openssl3.2 - 官方demo学习 - kdf - scrypt.c

文章目录

    • [openssl3.2 - 官方demo学习 - kdf - scrypt.c](#openssl3.2 - 官方demo学习 - kdf - scrypt.c)
    • 概述
    • 笔记
    • END

openssl3.2 - 官方demo学习 - kdf - scrypt.c

概述

设置 kdf-SCRYPT算法的参数, 取key

笔记

c 复制代码
/*!
\file scrypt.c
\note openssl3.2 - 官方demo学习 - kdf - scrypt.c
设置 kdf-SCRYPT算法的参数, 取key
*/

/*
 * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include <openssl/core_names.h>
#include <openssl/crypto.h>
#include <openssl/kdf.h>
#include <openssl/obj_mac.h>
#include <openssl/params.h>

#include "my_openSSL_lib.h"

/*
 * test vector from
 * https://datatracker.ietf.org/doc/html/rfc7914
 */

/*
 * Hard coding a password into an application is very bad.
 * It is done here solely for educational purposes.
 */
static unsigned char password[] = {
    'p', 'a', 's', 's', 'w', 'o', 'r', 'd'
};

/*
 * The salt is better not being hard coded too.  Each password should have a
 * different salt if possible.  The salt is not considered secret information
 * and is safe to store with an encrypted password.
 */
static unsigned char scrypt_salt[] = {
    'N', 'a', 'C', 'l'
};

/*
 * The SCRYPT parameters can be variable or hard coded.  The disadvantage with
 * hard coding them is that they cannot easily be adjusted for future
 * technological improvements appear.
 */
static unsigned int scrypt_n = 1024;
static unsigned int scrypt_r = 8;
static unsigned int scrypt_p = 16;

static const unsigned char expected_output[] = {

    0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
    0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
    0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
    0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
    0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
    0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
    0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
    0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
};

int main(int argc, char **argv)
{
    int ret = EXIT_FAILURE;
    EVP_KDF *_evp_kdf = NULL;
    EVP_KDF_CTX *_evp_kdf_ctx = NULL;
    unsigned char out[64];
    OSSL_PARAM _ossl_param_ary[6], *p_ossl_param = _ossl_param_ary;
    OSSL_LIB_CTX *_ossl_lib_ctx = NULL;

    _ossl_lib_ctx = OSSL_LIB_CTX_new();
    if (_ossl_lib_ctx == NULL) {
        fprintf(stderr, "OSSL_LIB_CTX_new() returned NULL\n");
        goto end;
    }

    /* Fetch the key derivation function implementation */
    _evp_kdf = EVP_KDF_fetch(_ossl_lib_ctx, "SCRYPT", NULL);
    if (_evp_kdf == NULL) {
        fprintf(stderr, "EVP_KDF_fetch() returned NULL\n");
        goto end;
    }

    /* Create a context for the key derivation operation */
    _evp_kdf_ctx = EVP_KDF_CTX_new(_evp_kdf);
    if (_evp_kdf_ctx == NULL) {
        fprintf(stderr, "EVP_KDF_CTX_new() returned NULL\n");
        goto end;
    }

    /* Set password */
    *p_ossl_param++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD, password,
                                             sizeof(password));
    /* Set salt */
    *p_ossl_param++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, scrypt_salt,
                                             sizeof(scrypt_salt));
    /* Set N (default 1048576) */
    *p_ossl_param++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_N, &scrypt_n);
    /* Set R (default 8) */
    *p_ossl_param++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_R, &scrypt_r);
    /* Set P (default 1) */
    *p_ossl_param++ = OSSL_PARAM_construct_uint(OSSL_KDF_PARAM_SCRYPT_P, &scrypt_p);
    *p_ossl_param = OSSL_PARAM_construct_end();

    /* Derive the key */
    if (EVP_KDF_derive(_evp_kdf_ctx, out, sizeof(out), _ossl_param_ary) != 1) {
        fprintf(stderr, "EVP_KDF_derive() failed\n");
        goto end;
    }

    if (CRYPTO_memcmp(expected_output, out, sizeof(expected_output)) != 0) {
        fprintf(stderr, "Generated key does not match expected value\n");
        goto end;
    }

    ret = EXIT_SUCCESS;
end:
    EVP_KDF_CTX_free(_evp_kdf_ctx);
    EVP_KDF_free(_evp_kdf);
    OSSL_LIB_CTX_free(_ossl_lib_ctx);
    return ret;
}

END

相关推荐
沉在嵌入式的鱼6 天前
RK3588移植Openssl库
linux·rk3588·openssl
黑屋里的马9 天前
ssl相关命令生成证书
服务器·网络·ssl·openssl·gmssl
fangeqin22 天前
ubuntu源码安装python3.13遇到Could not build the ssl module!解决方法
linux·python·ubuntu·openssl
API开发1 个月前
苹果芯片macOS安装版Homebrew(亲测) ,一键安装node、python、vscode等,比绿色软件还干净、无污染
vscode·python·docker·nodejs·openssl·brew·homebrew
码农不惑1 个月前
Rust使用tokio(二)HTTPS相关
https·rust·web·openssl
liulilittle1 个月前
通过高级处理器硬件指令集AES-NI实现AES-256-CFB算法并通过OPENSSL加密验证算法正确性。
linux·服务器·c++·算法·安全·加密·openssl
liulilittle1 个月前
OpenSSL 的 AES-NI 支持机制
linux·运维·服务器·算法·加密·openssl·解密
liulilittle1 个月前
通过高级处理器硬件指令集AES-NI实现AES-256-CFB算法。
linux·服务器·c++·算法·安全·加密·openssl
花花少年2 个月前
Ubuntu系统下交叉编译openssl
openssl·交叉编译
什么名字都被用了2 个月前
编译openssl源码
c++·openssl