2 * Copyright (c) 2006 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 RCSID("$Id: pkcs12.c 23137 2008-04-29 05:46:48Z lha $");
50 PKCS12_key_gen(const void *key, size_t keylen,
51 const void *salt, size_t saltlen,
52 int id, int iteration, size_t outkeysize,
53 void *out, const EVP_MD *md)
55 unsigned char *v, *I, hash[EVP_MAX_MD_SIZE];
56 unsigned int size, size_I = 0;
57 unsigned char idc = id;
59 unsigned char *outp = out;
62 ctx = EVP_MD_CTX_create();
66 vlen = EVP_MD_block_size(md);
69 EVP_MD_CTX_destroy(ctx);
73 I = calloc(1, vlen * 2);
75 EVP_MD_CTX_destroy(ctx);
80 if (salt && saltlen > 0) {
81 for (i = 0; i < vlen; i++)
82 I[i] = ((unsigned char*)salt)[i % saltlen];
86 * There is a diffrence between the no password string and the
87 * empty string, in the empty string the UTF16 NUL terminator is
88 * included into the string.
90 if (key && keylen >= 0) {
91 for (i = 0; i < vlen / 2; i++) {
92 I[(i * 2) + size_I] = 0;
93 I[(i * 2) + size_I + 1] = ((unsigned char*)key)[i % (keylen + 1)];
101 if (!EVP_DigestInit_ex(ctx, md, NULL)) {
102 EVP_MD_CTX_destroy(ctx);
107 for (i = 0; i < vlen; i++)
108 EVP_DigestUpdate(ctx, &idc, 1);
109 EVP_DigestUpdate(ctx, I, size_I);
110 EVP_DigestFinal_ex(ctx, hash, &size);
112 for (i = 1; i < iteration; i++)
113 EVP_Digest(hash, size, hash, &size, md, NULL);
115 memcpy(outp, hash, min(outkeysize, size));
116 if (outkeysize < size)
121 for (i = 0; i < vlen; i++)
122 v[i] = hash[i % size];
124 bnB = BN_bin2bn(v, vlen, NULL);
126 BN_set_word(bnOne, 1);
128 BN_uadd(bnB, bnB, bnOne);
130 for (i = 0; i < vlen * 2; i += vlen) {
134 bnI = BN_bin2bn(I + i, vlen, NULL);
136 BN_uadd(bnI, bnI, bnB);
138 j = BN_num_bytes(bnI);
140 assert(j == vlen + 1);
142 memcpy(I + i, v + 1, vlen);
144 memset(I + i, 0, vlen - j);
145 BN_bn2bin(bnI, I + i + vlen - j);
154 EVP_MD_CTX_destroy(ctx);