From 454e45b7c4fece11a7f43ffa412148b4a274c90f Mon Sep 17 00:00:00 2001 From: lloyd Date: Mon, 1 Feb 2010 16:29:38 +0000 Subject: Modify the S2K interface. Instead of being stateful in terms of the salt and iteration count, force it to be passed to each call to derive_key. So remove current_salt, set_iterations, new_random_salt, and change_salt functions from S2K interface. Update examples and test application to match. While I was in there, change the passhash example to use 64 bit salts and 128 bit PBKDF2 outputs. --- doc/examples/encrypt.cpp | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) (limited to 'doc/examples/encrypt.cpp') diff --git a/doc/examples/encrypt.cpp b/doc/examples/encrypt.cpp index f903c2f24..4999fa086 100644 --- a/doc/examples/encrypt.cpp +++ b/doc/examples/encrypt.cpp @@ -125,17 +125,26 @@ int main(int argc, char* argv[]) AutoSeeded_RNG rng; std::auto_ptr s2k(get_s2k("PBKDF2(SHA-1)")); - s2k->set_iterations(8192); - s2k->new_random_salt(rng, 8); - SymmetricKey bc_key = s2k->derive_key(key_len, "BLK" + passphrase); - InitializationVector iv = s2k->derive_key(iv_len, "IVL" + passphrase); - SymmetricKey mac_key = s2k->derive_key(16, "MAC" + passphrase); + SecureVector salt(8); + rng.randomize(&salt[0], salt.size()); + + const u32bit PBKDF2_ITERATIONS = 8192; + + SymmetricKey bc_key = s2k->derive_key(key_len, "BLK" + passphrase, + &salt[0], salt.size(), + PBKDF2_ITERATIONS); + InitializationVector iv = s2k->derive_key(iv_len, "IVL" + passphrase, + &salt[0], salt.size(), + PBKDF2_ITERATIONS); + SymmetricKey mac_key = s2k->derive_key(16, "MAC" + passphrase, + &salt[0], salt.size(), + PBKDF2_ITERATIONS); // Just to be all fancy we even write a (simple) header. out << "-------- ENCRYPTED FILE --------" << std::endl; out << algo << std::endl; - out << b64_encode(s2k->current_salt()) << std::endl; + out << b64_encode(salt) << std::endl; Pipe pipe(new Fork( new Chain(new MAC_Filter("HMAC(SHA-1)", mac_key), -- cgit v1.2.3