📁 File Manager Pro
v10.0.3 | PHP: 8.1.34
Server: Apache
2026-06-22 12:04:30
📂
/ (Root)
/
opt
/
alt
/
ruby21
/
share
/
doc
/
ruby
/
capi
/
html
/
db
/
dbf
📍 /opt/alt/ruby21/share/doc/ruby/capi/html/db/dbf
🔄 Refresh
✏️
Editing: ossl__pkcs5_8c_source.html
Read Only
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/> <meta http-equiv="X-UA-Compatible" content="IE=9"/> <meta name="generator" content="Doxygen 1.8.14"/> <meta name="viewport" content="width=device-width, initial-scale=1"/> <title>Ruby: ext/openssl/ossl_pkcs5.c Source File</title> <link href="../../tabs.css" rel="stylesheet" type="text/css"/> <script type="text/javascript" src="../../jquery.js"></script> <script type="text/javascript" src="../../dynsections.js"></script> <link href="../../doxygen.css" rel="stylesheet" type="text/css" /> </head> <body> <div id="top"><!-- do not remove this div, it is closed by doxygen! --> <div id="titlearea"> <table cellspacing="0" cellpadding="0"> <tbody> <tr style="height: 56px;"> <td id="projectalign" style="padding-left: 0.5em;"> <div id="projectname">Ruby  <span id="projectnumber">2.1.10p492(2016-04-01revision54464)</span> </div> </td> </tr> </tbody> </table> </div> <!-- end header part --> <!-- Generated by Doxygen 1.8.14 --> <script type="text/javascript" src="../../menudata.js"></script> <script type="text/javascript" src="../../menu.js"></script> <script type="text/javascript"> /* @license magnet:?xt=urn:btih:cf05388f2679ee054f2beb29a391d25f4e673ac3&dn=gpl-2.0.txt GPL-v2 */ $(function() { initMenu('../../',false,false,'search.php','Search'); }); /* @license-end */</script> <div id="main-nav"></div> <div id="nav-path" class="navpath"> <ul> <li class="navelem"><a class="el" href="../../dir_31cedd4509e06940f559c1ca2f722e02.html">ext</a></li><li class="navelem"><a class="el" href="../../dir_64db7e4e7eda6525bb8a667fe79df7d6.html">openssl</a></li> </ul> </div> </div><!-- top --> <div class="header"> <div class="headertitle"> <div class="title">ossl_pkcs5.c</div> </div> </div><!--header--> <div class="contents"> <a href="../../db/dbf/ossl__pkcs5_8c.html">Go to the documentation of this file.</a><div class="fragment"><div class="line"><a name="l00001"></a><span class="lineno"> 1</span> <span class="comment">/*</span></div><div class="line"><a name="l00002"></a><span class="lineno"> 2</span> <span class="comment"> * $Id$</span></div><div class="line"><a name="l00003"></a><span class="lineno"> 3</span> <span class="comment"> * Copyright (C) 2007 Technorama Ltd. <oss-ruby@technorama.net></span></div><div class="line"><a name="l00004"></a><span class="lineno"> 4</span> <span class="comment"> */</span></div><div class="line"><a name="l00005"></a><span class="lineno"> 5</span> <span class="preprocessor">#include "<a class="code" href="../../d5/dac/ossl_8h.html">ossl.h</a>"</span></div><div class="line"><a name="l00006"></a><span class="lineno"> 6</span> </div><div class="line"><a name="l00007"></a><span class="lineno"><a class="line" href="../../db/dbf/ossl__pkcs5_8c.html#a8cee99f5acd04b93e2318317f563db13"> 7</a></span> <a class="code" href="../../de/de6/ruby_2ruby_8h.html#a3c1d4bfc6a81af60bdcb48744c35f760">VALUE</a> <a class="code" href="../../db/dbf/ossl__pkcs5_8c.html#a8cee99f5acd04b93e2318317f563db13">mPKCS5</a>;</div><div class="line"><a name="l00008"></a><span class="lineno"><a class="line" href="../../db/dbf/ossl__pkcs5_8c.html#a5ac9ab75bc232f65277a4a87038b2ee6"> 8</a></span> <a class="code" href="../../de/de6/ruby_2ruby_8h.html#a3c1d4bfc6a81af60bdcb48744c35f760">VALUE</a> <a class="code" href="../../db/dbf/ossl__pkcs5_8c.html#a5ac9ab75bc232f65277a4a87038b2ee6">ePKCS5</a>;</div><div class="line"><a name="l00009"></a><span class="lineno"> 9</span> </div><div class="line"><a name="l00010"></a><span class="lineno"> 10</span> <span class="preprocessor">#ifdef HAVE_PKCS5_PBKDF2_HMAC</span></div><div class="line"><a name="l00011"></a><span class="lineno"> 11</span> <span class="comment">/*</span></div><div class="line"><a name="l00012"></a><span class="lineno"> 12</span> <span class="comment"> * call-seq:</span></div><div class="line"><a name="l00013"></a><span class="lineno"> 13</span> <span class="comment"> * PKCS5.pbkdf2_hmac(pass, salt, iter, keylen, digest) => string</span></div><div class="line"><a name="l00014"></a><span class="lineno"> 14</span> <span class="comment"> *</span></div><div class="line"><a name="l00015"></a><span class="lineno"> 15</span> <span class="comment"> * === Parameters</span></div><div class="line"><a name="l00016"></a><span class="lineno"> 16</span> <span class="comment"> * * +pass+ - string</span></div><div class="line"><a name="l00017"></a><span class="lineno"> 17</span> <span class="comment"> * * +salt+ - string - should be at least 8 bytes long.</span></div><div class="line"><a name="l00018"></a><span class="lineno"> 18</span> <span class="comment"> * * +iter+ - integer - should be greater than 1000. 20000 is better.</span></div><div class="line"><a name="l00019"></a><span class="lineno"> 19</span> <span class="comment"> * * +keylen+ - integer</span></div><div class="line"><a name="l00020"></a><span class="lineno"> 20</span> <span class="comment"> * * +digest+ - a string or OpenSSL::Digest object.</span></div><div class="line"><a name="l00021"></a><span class="lineno"> 21</span> <span class="comment"> *</span></div><div class="line"><a name="l00022"></a><span class="lineno"> 22</span> <span class="comment"> * Available in OpenSSL 0.9.4.</span></div><div class="line"><a name="l00023"></a><span class="lineno"> 23</span> <span class="comment"> *</span></div><div class="line"><a name="l00024"></a><span class="lineno"> 24</span> <span class="comment"> * Digests other than SHA1 may not be supported by other cryptography libraries.</span></div><div class="line"><a name="l00025"></a><span class="lineno"> 25</span> <span class="comment"> */</span></div><div class="line"><a name="l00026"></a><span class="lineno"> 26</span> <span class="keyword">static</span> <a class="code" href="../../de/de6/ruby_2ruby_8h.html#a3c1d4bfc6a81af60bdcb48744c35f760">VALUE</a></div><div class="line"><a name="l00027"></a><span class="lineno"> 27</span> <a class="code" href="../../db/dbf/ossl__pkcs5_8c.html#a667d3a62e9820839e74af8cb82b80c0a">ossl_pkcs5_pbkdf2_hmac</a>(<a class="code" href="../../de/de6/ruby_2ruby_8h.html#a3c1d4bfc6a81af60bdcb48744c35f760">VALUE</a> <span class="keyword">self</span>, <a class="code" href="../../de/de6/ruby_2ruby_8h.html#a3c1d4bfc6a81af60bdcb48744c35f760">VALUE</a> pass, <a class="code" href="../../de/de6/ruby_2ruby_8h.html#a3c1d4bfc6a81af60bdcb48744c35f760">VALUE</a> salt, <a class="code" href="../../de/de6/ruby_2ruby_8h.html#a3c1d4bfc6a81af60bdcb48744c35f760">VALUE</a> iter, <a class="code" href="../../de/de6/ruby_2ruby_8h.html#a3c1d4bfc6a81af60bdcb48744c35f760">VALUE</a> keylen, <a class="code" href="../../de/de6/ruby_2ruby_8h.html#a3c1d4bfc6a81af60bdcb48744c35f760">VALUE</a> digest)</div><div class="line"><a name="l00028"></a><span class="lineno"> 28</span> {</div><div class="line"><a name="l00029"></a><span class="lineno"> 29</span>  <a class="code" href="../../de/de6/ruby_2ruby_8h.html#a3c1d4bfc6a81af60bdcb48744c35f760">VALUE</a> str;</div><div class="line"><a name="l00030"></a><span class="lineno"> 30</span>  <span class="keyword">const</span> EVP_MD *md;</div><div class="line"><a name="l00031"></a><span class="lineno"> 31</span>  <span class="keywordtype">int</span> len = <a class="code" href="../../de/de6/ruby_2ruby_8h.html#a877c38180d23c5447d976c70dda89d69">NUM2INT</a>(keylen);</div><div class="line"><a name="l00032"></a><span class="lineno"> 32</span> </div><div class="line"><a name="l00033"></a><span class="lineno"> 33</span>  <a class="code" href="../../de/de6/ruby_2ruby_8h.html#a0e80f207eb41e9010ec9f0f5f9419fea">StringValue</a>(pass);</div><div class="line"><a name="l00034"></a><span class="lineno"> 34</span>  <a class="code" href="../../de/de6/ruby_2ruby_8h.html#a0e80f207eb41e9010ec9f0f5f9419fea">StringValue</a>(salt);</div><div class="line"><a name="l00035"></a><span class="lineno"> 35</span>  md = <a class="code" href="../../d3/d99/ossl__digest_8c.html#a760b89840317c7c4920f209db9cf12f2">GetDigestPtr</a>(digest);</div><div class="line"><a name="l00036"></a><span class="lineno"> 36</span> </div><div class="line"><a name="l00037"></a><span class="lineno"> 37</span>  str = <a class="code" href="../../db/d2e/intern_8h.html#a48b2b873adb8b6a04254bd631c4b03c5">rb_str_new</a>(0, len);</div><div class="line"><a name="l00038"></a><span class="lineno"> 38</span> </div><div class="line"><a name="l00039"></a><span class="lineno"> 39</span>  <span class="keywordflow">if</span> (PKCS5_PBKDF2_HMAC(<a class="code" href="../../de/de6/ruby_2ruby_8h.html#a3f0e4e2b6d073369cc1c2ddde00b13bb">RSTRING_PTR</a>(pass), <a class="code" href="../../de/de6/ruby_2ruby_8h.html#a5133348f689646af76f8fe8e0af547f5">RSTRING_LENINT</a>(pass),</div><div class="line"><a name="l00040"></a><span class="lineno"> 40</span>  (<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *)<a class="code" href="../../de/de6/ruby_2ruby_8h.html#a3f0e4e2b6d073369cc1c2ddde00b13bb">RSTRING_PTR</a>(salt), <a class="code" href="../../de/de6/ruby_2ruby_8h.html#a5133348f689646af76f8fe8e0af547f5">RSTRING_LENINT</a>(salt),</div><div class="line"><a name="l00041"></a><span class="lineno"> 41</span>  <a class="code" href="../../de/de6/ruby_2ruby_8h.html#a877c38180d23c5447d976c70dda89d69">NUM2INT</a>(iter), md, len,</div><div class="line"><a name="l00042"></a><span class="lineno"> 42</span>  (<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *)<a class="code" href="../../de/de6/ruby_2ruby_8h.html#a3f0e4e2b6d073369cc1c2ddde00b13bb">RSTRING_PTR</a>(str)) != 1)</div><div class="line"><a name="l00043"></a><span class="lineno"> 43</span>  <a class="code" href="../../d4/d3c/ossl_8c.html#abdd6427ac56d2ded08a03d234b4ffc23">ossl_raise</a>(<a class="code" href="../../db/dbf/ossl__pkcs5_8c.html#a5ac9ab75bc232f65277a4a87038b2ee6">ePKCS5</a>, <span class="stringliteral">"PKCS5_PBKDF2_HMAC"</span>);</div><div class="line"><a name="l00044"></a><span class="lineno"> 44</span> </div><div class="line"><a name="l00045"></a><span class="lineno"> 45</span>  <span class="keywordflow">return</span> str;</div><div class="line"><a name="l00046"></a><span class="lineno"> 46</span> }</div><div class="line"><a name="l00047"></a><span class="lineno"> 47</span> <span class="preprocessor">#else</span></div><div class="line"><a name="l00048"></a><span class="lineno"><a class="line" href="../../db/dbf/ossl__pkcs5_8c.html#a667d3a62e9820839e74af8cb82b80c0a"> 48</a></span> <span class="preprocessor">#define ossl_pkcs5_pbkdf2_hmac rb_f_notimplement</span></div><div class="line"><a name="l00049"></a><span class="lineno"> 49</span> <span class="preprocessor">#endif</span></div><div class="line"><a name="l00050"></a><span class="lineno"> 50</span> </div><div class="line"><a name="l00051"></a><span class="lineno"> 51</span> </div><div class="line"><a name="l00052"></a><span class="lineno"> 52</span> <span class="preprocessor">#ifdef HAVE_PKCS5_PBKDF2_HMAC_SHA1</span></div><div class="line"><a name="l00053"></a><span class="lineno"> 53</span> <span class="comment">/*</span></div><div class="line"><a name="l00054"></a><span class="lineno"> 54</span> <span class="comment"> * call-seq:</span></div><div class="line"><a name="l00055"></a><span class="lineno"> 55</span> <span class="comment"> * PKCS5.pbkdf2_hmac_sha1(pass, salt, iter, keylen) => string</span></div><div class="line"><a name="l00056"></a><span class="lineno"> 56</span> <span class="comment"> *</span></div><div class="line"><a name="l00057"></a><span class="lineno"> 57</span> <span class="comment"> * === Parameters</span></div><div class="line"><a name="l00058"></a><span class="lineno"> 58</span> <span class="comment"> * * +pass+ - string</span></div><div class="line"><a name="l00059"></a><span class="lineno"> 59</span> <span class="comment"> * * +salt+ - string - should be at least 8 bytes long.</span></div><div class="line"><a name="l00060"></a><span class="lineno"> 60</span> <span class="comment"> * * +iter+ - integer - should be greater than 1000. 20000 is better.</span></div><div class="line"><a name="l00061"></a><span class="lineno"> 61</span> <span class="comment"> * * +keylen+ - integer</span></div><div class="line"><a name="l00062"></a><span class="lineno"> 62</span> <span class="comment"> *</span></div><div class="line"><a name="l00063"></a><span class="lineno"> 63</span> <span class="comment"> * This method is available in almost any version of OpenSSL.</span></div><div class="line"><a name="l00064"></a><span class="lineno"> 64</span> <span class="comment"> *</span></div><div class="line"><a name="l00065"></a><span class="lineno"> 65</span> <span class="comment"> * Conforms to rfc2898.</span></div><div class="line"><a name="l00066"></a><span class="lineno"> 66</span> <span class="comment"> */</span></div><div class="line"><a name="l00067"></a><span class="lineno"> 67</span> <span class="keyword">static</span> <a class="code" href="../../de/de6/ruby_2ruby_8h.html#a3c1d4bfc6a81af60bdcb48744c35f760">VALUE</a></div><div class="line"><a name="l00068"></a><span class="lineno"> 68</span> <a class="code" href="../../db/dbf/ossl__pkcs5_8c.html#a409b7a17e4755565136d78fdf2e89e05">ossl_pkcs5_pbkdf2_hmac_sha1</a>(<a class="code" href="../../de/de6/ruby_2ruby_8h.html#a3c1d4bfc6a81af60bdcb48744c35f760">VALUE</a> <span class="keyword">self</span>, <a class="code" href="../../de/de6/ruby_2ruby_8h.html#a3c1d4bfc6a81af60bdcb48744c35f760">VALUE</a> pass, <a class="code" href="../../de/de6/ruby_2ruby_8h.html#a3c1d4bfc6a81af60bdcb48744c35f760">VALUE</a> salt, <a class="code" href="../../de/de6/ruby_2ruby_8h.html#a3c1d4bfc6a81af60bdcb48744c35f760">VALUE</a> iter, <a class="code" href="../../de/de6/ruby_2ruby_8h.html#a3c1d4bfc6a81af60bdcb48744c35f760">VALUE</a> keylen)</div><div class="line"><a name="l00069"></a><span class="lineno"> 69</span> {</div><div class="line"><a name="l00070"></a><span class="lineno"> 70</span>  <a class="code" href="../../de/de6/ruby_2ruby_8h.html#a3c1d4bfc6a81af60bdcb48744c35f760">VALUE</a> str;</div><div class="line"><a name="l00071"></a><span class="lineno"> 71</span>  <span class="keywordtype">int</span> len = <a class="code" href="../../de/de6/ruby_2ruby_8h.html#a877c38180d23c5447d976c70dda89d69">NUM2INT</a>(keylen);</div><div class="line"><a name="l00072"></a><span class="lineno"> 72</span> </div><div class="line"><a name="l00073"></a><span class="lineno"> 73</span>  <a class="code" href="../../de/de6/ruby_2ruby_8h.html#a0e80f207eb41e9010ec9f0f5f9419fea">StringValue</a>(pass);</div><div class="line"><a name="l00074"></a><span class="lineno"> 74</span>  <a class="code" href="../../de/de6/ruby_2ruby_8h.html#a0e80f207eb41e9010ec9f0f5f9419fea">StringValue</a>(salt);</div><div class="line"><a name="l00075"></a><span class="lineno"> 75</span> </div><div class="line"><a name="l00076"></a><span class="lineno"> 76</span>  str = <a class="code" href="../../db/d2e/intern_8h.html#a48b2b873adb8b6a04254bd631c4b03c5">rb_str_new</a>(0, len);</div><div class="line"><a name="l00077"></a><span class="lineno"> 77</span> </div><div class="line"><a name="l00078"></a><span class="lineno"> 78</span>  <span class="keywordflow">if</span> (PKCS5_PBKDF2_HMAC_SHA1(<a class="code" href="../../de/de6/ruby_2ruby_8h.html#a3f0e4e2b6d073369cc1c2ddde00b13bb">RSTRING_PTR</a>(pass), <a class="code" href="../../de/de6/ruby_2ruby_8h.html#a5133348f689646af76f8fe8e0af547f5">RSTRING_LENINT</a>(pass),</div><div class="line"><a name="l00079"></a><span class="lineno"> 79</span>  (<span class="keyword">const</span> <span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *)<a class="code" href="../../de/de6/ruby_2ruby_8h.html#a3f0e4e2b6d073369cc1c2ddde00b13bb">RSTRING_PTR</a>(salt), <a class="code" href="../../de/de6/ruby_2ruby_8h.html#a5133348f689646af76f8fe8e0af547f5">RSTRING_LENINT</a>(salt), <a class="code" href="../../de/de6/ruby_2ruby_8h.html#a877c38180d23c5447d976c70dda89d69">NUM2INT</a>(iter),</div><div class="line"><a name="l00080"></a><span class="lineno"> 80</span>  len, (<span class="keywordtype">unsigned</span> <span class="keywordtype">char</span> *)<a class="code" href="../../de/de6/ruby_2ruby_8h.html#a3f0e4e2b6d073369cc1c2ddde00b13bb">RSTRING_PTR</a>(str)) != 1)</div><div class="line"><a name="l00081"></a><span class="lineno"> 81</span>  <a class="code" href="../../d4/d3c/ossl_8c.html#abdd6427ac56d2ded08a03d234b4ffc23">ossl_raise</a>(<a class="code" href="../../db/dbf/ossl__pkcs5_8c.html#a5ac9ab75bc232f65277a4a87038b2ee6">ePKCS5</a>, <span class="stringliteral">"PKCS5_PBKDF2_HMAC_SHA1"</span>);</div><div class="line"><a name="l00082"></a><span class="lineno"> 82</span> </div><div class="line"><a name="l00083"></a><span class="lineno"> 83</span>  <span class="keywordflow">return</span> str;</div><div class="line"><a name="l00084"></a><span class="lineno"> 84</span> }</div><div class="line"><a name="l00085"></a><span class="lineno"> 85</span> <span class="preprocessor">#else</span></div><div class="line"><a name="l00086"></a><span class="lineno"><a class="line" href="../../db/dbf/ossl__pkcs5_8c.html#a409b7a17e4755565136d78fdf2e89e05"> 86</a></span> <span class="preprocessor">#define ossl_pkcs5_pbkdf2_hmac_sha1 rb_f_notimplement</span></div><div class="line"><a name="l00087"></a><span class="lineno"> 87</span> <span class="preprocessor">#endif</span></div><div class="line"><a name="l00088"></a><span class="lineno"> 88</span> </div><div class="line"><a name="l00089"></a><span class="lineno"> 89</span> <span class="keywordtype">void</span></div><div class="line"><a name="l00090"></a><span class="lineno"><a class="line" href="../../d3/d7c/ossl__pkcs5_8h.html#afcef9c906e02ec93a2a68a066625379e"> 90</a></span> <a class="code" href="../../db/dbf/ossl__pkcs5_8c.html#a516fb8b2f95b7508cd3d22b98223396b">Init_ossl_pkcs5</a>()</div><div class="line"><a name="l00091"></a><span class="lineno"> 91</span> {</div><div class="line"><a name="l00092"></a><span class="lineno"> 92</span>  <span class="comment">/*</span></div><div class="line"><a name="l00093"></a><span class="lineno"> 93</span> <span class="comment"> * Password-based Encryption</span></div><div class="line"><a name="l00094"></a><span class="lineno"> 94</span> <span class="comment"> *</span></div><div class="line"><a name="l00095"></a><span class="lineno"> 95</span> <span class="comment"> */</span></div><div class="line"><a name="l00096"></a><span class="lineno"> 96</span> </div><div class="line"><a name="l00097"></a><span class="lineno"> 97</span> <span class="preprocessor"> #if 0</span></div><div class="line"><a name="l00098"></a><span class="lineno"> 98</span>  <a class="code" href="../../d4/d3c/ossl_8c.html#a19a5e8aeedd7c99b95bb894a7663fcb9">mOSSL</a> = <a class="code" href="../../de/ddf/group__class.html#ga911071d40f9312e49a774ea0e1b12869">rb_define_module</a>(<span class="stringliteral">"OpenSSL"</span>); <span class="comment">/* let rdoc know about mOSSL */</span></div><div class="line"><a name="l00099"></a><span class="lineno"> 99</span> <span class="preprocessor"> #endif</span></div><div class="line"><a name="l00100"></a><span class="lineno"> 100</span> </div><div class="line"><a name="l00101"></a><span class="lineno"> 101</span>  <span class="comment">/* Document-class: OpenSSL::PKCS5</span></div><div class="line"><a name="l00102"></a><span class="lineno"> 102</span> <span class="comment"> *</span></div><div class="line"><a name="l00103"></a><span class="lineno"> 103</span> <span class="comment"> * Provides password-based encryption functionality based on PKCS#5.</span></div><div class="line"><a name="l00104"></a><span class="lineno"> 104</span> <span class="comment"> * Typically used for securely deriving arbitrary length symmetric keys</span></div><div class="line"><a name="l00105"></a><span class="lineno"> 105</span> <span class="comment"> * to be used with an OpenSSL::Cipher from passwords. Another use case</span></div><div class="line"><a name="l00106"></a><span class="lineno"> 106</span> <span class="comment"> * is for storing passwords: Due to the ability to tweak the effort of</span></div><div class="line"><a name="l00107"></a><span class="lineno"> 107</span> <span class="comment"> * computation by increasing the iteration count, computation can be</span></div><div class="line"><a name="l00108"></a><span class="lineno"> 108</span> <span class="comment"> * slowed down artificially in order to render possible attacks infeasible.</span></div><div class="line"><a name="l00109"></a><span class="lineno"> 109</span> <span class="comment"> *</span></div><div class="line"><a name="l00110"></a><span class="lineno"> 110</span> <span class="comment"> * PKCS5 offers support for PBKDF2 with an OpenSSL::Digest::SHA1-based</span></div><div class="line"><a name="l00111"></a><span class="lineno"> 111</span> <span class="comment"> * HMAC, or an arbitrary Digest if the underlying version of OpenSSL</span></div><div class="line"><a name="l00112"></a><span class="lineno"> 112</span> <span class="comment"> * already supports it (>= 0.9.4).</span></div><div class="line"><a name="l00113"></a><span class="lineno"> 113</span> <span class="comment"> *</span></div><div class="line"><a name="l00114"></a><span class="lineno"> 114</span> <span class="comment"> * === Parameters</span></div><div class="line"><a name="l00115"></a><span class="lineno"> 115</span> <span class="comment"> * ==== Password</span></div><div class="line"><a name="l00116"></a><span class="lineno"> 116</span> <span class="comment"> * Typically an arbitrary String that represents the password to be used</span></div><div class="line"><a name="l00117"></a><span class="lineno"> 117</span> <span class="comment"> * for deriving a key.</span></div><div class="line"><a name="l00118"></a><span class="lineno"> 118</span> <span class="comment"> * ==== Salt</span></div><div class="line"><a name="l00119"></a><span class="lineno"> 119</span> <span class="comment"> * Prevents attacks based on dictionaries of common passwords. It is a</span></div><div class="line"><a name="l00120"></a><span class="lineno"> 120</span> <span class="comment"> * public value that can be safely stored along with the password (e.g.</span></div><div class="line"><a name="l00121"></a><span class="lineno"> 121</span> <span class="comment"> * if PBKDF2 is used for password storage). For maximum security, a fresh,</span></div><div class="line"><a name="l00122"></a><span class="lineno"> 122</span> <span class="comment"> * random salt should be generated for each stored password. According</span></div><div class="line"><a name="l00123"></a><span class="lineno"> 123</span> <span class="comment"> * to PKCS#5, a salt should be at least 8 bytes long.</span></div><div class="line"><a name="l00124"></a><span class="lineno"> 124</span> <span class="comment"> * ==== Iteration Count</span></div><div class="line"><a name="l00125"></a><span class="lineno"> 125</span> <span class="comment"> * Allows to tweak the length that the actual computation will take. The</span></div><div class="line"><a name="l00126"></a><span class="lineno"> 126</span> <span class="comment"> * larger the iteration count, the longer it will take.</span></div><div class="line"><a name="l00127"></a><span class="lineno"> 127</span> <span class="comment"> * ==== Key Length</span></div><div class="line"><a name="l00128"></a><span class="lineno"> 128</span> <span class="comment"> * Specifies the length in bytes of the output that will be generated.</span></div><div class="line"><a name="l00129"></a><span class="lineno"> 129</span> <span class="comment"> * Typically, the key length should be larger than or equal to the output</span></div><div class="line"><a name="l00130"></a><span class="lineno"> 130</span> <span class="comment"> * length of the underlying digest function, otherwise an attacker could</span></div><div class="line"><a name="l00131"></a><span class="lineno"> 131</span> <span class="comment"> * simply try to brute-force the key. According to PKCS#5, security is</span></div><div class="line"><a name="l00132"></a><span class="lineno"> 132</span> <span class="comment"> * limited by the output length of the underlying digest function, i.e.</span></div><div class="line"><a name="l00133"></a><span class="lineno"> 133</span> <span class="comment"> * security is not improved if a key length strictly larger than the</span></div><div class="line"><a name="l00134"></a><span class="lineno"> 134</span> <span class="comment"> * digest output length is chosen. Therefore, when using PKCS5 for</span></div><div class="line"><a name="l00135"></a><span class="lineno"> 135</span> <span class="comment"> * password storage, it suffices to store values equal to the digest</span></div><div class="line"><a name="l00136"></a><span class="lineno"> 136</span> <span class="comment"> * output length, nothing is gained by storing larger values.</span></div><div class="line"><a name="l00137"></a><span class="lineno"> 137</span> <span class="comment"> *</span></div><div class="line"><a name="l00138"></a><span class="lineno"> 138</span> <span class="comment"> * == Examples</span></div><div class="line"><a name="l00139"></a><span class="lineno"> 139</span> <span class="comment"> * === Generating a 128 bit key for a Cipher (e.g. AES)</span></div><div class="line"><a name="l00140"></a><span class="lineno"> 140</span> <span class="comment"> * pass = "secret"</span></div><div class="line"><a name="l00141"></a><span class="lineno"> 141</span> <span class="comment"> * salt = OpenSSL::Random.random_bytes(16)</span></div><div class="line"><a name="l00142"></a><span class="lineno"> 142</span> <span class="comment"> * iter = 20000</span></div><div class="line"><a name="l00143"></a><span class="lineno"> 143</span> <span class="comment"> * key_len = 16</span></div><div class="line"><a name="l00144"></a><span class="lineno"> 144</span> <span class="comment"> * key = OpenSSL::PKCS5.pbkdf2_hmac_sha1(pass, salt, iter, key_len)</span></div><div class="line"><a name="l00145"></a><span class="lineno"> 145</span> <span class="comment"> *</span></div><div class="line"><a name="l00146"></a><span class="lineno"> 146</span> <span class="comment"> * === Storing Passwords</span></div><div class="line"><a name="l00147"></a><span class="lineno"> 147</span> <span class="comment"> * pass = "secret"</span></div><div class="line"><a name="l00148"></a><span class="lineno"> 148</span> <span class="comment"> * salt = OpenSSL::Random.random_bytes(16) #store this with the generated value</span></div><div class="line"><a name="l00149"></a><span class="lineno"> 149</span> <span class="comment"> * iter = 20000</span></div><div class="line"><a name="l00150"></a><span class="lineno"> 150</span> <span class="comment"> * digest = OpenSSL::Digest::SHA256.new</span></div><div class="line"><a name="l00151"></a><span class="lineno"> 151</span> <span class="comment"> * len = digest.digest_length</span></div><div class="line"><a name="l00152"></a><span class="lineno"> 152</span> <span class="comment"> * #the final value to be stored</span></div><div class="line"><a name="l00153"></a><span class="lineno"> 153</span> <span class="comment"> * value = OpenSSL::PKCS5.pbkdf2_hmac(pass, salt, iter, len, digest)</span></div><div class="line"><a name="l00154"></a><span class="lineno"> 154</span> <span class="comment"> *</span></div><div class="line"><a name="l00155"></a><span class="lineno"> 155</span> <span class="comment"> * === Important Note on Checking Passwords</span></div><div class="line"><a name="l00156"></a><span class="lineno"> 156</span> <span class="comment"> * When comparing passwords provided by the user with previously stored</span></div><div class="line"><a name="l00157"></a><span class="lineno"> 157</span> <span class="comment"> * values, a common mistake made is comparing the two values using "==".</span></div><div class="line"><a name="l00158"></a><span class="lineno"> 158</span> <span class="comment"> * Typically, "==" short-circuits on evaluation, and is therefore</span></div><div class="line"><a name="l00159"></a><span class="lineno"> 159</span> <span class="comment"> * vulnerable to timing attacks. The proper way is to use a method that</span></div><div class="line"><a name="l00160"></a><span class="lineno"> 160</span> <span class="comment"> * always takes the same amount of time when comparing two values, thus</span></div><div class="line"><a name="l00161"></a><span class="lineno"> 161</span> <span class="comment"> * not leaking any information to potential attackers. To compare two</span></div><div class="line"><a name="l00162"></a><span class="lineno"> 162</span> <span class="comment"> * values, the following could be used:</span></div><div class="line"><a name="l00163"></a><span class="lineno"> 163</span> <span class="comment"> * def eql_time_cmp(a, b)</span></div><div class="line"><a name="l00164"></a><span class="lineno"> 164</span> <span class="comment"> * unless a.length == b.length</span></div><div class="line"><a name="l00165"></a><span class="lineno"> 165</span> <span class="comment"> * return false</span></div><div class="line"><a name="l00166"></a><span class="lineno"> 166</span> <span class="comment"> * end</span></div><div class="line"><a name="l00167"></a><span class="lineno"> 167</span> <span class="comment"> * cmp = b.bytes.to_a</span></div><div class="line"><a name="l00168"></a><span class="lineno"> 168</span> <span class="comment"> * result = 0</span></div><div class="line"><a name="l00169"></a><span class="lineno"> 169</span> <span class="comment"> * a.bytes.each_with_index {|c,i|</span></div><div class="line"><a name="l00170"></a><span class="lineno"> 170</span> <span class="comment"> * result |= c ^ cmp[i]</span></div><div class="line"><a name="l00171"></a><span class="lineno"> 171</span> <span class="comment"> * }</span></div><div class="line"><a name="l00172"></a><span class="lineno"> 172</span> <span class="comment"> * result == 0</span></div><div class="line"><a name="l00173"></a><span class="lineno"> 173</span> <span class="comment"> * end</span></div><div class="line"><a name="l00174"></a><span class="lineno"> 174</span> <span class="comment"> * Please note that the premature return in case of differing lengths</span></div><div class="line"><a name="l00175"></a><span class="lineno"> 175</span> <span class="comment"> * typically does not leak valuable information - when using PKCS#5, the</span></div><div class="line"><a name="l00176"></a><span class="lineno"> 176</span> <span class="comment"> * length of the values to be compared is of fixed size.</span></div><div class="line"><a name="l00177"></a><span class="lineno"> 177</span> <span class="comment"> */</span></div><div class="line"><a name="l00178"></a><span class="lineno"> 178</span> </div><div class="line"><a name="l00179"></a><span class="lineno"> 179</span>  <a class="code" href="../../db/dbf/ossl__pkcs5_8c.html#a8cee99f5acd04b93e2318317f563db13">mPKCS5</a> = <a class="code" href="../../de/ddf/group__class.html#gad0eeed44f413060a2417852168747388">rb_define_module_under</a>(<a class="code" href="../../d4/d3c/ossl_8c.html#a19a5e8aeedd7c99b95bb894a7663fcb9">mOSSL</a>, <span class="stringliteral">"PKCS5"</span>);</div><div class="line"><a name="l00180"></a><span class="lineno"> 180</span>  <span class="comment">/* Document-class: OpenSSL::PKCS5::PKCS5Error</span></div><div class="line"><a name="l00181"></a><span class="lineno"> 181</span> <span class="comment"> *</span></div><div class="line"><a name="l00182"></a><span class="lineno"> 182</span> <span class="comment"> * Generic Exception class that is raised if an error occurs during a</span></div><div class="line"><a name="l00183"></a><span class="lineno"> 183</span> <span class="comment"> * computation.</span></div><div class="line"><a name="l00184"></a><span class="lineno"> 184</span> <span class="comment"> */</span></div><div class="line"><a name="l00185"></a><span class="lineno"> 185</span>  <a class="code" href="../../db/dbf/ossl__pkcs5_8c.html#a5ac9ab75bc232f65277a4a87038b2ee6">ePKCS5</a> = <a class="code" href="../../de/ddf/group__class.html#ga5266deadce0318d830a1e63c0933b898">rb_define_class_under</a>(<a class="code" href="../../db/dbf/ossl__pkcs5_8c.html#a8cee99f5acd04b93e2318317f563db13">mPKCS5</a>, <span class="stringliteral">"PKCS5Error"</span>, <a class="code" href="../../d4/d3c/ossl_8c.html#aea0de3b19cf8085effab72943bddc56e">eOSSLError</a>);</div><div class="line"><a name="l00186"></a><span class="lineno"> 186</span> </div><div class="line"><a name="l00187"></a><span class="lineno"> 187</span>  <a class="code" href="../../d7/d19/group__defmethod.html#gafc7122dde38ecff13de3e9d19a30aaeb">rb_define_module_function</a>(<a class="code" href="../../db/dbf/ossl__pkcs5_8c.html#a8cee99f5acd04b93e2318317f563db13">mPKCS5</a>, <span class="stringliteral">"pbkdf2_hmac"</span>, <a class="code" href="../../db/dbf/ossl__pkcs5_8c.html#a667d3a62e9820839e74af8cb82b80c0a">ossl_pkcs5_pbkdf2_hmac</a>, 5);</div><div class="line"><a name="l00188"></a><span class="lineno"> 188</span>  <a class="code" href="../../d7/d19/group__defmethod.html#gafc7122dde38ecff13de3e9d19a30aaeb">rb_define_module_function</a>(<a class="code" href="../../db/dbf/ossl__pkcs5_8c.html#a8cee99f5acd04b93e2318317f563db13">mPKCS5</a>, <span class="stringliteral">"pbkdf2_hmac_sha1"</span>, <a class="code" href="../../db/dbf/ossl__pkcs5_8c.html#a409b7a17e4755565136d78fdf2e89e05">ossl_pkcs5_pbkdf2_hmac_sha1</a>, 4);</div><div class="line"><a name="l00189"></a><span class="lineno"> 189</span> }</div><div class="ttc" id="ossl_8c_html_a19a5e8aeedd7c99b95bb894a7663fcb9"><div class="ttname"><a href="../../d4/d3c/ossl_8c.html#a19a5e8aeedd7c99b95bb894a7663fcb9">mOSSL</a></div><div class="ttdeci">VALUE mOSSL</div><div class="ttdef"><b>Definition:</b> <a href="../../d4/d3c/ossl_8c_source.html#l00259">ossl.c:259</a></div></div> <div class="ttc" id="ruby_2ruby_8h_html_a877c38180d23c5447d976c70dda89d69"><div class="ttname"><a href="../../de/de6/ruby_2ruby_8h.html#a877c38180d23c5447d976c70dda89d69">NUM2INT</a></div><div class="ttdeci">#define NUM2INT(x)</div><div class="ttdef"><b>Definition:</b> <a href="../../de/de6/ruby_2ruby_8h_source.html#l00630">ruby.h:630</a></div></div> <div class="ttc" id="group__class_html_ga5266deadce0318d830a1e63c0933b898"><div class="ttname"><a href="../../de/ddf/group__class.html#ga5266deadce0318d830a1e63c0933b898">rb_define_class_under</a></div><div class="ttdeci">VALUE rb_define_class_under(VALUE outer, const char *name, VALUE super)</div><div class="ttdoc">Defines a class under the namespace of outer. </div><div class="ttdef"><b>Definition:</b> <a href="../../d9/d0c/class_8c_source.html#l00657">class.c:657</a></div></div> <div class="ttc" id="ossl__pkcs5_8c_html_a667d3a62e9820839e74af8cb82b80c0a"><div class="ttname"><a href="../../db/dbf/ossl__pkcs5_8c.html#a667d3a62e9820839e74af8cb82b80c0a">ossl_pkcs5_pbkdf2_hmac</a></div><div class="ttdeci">#define ossl_pkcs5_pbkdf2_hmac</div><div class="ttdef"><b>Definition:</b> <a href="../../db/dbf/ossl__pkcs5_8c_source.html#l00048">ossl_pkcs5.c:48</a></div></div> <div class="ttc" id="ossl__pkcs5_8c_html_a516fb8b2f95b7508cd3d22b98223396b"><div class="ttname"><a href="../../db/dbf/ossl__pkcs5_8c.html#a516fb8b2f95b7508cd3d22b98223396b">Init_ossl_pkcs5</a></div><div class="ttdeci">void Init_ossl_pkcs5()</div><div class="ttdef"><b>Definition:</b> <a href="../../db/dbf/ossl__pkcs5_8c_source.html#l00090">ossl_pkcs5.c:90</a></div></div> <div class="ttc" id="ossl__digest_8c_html_a760b89840317c7c4920f209db9cf12f2"><div class="ttname"><a href="../../d3/d99/ossl__digest_8c.html#a760b89840317c7c4920f209db9cf12f2">GetDigestPtr</a></div><div class="ttdeci">const EVP_MD * GetDigestPtr(VALUE obj)</div><div class="ttdef"><b>Definition:</b> <a href="../../d3/d99/ossl__digest_8c_source.html#l00036">ossl_digest.c:36</a></div></div> <div class="ttc" id="ossl_8c_html_aea0de3b19cf8085effab72943bddc56e"><div class="ttname"><a href="../../d4/d3c/ossl_8c.html#aea0de3b19cf8085effab72943bddc56e">eOSSLError</a></div><div class="ttdeci">VALUE eOSSLError</div><div class="ttdef"><b>Definition:</b> <a href="../../d4/d3c/ossl_8c_source.html#l00264">ossl.c:264</a></div></div> <div class="ttc" id="group__defmethod_html_gafc7122dde38ecff13de3e9d19a30aaeb"><div class="ttname"><a href="../../d7/d19/group__defmethod.html#gafc7122dde38ecff13de3e9d19a30aaeb">rb_define_module_function</a></div><div class="ttdeci">void rb_define_module_function(VALUE module, const char *name, VALUE(*func)(ANYARGS), int argc)</div><div class="ttdoc">Defines a module function for module. </div><div class="ttdef"><b>Definition:</b> <a href="../../d9/d0c/class_8c_source.html#l01661">class.c:1661</a></div></div> <div class="ttc" id="ruby_2ruby_8h_html_a3c1d4bfc6a81af60bdcb48744c35f760"><div class="ttname"><a href="../../de/de6/ruby_2ruby_8h.html#a3c1d4bfc6a81af60bdcb48744c35f760">VALUE</a></div><div class="ttdeci">unsigned long VALUE</div><div class="ttdef"><b>Definition:</b> <a href="../../de/de6/ruby_2ruby_8h_source.html#l00088">ruby.h:88</a></div></div> <div class="ttc" id="ossl__pkcs5_8c_html_a5ac9ab75bc232f65277a4a87038b2ee6"><div class="ttname"><a href="../../db/dbf/ossl__pkcs5_8c.html#a5ac9ab75bc232f65277a4a87038b2ee6">ePKCS5</a></div><div class="ttdeci">VALUE ePKCS5</div><div class="ttdef"><b>Definition:</b> <a href="../../db/dbf/ossl__pkcs5_8c_source.html#l00008">ossl_pkcs5.c:8</a></div></div> <div class="ttc" id="ossl__pkcs5_8c_html_a8cee99f5acd04b93e2318317f563db13"><div class="ttname"><a href="../../db/dbf/ossl__pkcs5_8c.html#a8cee99f5acd04b93e2318317f563db13">mPKCS5</a></div><div class="ttdeci">VALUE mPKCS5</div><div class="ttdef"><b>Definition:</b> <a href="../../db/dbf/ossl__pkcs5_8c_source.html#l00007">ossl_pkcs5.c:7</a></div></div> <div class="ttc" id="group__class_html_gad0eeed44f413060a2417852168747388"><div class="ttname"><a href="../../de/ddf/group__class.html#gad0eeed44f413060a2417852168747388">rb_define_module_under</a></div><div class="ttdeci">VALUE rb_define_module_under(VALUE outer, const char *name)</div><div class="ttdef"><b>Definition:</b> <a href="../../d9/d0c/class_8c_source.html#l00747">class.c:747</a></div></div> <div class="ttc" id="ruby_2ruby_8h_html_a3f0e4e2b6d073369cc1c2ddde00b13bb"><div class="ttname"><a href="../../de/de6/ruby_2ruby_8h.html#a3f0e4e2b6d073369cc1c2ddde00b13bb">RSTRING_PTR</a></div><div class="ttdeci">#define RSTRING_PTR(str)</div><div class="ttdef"><b>Definition:</b> <a href="../../de/de6/ruby_2ruby_8h_source.html#l00845">ruby.h:845</a></div></div> <div class="ttc" id="ossl_8c_html_abdd6427ac56d2ded08a03d234b4ffc23"><div class="ttname"><a href="../../d4/d3c/ossl_8c.html#abdd6427ac56d2ded08a03d234b4ffc23">ossl_raise</a></div><div class="ttdeci">void ossl_raise(VALUE exc, const char *fmt,...)</div><div class="ttdef"><b>Definition:</b> <a href="../../d4/d3c/ossl_8c_source.html#l00333">ossl.c:333</a></div></div> <div class="ttc" id="ossl_8h_html"><div class="ttname"><a href="../../d5/dac/ossl_8h.html">ossl.h</a></div></div> <div class="ttc" id="ruby_2ruby_8h_html_a5133348f689646af76f8fe8e0af547f5"><div class="ttname"><a href="../../de/de6/ruby_2ruby_8h.html#a5133348f689646af76f8fe8e0af547f5">RSTRING_LENINT</a></div><div class="ttdeci">#define RSTRING_LENINT(str)</div><div class="ttdef"><b>Definition:</b> <a href="../../de/de6/ruby_2ruby_8h_source.html#l00853">ruby.h:853</a></div></div> <div class="ttc" id="group__class_html_ga911071d40f9312e49a774ea0e1b12869"><div class="ttname"><a href="../../de/ddf/group__class.html#ga911071d40f9312e49a774ea0e1b12869">rb_define_module</a></div><div class="ttdeci">VALUE rb_define_module(const char *name)</div><div class="ttdef"><b>Definition:</b> <a href="../../d9/d0c/class_8c_source.html#l00727">class.c:727</a></div></div> <div class="ttc" id="ossl__pkcs5_8c_html_a409b7a17e4755565136d78fdf2e89e05"><div class="ttname"><a href="../../db/dbf/ossl__pkcs5_8c.html#a409b7a17e4755565136d78fdf2e89e05">ossl_pkcs5_pbkdf2_hmac_sha1</a></div><div class="ttdeci">#define ossl_pkcs5_pbkdf2_hmac_sha1</div><div class="ttdef"><b>Definition:</b> <a href="../../db/dbf/ossl__pkcs5_8c_source.html#l00086">ossl_pkcs5.c:86</a></div></div> <div class="ttc" id="ruby_2ruby_8h_html_a0e80f207eb41e9010ec9f0f5f9419fea"><div class="ttname"><a href="../../de/de6/ruby_2ruby_8h.html#a0e80f207eb41e9010ec9f0f5f9419fea">StringValue</a></div><div class="ttdeci">#define StringValue(v)</div><div class="ttdef"><b>Definition:</b> <a href="../../de/de6/ruby_2ruby_8h_source.html#l00539">ruby.h:539</a></div></div> <div class="ttc" id="intern_8h_html_a48b2b873adb8b6a04254bd631c4b03c5"><div class="ttname"><a href="../../db/d2e/intern_8h.html#a48b2b873adb8b6a04254bd631c4b03c5">rb_str_new</a></div><div class="ttdeci">VALUE rb_str_new(const char *, long)</div><div class="ttdef"><b>Definition:</b> <a href="../../d1/db0/string_8c_source.html#l00534">string.c:534</a></div></div> </div><!-- fragment --></div><!-- contents --> <!-- start footer part --> <hr class="footer"/><address class="footer"><small> Generated by  <a href="http://www.doxygen.org/index.html"> <img class="footer" src="../../doxygen.png" alt="doxygen"/> </a> 1.8.14 </small></address> </body> </html>
💾 Save Changes
❌ Cancel