=over 4
-=item B<OSSL_KDF_PARAM_PROPERTIES> ("properties") <UTF8 string>
+=item "properties" (B<OSSL_KDF_PARAM_PROPERTIES>) <UTF8 string>
-=item B<OSSL_KDF_PARAM_DIGEST> ("digest") <UTF8 string>
+=item "digest" (B<OSSL_KDF_PARAM_DIGEST>) <UTF8 string>
-=item B<OSSL_KDF_PARAM_KEY> ("key") <octet string>
+=item "key" (B<OSSL_KDF_PARAM_KEY>) <octet string>
These parameters work as described in L<EVP_KDF(3)/PARAMETERS>.
-=item B<OSSL_KDF_PARAM_SSHKDF_XCGHASH> ("xcghash") <octet string>
+=item "xcghash" (B<OSSL_KDF_PARAM_SSHKDF_XCGHASH>) <octet string>
-=item B<OSSL_KDF_PARAM_SSHKDF_SESSION_ID> ("session_id") <octet string>
+=item "session_id" (B<OSSL_KDF_PARAM_SSHKDF_SESSION_ID>) <octet string>
These parameters set the respective values for the KDF.
If a value is already set, the contents are replaced.
-=item B<OSSL_KDF_PARAM_SSHKDF_TYPE> ("type") <int>
+=item "type" (B<OSSL_KDF_PARAM_SSHKDF_TYPE>) <UTF8 string>
-This parameter sets the type for the SSHHKDF operation.
+This parameter sets the type for the SSHKDF operation.
There are six supported types:
=over 4
=item EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV
The Initial IV from client to server.
-A single char of value 65 (ASCII char 'A').
+Char array initializer of value {65, 0}, i.e., ASCII string "A".
=item EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI
The Initial IV from server to client
-A single char of value 66 (ASCII char 'B').
+Char array initializer of value {66, 0}, i.e., ASCII string "B".
=item EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV
The Encryption Key from client to server
-A single char of value 67 (ASCII char 'C').
+Char array initializer of value {67, 0}, i.e., ASCII string "C".
=item EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI
The Encryption Key from server to client
-A single char of value 68 (ASCII char 'D').
+Char array initializer of value {68, 0}, i.e., ASCII string "D".
=item EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV
The Integrity Key from client to server
-A single char of value 69 (ASCII char 'E').
+Char array initializer of value {69, 0}, i.e., ASCII string "E".
=item EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI
The Integrity Key from client to server
-A single char of value 70 (ASCII char 'F').
+Char array initializer of value {70, 0}, i.e., ASCII string "F".
=back
EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SSHKDF", NULL);
EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
-The output length of the SSHKDF derivation is specified via the C<keylen>
-parameter to the L<EVP_KDF-derive(3)> function.
-Since the SSHKDF output length is variable, calling L<EVP_KDF-size()>
+The output length of the SSHKDF derivation is specified via the I<keylen>
+parameter to the L<EVP_KDF_derive(3)> function.
+Since the SSHKDF output length is variable, calling L<EVP_KDF_CTX_get_kdf_size(3)>
to obtain the requisite length is not meaningful. The caller must
allocate a buffer of the desired length, and pass that buffer to the
-L<EVP_KDF-derive(3)> function along with the desired length.
+L<EVP_KDF_derive(3)> function along with the desired length.
=head1 EXAMPLES
EVP_KDF *kdf;
EVP_KDF_CTX *kctx;
+ const char type[] = EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV;
unsigned char key[1024] = "01234...";
unsigned char xcghash[32] = "012345...";
unsigned char session_id[32] = "012345...";
xcghash, (size_t)32);
*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
session_id, (size_t)32);
- *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_SSHKDF_TYPE,
- EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV);
+ *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_SSHKDF_TYPE,
+ type, sizeof(type));
*p = OSSL_PARAM_construct_end();
if (EVP_KDF_CTX_set_params(kctx, params) <= 0)
/* Error */
=head1 SEE ALSO
-L<EVP_KDF>,
-L<EVP_KDF-CTX_new_id(3)>,
-L<EVP_KDF-CTX_free(3)>,
-L<EVP_KDF-ctrl(3)>,
-L<EVP_KDF-size(3)>,
-L<EVP_KDF-derive(3)>,
+L<EVP_KDF(3)>,
+L<EVP_KDF_CTX_new(3)>,
+L<EVP_KDF_CTX_free(3)>,
+L<EVP_KDF_CTX_set_params(3)>,
+L<EVP_KDF_CTX_get_kdf_size(3)>,
+L<EVP_KDF_derive(3)>,
L<EVP_KDF(3)/PARAMETERS>
=head1 COPYRIGHT
-Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
-Licensed under the OpenSSL license (the "License"). You may not use
+Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.