2 * Copyright (c) 2006 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 RCSID("$Id: pkcs12.c 20661 2007-05-10 21:57:58Z lha $");
50 PKCS12_key_gen(const void *key, size_t keylen,
51 const void *salt, size_t saltlen,
52 int id, int iteration, size_t outkeysize,
53 void *out, const EVP_MD *md)
55 unsigned char *v, *I, hash[EVP_MAX_MD_SIZE];
56 unsigned int size, size_I = 0;
57 unsigned char idc = id;
59 unsigned char *outp = out;
62 EVP_MD_CTX_init(&ctx);
64 vlen = EVP_MD_block_size(md);
69 I = calloc(1, vlen * 2);
75 if (salt && saltlen > 0) {
76 for (i = 0; i < vlen; i++)
77 I[i] = ((unsigned char*)salt)[i % saltlen];
81 * There is a diffrence between the no password string and the
82 * empty string, in the empty string the UTF16 NUL terminator is
83 * included into the string.
85 if (key && keylen >= 0) {
86 for (i = 0; i < vlen / 2; i++) {
87 I[(i * 2) + size_I] = 0;
88 I[(i * 2) + size_I + 1] = ((unsigned char*)key)[i % (keylen + 1)];
96 if (!EVP_DigestInit_ex(&ctx, md, NULL))
98 for (i = 0; i < vlen; i++)
99 EVP_DigestUpdate(&ctx, &idc, 1);
100 EVP_DigestUpdate(&ctx, I, size_I);
101 EVP_DigestFinal_ex(&ctx, hash, &size);
103 for (i = 1; i < iteration; i++)
104 EVP_Digest(hash, size, hash, &size, md, NULL);
106 memcpy(outp, hash, min(outkeysize, size));
107 if (outkeysize < size)
112 for (i = 0; i < vlen; i++)
113 v[i] = hash[i % size];
115 bnB = BN_bin2bn(v, vlen, NULL);
117 BN_set_word(bnOne, 1);
119 BN_uadd(bnB, bnB, bnOne);
121 for (i = 0; i < vlen * 2; i += vlen) {
125 bnI = BN_bin2bn(I + i, vlen, NULL);
127 BN_uadd(bnI, bnI, bnB);
129 j = BN_num_bytes(bnI);
131 assert(j == vlen + 1);
133 memcpy(I + i, v + 1, vlen);
135 memset(I + i, 0, vlen - j);
136 BN_bn2bin(bnI, I + i + vlen - j);
145 EVP_MD_CTX_cleanup(&ctx);