[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Tue Jul 20 00:15:38 UTC 2021
The branch master has been updated
via b8ffcd8715cc9cf4626fe5b2ddaa5daf7b0957f2 (commit)
via 9dbb4dac096729779c32751350810e610d3dfe0a (commit)
via 73a3b967e915487565fe04c0e6530d8081e6c3a5 (commit)
via d2f25d5c0aa5f96766ce1f49bedba35a5330cfdb (commit)
from d9c29baf1a23d2be17b9b4ab8f7b4fe43dd74454 (commit)
- Log -----------------------------------------------------------------
commit b8ffcd8715cc9cf4626fe5b2ddaa5daf7b0957f2
Author: Pauli <pauli at openssl.org>
Date: Mon Jul 19 13:17:02 2021 +1000
demos: update readme file with pbkdf2 and scrypt examples.
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16109)
commit 9dbb4dac096729779c32751350810e610d3dfe0a
Author: Pauli <pauli at openssl.org>
Date: Mon Jul 19 13:00:38 2021 +1000
demos: add Makefile support for pbkdf2 and scrypt KDF demos
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16109)
commit 73a3b967e915487565fe04c0e6530d8081e6c3a5
Author: Pauli <pauli at openssl.org>
Date: Mon Jul 19 13:00:23 2021 +1000
demo: add scrypt demonstration program
Using test vector from RTC 7914
Fixes #14108
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16109)
commit d2f25d5c0aa5f96766ce1f49bedba35a5330cfdb
Author: Pauli <pauli at openssl.org>
Date: Mon Jul 19 13:00:06 2021 +1000
demo: add pbkdf2 demonstration program
Using test vector from RTC 7914
Fixes #14107
Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
(Merged from https://github.com/openssl/openssl/pull/16109)
-----------------------------------------------------------------------
Summary of changes:
demos/README.txt | 2 +
demos/kdf/Makefile | 6 ++-
demos/kdf/{hkdf.c => pbkdf2.c} | 69 ++++++++++++++----------
demos/kdf/scrypt.c | 120 +++++++++++++++++++++++++++++++++++++++++
4 files changed, 167 insertions(+), 30 deletions(-)
copy demos/kdf/{hkdf.c => pbkdf2.c} (52%)
create mode 100644 demos/kdf/scrypt.c
diff --git a/demos/README.txt b/demos/README.txt
index cdcbd02f94..8adfdb774d 100644
--- a/demos/README.txt
+++ b/demos/README.txt
@@ -20,6 +20,8 @@ EVP_f_md.c Compute a digest using BIO and EVP_f_md
kdf:
hkdf.c Demonstration of HMAC based key derivation
+pbkdf2.c Demonstration of PBKDF2 password based key derivation
+scrypt.c Demonstration of SCRYPT password based key derivation
pkey:
EVP_PKEY_EC_keygen.c Generate an EC key.
diff --git a/demos/kdf/Makefile b/demos/kdf/Makefile
index b561de43b7..0aa5113105 100644
--- a/demos/kdf/Makefile
+++ b/demos/kdf/Makefile
@@ -7,14 +7,16 @@ CFLAGS = -I../../include -g
LDFLAGS = -L../..
LDLIBS = -lcrypto
-all: hkdf
+all: hkdf pbkdf2 scrypt
%.o: %.c
$(CC) $(CFLAGS) -c $<
hkdf: hkdf.o
+pbkdf2: pbkdf2.o
+scrypt: scrypt.o
test: ;
clean:
- $(RM) *.o hkdf
+ $(RM) *.o hkdf pbkdf2 scrypt
diff --git a/demos/kdf/hkdf.c b/demos/kdf/pbkdf2.c
similarity index 52%
copy from demos/kdf/hkdf.c
copy to demos/kdf/pbkdf2.c
index cb7a170e94..3e0adaee79 100644
--- a/demos/kdf/hkdf.c
+++ b/demos/kdf/pbkdf2.c
@@ -16,29 +16,43 @@
/*
* test vector from
- * https://datatracker.ietf.org/doc/html/rfc5869
+ * https://datatracker.ietf.org/doc/html/rfc7914
*/
-static unsigned char hkdf_salt[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
- 0x0c
+/*
+ * Hard coding a password into an application is very bad.
+ * It is done here solely for educational purposes.
+ */
+static unsigned char password[] = {
+ 'P', 'a', 's', 's', 'w', 'o', 'r', 'd'
};
-static unsigned char hkdf_ikm[] = {
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b
+/*
+ * The salt is better not being hard coded too. Each password should have a
+ * different salt if possible. The salt is not considered secret information
+ * and is safe to store with an encrypted password.
+ */
+static unsigned char pbkdf2_salt[] = {
+ 'N', 'a', 'C', 'l'
};
+
+/*
+ * The iteration parameter can be variable or hard coded. The disadvantage with
+ * hard coding them is that they cannot easily be adjusted for future
+ * technological improvements appear.
+ */
+static unsigned int pbkdf2_iterations = 80000;
-static unsigned char hkdf_info[] = {
- 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9
-};
+static const unsigned char expected_output[] = {
-/* Expected output keying material */
-static unsigned char hkdf_okm[] = {
- 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, 0x90, 0x43, 0x4f, 0x64,
- 0xd0, 0x36, 0x2f, 0x2a, 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c,
- 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf, 0x34, 0x00, 0x72, 0x08,
- 0xd5, 0xb8, 0x87, 0x18, 0x58, 0x65
+ 0x4d, 0xdc, 0xd8, 0xf6, 0x0b, 0x98, 0xbe, 0x21,
+ 0x83, 0x0c, 0xee, 0x5e, 0xf2, 0x27, 0x01, 0xf9,
+ 0x64, 0x1a, 0x44, 0x18, 0xd0, 0x4c, 0x04, 0x14,
+ 0xae, 0xff, 0x08, 0x87, 0x6b, 0x34, 0xab, 0x56,
+ 0xa1, 0xd4, 0x25, 0xa1, 0x22, 0x58, 0x33, 0x54,
+ 0x9a, 0xdb, 0x84, 0x1b, 0x51, 0xc9, 0xb3, 0x17,
+ 0x6a, 0x27, 0x2b, 0xde, 0xbb, 0xa1, 0xd0, 0x78,
+ 0x47, 0x8f, 0x62, 0xb3, 0x97, 0xf3, 0x3c, 0x8d
};
int main(int argc, char **argv)
@@ -46,7 +60,7 @@ int main(int argc, char **argv)
int rv = 1;
EVP_KDF *kdf = NULL;
EVP_KDF_CTX *kctx = NULL;
- unsigned char out[42];
+ unsigned char out[64];
OSSL_PARAM params[5], *p = params;
OSSL_LIB_CTX *library_context = NULL;
@@ -57,7 +71,7 @@ int main(int argc, char **argv)
}
/* Fetch the key derivation function implementation */
- kdf = EVP_KDF_fetch(library_context, "HKDF", NULL);
+ kdf = EVP_KDF_fetch(library_context, "PBKDF2", NULL);
if (kdf == NULL) {
fprintf(stderr, "EVP_KDF_fetch() returned NULL\n");
goto end;
@@ -70,18 +84,17 @@ int main(int argc, char **argv)
goto end;
}
+ /* Set password */
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, password,
+ sizeof(password));
+ /* Set salt */
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, pbkdf2_salt,
+ sizeof(pbkdf2_salt));
+ /* Set iteration count (default 2048) */
+ *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_ITER, &pbkdf2_iterations);
/* Set the underlying hash function used to derive the key */
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
"SHA256", 0);
- /* Set input keying material */
- *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, hkdf_ikm,
- sizeof(hkdf_ikm));
- /* Set application specific information */
- *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, hkdf_info,
- sizeof(hkdf_info));
- /* Set salt */
- *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, hkdf_salt,
- sizeof(hkdf_salt));
*p = OSSL_PARAM_construct_end();
/* Derive the key */
@@ -90,7 +103,7 @@ int main(int argc, char **argv)
goto end;
}
- if (CRYPTO_memcmp(hkdf_okm, out, sizeof(hkdf_okm)) != 0) {
+ if (CRYPTO_memcmp(expected_output, out, sizeof(expected_output)) != 0) {
fprintf(stderr, "Generated key does not match expected value\n");
goto end;
}
diff --git a/demos/kdf/scrypt.c b/demos/kdf/scrypt.c
new file mode 100644
index 0000000000..2be9908800
--- /dev/null
+++ b/demos/kdf/scrypt.c
@@ -0,0 +1,120 @@
+/*
+ * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/core_names.h>
+#include <openssl/crypto.h>
+#include <openssl/kdf.h>
+#include <openssl/obj_mac.h>
+#include <openssl/params.h>
+
+/*
+ * test vector from
+ * https://datatracker.ietf.org/doc/html/rfc7914
+ */
+
+/*
+ * Hard coding a password into an application is very bad.
+ * It is done here solely for educational purposes.
+ */
+static unsigned char password[] = {
+ 'p', 'a', 's', 's', 'w', 'o', 'r', 'd'
+};
+
+/*
+ * The salt is better not being hard coded too. Each password should have a
+ * different salt if possible. The salt is not considered secret information
+ * and is safe to store with an encrypted password.
+ */
+static unsigned char scrypt_salt[] = {
+ 'N', 'a', 'C', 'l'
+};
+
+/*
+ * The SCRYPT parameters can be variable or hard coded. The disadvantage with
+ * hard coding them is that they cannot easily be adjusted for future
+ * technological improvements appear.
+ */
+static unsigned int scrypt_n = 1024;
+static unsigned int scrypt_r = 8;
+static unsigned int scrypt_p = 16;
+
+static const unsigned char expected_output[] = {
+
+ 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
+ 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
+ 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
+ 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
+ 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
+ 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
+ 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
+ 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
+};
+
+int main(int argc, char **argv)
+{
+ int rv = 1;
+ EVP_KDF *kdf = NULL;
+ EVP_KDF_CTX *kctx = NULL;
+ unsigned char out[64];
+ OSSL_PARAM params[6], *p = params;
+ OSSL_LIB_CTX *library_context = NULL;
+
+ library_context = OSSL_LIB_CTX_new();
+ if (library_context == NULL) {
+ fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n");
+ goto end;
+ }
+
+ /* Fetch the key derivation function implementation */
+ kdf = EVP_KDF_fetch(library_context, "SCRYPT", NULL);
+ if (kdf == NULL) {
+ fprintf(stderr, "EVP_KDF_fetch() returned NULL\n");
+ goto end;
+ }
+
+ /* Create a context for the key derivation operation */
+ kctx = EVP_KDF_CTX_new(kdf);
+ if (kctx == NULL) {
+ fprintf(stderr, "EVP_KDF_CTX_new() returned NULL\n");
+ goto end;
+ }
+
+ /* Set password */
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, password,
+ sizeof(password));
+ /* Set salt */
+ *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, scrypt_salt,
+ sizeof(scrypt_salt));
+ /* Set N (default 1048576) */
+ *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_N, &scrypt_n);
+ /* Set R (default 8) */
+ *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_R, &scrypt_r);
+ /* Set P (default 1) */
+ *p++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_P, &scrypt_p);
+ *p = OSSL_PARAM_construct_end();
+
+ /* Derive the key */
+ if (EVP_KDF_derive(kctx, out, sizeof(out), params) != 1) {
+ fprintf(stderr, "EVP_KDF_derive() failed\n");
+ goto end;
+ }
+
+ if (CRYPTO_memcmp(expected_output, out, sizeof(expected_output)) != 0) {
+ fprintf(stderr, "Generated key does not match expected value\n");
+ goto end;
+ }
+
+ rv = 0;
+end:
+ EVP_KDF_CTX_free(kctx);
+ EVP_KDF_free(kdf);
+ OSSL_LIB_CTX_free(library_context);
+ return rv;
+}
More information about the openssl-commits
mailing list