration_countIteration count
key_lengthLength of generated key in bytes
outputGenerated key. Must be at least as big as key_length
Returns
0 on success, or a MBEDTLS_ERR_XXX code if verification fails.

◆ mbedtls_pkcs5_self_test()

int mbedtls_pkcs5_self_test ( int  verbose)

Checkup routine.

Returns
0 if successful, or 1 if the test failed