[thirdparty/openssl.git] / doc / man3 / PKCS5_PBKDF2_HMAC.pod

=pod

=head1 NAME

PKCS5_PBKDF2_HMAC, PKCS5_PBKDF2_HMAC_SHA1 - password based derivation routines with salt and iteration count

=head1 SYNOPSIS

 #include <openssl/evp.h>

 int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
                       const unsigned char *salt, int saltlen, int iter,
                       const EVP_MD *digest,
                       int keylen, unsigned char *out);

 int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
                            const unsigned char *salt, int saltlen, int iter,
                            int keylen, unsigned char *out);

=head1 DESCRIPTION

PKCS5_PBKDF2_HMAC() derives a key from a password using a salt and iteration count
as specified in RFC 2898.

B<pass> is the password used in the derivation of length B<passlen>. B<pass>
is an optional parameter and can be NULL. If B<passlen> is -1, then the
function will calculate the length of B<pass> using strlen().

B<salt> is the salt used in the derivation of length B<saltlen>. If the
B<salt> is NULL, then B<saltlen> must be 0. The function will not
attempt to calculate the length of the B<salt> because it is not assumed to
be NULL terminated.

B<iter> is the iteration count and its value should be greater than or
equal to 1. RFC 2898 suggests an iteration count of at least 1000. Any
B<iter> less than 1 is treated as a single iteration.

B<digest> is the message digest function used in the derivation. Values include
any of the EVP_* message digests. PKCS5_PBKDF2_HMAC_SHA1() calls
PKCS5_PBKDF2_HMAC() with EVP_sha1().

The derived key will be written to B<out>. The size of the B<out> buffer
is specified via B<keylen>.

=head1 NOTES

A typical application of this function is to derive keying material for an
encryption algorithm from a password in the B<pass>, a salt in B<salt>,
and an iteration count.

Increasing the B<iter> parameter slows down the algorithm which makes it
harder for an attacker to perform a brute force attack using a large number
of candidate passwords.

These functions make no assumption regarding the given password.
It will simply be treated as a byte sequence.

=head1 RETURN VALUES

PKCS5_PBKDF2_HMAC() and PBKCS5_PBKDF2_HMAC_SHA1() return 1 on success or 0 on error.

=head1 SEE ALSO

L<evp(7)>, L<RAND_bytes(3)>,
L<EVP_BytesToKey(3)>,
L<passphrase-encoding(7)>

=head1 COPYRIGHT

Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
6bcc4475 MC	1	=pod
	2
	3	=head1 NAME
	4
b5450d63	5	PKCS5_PBKDF2_HMAC, PKCS5_PBKDF2_HMAC_SHA1 - password based derivation routines with salt and iteration count
6bcc4475 MC	6
	7	=head1 SYNOPSIS
	8
	9	#include <openssl/evp.h>
	10
	11	int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
	12	const unsigned char *salt, int saltlen, int iter,
	13	const EVP_MD *digest,
	14	int keylen, unsigned char *out);
	15
e9b77246 BB	16	int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
	17	const unsigned char *salt, int saltlen, int iter,
	18	int keylen, unsigned char *out);
b5450d63	19
6bcc4475 MC	20	=head1 DESCRIPTION
	21
	22	PKCS5_PBKDF2_HMAC() derives a key from a password using a salt and iteration count
	23	as specified in RFC 2898.
	24
	25	B<pass> is the password used in the derivation of length B<passlen>. B<pass>
	26	is an optional parameter and can be NULL. If B<passlen> is -1, then the
	27	function will calculate the length of B<pass> using strlen().
	28
	29	B<salt> is the salt used in the derivation of length B<saltlen>. If the
	30	B<salt> is NULL, then B<saltlen> must be 0. The function will not
b5450d63	31	attempt to calculate the length of the B<salt> because it is not assumed to
6bcc4475 MC	32	be NULL terminated.
6bcc4475 MC	33
1bc74519	34	B<iter> is the iteration count and its value should be greater than or
6bcc4475 MC	35	equal to 1. RFC 2898 suggests an iteration count of at least 1000. Any
	36	B<iter> less than 1 is treated as a single iteration.
	37
b5450d63	38	B<digest> is the message digest function used in the derivation. Values include
6bcc4475 MC	39	any of the EVP_* message digests. PKCS5_PBKDF2_HMAC_SHA1() calls
	40	PKCS5_PBKDF2_HMAC() with EVP_sha1().
	41
	42	The derived key will be written to B<out>. The size of the B<out> buffer
	43	is specified via B<keylen>.
	44
	45	=head1 NOTES
	46
	47	A typical application of this function is to derive keying material for an
	48	encryption algorithm from a password in the B<pass>, a salt in B<salt>,
	49	and an iteration count.
	50
	51	Increasing the B<iter> parameter slows down the algorithm which makes it
186bb907	52	harder for an attacker to perform a brute force attack using a large number
6bcc4475 MC	53	of candidate passwords.
6bcc4475 MC	54
84814344 RL	55	These functions make no assumption regarding the given password.
	56	It will simply be treated as a byte sequence.
	57
6bcc4475 MC	58	=head1 RETURN VALUES
6bcc4475 MC	59
b5450d63	60	PKCS5_PBKDF2_HMAC() and PBKCS5_PBKDF2_HMAC_SHA1() return 1 on success or 0 on error.
6bcc4475 MC	61
	62	=head1 SEE ALSO
	63
b97fdb57	64	L<evp(7)>, L<RAND_bytes(3)>,
84814344 RL	65	L<EVP_BytesToKey(3)>,
84814344 RL	66	L<passphrase-encoding(7)>
6bcc4475	67
e2f92610 RS	68	=head1 COPYRIGHT
e2f92610 RS	69
83cf7abf	70	Copyright 2014-2018 The OpenSSL Project Authors. All Rights Reserved.
e2f92610	71
4746f25a	72	Licensed under the Apache License 2.0 (the "License"). You may not use
e2f92610 RS	73	this file except in compliance with the License. You can obtain a copy
	74	in the file LICENSE in the source distribution or at
	75	L<https://www.openssl.org/source/license.html>.
	76
	77	=cut