diff options
| author | miod <> | 2014-07-11 16:18:14 +0000 |
|---|---|---|
| committer | miod <> | 2014-07-11 16:18:14 +0000 |
| commit | 5237aad1ecb732073cf0d8a7bcc0f2d4863f7c29 (patch) | |
| tree | d06ffa1565a72fd493dbed6024d44e5daa26be91 /src/lib/libcrypto/doc/PKCS5_PBKDF2_HMAC.pod | |
| parent | 594d9dd85584729227e623605bd9948e758cc33e (diff) | |
| download | openbsd-5237aad1ecb732073cf0d8a7bcc0f2d4863f7c29.tar.gz openbsd-5237aad1ecb732073cf0d8a7bcc0f2d4863f7c29.tar.bz2 openbsd-5237aad1ecb732073cf0d8a7bcc0f2d4863f7c29.zip | |
Huge documentation update for libcrypto and libssl, mostly from Matt Caswell,
Jeff Trawick, Jean-Paul Calderone, Michal Bozon, Jeffrey Walton and Rich Salz,
via OpenSSL trunk (with some parts not applying to us, such as SSLv2 support,
at least partially removed).
Diffstat (limited to 'src/lib/libcrypto/doc/PKCS5_PBKDF2_HMAC.pod')
| -rw-r--r-- | src/lib/libcrypto/doc/PKCS5_PBKDF2_HMAC.pod | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/src/lib/libcrypto/doc/PKCS5_PBKDF2_HMAC.pod b/src/lib/libcrypto/doc/PKCS5_PBKDF2_HMAC.pod new file mode 100644 index 0000000000..7a2b8e6187 --- /dev/null +++ b/src/lib/libcrypto/doc/PKCS5_PBKDF2_HMAC.pod | |||
| @@ -0,0 +1,64 @@ | |||
| 1 | =pod | ||
| 2 | |||
| 3 | =head1 NAME | ||
| 4 | |||
| 5 | PKCS5_PBKDF2_HMAC, PKCS5_PBKDF2_HMAC_SHA1 - password based derivation routines with salt and iteration count | ||
| 6 | |||
| 7 | =head1 SYNOPSIS | ||
| 8 | |||
| 9 | #include <openssl/evp.h> | ||
| 10 | |||
| 11 | int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, | ||
| 12 | const unsigned char *salt, int saltlen, int iter, | ||
| 13 | const EVP_MD *digest, | ||
| 14 | int keylen, unsigned char *out); | ||
| 15 | |||
| 16 | int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, | ||
| 17 | const unsigned char *salt, int saltlen, int iter, | ||
| 18 | int keylen, unsigned char *out); | ||
| 19 | |||
| 20 | =head1 DESCRIPTION | ||
| 21 | |||
| 22 | PKCS5_PBKDF2_HMAC() derives a key from a password using a salt and iteration count | ||
| 23 | as specified in RFC 2898. | ||
| 24 | |||
| 25 | B<pass> is the password used in the derivation of length B<passlen>. B<pass> | ||
| 26 | is an optional parameter and can be NULL. If B<passlen> is -1, then the | ||
| 27 | function will calculate the length of B<pass> using strlen(). | ||
| 28 | |||
| 29 | B<salt> is the salt used in the derivation of length B<saltlen>. If the | ||
| 30 | B<salt> is NULL, then B<saltlen> must be 0. The function will not | ||
| 31 | attempt to calculate the length of the B<salt> because it is not assumed to | ||
| 32 | be NULL terminated. | ||
| 33 | |||
| 34 | B<iter> is the iteration count and its value should be greater than or | ||
| 35 | equal to 1. RFC 2898 suggests an iteration count of at least 1000. Any | ||
| 36 | B<iter> less than 1 is treated as a single iteration. | ||
| 37 | |||
| 38 | B<digest> is the message digest function used in the derivation. Values include | ||
| 39 | any of the EVP_* message digests. PKCS5_PBKDF2_HMAC_SHA1() calls | ||
| 40 | PKCS5_PBKDF2_HMAC() with EVP_sha1(). | ||
| 41 | |||
| 42 | The derived key will be written to B<out>. The size of the B<out> buffer | ||
| 43 | is specified via B<keylen>. | ||
| 44 | |||
| 45 | =head1 NOTES | ||
| 46 | |||
| 47 | A typical application of this function is to derive keying material for an | ||
| 48 | encryption algorithm from a password in the B<pass>, a salt in B<salt>, | ||
| 49 | and an iteration count. | ||
| 50 | |||
| 51 | Increasing the B<iter> parameter slows down the algorithm which makes it | ||
| 52 | harder for an attacker to peform a brute force attack using a large number | ||
| 53 | of candidate passwords. | ||
| 54 | |||
| 55 | =head1 RETURN VALUES | ||
| 56 | |||
| 57 | PKCS5_PBKDF2_HMAC() and PBKCS5_PBKDF2_HMAC_SHA1() return 1 on success or 0 on error. | ||
| 58 | |||
| 59 | =head1 SEE ALSO | ||
| 60 | |||
| 61 | L<evp(3)|evp(3)>, L<rand(3)|rand(3)>, | ||
| 62 | L<EVP_BytesToKey(3)|EVP_BytesToKey(3)> | ||
| 63 | |||
| 64 | =cut | ||