1EVP_KDF-SCRYPT(7ossl)               OpenSSL              EVP_KDF-SCRYPT(7ossl)
2
3
4

NAME

6       EVP_KDF-SCRYPT - The scrypt EVP_KDF implementation
7

DESCRIPTION

9       Support for computing the scrypt password-based KDF through the EVP_KDF
10       API.
11
12       The EVP_KDF-SCRYPT algorithm implements the scrypt password-based key
13       derivation function, as described in RFC 7914.  It is memory-hard in
14       the sense that it deliberately requires a significant amount of RAM for
15       efficient computation. The intention of this is to render brute forcing
16       of passwords on systems that lack large amounts of main memory (such as
17       GPUs or ASICs) computationally infeasible.
18
19       scrypt provides three work factors that can be customized: N, r and p.
20       N, which has to be a positive power of two, is the general work factor
21       and scales CPU time in an approximately linear fashion. r is the block
22       size of the internally used hash function and p is the parallelization
23       factor. Both r and p need to be greater than zero. The amount of RAM
24       that scrypt requires for its computation is roughly (128 * N * r * p)
25       bytes.
26
27       In the original paper of Colin Percival ("Stronger Key Derivation via
28       Sequential Memory-Hard Functions", 2009), the suggested values that
29       give a computation time of less than 5 seconds on a 2.5 GHz Intel Core
30       2 Duo are N = 2^20 = 1048576, r = 8, p = 1. Consequently, the required
31       amount of memory for this computation is roughly 1 GiB. On a more
32       recent CPU (Intel i7-5930K at 3.5 GHz), this computation takes about 3
33       seconds. When N, r or p are not specified, they default to 1048576, 8,
34       and 1, respectively. The maximum amount of RAM that may be used by
35       scrypt defaults to 1025 MiB.
36
37   Identity
38       "SCRYPT" is the name for this implementation; it can be used with the
39       EVP_KDF_fetch() function.
40
41   Supported parameters
42       The supported parameters are:
43
44       "pass" (OSSL_KDF_PARAM_PASSWORD) <octet string>
45       "salt" (OSSL_KDF_PARAM_SALT) <octet string>
46           These parameters work as described in "PARAMETERS" in EVP_KDF(3).
47
48       "n" (OSSL_KDF_PARAM_SCRYPT_N) <unsigned integer>
49       "r" (OSSL_KDF_PARAM_SCRYPT_R) <unsigned integer>
50       "p" (OSSL_KDF_PARAM_SCRYPT_P) <unsigned integer>
51       "maxmem_bytes" (OSSL_KDF_PARAM_SCRYPT_MAXMEM) <unsigned integer>
52           These parameters configure the scrypt work factors N, r, maxmem and
53           p.  Both N and maxmem_bytes are parameters of type uint64_t.  Both
54           r and p are parameters of type uint32_t.
55
56       "properties" (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>
57           This can be used to set the property query string when fetching the
58           fixed digest internally. NULL is used if this value is not set.
59

NOTES

61       A context for scrypt can be obtained by calling:
62
63        EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SCRYPT", NULL);
64        EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
65
66       The output length of an scrypt key derivation is specified via the
67       "keylen" parameter to the EVP_KDF_derive(3) function.
68

EXAMPLES

70       This example derives a 64-byte long test vector using scrypt with the
71       password "password", salt "NaCl" and N = 1024, r = 8, p = 16.
72
73        EVP_KDF *kdf;
74        EVP_KDF_CTX *kctx;
75        unsigned char out[64];
76        OSSL_PARAM params[6], *p = params;
77
78        kdf = EVP_KDF_fetch(NULL, "SCRYPT", NULL);
79        kctx = EVP_KDF_CTX_new(kdf);
80        EVP_KDF_free(kdf);
81
82        *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_PASSWORD,
83                                                 "password", (size_t)8);
84        *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
85                                                 "NaCl", (size_t)4);
86        *p++ = OSSL_PARAM_construct_uint64(OSSL_KDF_PARAM_SCRYPT_N, (uint64_t)1024);
87        *p++ = OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_SCRYPT_R, (uint32_t)8);
88        *p++ = OSSL_PARAM_construct_uint32(OSSL_KDF_PARAM_SCRYPT_P, (uint32_t)16);
89        *p = OSSL_PARAM_construct_end();
90        if (EVP_KDF_derive(kctx, out, sizeof(out), params) <= 0) {
91            error("EVP_KDF_derive");
92        }
93
94        {
95            const unsigned char expected[sizeof(out)] = {
96                0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00,
97                0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe,
98                0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30,
99                0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62,
100                0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88,
101                0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda,
102                0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d,
103                0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40
104            };
105
106            assert(!memcmp(out, expected, sizeof(out)));
107        }
108
109        EVP_KDF_CTX_free(kctx);
110

CONFORMING TO

112       RFC 7914
113

SEE ALSO

115       EVP_KDF(3), EVP_KDF_CTX_new(3), EVP_KDF_CTX_free(3),
116       EVP_KDF_CTX_set_params(3), EVP_KDF_derive(3), "PARAMETERS" in
117       EVP_KDF(3)
118

120       Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
121
122       Licensed under the Apache License 2.0 (the "License").  You may not use
123       this file except in compliance with the License.  You can obtain a copy
124       in the file LICENSE in the source distribution or at
125       <https://www.openssl.org/source/license.html>.
126
127
128
1293.0.5                             2022-07-05             EVP_KDF-SCRYPT(7ossl)
Impressum