aboutsummaryrefslogtreecommitdiffstats
path: root/src/pbkdf
Commit message (Collapse)AuthorAgeFilesLines
* Add new top-level algorithm which provides basic functionality: namelloyd2010-11-012-12/+4
| | | | | | | | query, clearing, and cloning. Applies to ciphers, hashes, MACs, and PBKDFs. May extend to KDFs later as well. A single combined hierarchy in particular will make the algo_factory much simpler.
* Use output_length() instead of OUTPUT_LENGTH pseudo-propertylloyd2010-10-133-5/+5
|
* s/u32bit/size_t/ in pbkdflloyd2010-10-127-31/+31
|
* Use size_t for BufferedComputation::add_datalloyd2010-10-121-1/+1
|
* Remove more implicit vector to pointer conversionslloyd2010-09-142-4/+5
|
* More changes to avoid vector to pointer implicit conversionslloyd2010-09-141-2/+2
|
* Handle the case that container size() returns something other than u32bitlloyd2010-09-141-1/+1
|
* Anywhere where we use MemoryRegion::begin to get access to the raw pointerlloyd2010-09-131-1/+1
| | | | | representation (rather than in an interator context), instead use &buf[0], which works for both MemoryRegion and std::vector
* Turns out OpenSSL's implementation of PBKDF2 allows empty passphrases,lloyd2010-08-211-5/+10
| | | | | | | | | | | | | | | | | so for compatability with keys that were encrypted with an empty passphrase we probably want to support it as well. In PBKDF2, don't reject empty passphrases out of hand; simply call set_key and if the underlying MAC cannot use the key, throw an informative exception. This will also be more helpful in the case that someone tries using another MAC (say, CMAC) with a block cipher that only supports keys of specific sizes. In HMAC, allow zero-length keys. This is not really optimal in the sense of allowing the user to do something dumb, but a 1 byte key would be pretty dumb as well and we already allowed that. Add a test vector using an empty passphrase generated by OpenSSL
* Correct Doxygen commentlloyd2010-08-171-3/+2
|
* Fix Doxygen comment in PBKDF2 constructorlloyd2010-08-131-2/+2
|
* Rename S2K to PBKDF, because that is by far the most common name - S2Klloyd2010-07-0911-0/+406
really is only used by OpenPGP, and largely it was named S2K here because the OpenPGP S2K was implemented years before the ones in PKCS #5. We have a typedef of PBKDF to S2K, and an inlined get_s2k that calls get_pbkdf for source compatability. There doesn't seem to be any reason to have a forward for the renamed s2k.h header - to actually use a PBKDF, you'd have to either include lookup.h and call get_s2k / get_pbkdf, or else include an algorithm-specific header and use it directly. In either case, including s2k.h is neither necessary nor sufficient.