3 Command-line tool for pbkdf2 hashing.
5 Copyright (C) 2013 Niels Möller
7 This file is part of GNU Nettle.
9 GNU Nettle is free software: you can redistribute it and/or
10 modify it under the terms of either:
12 * the GNU Lesser General Public License as published by the Free
13 Software Foundation; either version 3 of the License, or (at your
14 option) any later version.
18 * the GNU General Public License as published by the Free
19 Software Foundation; either version 2 of the License, or (at your
20 option) any later version.
22 or both in parallel, as here.
24 GNU Nettle is distributed in the hope that it will be useful,
25 but WITHOUT ANY WARRANTY; without even the implied warranty of
26 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
27 General Public License for more details.
29 You should have received copies of the GNU General Public License and
30 the GNU Lesser General Public License along with this program. If
31 not, see http://www.gnu.org/licenses/.
49 #define DEFAULT_ITERATIONS 10000
50 #define DEFAULT_LENGTH 16
54 fprintf(f, "Usage: nettle-pbkdf2 [OPTIONS] SALT\n"
56 " --help Show this help.\n"
57 " -V, --version Show version information.\n"
58 " -i, --iterations=COUNT Desired iteration count (default %d).\n"
59 " -l, --length=LENGTH Desired output length (octets, default %d)\n"
60 " --raw Raw binary output.\n"
61 " --hex-salt Use hex encoding for the salt.\n",
62 DEFAULT_ITERATIONS, DEFAULT_LENGTH);
65 #define MAX_PASSWORD 1024
68 main (int argc, char **argv)
70 unsigned iterations = DEFAULT_ITERATIONS;
71 unsigned output_length = DEFAULT_LENGTH;
72 char password[MAX_PASSWORD];
73 size_t password_length;
81 enum { OPT_HELP = 0x300, OPT_RAW, OPT_HEX_SALT };
82 static const struct option options[] =
84 /* Name, args, flag, val */
85 { "help", no_argument, NULL, OPT_HELP },
86 { "version", no_argument, NULL, 'V' },
87 { "length", required_argument, NULL, 'l' },
88 { "iterations", required_argument, NULL, 'i' },
89 { "raw", no_argument, NULL, OPT_RAW },
90 { "hex-salt", no_argument, NULL, OPT_HEX_SALT },
95 while ( (c = getopt_long(argc, argv, "Vl:i:", options, NULL)) != -1)
107 printf("nettle-pbkdf2 (" PACKAGE_STRING ")\n");
114 die ("Invalid length argument: `%s'\n", optarg);
124 die ("Invalid iteration count: `%s'\n", optarg);
144 salt = strdup (argv[0]);
145 salt_length = strlen(salt);
149 struct base16_decode_ctx base16;
151 base16_decode_init (&base16);
152 if (!base16_decode_update (&base16,
154 salt, salt_length, salt)
155 || !base16_decode_final (&base16))
156 die ("Invalid salt (expecting hex encoding).\n");
159 password_length = fread (password, 1, sizeof(password), stdin);
160 if (password_length == sizeof(password))
161 die ("Password input too long. Current limit is %d characters.\n",
162 (int) sizeof(password) - 1);
164 die ("Reading password input failed: %s.\n", strerror (errno));
166 output = xalloc (output_length);
167 pbkdf2_hmac_sha256 (password_length, password, iterations, salt_length, salt,
168 output_length, output);
173 fwrite (output, output_length, 1, stdout);
177 char hex[BASE16_ENCODE_LENGTH(8) + 1];
178 for (i = 0; i + 8 < output_length; i += 8)
180 base16_encode_update(hex, 8, output + i);
181 hex[BASE16_ENCODE_LENGTH(8)] = 0;
182 printf("%s%c", hex, i % 64 == 56 ? '\n' : ' ');
184 base16_encode_update(hex, output_length - i, output + i);
185 hex[BASE16_ENCODE_LENGTH(output_length - i)] = 0;
190 if (fflush(stdout) != 0 )
191 die("Write failed: %s\n", STRERROR(errno));