|
| 1 | +#[cfg(ossl320)] |
| 2 | +struct EvpKdf(*mut ffi::EVP_KDF); |
| 3 | + |
| 4 | +#[cfg(ossl320)] |
| 5 | +impl Drop for EvpKdf { |
| 6 | + fn drop(&mut self) { |
| 7 | + unsafe { |
| 8 | + ffi::EVP_KDF_free(self.0); |
| 9 | + } |
| 10 | + } |
| 11 | +} |
| 12 | + |
| 13 | +#[cfg(ossl320)] |
| 14 | +struct EvpKdfCtx(*mut ffi::EVP_KDF_CTX); |
| 15 | + |
| 16 | +#[cfg(ossl320)] |
| 17 | +impl Drop for EvpKdfCtx { |
| 18 | + fn drop(&mut self) { |
| 19 | + unsafe { |
| 20 | + ffi::EVP_KDF_CTX_free(self.0); |
| 21 | + } |
| 22 | + } |
| 23 | +} |
| 24 | + |
| 25 | +cfg_if::cfg_if! { |
| 26 | + if #[cfg(all(ossl320, not(osslconf = "OPENSSL_NO_ARGON2")))] { |
| 27 | + use std::ffi::{c_char, c_void}; |
| 28 | + use std::mem::MaybeUninit; |
| 29 | + use std::ptr; |
| 30 | + use crate::{cvt, cvt_p}; |
| 31 | + use crate::error::ErrorStack; |
| 32 | + |
| 33 | + /// Derives a key using the argon2id algorithm. |
| 34 | + /// |
| 35 | + /// This function currently does not support multi-threaded operation, so |
| 36 | + /// lanes greater than 1 will be processed sequentially. |
| 37 | + /// |
| 38 | + /// Requires OpenSSL 3.2.0 or newer. |
| 39 | + #[allow(clippy::too_many_arguments)] |
| 40 | + pub fn argon2id( |
| 41 | + pass: &[u8], |
| 42 | + salt: &[u8], |
| 43 | + ad: Option<&[u8]>, |
| 44 | + secret: Option<&[u8]>, |
| 45 | + mut iter: u32, |
| 46 | + mut lanes: u32, |
| 47 | + mut memcost: u32, |
| 48 | + out: &mut [u8], |
| 49 | + ) -> Result<(), ErrorStack> { |
| 50 | + unsafe { |
| 51 | + ffi::init(); |
| 52 | + let mut threads = 1; |
| 53 | + let mut params: [ffi::OSSL_PARAM; 10] = |
| 54 | + core::array::from_fn(|_| MaybeUninit::<ffi::OSSL_PARAM>::zeroed().assume_init()); |
| 55 | + let mut idx = 0; |
| 56 | + params[idx] = ffi::OSSL_PARAM_construct_octet_string( |
| 57 | + b"pass\0".as_ptr() as *const c_char, |
| 58 | + pass.as_ptr() as *mut c_void, |
| 59 | + pass.len(), |
| 60 | + ); |
| 61 | + idx += 1; |
| 62 | + params[idx] = ffi::OSSL_PARAM_construct_octet_string( |
| 63 | + b"salt\0".as_ptr() as *const c_char, |
| 64 | + salt.as_ptr() as *mut c_void, |
| 65 | + salt.len(), |
| 66 | + ); |
| 67 | + idx += 1; |
| 68 | + params[idx] = |
| 69 | + ffi::OSSL_PARAM_construct_uint(b"threads\0".as_ptr() as *const c_char, &mut threads); |
| 70 | + idx += 1; |
| 71 | + params[idx] = |
| 72 | + ffi::OSSL_PARAM_construct_uint(b"lanes\0".as_ptr() as *const c_char, &mut lanes); |
| 73 | + idx += 1; |
| 74 | + params[idx] = |
| 75 | + ffi::OSSL_PARAM_construct_uint(b"memcost\0".as_ptr() as *const c_char, &mut memcost); |
| 76 | + idx += 1; |
| 77 | + params[idx] = |
| 78 | + ffi::OSSL_PARAM_construct_uint(b"iter\0".as_ptr() as *const c_char, &mut iter); |
| 79 | + idx += 1; |
| 80 | + let mut size = out.len() as u32; |
| 81 | + params[idx] = |
| 82 | + ffi::OSSL_PARAM_construct_uint(b"size\0".as_ptr() as *const c_char, &mut size); |
| 83 | + idx += 1; |
| 84 | + if let Some(ad) = ad { |
| 85 | + params[idx] = ffi::OSSL_PARAM_construct_octet_string( |
| 86 | + b"ad\0".as_ptr() as *const c_char, |
| 87 | + ad.as_ptr() as *mut c_void, |
| 88 | + ad.len(), |
| 89 | + ); |
| 90 | + idx += 1; |
| 91 | + } |
| 92 | + if let Some(secret) = secret { |
| 93 | + params[idx] = ffi::OSSL_PARAM_construct_octet_string( |
| 94 | + b"secret\0".as_ptr() as *const c_char, |
| 95 | + secret.as_ptr() as *mut c_void, |
| 96 | + secret.len(), |
| 97 | + ); |
| 98 | + idx += 1; |
| 99 | + } |
| 100 | + params[idx] = ffi::OSSL_PARAM_construct_end(); |
| 101 | + |
| 102 | + let argon2 = EvpKdf(cvt_p(ffi::EVP_KDF_fetch( |
| 103 | + ptr::null_mut(), |
| 104 | + b"ARGON2ID\0".as_ptr() as *const c_char, |
| 105 | + ptr::null(), |
| 106 | + ))?); |
| 107 | + let ctx = EvpKdfCtx(cvt_p(ffi::EVP_KDF_CTX_new(argon2.0))?); |
| 108 | + cvt(ffi::EVP_KDF_derive( |
| 109 | + ctx.0, |
| 110 | + out.as_mut_ptr(), |
| 111 | + out.len(), |
| 112 | + params.as_ptr(), |
| 113 | + )) |
| 114 | + .map(|_| ()) |
| 115 | + } |
| 116 | + } |
| 117 | + } |
| 118 | +} |
| 119 | + |
| 120 | +#[cfg(test)] |
| 121 | +mod tests { |
| 122 | + #[test] |
| 123 | + #[cfg(all(ossl320, not(osslconf = "OPENSSL_NO_ARGON2")))] |
| 124 | + fn argon2id() { |
| 125 | + // RFC 9106 test vector for argon2id |
| 126 | + let pass = hex::decode("0101010101010101010101010101010101010101010101010101010101010101") |
| 127 | + .unwrap(); |
| 128 | + let salt = hex::decode("02020202020202020202020202020202").unwrap(); |
| 129 | + let secret = hex::decode("0303030303030303").unwrap(); |
| 130 | + let ad = hex::decode("040404040404040404040404").unwrap(); |
| 131 | + let expected = "0d640df58d78766c08c037a34a8b53c9d01ef0452d75b65eb52520e96b01e659"; |
| 132 | + |
| 133 | + let mut actual = [0u8; 32]; |
| 134 | + super::argon2id( |
| 135 | + &pass, |
| 136 | + &salt, |
| 137 | + Some(&ad), |
| 138 | + Some(&secret), |
| 139 | + 3, |
| 140 | + 4, |
| 141 | + 32, |
| 142 | + &mut actual, |
| 143 | + ) |
| 144 | + .unwrap(); |
| 145 | + assert_eq!(hex::encode(&actual[..]), expected); |
| 146 | + } |
| 147 | + |
| 148 | + #[test] |
| 149 | + #[cfg(all(ossl320, not(osslconf = "OPENSSL_NO_ARGON2")))] |
| 150 | + fn argon2id_no_ad_secret() { |
| 151 | + // Test vector from OpenSSL |
| 152 | + let pass = b""; |
| 153 | + let salt = hex::decode("02020202020202020202020202020202").unwrap(); |
| 154 | + let expected = "0a34f1abde67086c82e785eaf17c68382259a264f4e61b91cd2763cb75ac189a"; |
| 155 | + |
| 156 | + let mut actual = [0u8; 32]; |
| 157 | + super::argon2id(pass, &salt, None, None, 3, 4, 32, &mut actual).unwrap(); |
| 158 | + assert_eq!(hex::encode(&actual[..]), expected); |
| 159 | + } |
| 160 | +} |
0 commit comments