Modify the S2K interface. Instead of being stateful in terms of the salt

and iteration count, force it to be passed to each call to derive_key.
So remove current_salt, set_iterations, new_random_salt, and change_salt
functions from S2K interface.

Update examples and test application to match.

While I was in there, change the passhash example to use 64 bit salts
and 128 bit PBKDF2 outputs.

1 files changed, 15 insertions, 5 deletions

diff --git a/doc/examples/decrypt.cpp b/doc/examples/decrypt.cpp
index ebab5d804..de261b5f3 100644
--- a/doc/examples/decrypt.cpp
+++ b/doc/examples/decrypt.cpp
@@ -106,12 +106,22 @@ int main(int argc, char* argv[])
       const u32bit iv_len = block_size_of(algo);
 
       std::auto_ptr<S2K> s2k(get_s2k("PBKDF2(SHA-1)"));
-      s2k->set_iterations(8192);
-      s2k->change_salt(b64_decode(salt_str));
 
-      SymmetricKey bc_key = s2k->derive_key(key_len, "BLK" + passphrase);
-      InitializationVector iv = s2k->derive_key(iv_len, "IVL" + passphrase);
-      SymmetricKey mac_key = s2k->derive_key(16, "MAC" + passphrase);
+      const u32bit PBKDF2_ITERATIONS = 8192;
+
+      SecureVector<byte> salt = b64_decode(salt_str);
+
+      SymmetricKey bc_key = s2k->derive_key(key_len, "BLK" + passphrase,
+                                            &salt[0], salt.size(),
+                                            PBKDF2_ITERATIONS);
+
+      InitializationVector iv = s2k->derive_key(iv_len, "IVL" + passphrase,
+                                                &salt[0], salt.size(),
+                                                PBKDF2_ITERATIONS);
+
+      SymmetricKey mac_key = s2k->derive_key(16, "MAC" + passphrase,
+                                             &salt[0], salt.size(),
+                                             PBKDF2_ITERATIONS);
 
       Pipe pipe(new Base64_Decoder,
                 get_cipher(algo + "/CBC", bc_key, iv, DECRYPTION),