zig/lib/libc/include/any-macos-any/CommonCrypto/CommonKeyDerivation.h

/*
 * Copyright (c) 2010 Apple Inc. All Rights Reserved.
 *
 * @APPLE_LICENSE_HEADER_START@
 *
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 *
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 *
 * @APPLE_LICENSE_HEADER_END@
 */

#ifndef _CC_PBKDF_H_
#define _CC_PBKDF_H_

#include <string.h>
#include <limits.h>
#include <stdlib.h>
#include <CommonCrypto/CommonDigest.h>
#include <CommonCrypto/CommonHMAC.h>


#ifdef __cplusplus
extern "C" {
#endif

enum {
    kCCPBKDF2 = 2,
};


typedef uint32_t CCPBKDFAlgorithm;


enum {
    kCCPRFHmacAlgSHA1 = 1,
    kCCPRFHmacAlgSHA224 = 2,
    kCCPRFHmacAlgSHA256 = 3,
    kCCPRFHmacAlgSHA384 = 4,
    kCCPRFHmacAlgSHA512 = 5,
};


typedef uint32_t CCPseudoRandomAlgorithm;

/*

 @function  CCKeyDerivationPBKDF
 @abstract  Derive a key from a text password/passphrase

 @param algorithm       Currently only PBKDF2 is available via kCCPBKDF2
 @param password        The text password used as input to the derivation
                        function.  The actual octets present in this string
                        will be used with no additional processing.  It's
                        extremely important that the same encoding and
                        normalization be used each time this routine is
                        called if the same key is  expected to be derived.
 @param passwordLen     The length of the text password in bytes.
 @param salt            The salt byte values used as input to the derivation
                        function. The pointer can be NULL, only when saltLen is zero.
 @param saltLen         The length of the salt in bytes. It can be zero.
 @param prf             The Pseudo Random Algorithm to use for the derivation
                        iterations.
 @param rounds          The number of rounds of the Pseudo Random Algorithm
                        to use. It cannot be zero.
 @param derivedKey      The resulting derived key produced by the function.
                        The space for this must be provided by the caller.
 @param derivedKeyLen   The expected length of the derived key in bytes. It cannot be zero.

 @discussion The following values are used to designate the PRF:

 * kCCPRFHmacAlgSHA1
 * kCCPRFHmacAlgSHA224
 * kCCPRFHmacAlgSHA256
 * kCCPRFHmacAlgSHA384
 * kCCPRFHmacAlgSHA512

 @result     kCCParamError can result from bad values for the password, salt,
 	     and unwrapped key pointers as well as a bad value for the prf
	     function.

 */

int
CCKeyDerivationPBKDF( CCPBKDFAlgorithm algorithm, const char *password, size_t passwordLen,
                      const uint8_t *salt, size_t saltLen,
                      CCPseudoRandomAlgorithm prf, unsigned rounds,
                      uint8_t *derivedKey, size_t derivedKeyLen)
                      API_AVAILABLE(macos(10.7), ios(5.0));

/*
 * All lengths are in bytes - not bits.
 */

/*

 @function  CCCalibratePBKDF
 @abstract  Determine the number of PRF rounds to use for a specific delay on
            the current platform.
 @param algorithm       Currently only PBKDF2 is available via kCCPBKDF2
 @param passwordLen     The length of the text password in bytes.
 @param saltLen         The length of the salt in bytes. saltlen must be smaller than 133.
 @param prf             The Pseudo Random Algorithm to use for the derivation
                        iterations.
 @param derivedKeyLen   The expected length of the derived key in bytes.
 @param msec            The targetted duration we want to achieve for a key
                        derivation with these parameters.

 @result the number of iterations to use for the desired processing time.
        Returns a minimum of 10000 iterations (safety net, not a particularly recommended value)
            The number of iterations is a trade-off of usability and security. If there is an error
            the function returns (unsigned)(-1). The minimum return value is set to 10000.

 */

unsigned
CCCalibratePBKDF(CCPBKDFAlgorithm algorithm, size_t passwordLen, size_t saltLen,
                 CCPseudoRandomAlgorithm prf, size_t derivedKeyLen, uint32_t msec)
                 API_AVAILABLE(macos(10.7), ios(5.0));

#ifdef __cplusplus
}
#endif

#endif  /* _CC_PBKDF_H_ */