2 * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include <openssl/core_names.h>
12 #include <openssl/crypto.h>
13 #include <openssl/kdf.h>
14 #include <openssl/params.h>
15 #include <openssl/thread.h>
18 * Example showing how to use Argon2 KDF.
19 * See man EVP_KDF-ARGON2 for more information.
22 * https://datatracker.ietf.org/doc/html/rfc9106
26 * Hard coding a password into an application is very bad.
27 * It is done here solely for educational purposes.
29 static unsigned char password
[] = {
30 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
31 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
32 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
33 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01
37 * The salt is better not being hard coded too. Each password should have a
38 * different salt if possible. The salt is not considered secret information
39 * and is safe to store with an encrypted password.
41 static unsigned char salt
[] = {
42 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02,
43 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02, 0x02
47 * Optional secret for KDF
49 static unsigned char secret
[] = {
50 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03, 0x03
54 * Optional additional data
56 static unsigned char ad
[] = {
57 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04, 0x04,
58 0x04, 0x04, 0x04, 0x04
62 * Argon2 cost parameters
64 static uint32_t memory_cost
= 32;
65 static uint32_t iteration_cost
= 3;
66 static uint32_t parallel_cost
= 4;
68 static const unsigned char expected_output
[] = {
69 0x0d, 0x64, 0x0d, 0xf5, 0x8d, 0x78, 0x76, 0x6c,
70 0x08, 0xc0, 0x37, 0xa3, 0x4a, 0x8b, 0x53, 0xc9,
71 0xd0, 0x1e, 0xf0, 0x45, 0x2d, 0x75, 0xb6, 0x5e,
72 0xb5, 0x25, 0x20, 0xe9, 0x6b, 0x01, 0xe6, 0x59
75 int main(int argc
, char **argv
)
77 int rv
= EXIT_FAILURE
;
79 EVP_KDF_CTX
*kctx
= NULL
;
80 unsigned char out
[32];
81 OSSL_PARAM params
[9], *p
= params
;
82 OSSL_LIB_CTX
*library_context
= NULL
;
85 library_context
= OSSL_LIB_CTX_new();
86 if (library_context
== NULL
) {
87 fprintf(stderr
, "OSSL_LIB_CTX_new() returned NULL\n");
91 /* Fetch the key derivation function implementation */
92 kdf
= EVP_KDF_fetch(library_context
, "argon2id", NULL
);
94 fprintf(stderr
, "EVP_KDF_fetch() returned NULL\n");
98 /* Create a context for the key derivation operation */
99 kctx
= EVP_KDF_CTX_new(kdf
);
101 fprintf(stderr
, "EVP_KDF_CTX_new() returned NULL\n");
106 * Thread support can be turned off; use serialization if we cannot
107 * set requested number of threads.
109 threads
= parallel_cost
;
110 if (OSSL_set_max_threads(library_context
, parallel_cost
) != 1) {
111 uint64_t max_threads
= OSSL_get_max_threads(library_context
);
113 if (max_threads
== 0)
115 else if (max_threads
< parallel_cost
)
116 threads
= max_threads
;
120 *p
++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD
, password
, sizeof(password
));
122 *p
++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT
, salt
, sizeof(salt
));
123 /* Set optional additional data */
124 *p
++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_ARGON2_AD
, ad
, sizeof(ad
));
125 /* Set optional secret */
126 *p
++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET
, secret
, sizeof(secret
));
127 /* Set iteration count */
128 *p
++ = OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_ITER
, &iteration_cost
);
129 /* Set threads performing derivation (can be decreased) */
130 *p
++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_THREADS
, &threads
);
131 /* Set parallel cost */
132 *p
++ = OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_ARGON2_LANES
, ¶llel_cost
);
133 /* Set memory requirement */
134 *p
++ = OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_ARGON2_MEMCOST
, &memory_cost
);
135 *p
= OSSL_PARAM_construct_end();
138 if (EVP_KDF_derive(kctx
, out
, sizeof(out
), params
) != 1) {
139 fprintf(stderr
, "EVP_KDF_derive() failed\n");
143 if (CRYPTO_memcmp(expected_output
, out
, sizeof(expected_output
)) != 0) {
144 fprintf(stderr
, "Generated key does not match expected value\n");
150 EVP_KDF_CTX_free(kctx
);
152 OSSL_LIB_CTX_free(library_context
);