| | 1 | /* |
| | 2 | * ccpbkdf.h |
| | 3 | * corecrypto |
| | 4 | * |
| | 5 | * Copyright 1999-2001, 2010 Apple Inc. All rights reserved. |
| | 6 | * |
| | 7 | * Derived from pbkdf2.h by Mitch Adler on 09-12-2010. |
| | 8 | * |
| | 9 | */ |
| | 10 | |
| | 11 | #ifndef _CORECRYPTO_CCPBKDF2_H_ |
| | 12 | #define _CORECRYPTO_CCPBKDF2_H_ |
| | 13 | |
| | 14 | |
| | 15 | #include <corecrypto/ccdigest.h> |
| | 16 | |
| | 17 | /*! @function ccpbkdf2_hmac |
| | 18 | @abstract perform a pbkdf2 using HMAC(di) for the PRF (see PKCS#5 for specification) |
| | 19 | @discussion This performs a standard PBKDF2 transformation of password and salt through |
| | 20 | an HMAC PRF of the callers slection (any Digest, typically SHA-1) returning dkLen bytes |
| | 21 | containing the entropy. |
| | 22 | |
| | 23 | Considerations: |
| | 24 | The salt used should be at least 8 bytes long. Each session should use it's own salt. |
| | 25 | We use the password as the key for the HMAC and the running data as the text for the HMAC to make a PRF. |
| | 26 | SHA-1 is a good hash to use for the core of the HMAC PRF. |
| | 27 | @param di digest info defining the digest type to use in the PRF. |
| | 28 | @param passwordLen amount of data to be fed in |
| | 29 | @param password data to be fed into the PBKDF |
| | 30 | @param saltLen length of the salt |
| | 31 | @param salt salt to be used in pbkdf |
| | 32 | @param iterations itrations to go |
| | 33 | @param dkLen length of the results |
| | 34 | @param dk buffer for the results of the PBKDF tranformation, must be dkLen big |
| | 35 | |
| | 36 | */ |
| | 37 | int ccpbkdf2_hmac(const struct ccdigest_info *di, |
| | 38 | unsigned long passwordLen, const void *password, |
| | 39 | unsigned long saltLen, const void *salt, |
| | 40 | unsigned long iterations, |
| | 41 | unsigned long dkLen, void *dk); |
| | 42 | |
| | 43 | #endif /* _CORECRYPTO_CCPBKDF2_H_ */ |
projects / apple / xnu.git / blame_incremental