forked from wolfSSL/wolfssl
Wrapping PBKDF PKCS#12 algorithm.
This commit is contained in:
@ -15,6 +15,8 @@ Please send questions to support@wolfssl.com
|
|||||||
make
|
make
|
||||||
sudo make install
|
sudo make install
|
||||||
|
|
||||||
|
NOTE: if you want to use pbkdf pkcs #12 algorithm you should build CyaSSL with --enable-pwdbased:
|
||||||
|
./configure --disable-shared --enable-pwdbased CFLAGS=-fpic
|
||||||
|
|
||||||
2) start the example server from the root directory
|
2) start the example server from the root directory
|
||||||
./examples/server/server -d
|
./examples/server/server -d
|
||||||
@ -41,4 +43,3 @@ Please send questions to support@wolfssl.com
|
|||||||
python library that isn't included by default
|
python library that isn't included by default
|
||||||
7) The outputs _wolfssl.pyd and wolfssl.py are the wolfssl import library
|
7) The outputs _wolfssl.pyd and wolfssl.py are the wolfssl import library
|
||||||
8) Can now run python runme.py from the swig directory
|
8) Can now run python runme.py from the swig directory
|
||||||
|
|
||||||
|
44
swig/pbkdf_pkcs12.py
Normal file
44
swig/pbkdf_pkcs12.py
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
"""A simple example how to use PBKDF PKCS #12 algorithm."""
|
||||||
|
|
||||||
|
import wolfssl
|
||||||
|
import os
|
||||||
|
import random
|
||||||
|
import string
|
||||||
|
|
||||||
|
|
||||||
|
PASSWORD_LENGTH = 16
|
||||||
|
SALT_LENGTH = 8
|
||||||
|
KEY_LENGTH = 16
|
||||||
|
ITERATIONS = 256
|
||||||
|
SHA256 = 2 # Hashtype, stands for Sha256 in wolfssl.
|
||||||
|
|
||||||
|
|
||||||
|
def to_c_byte_array(content):
|
||||||
|
output = wolfssl.byteArray(len(content))
|
||||||
|
for i, ch in enumerate(content):
|
||||||
|
output[i] = ord(ch)
|
||||||
|
return output
|
||||||
|
|
||||||
|
|
||||||
|
password = ''.join(random.choice(string.ascii_uppercase + string.digits) for x in range(PASSWORD_LENGTH))
|
||||||
|
salt = os.urandom(SALT_LENGTH)
|
||||||
|
key = wolfssl.byteArray(KEY_LENGTH)
|
||||||
|
|
||||||
|
# params:
|
||||||
|
# key :: bytearray output
|
||||||
|
# passwd :: bytearray password that is used to derive the key
|
||||||
|
# pLen :: password length
|
||||||
|
# salt :: bytearray salt
|
||||||
|
# sLen :: salt length
|
||||||
|
# iterations :: number of iterations
|
||||||
|
# kLen :: key length
|
||||||
|
# hashType :: int, SHA256 stands for 2
|
||||||
|
# purpose :: int, not really sure what it does, 1 was used in the tests
|
||||||
|
wolfssl.wc_PKCS12_PBKDF(key, to_c_byte_array(password), PASSWORD_LENGTH, to_c_byte_array(salt), SALT_LENGTH, ITERATIONS,
|
||||||
|
KEY_LENGTH, SHA256, 1)
|
||||||
|
key = wolfssl.cdata(key, KEY_LENGTH)
|
||||||
|
assert len(key) == KEY_LENGTH, "Generated key has length %s, whereas should have length %s" % (len(key), KEY_LENGTH)
|
||||||
|
|
||||||
|
print 'Generated key: %s\nfor password: %s' % (key, password)
|
||||||
|
print 'Bytes:'
|
||||||
|
print [b for b in key]
|
@ -23,6 +23,7 @@
|
|||||||
%{
|
%{
|
||||||
#include <wolfssl/ssl.h>
|
#include <wolfssl/ssl.h>
|
||||||
#include <wolfssl/wolfcrypt/rsa.h>
|
#include <wolfssl/wolfcrypt/rsa.h>
|
||||||
|
#include <wolfssl/wolfcrypt/pwdbased.h>
|
||||||
|
|
||||||
/* defn adds */
|
/* defn adds */
|
||||||
char* wolfSSL_error_string(int err);
|
char* wolfSSL_error_string(int err);
|
||||||
@ -44,6 +45,9 @@ int wolfSSL_Init(void);
|
|||||||
char* wolfSSL_error_string(int);
|
char* wolfSSL_error_string(int);
|
||||||
int wolfSSL_swig_connect(WOLFSSL*, const char* server, int port);
|
int wolfSSL_swig_connect(WOLFSSL*, const char* server, int port);
|
||||||
|
|
||||||
|
int wc_PKCS12_PBKDF(unsigned char* output, const unsigned char* passwd, int pLen, const unsigned char* salt,
|
||||||
|
int sLen, int iterations, int kLen, int hashType, int purpose);
|
||||||
|
|
||||||
int wc_RsaSSL_Sign(const unsigned char* in, int inLen, unsigned char* out, int outLen, RsaKey* key, WC_RNG* rng);
|
int wc_RsaSSL_Sign(const unsigned char* in, int inLen, unsigned char* out, int outLen, RsaKey* key, WC_RNG* rng);
|
||||||
|
|
||||||
int wc_RsaSSL_Verify(const unsigned char* in, int inLen, unsigned char* out, int outLen, RsaKey* key);
|
int wc_RsaSSL_Verify(const unsigned char* in, int inLen, unsigned char* out, int outLen, RsaKey* key);
|
||||||
|
Reference in New Issue
Block a user