[thirdparty/openssl.git] / doc / man7 / EVP_KDF-HMAC-DRBG.pod

=pod

=head1 NAME

EVP_KDF-HMAC-DRBG
- The HMAC DRBG DETERMINISTIC EVP_KDF implementation

=head1 DESCRIPTION

Support for a deterministic HMAC DRBG using the B<EVP_KDF> API. This is similar
to L<EVP_RAND-HMAC-DRBG(7)>, but uses fixed values for its entropy and nonce
values. This is used to generate deterministic nonce value required by ECDSA
and DSA (as defined in RFC 6979).

=head2 Identity

"HMAC-DRBG-KDF" is the name for this implementation; it can be used
with the EVP_KDF_fetch() function.

=head2 Supported parameters

The supported parameters are:

=over 4

=item "digest" (B<OSSL_DRBG_PARAM_DIGEST>) <UTF8 string>

=item "properties" (B<OSSL_DRBG_PARAM_PROPERTIES>) <UTF8 string>

These parameters work as described in L<EVP_KDF(3)/PARAMETERS>.

=item "entropy" (B<OSSL_KDF_PARAM_HMACDRBG_ENTROPY>) <octet string>

Sets the entropy bytes supplied to the HMAC-DRBG.

=item "nonce" (B<OSSL_KDF_PARAM_HMACDRBG_NONCE>) <octet string>

Sets the nonce bytes supplied to the HMAC-DRBG.

=back

=head1 NOTES

A context for KDF HMAC DRBG can be obtained by calling:

 EVP_KDF *kdf = EVP_KDF_fetch(NULL, "HMAC-DRBG-KDF", NULL);
 EVP_KDF_CTX *kdf_ctx = EVP_KDF_CTX_new(kdf, NULL);

=head1 CONFORMING TO

RFC 6979

=head1 SEE ALSO

L<EVP_KDF(3)>,
L<EVP_KDF(3)/PARAMETERS>

=head1 HISTORY

The EVP_KDF-HMAC-DRBG functionality was added in OpenSSL 3.2.

=head1 COPYRIGHT

Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
f3090fc7	1	=pod
	2
	3	=head1 NAME
	4
	5	EVP_KDF-HMAC-DRBG
	6	- The HMAC DRBG DETERMINISTIC EVP_KDF implementation
	7
	8	=head1 DESCRIPTION
	9
91b968bc	10	Support for a deterministic HMAC DRBG using the B<EVP_KDF> API. This is similar
f3090fc7	11	to L<EVP_RAND-HMAC-DRBG(7)>, but uses fixed values for its entropy and nonce
	12	values. This is used to generate deterministic nonce value required by ECDSA
	13	and DSA (as defined in RFC 6979).
	14
	15	=head2 Identity
	16
	17	"HMAC-DRBG-KDF" is the name for this implementation; it can be used
	18	with the EVP_KDF_fetch() function.
	19
	20	=head2 Supported parameters
	21
	22	The supported parameters are:
	23
	24	=over 4
	25
	26	=item "digest" (B<OSSL_DRBG_PARAM_DIGEST>) <UTF8 string>
	27
	28	=item "properties" (B<OSSL_DRBG_PARAM_PROPERTIES>) <UTF8 string>
	29
	30	These parameters work as described in L<EVP_KDF(3)/PARAMETERS>.
	31
	32	=item "entropy" (B<OSSL_KDF_PARAM_HMACDRBG_ENTROPY>) <octet string>
	33
	34	Sets the entropy bytes supplied to the HMAC-DRBG.
	35
	36	=item "nonce" (B<OSSL_KDF_PARAM_HMACDRBG_NONCE>) <octet string>
	37
	38	Sets the nonce bytes supplied to the HMAC-DRBG.
	39
	40	=back
	41
	42	=head1 NOTES
	43
	44	A context for KDF HMAC DRBG can be obtained by calling:
	45
	46	EVP_KDF *kdf = EVP_KDF_fetch(NULL, "HMAC-DRBG-KDF", NULL);
	47	EVP_KDF_CTX *kdf_ctx = EVP_KDF_CTX_new(kdf, NULL);
	48
	49	=head1 CONFORMING TO
	50
	51	RFC 6979
	52
	53	=head1 SEE ALSO
	54
	55	L<EVP_KDF(3)>,
	56	L<EVP_KDF(3)/PARAMETERS>
	57
	58	=head1 HISTORY
	59
	60	The EVP_KDF-HMAC-DRBG functionality was added in OpenSSL 3.2.
	61
	62	=head1 COPYRIGHT
	63
da1c088f	64	Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
f3090fc7	65
	66	Licensed under the Apache License 2.0 (the "License"). You may not use
	67	this file except in compliance with the License. You can obtain a copy
	68	in the file LICENSE in the source distribution or at
	69	L<https://www.openssl.org/source/license.html>.
	70
	71	=cut