]>
Commit | Line | Data |
---|---|---|
f3090fc7 | 1 | =pod |
2 | ||
3 | =head1 NAME | |
4 | ||
5 | EVP_KDF-HMAC-DRBG | |
6 | - The HMAC DRBG DETERMINISTIC EVP_KDF implementation | |
7 | ||
8 | =head1 DESCRIPTION | |
9 | ||
91b968bc | 10 | Support for a deterministic HMAC DRBG using the B<EVP_KDF> API. This is similar |
f3090fc7 | 11 | to L<EVP_RAND-HMAC-DRBG(7)>, but uses fixed values for its entropy and nonce |
12 | values. This is used to generate deterministic nonce value required by ECDSA | |
13 | and DSA (as defined in RFC 6979). | |
14 | ||
15 | =head2 Identity | |
16 | ||
17 | "HMAC-DRBG-KDF" is the name for this implementation; it can be used | |
18 | with the EVP_KDF_fetch() function. | |
19 | ||
20 | =head2 Supported parameters | |
21 | ||
22 | The supported parameters are: | |
23 | ||
24 | =over 4 | |
25 | ||
26 | =item "digest" (B<OSSL_DRBG_PARAM_DIGEST>) <UTF8 string> | |
27 | ||
28 | =item "properties" (B<OSSL_DRBG_PARAM_PROPERTIES>) <UTF8 string> | |
29 | ||
30 | These parameters work as described in L<EVP_KDF(3)/PARAMETERS>. | |
31 | ||
32 | =item "entropy" (B<OSSL_KDF_PARAM_HMACDRBG_ENTROPY>) <octet string> | |
33 | ||
34 | Sets the entropy bytes supplied to the HMAC-DRBG. | |
35 | ||
36 | =item "nonce" (B<OSSL_KDF_PARAM_HMACDRBG_NONCE>) <octet string> | |
37 | ||
38 | Sets the nonce bytes supplied to the HMAC-DRBG. | |
39 | ||
40 | =back | |
41 | ||
42 | =head1 NOTES | |
43 | ||
44 | A context for KDF HMAC DRBG can be obtained by calling: | |
45 | ||
46 | EVP_KDF *kdf = EVP_KDF_fetch(NULL, "HMAC-DRBG-KDF", NULL); | |
47 | EVP_KDF_CTX *kdf_ctx = EVP_KDF_CTX_new(kdf, NULL); | |
48 | ||
49 | =head1 CONFORMING TO | |
50 | ||
51 | RFC 6979 | |
52 | ||
53 | =head1 SEE ALSO | |
54 | ||
55 | L<EVP_KDF(3)>, | |
56 | L<EVP_KDF(3)/PARAMETERS> | |
57 | ||
58 | =head1 HISTORY | |
59 | ||
60 | The EVP_KDF-HMAC-DRBG functionality was added in OpenSSL 3.2. | |
61 | ||
62 | =head1 COPYRIGHT | |
63 | ||
da1c088f | 64 | Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved. |
f3090fc7 | 65 | |
66 | Licensed under the Apache License 2.0 (the "License"). You may not use | |
67 | this file except in compliance with the License. You can obtain a copy | |
68 | in the file LICENSE in the source distribution or at | |
69 | L<https://www.openssl.org/source/license.html>. | |
70 | ||
71 | =cut |