Re: How do I use pbkdf2 in nss?
The WebCrypto API implementation in Firefox uses NSS to provide PBKDF2:
http://hg.mozilla.org/mozilla-central/file/a255a234946e/dom/crypto/WebCryptoTask.cpp#l2333
Most of the stuff you're probably interested in happens in DoCrypto().
- Tim
sdjfhas dufh wrote:
> How do I use pbkdf2 in lib nss? It appears to be supported but I can not find
> a useable example. The api page list functions but I don't know what to do
> with them
> https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Reference#PKCS_.235_functions
>
> I want to supply a password, choose the rounds then generate a specific
> amount of bytes. Something like the below would work for me but I expect
> actual usage wouldn't be like that
>
> char data_out[20]; //I need 20bytes of data from the password
> int rounds = 5; //1K is too quick these days
> //password is null terminated
> if(pbkdf2(pass, rounds, salt, &data_out, sizeof data_out) != 0)
> {printf("Error");}
>
> Can someone give me a useable example?
>
> .NET has a complicated example but I can see what I want can be done in two
> lines. I searched for nearly two hours and can't figure out how to do it in
> nss.
>
> From
> http://msdn.microsoft.com/en-us/library/system.security.cryptography.rfc2898derivebytes%28v=vs.110%29.aspx
>
> Rfc2898DeriveBytes k1 = new Rfc2898DeriveBytes(pwd1, salt1, myIterations);
> k1.GetBytes(16);
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: [ANNOUNCE] NSS 3.22 Release
Kai Engert wrote: > The NSS team has released Network Security Services (NSS) 3.22, > which is a minor release. > > New functionality: > * RSA-PSS signatures are now supported (bug 1215295) > * Pseudorandom functions based on hashes other than SHA-1 are now supported To clarify: Our PBKDF2 implementation supports HMAC/SHA-2 PRFs now. - Tim > * Enforce an External Policy on NSS from a config file (bug 1009429) > > New Functions: > * PK11_SignWithMechanism - an extended version PK11_Sign() > * PK11_VerifyWithMechanism - an extended version of PK11_Verify() > * SSL_PeerSignedCertTimestamps - Get signed_certificate_timestamp > TLS extension data > * SSL_SetSignedCertTimestamps - Set signed_certificate_timestamp > TLS extension data > > New Types: > * ssl_signed_cert_timestamp_xtn is added to SSLExtensionType > * Constants for several object IDs are added to SECOidTag > > New Macros: > * SSL_ENABLE_SIGNED_CERT_TIMESTAMPS > * NSS_USE_ALG_IN_SSL > * NSS_USE_POLICY_IN_SSL > * NSS_RSA_MIN_KEY_SIZE > * NSS_DH_MIN_KEY_SIZE > * NSS_DSA_MIN_KEY_SIZE > * NSS_TLS_VERSION_MIN_POLICY > * NSS_TLS_VERSION_MAX_POLICY > * NSS_DTLS_VERSION_MIN_POLICY > * NSS_DTLS_VERSION_MAX_POLICY > * CKP_PKCS5_PBKD2_HMAC_SHA224 > * CKP_PKCS5_PBKD2_HMAC_SHA256 > * CKP_PKCS5_PBKD2_HMAC_SHA384 > * CKP_PKCS5_PBKD2_HMAC_SHA512 > * CKP_PKCS5_PBKD2_HMAC_GOSTR3411 - (not supported) > * CKP_PKCS5_PBKD2_HMAC_SHA512_224 - (not supported) > * CKP_PKCS5_PBKD2_HMAC_SHA512_256 - (not supported) > > Notable Changes: > * NSS C++ tests are built by default, requiring a C++11 compiler. > Set the NSS_DISABLE_GTESTS variable to 1 to disable building these tests. > > The full release notes are available at > https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.22_release_notes > > The HG tag is NSS_3_22_RTM. NSS 3.22 requires NSPR 4.11 or newer. > > NSS 3.22 source distributions are available for secure HTTPS download: > https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_22_RTM/src/ > > A complete list of all bugs resolved in this release can be obtained at > https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.22&product=NSS > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
[ANNOUNCE] NSS 3.25.1 Release
The NSS Development Team announces the release of NSS 3.25.1, which is a patch release to address a TLS compatibility issue that some client applications experienced with NSS 3.25. No new functionality is introduced in this release. Notable Changes: * Bug 1304407 - Ignore MD5 signature algorithms in certificate requests. The full release notes are available at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.25.1_release_notes The HG tag is NSS_3_25_1_RTM. NSS 3.25.1 requires NSPR 4.12 or newer. NSS 3.25.1 source distributions are available on ftp.mozilla.org for secure HTTPS download: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_25_1_RTM/src/ -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
[ANNOUNCE] NSS 3.26.2 Release
The NSS Development Team announces the release of NSS 3.26.2, which is a patch release to address a TLS compatibility issue that some client applications experienced with NSS 3.26.1. No new functionality is introduced in this release. Notable Changes: * Bug 1304407 - Ignore MD5 signature algorithms in certificate requests. The full release notes are available at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.26.2_release_notes The HG tag is NSS_3_26_2_RTM. NSS 3.26.2 requires NSPR 4.12 or newer. NSS 3.26.2 source distributions are available on ftp.mozilla.org for secure HTTPS download: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_26_2_RTM/src/ -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
[ANNOUNCE] NSS 3.29.3 Release
The NSS team has released Network Security Services (NSS) 3.29.3 No new functionality is introduced in this release. This is a patch release to fix a rare crash when initializing an SSL socket fails. The full release notes are available at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NS S/NSS_3.29.3_release_notes The HG tag is NSS_3_29_3_RTM. NSS 3.29.3 requires NSPR 4.13.1 or newer. NSS 3.29.3 source distributions are available for secure download: https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_29_3_RTM/src/ -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
[ANNOUNCE] NSS 3.30 Release
The NSS team has released Network Security Services (NSS) 3.30 New in NSS 3.30: * In the PKCS#11 root CA module (nssckbi), CAs with positive trust are marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY, set to true. Applications that need to distinguish them from other other root CAs may use the exported function PK11_HasAttributeSet. * Support for callback functions that can be used to monitor SSL/TLS alerts that are sent or received. Notable Changes: * The TLS server code has been enhanced to support session tickets when no RSA certificate is configured. * RSA-PSS signatures produced by key pairs with a modulus bit length that is not a multiple of 8 are now supported. * The pk12util tool now supports importing and exporting data encrypted in the AES based schemes defined in PKCS#5 v2.1. The full release notes are available at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30_release_notes The HG tag is NSS_3_30_RTM. NSS 3.30 requires NSPR 4.13.1 or newer. NSS 3.30 source distributions are available for secure download: https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_30_RTM/src/ -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
[ANNOUNCE] NSS 3.31.1 Release
The NSS team has released Network Security Services (NSS) 3.31.1, which is a patch release to fix a potential deadlock with external PKCS#11 tokens. No new functionality is introduced in this release. The fix for the deadlock mentioned above is already included with NSS 3.32. The only change included is the following: * Bug 1381784 - Potential deadlock when using an external PKCS#11 token The full release notes are available at https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.31.1_release_notes The HG tag is NSS_3_31_1_RTM. NSS 3.31.1 requires NSPR 4.15 or newer. NSS 3.31.1 source distributions are available for secure download: https://ftp.mozilla.org/pub/security/nss/releases/NSS_3_31_1_RTM/src/ -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
