KDF: Introduce Argon2i, Argon2d, Argon2id #12256

ckalina · 2020-06-24T09:23:18Z

Rework of #9444
Threading has since been singled out into a separate MR here: #12255 and is required for this set to go in.

Currently no RFC is available; IETF draft: https://datatracker.ietf.org/doc/draft-irtf-cfrg-argon2/

Checklist

documentation is added or updated
tests are added or updated

guidovranken · 2020-06-24T12:10:04Z

I tested this again with Cryptofuzz. Verifying against Botan's ARGON2 implementation. So far, output appears to be correct in all cases.

It found a minor flaw:

providers/implementations/kdfs/argon2.c:1128:12: runtime error: null pointer passed as argument 1, which is declared to never be null
/usr/include/string.h:43:28: note: nonnull attribute specified here

You can add return 1 to kdf_argon2_derive if outlen is 0 to circumvent this.

Once this is merged, long term fuzzing at OSS-Fuzz should bring to light any remaining issues.

ckalina · 2020-06-24T14:54:29Z

@guidovranken, nice catch. Fixed (although it should return 0 as Argon2 requires outlen >= 4).

ckalina · 2020-06-24T19:23:58Z

Rebased changes from #12255 (threading support MR), changed a handful of crypto_thread* function calls to conform to changes made therein.

include/openssl/kdf.h

include/crypto/evp.h

doc/man7/EVP_KDF-ARGON2.pod

include/openssl/evperr.h

doc/man7/EVP_KDF-ARGON2.pod

providers/implementations/kdfs/argon2.c

test/evp_kdf_test.c

providers/implementations/kdfs/argon2.c

paulidale

One possibly typographic issue.

There should be a mention of this in doc/man7/OSSL_PROVIDER-default.pod. It's just this added (with blank lines in the Key Derivation Function section:

=item ARGON2, see L<EVP_KDF-ARGON2(7)>

Approved these are addressed, I'll approve.

A marathon effort, thanks for your persistence.

test/evp_test.c

https://datatracker.ietf.org/doc/rfc9106/ Signed-off-by: Čestmír Kalina <[email protected]>

ckalina · 2023-03-15T17:42:36Z

Thank you for the reviews! Argon2 entry added into doc/man7/OSSL_PROVIDER-default.pod.

paulidale

Finally!

openssl-machine · 2023-03-17T00:00:23Z

This pull request is ready to merge

paulidale · 2023-03-17T00:13:36Z

And merged. Thanks for the perseverance on this.

Signed-off-by: Čestmír Kalina <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from #12256)

Add a gcc-only static assertion that a variable is of a specified type. Signed-off-by: Čestmír Kalina <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from #12256)

https://datatracker.ietf.org/doc/rfc9106/ Signed-off-by: Čestmír Kalina <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> Reviewed-by: Paul Dale <[email protected]> (Merged from #12256)

mbroz · 2023-03-17T08:13:29Z

Thanks everyone!

For the record how long marathon this was, it started with @ckalina bachelor thesis in 2020 ... Just a few years and we are finally there :-)

mattcaswell · 2023-03-17T08:26:48Z

Good news!! Thanks @ckalina for all your efforts!

ckalina mentioned this pull request Jun 24, 2020

Add Argon2 KDF support. #9444

Closed

1 task

ckalina force-pushed the mr_argon2_v2 branch from 15bc0e6 to 2bd2219 Compare June 24, 2020 14:51

ckalina force-pushed the mr_argon2_v2 branch from 2bd2219 to 6a290c2 Compare June 24, 2020 19:22

slontis reviewed Jun 24, 2020

View reviewed changes

include/openssl/kdf.h Outdated Show resolved Hide resolved

slontis reviewed Jun 24, 2020

View reviewed changes

include/crypto/evp.h Outdated Show resolved Hide resolved

slontis reviewed Jun 24, 2020

View reviewed changes

doc/man7/EVP_KDF-ARGON2.pod Outdated Show resolved Hide resolved

slontis reviewed Jun 24, 2020

View reviewed changes

include/openssl/evperr.h Outdated Show resolved Hide resolved