Modify the S2K interface. Instead of being stateful in terms of the salt

and iteration count, force it to be passed to each call to derive_key. So remove current_salt, set_iterations, new_random_salt, and change_salt functions from S2K interface. Update examples and test application to match. While I was in there, change the passhash example to use 64 bit salts and 128 bit PBKDF2 outputs.
author: lloyd <[email protected]> 2010-02-01 16:29:38 +0000
committer: lloyd <[email protected]> 2010-02-01 16:29:38 +0000
commit: 454e45b7c4fece11a7f43ffa412148b4a274c90f (patch)
tree: 5ae87c2104fba534548e59fa477d6a5f2f5a5e29 /doc/examples/encrypt.cpp
parent: ae6a404ec14cc3c86a96cd3e5c67c9c23be38147 (diff)
1 files changed, 15 insertions, 6 deletions
diff --git a/doc/examples/encrypt.cpp b/doc/examples/encrypt.cpp
index f903c2f24..4999fa086 100644
--- a/doc/examples/encrypt.cpp
+++ b/doc/examples/encrypt.cpp
@@ -125,17 +125,26 @@ int main(int argc, char* argv[])
       AutoSeeded_RNG rng;
 
       std::auto_ptr<S2K> s2k(get_s2k("PBKDF2(SHA-1)"));
-      s2k->set_iterations(8192);
-      s2k->new_random_salt(rng, 8);
 
-      SymmetricKey bc_key = s2k->derive_key(key_len, "BLK" + passphrase);
-      InitializationVector iv = s2k->derive_key(iv_len, "IVL" + passphrase);
-      SymmetricKey mac_key = s2k->derive_key(16, "MAC" + passphrase);
+      SecureVector<byte> salt(8);
+      rng.randomize(&salt[0], salt.size());
+
+      const u32bit PBKDF2_ITERATIONS = 8192;
+
+      SymmetricKey bc_key = s2k->derive_key(key_len, "BLK" + passphrase,
+                                            &salt[0], salt.size(),
+                                            PBKDF2_ITERATIONS);
+      InitializationVector iv = s2k->derive_key(iv_len, "IVL" + passphrase,
+                                                &salt[0], salt.size(),
+                                                PBKDF2_ITERATIONS);
+      SymmetricKey mac_key = s2k->derive_key(16, "MAC" + passphrase,
+                                             &salt[0], salt.size(),
+                                             PBKDF2_ITERATIONS);
 
       // Just to be all fancy we even write a (simple) header.
       out << "-------- ENCRYPTED FILE --------" << std::endl;
       out << algo << std::endl;
-      out << b64_encode(s2k->current_salt()) << std::endl;
+      out << b64_encode(salt) << std::endl;
 
       Pipe pipe(new Fork(
                    new Chain(new MAC_Filter("HMAC(SHA-1)", mac_key),
author	lloyd <[email protected]>	2010-02-01 16:29:38 +0000
committer	lloyd <[email protected]>	2010-02-01 16:29:38 +0000
commit	454e45b7c4fece11a7f43ffa412148b4a274c90f (patch)
tree	5ae87c2104fba534548e59fa477d6a5f2f5a5e29 /doc/examples/encrypt.cpp
parent	ae6a404ec14cc3c86a96cd3e5c67c9c23be38147 (diff)