CryptoPkg: Add PKCS5 PBKDF2 interface for password derivation.
Add one new API (Pkcs5HashPassword) to provide PKCS#5 v2.0 PBKDF2 support (Password based encryption key derivation function, specified in RFC 2898). Also update the Cryptest utility to include the new API testing (with the test vector from RFC6070). Cc: Ting Ye <ting.ye@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Qin Long <qin.long@intel.com> Reviewed-by: Ting Ye <ting.ye@intel.com>
This commit is contained in:
@@ -2210,6 +2210,46 @@ X509GetTBSCert (
|
||||
OUT UINTN *TBSCertSize
|
||||
);
|
||||
|
||||
/**
|
||||
Derives a key from a password using a salt and iteration count, based on PKCS#5 v2.0
|
||||
password based encryption key derivation function PBKDF2, as specified in RFC 2898.
|
||||
|
||||
If Password or Salt or OutKey is NULL, then return FALSE.
|
||||
If the hash algorithm could not be determined, then return FALSE.
|
||||
If this interface is not supported, then return FALSE.
|
||||
|
||||
@param[in] PasswordLength Length of input password in bytes.
|
||||
@param[in] Password Pointer to the array for the password.
|
||||
@param[in] SaltLength Size of the Salt in bytes.
|
||||
@param[in] Salt Pointer to the Salt.
|
||||
@param[in] IterationCount Number of iterations to perform. Its value should be
|
||||
greater than or equal to 1.
|
||||
@param[in] DigestSize Size of the message digest to be used (eg. SHA256_DIGEST_SIZE).
|
||||
NOTE: DigestSize will be used to determine the hash algorithm.
|
||||
Only SHA1_DIGEST_SIZE or SHA256_DIGEST_SIZE is supported.
|
||||
@param[in] KeyLength Size of the derived key buffer in bytes.
|
||||
@param[out] OutKey Pointer to the output derived key buffer.
|
||||
|
||||
@retval TRUE A key was derived successfully.
|
||||
@retval FALSE One of the pointers was NULL or one of the sizes was too large.
|
||||
@retval FALSE The hash algorithm could not be determined from the digest size.
|
||||
@retval FALSE The key derivation operation failed.
|
||||
@retval FALSE This interface is not supported.
|
||||
|
||||
**/
|
||||
BOOLEAN
|
||||
EFIAPI
|
||||
Pkcs5HashPassword (
|
||||
IN UINTN PasswordLength,
|
||||
IN CONST CHAR8 *Password,
|
||||
IN UINTN SaltLength,
|
||||
IN CONST UINT8 *Salt,
|
||||
IN UINTN IterationCount,
|
||||
IN UINTN DigestSize,
|
||||
IN UINTN KeyLength,
|
||||
OUT UINT8 *OutKey
|
||||
);
|
||||
|
||||
/**
|
||||
Get the signer's certificates from PKCS#7 signed data as described in "PKCS #7:
|
||||
Cryptographic Message Syntax Standard". The input signed data could be wrapped
|
||||
|
Reference in New Issue
Block a user