Hello,
I cant seem to find a PBKDF2 function in the SDK to generate a private key from a passphrase.
We want to use mbed-tls or CC310 to make a SHA512 based key for AES encryption purposes.
The only thing I found in the supplied SDK, is pkcs5.c, which contains a mbedtls_pkcs5_pbkdf2_hmac function to derive bytes from a supplied passphrase.
This kind of works and I can generate hashes that are correct when checking them against test vectors I found online, but when I use SHA512 with 4096 iterations, it takes over 6 seconds to return.
Example code:
#include "mbedtls/asn1.h"
#include "mbedtls/cipher.h"
#include "mbedtls/oid.h"
#include "mbedtls/pkcs5.h"
static const size_t plen = 8;
static const unsigned char password[33] = {"password"};
static const size_t slen = 4;
static const unsigned char salt[40] = {"salt"};
int PBKDF2_test(void)
{ mbedtls_md_context_t sha512_ctx;
const mbedtls_md_info_t *info_sha512;
unsigned char aes_key[32];
unsigned char IV[16];
mbedtls_md_init( &sha512_ctx );
info_sha512 = mbedtls_md_info_from_type( MBEDTLS_MD_SHA512 );
if( info_sha512 == NULL )
{ return -1;
}
if( ( ret = mbedtls_md_setup( &sha512_ctx, info_sha512, 1 ) ) != 0 )
{ return -1;
}
// make AES key
ret = mbedtls_pkcs5_pbkdf2_hmac( &sha512_ctx, password, plen, salt ,slen, it_cnt, 32, aes_key );
if( ret != 0 )
{ return -1;
}
// make IV
my_timer_start();
ret = mbedtls_pkcs5_pbkdf2_hmac( &sha512_ctx, password, plen, salt ,slen, it_cnt, 16, IV );
if( ret != 0 )
{ return -1;
}
mbedtls_md_free( &sha512_ctx );
return 0;
}
Is there a nicer and faster way?