2
* Copyright (c) 2006 Kungliga Tekniska Högskolan
3
* (Royal Institute of Technology, Stockholm, Sweden).
6
* Redistribution and use in source and binary forms, with or without
7
* modification, are permitted provided that the following conditions
10
* 1. Redistributions of source code must retain the above copyright
11
* notice, this list of conditions and the following disclaimer.
13
* 2. Redistributions in binary form must reproduce the above copyright
14
* notice, this list of conditions and the following disclaimer in the
15
* documentation and/or other materials provided with the distribution.
17
* 3. Neither the name of the Institute nor the names of its contributors
18
* may be used to endorse or promote products derived from this software
19
* without specific prior written permission.
21
* THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24
* ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50
PKCS12_key_gen(const void *key, size_t keylen,
51
const void *salt, size_t saltlen,
52
int id, int iteration, size_t outkeysize,
53
void *out, const EVP_MD *md)
55
unsigned char *v, *I, hash[EVP_MAX_MD_SIZE];
56
unsigned int size, size_I = 0;
57
unsigned char idc = id;
59
unsigned char *outp = out;
62
ctx = EVP_MD_CTX_create();
66
vlen = EVP_MD_block_size(md);
69
EVP_MD_CTX_destroy(ctx);
73
I = calloc(1, vlen * 2);
75
EVP_MD_CTX_destroy(ctx);
80
if (salt && saltlen > 0) {
81
for (i = 0; i < vlen; i++)
82
I[i] = ((unsigned char*)salt)[i % saltlen];
86
* There is a diffrence between the no password string and the
87
* empty string, in the empty string the UTF16 NUL terminator is
88
* included into the string.
90
if (key && keylen >= 0) {
91
for (i = 0; i < vlen / 2; i++) {
92
I[(i * 2) + size_I] = 0;
93
I[(i * 2) + size_I + 1] = ((unsigned char*)key)[i % (keylen + 1)];
101
if (!EVP_DigestInit_ex(ctx, md, NULL)) {
102
EVP_MD_CTX_destroy(ctx);
107
for (i = 0; i < vlen; i++)
108
EVP_DigestUpdate(ctx, &idc, 1);
109
EVP_DigestUpdate(ctx, I, size_I);
110
EVP_DigestFinal_ex(ctx, hash, &size);
112
for (i = 1; i < iteration; i++)
113
EVP_Digest(hash, size, hash, &size, md, NULL);
115
memcpy(outp, hash, min(outkeysize, size));
116
if (outkeysize < size)
121
for (i = 0; i < vlen; i++)
122
v[i] = hash[i % size];
124
bnB = BN_bin2bn(v, vlen, NULL);
126
BN_set_word(bnOne, 1);
128
BN_uadd(bnB, bnB, bnOne);
130
for (i = 0; i < vlen * 2; i += vlen) {
134
bnI = BN_bin2bn(I + i, vlen, NULL);
136
BN_uadd(bnI, bnI, bnB);
138
j = BN_num_bytes(bnI);
140
assert(j == vlen + 1);
142
memcpy(I + i, v + 1, vlen);
144
memset(I + i, 0, vlen - j);
145
BN_bn2bin(bnI, I + i + vlen - j);
154
EVP_MD_CTX_destroy(ctx);