![]() | Cryptographic Token Interface Standard |
PKCS#11 |
The following PRFs are defined in PKCS #5 v2.0. The following table lists the defined functions.
Table 263, PKCS #5 PBKDF2 Key Generation: Pseudo-random functions
PRF Source Identifier | Value | Parameter Type |
CKP_PKCS5_PBKD2_HMAC_SHA1 | 0x00000001 | No Parameter. pPrfData must be NULL and ulPrfDataLen must be zero. |
CKP_PKCS5_PBKD2_HMAC_GOSTR3411 | 0x00000002 | This PRF uses GOST R34.11-94 hash to produce secret key value. pPrfData should point to DER-encoded OID, indicating GOSTR34.11-94 parameters. ulPrfDataLen holds encoded OID length in bytes. If pPrfData is set to NULL_PTR, then id-GostR3411-94-CryptoProParamSet parameters will be used (RFC 4357, 11.2), and ulPrfDataLen must be 0. |
CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE_PTR is a pointer to a CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE.
typedef CK_ULONG CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE;
The following salt value sources are defined in PKCS #5 v2.0. The following table lists the defined sources along with the corresponding data type for the pSaltSourceData field in the CK_PKCS5_PBKD2_PARAM structure defined below.
Table 264, PKCS #5 PBKDF2 Key Generation: Salt sources
Source Identifier | Value | Data Type |
CKZ_SALT_SPECIFIED | 0x00000001 | Array of CK_BYTE containing the value of the salt value. |
CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE_PTR is a pointer to a CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE.
typedef struct CK_PKCS5_PBKD2_PARAMS { CK_PKCS5_PBKDF2_SALT_SOURCE_TYPE saltSource; CK_VOID_PTR pSaltSourceData; CK_ULONG ulSaltSourceDataLen; CK_ULONG iterations; CK_PKCS5_PBKD2_PSEUDO_RANDOM_FUNCTION_TYPE prf; CK_VOID_PTR pPrfData; CK_ULONG ulPrfDataLen;CK_UTF8CHAR_PTR pPassword; CK_ULONG_PTR ulPasswordLen; } CK_PKCS5_PBKD2_PARAMS;
saltSource | source of the salt value |
pSaltSourceData | data used as the input for the salt source |
ulSaltSourceDataLen | length of the salt source input |
iterations | number of iterations to perform when generating each block of random data |
prf | pseudo-random function to used to generate the key |
pPrfData | data used as the input for PRF in addition to the salt value |
ulPrfDataLen | length of the input data for the PRF |
pPassword | points to the password to be used in the PBE key generation |
ulPasswordLen | length in bytes of the password information |
CK_PKCS5_PBKD2_PARAMS_PTR is a pointer to a CK_PKCS5_PBKD2_PARAMS.