Using CommonCrypto to generate a salted key

Question

This is how I have been generating my cryptographic keys until now:

unsigned char *salt; //8 salt bytes were created earlier
unsigned char *password; //password was obtained earlier
int passwordLength; //password length as well

unsigned char evp_key[EVP_MAX_KEY_LENGTH] = {"\0"};
unsigned char iv[EVP_MAX_IV_LENGTH];

EVP_BytesToKey(cipher, EVP_md5(), salt, password,  //cipher is also given
               passwordLength,
               1, evp_key, iv);

The result is a key and an “initial value.” I can then use these two (evp_key and iv) along with the given cipher to encrypt my data.

Now that with Lion, Apple has deprecated the above code, I have the following question:

Question: How do I do the same thing with CommonCrypto? I just came across the CCKeyDerivationPBKDF() function. Is this the one I’m looking for? I can’t see how this is the case, since I don’t get any “initial value” back. I don’t know how to compare this CommonCrypto function with the old method.

In particular: This new function doesn’t seem to even support the MD5 algorithm—only the SHA1. How, then, can I create new code that is backwards compatible with my old codebase (and files it has created)?

Answer 1

I found the solution. To me, it seems impossible to derive the keys exactly the way OpenSSL does using any Apple’s methods. Instead, I just had to read how OpenSSL derive the key and initialization vector in the section “Key Derivation Algorithm” on the page http://www.openssl.org/docs/crypto/EVP_BytesToKey.html and simply mimic that.