mbedtls_pkcs12_derivation() function

The PKCS#12 derivation function uses a password and a salt to produce pseudo-random bits for a particular "purpose". Depending on the given id, this function can produce an encryption/decryption key, an initialization vector or an integrity key.

Syntax

Show:

Summary

Declaration

Definition

from pkcs12.h:177

int mbedtls_pkcs12_derivation(unsigned char *data, size_t datalen, const unsigned char *pwd, size_t pwdlen, const unsigned char *salt, size_t saltlen, mbedtls_md_type_t mbedtls_md, int id, int iterations);

Implemented in pkcs12.c:326

Arguments

Argument

Description

data

buffer to store the derived data in

datalen

length of buffer to fill

pwd

The password to use. For compliance with PKCS#12 §B.1, this should be a BMPString, i.e. a Unicode string where each character is encoded as 2 bytes in big-endian order, with no byte order mark and with a null terminator (i.e. the last two bytes should be 0x00 0x00).

pwdlen

length of the password (may be 0).

salt

Salt buffer to use. This may only be \c NULL when \p saltlen is 0.

saltlen

length of the salt (may be zero)

mbedtls_md

mbedtls_md type to use during the derivation

id that describes the purpose (can be #MBEDTLS_PKCS12_DERIVE_KEY, #MBEDTLS_PKCS12_DERIVE_IV or #MBEDTLS_PKCS12_DERIVE_MAC_KEY)

iterations

number of iterations