xref: /freebsd/secure/lib/libcrypto/man/man3/PKCS5_PBE_keyivgen.3 (revision 06c3fb2749bda94cb5201f81ffdb8fa6c3161b2e) 
 Automatically generated by Pod::Man 4.14 (Pod::Simple 3.42)

 Standard preamble:
 ========================================================================
..

..


..
 Set up some character translations and predefined strings. \*(-- will
 give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
 double quote, and \*(R" will give a right double quote. \*(C+ will
 give a nicer C++. Capital omega is used to do unbreakable dashes and
 therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
 nothing in troff, for use with C<>.
.tr \(*W-
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
. ds C`
. ds C'
'br\}

 Escape single quotes in literal strings from groff's Unicode transform.

 If the F register is >0, we'll generate index entries on stderr for
 titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
 entries marked with X<> in POD. Of course, you'll have to process the
 output yourself in some meaningful fashion.

 Avoid warning from groff about undefined register 'F'.
..
.nr rF 0
. if \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. if !\nF==2 \{\
. nr % 0
. nr F 2
. \}
. \}
.\}
.rr rF
 Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff
. ds #H 0
. ds #V .8m
. ds #F .3m
. ds #[ \f1
. ds #] 
.\}
. ds #H ((1u-(\\\\n(.fu%2u))*.13m)
. ds #V .6m
. ds #F 0
. ds #[ \&
. ds #] \&
.\}
. \" simple accents for nroff and troff
. ds ' \&
. ds ` \&
. ds ^ \&
. ds , \&
. ds ~ ~
. ds /
.\}
. ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
. ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
. ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
. ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
. ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
. ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
.\}
. \" troff and (daisy-wheel) nroff accents
. \" corrections for vroff
. \" for low resolution devices (crt and lpr)
\{\
. ds : e
. ds 8 ss
. ds o a
. ds d- d\h'-1'\(ga
. ds D- D\h'-1'\(hy
. ds th \o'bp'
. ds Th \o'LP'
. ds ae ae
. ds Ae AE
.\}
 ========================================================================

 Title "PKCS5_PBE_KEYIVGEN 3ossl" 
 PKCS5_PBE_KEYIVGEN 3ossl "2023-09-19" "3.0.11" "OpenSSL"
 For nroff, turn off justification. Always turn off hyphenation; it makes
 way too many mistakes in technical documents.
 "NAME"
PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex, PKCS5_pbe2_set, PKCS5_pbe2_set_iv,
PKCS5_pbe2_set_iv_ex, PKCS5_pbe_set, PKCS5_pbe_set_ex, PKCS5_pbe2_set_scrypt,
PKCS5_pbe_set0_algor, PKCS5_pbe_set0_algor_ex,
PKCS5_v2_PBE_keyivgen, PKCS5_v2_PBE_keyivgen_ex,
PKCS5_v2_scrypt_keyivgen, PKCS5_v2_scrypt_keyivgen_ex,
PKCS5_pbkdf2_set, PKCS5_pbkdf2_set_ex, EVP_PBE_scrypt, EVP_PBE_scrypt_ex
\- PKCS#5 Password based encryption routines

 "SYNOPSIS"
 Header "SYNOPSIS" .Vb 1
 #include <openssl/evp.h>
\&
 int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
  ASN1_TYPE *param, const EVP_CIPHER *cipher,
  const EVP_MD *md, int en_de);
 int PKCS5_PBE_keyivgen_ex(EVP_CIPHER_CTX *cctx, const char *pass, int passlen,
  ASN1_TYPE *param, const EVP_CIPHER *cipher,
  const EVP_MD *md, int en_de, OSSL_LIB_CTX *libctx,
  const char *propq);
 int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
  ASN1_TYPE *param, const EVP_CIPHER *cipher,
  const EVP_MD *md, int en_de);
 int PKCS5_v2_PBE_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, int passlen,
  ASN1_TYPE *param, const EVP_CIPHER *cipher,
  const EVP_MD *md, int en_de,
  OSSL_LIB_CTX *libctx, const char *propq);
 int EVP_PBE_scrypt(const char *pass, size_t passlen,
  const unsigned char *salt, size_t saltlen,
  uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
  unsigned char *key, size_t keylen);
 int EVP_PBE_scrypt_ex(const char *pass, size_t passlen,
  const unsigned char *salt, size_t saltlen,
  uint64_t N, uint64_t r, uint64_t p, uint64_t maxmem,
  unsigned char *key, size_t keylen,
  OSSL_LIB_CTX *ctx, const char *propq);
 int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass,
  int passlen, ASN1_TYPE *param,
  const EVP_CIPHER *c, const EVP_MD *md, int en_de);
 int PKCS5_v2_scrypt_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass,
  int passlen, ASN1_TYPE *param,
  const EVP_CIPHER *c, const EVP_MD *md, int en_de,
  OSSL_LIB_CTX *libctx, const char *propq);
\&
 #include <openssl/x509.h>
\&
 int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
  const unsigned char *salt, int saltlen);
 int PKCS5_pbe_set0_algor_ex(X509_ALGOR *algor, int alg, int iter,
  const unsigned char *salt, int saltlen,
  OSSL_LIB_CTX *libctx);
\&
 X509_ALGOR *PKCS5_pbe_set(int alg, int iter,
  const unsigned char *salt, int saltlen);
 X509_ALGOR *PKCS5_pbe_set_ex(int alg, int iter,
  const unsigned char *salt, int saltlen,
  OSSL_LIB_CTX *libctx);
\&
 X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter,
  unsigned char *salt, int saltlen);
 X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter,
  unsigned char *salt, int saltlen,
  unsigned char *aiv, int prf_nid);
 X509_ALGOR *PKCS5_pbe2_set_iv_ex(const EVP_CIPHER *cipher, int iter,
  unsigned char *salt, int saltlen,
  unsigned char *aiv, int prf_nid,
  OSSL_LIB_CTX *libctx);
 X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
  const unsigned char *salt, int saltlen,
  unsigned char *aiv, uint64_t N, uint64_t r,
  uint64_t p);
\&
 X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen,
  int prf_nid, int keylen);
 X509_ALGOR *PKCS5_pbkdf2_set_ex(int iter, unsigned char *salt, int saltlen,
  int prf_nid, int keylen,
  OSSL_LIB_CTX *libctx);
.Ve

 "DESCRIPTION"
 Header "DESCRIPTION" 
 "Key Derivation"
 Subsection "Key Derivation" \fBPKCS5_PBE_keyivgen() and PKCS5_PBE_keyivgen_ex() take a password pass of
length passlen, parameters param and a message digest function md_type
and performs a key derivation according to PKCS#5 \s-1PBES1.\s0 The resulting key is
then used to initialise the cipher context ctx with a cipher cipher for
encryption (en_de=1) or decryption (en_de=0).


\fIpass is an optional parameter and can be \s-1NULL.\s0 If passlen is -1, then the
function will calculate the length of pass using strlen().


\fBPKCS5_v2_PBE_keyivgen() and PKCS5_v2_PBE_keyivgen_ex() are similar to the above
but instead use PKCS#5 \s-1PBES2\s0 as the encryption algorithm using the supplied
parameters.


\fBPKCS5_v2_scrypt_keyivgen() and PKCS5_v2_scrypt_keyivgen_ex() use \s-1SCRYPT\s0 as the
key derivation part of the encryption algorithm.


\fIsalt is the salt used in the derivation of length saltlen. If the
\fIsalt is \s-1NULL,\s0 then saltlen must be 0. The function will not
attempt to calculate the length of the salt because it is not assumed to
be \s-1NULL\s0 terminated.


\fIiter is the iteration count and its value should be greater than or
equal to 1. \s-1RFC 2898\s0 suggests an iteration count of at least 1000. Any
\fIiter less than 1 is treated as a single iteration.


\fIdigest is the message digest function used in the derivation.


Functions ending in _ex() take optional parameters libctx and propq which
are used to select appropriate algorithm implementations.

 "Algorithm Identifier Creation"
 Subsection "Algorithm Identifier Creation" \fBPKCS5_pbe_set(), PKCS5_pbe_set_ex(), PKCS5_pbe2_set(), PKCS5_pbe2_set_iv(),
\fBPKCS5_pbe2_set_iv_ex() and PKCS5_pbe2_set_scrypt() generate an X509_ALGOR
object which represents an AlgorithmIdentifier containing the algorithm \s-1OID\s0 and
associated parameters for the \s-1PBE\s0 algorithm.


\fBPKCS5_pbkdf2_set() and PKCS5_pbkdf2_set_ex() generate an X509_ALGOR
object which represents an AlgorithmIdentifier containing the algorithm \s-1OID\s0 and
associated parameters for the \s-1PBKDF2\s0 algorithm.


\fBPKCS5_pbe_set0_algor() and PKCS5_pbe_set0_algor_ex() set the \s-1PBE\s0 algorithm \s-1OID\s0 and
parameters into the supplied X509_ALGOR.

 "NOTES"
 Header "NOTES" The *_keyivgen() functions are typically used in PKCS#12 to encrypt objects.


These functions make no assumption regarding the given password.
It will simply be treated as a byte sequence.

 "RETURN VALUES"
 Header "RETURN VALUES" \fBPKCS5_PBE_keyivgen(), PKCS5_v2_PBE_keyivgen(),
\fBPKCS5_v2_PBE_keyivgen_ex(), PKCS5_v2_scrypt_keyivgen(),
\fBPKCS5_v2_scrypt_keyivgen_ex(), PKCS5_pbe_set0_algor() and
\fBPKCS5_pbe_set0_algor_ex() return 1 for success and 0 if an error occurs.


\fBPKCS5_pbe_set(), PKCS5_pbe_set_ex(), PKCS5_pbe2_set(), PKCS5_pbe2_set_iv(),
\fBPKCS5_pbe2_set_iv_ex(), PKCS5_pbe2_set_scrypt(),
\fBPKCS5_pbkdf2_set() and PKCS5_pbkdf2_set_ex() return an X509_ALGOR object or
\s-1NULL\s0 if an error occurs.

 "CONFORMING TO"
 Header "CONFORMING TO" \s-1IETF RFC 8018\s0 (<https://tools.ietf.org/html/rfc8018>)

 "SEE ALSO"
 Header "SEE ALSO" \fBEVP_PBE_CipherInit_ex\|(3),
\fBPKCS12_pbe_crypt_ex\|(3),
\fBpassphrase-encoding\|(7)

 "HISTORY"
 Header "HISTORY" \fBPKCS5_v2_PBE_keyivgen_ex(), EVP_PBE_scrypt_ex(), PKCS5_v2_scrypt_keyivgen_ex(),
\fBPKCS5_pbe_set0_algor_ex(), PKCS5_pbe_set_ex(), PKCS5_pbe2_set_iv_ex() and
\fBPKCS5_pbkdf2_set_ex() were added in OpenSSL 3.0.


From OpenSSL 3.0 the \s-1PBKDF1\s0 algorithm used in PKCS5_PBE_keyivgen() and
\fBPKCS5_PBE_keyivgen_ex() has been moved to the legacy provider as an \s-1EVP_KDF.\s0

 "COPYRIGHT"
 Header "COPYRIGHT" Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.


Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file \s-1LICENSE\s0 in the source distribution or at
<https://www.openssl.org/source/license.html>.