]>
Commit | Line | Data |
---|---|---|
1 | =pod | |
2 | ||
3 | =head1 NAME | |
4 | ||
5 | EVP_KDF_X963 - The X9.63-2001 EVP_KDF implementation | |
6 | ||
7 | =head1 DESCRIPTION | |
8 | ||
9 | The EVP_KDF_X963 algorithm implements the key derivation function (X963KDF). | |
10 | X963KDF is used by Cryptographic Message Syntax (CMS) for EC KeyAgreement, to | |
11 | derive a key using input such as a shared secret key and shared info. | |
12 | ||
13 | =head2 Numeric identity | |
14 | ||
15 | B<EVP_KDF_X963> is the numeric identity for this implementation; it | |
16 | can be used with the EVP_KDF_CTX_new_id() function. | |
17 | ||
18 | =head2 Supported controls | |
19 | ||
20 | The supported controls are: | |
21 | ||
22 | =over 4 | |
23 | ||
24 | =item B<EVP_KDF_CTRL_SET_MD> | |
25 | ||
26 | This control works as described in L<EVP_KDF_CTX(3)/CONTROLS>. | |
27 | ||
28 | =item B<EVP_KDF_CTRL_SET_KEY> | |
29 | ||
30 | This control expects two arguments: C<unsigned char *secret>, C<size_t secretlen> | |
31 | ||
32 | The shared secret used for key derivation. This control sets the secret. | |
33 | ||
34 | EVP_KDF_ctrl_str() takes two type strings for this control: | |
35 | ||
36 | =over 4 | |
37 | ||
38 | =item "secret" | |
39 | ||
40 | The value string is used as is. | |
41 | ||
42 | =item "hexsecret" | |
43 | ||
44 | The value string is expected to be a hexadecimal number, which will be | |
45 | decoded before being passed on as the control value. | |
46 | ||
47 | =back | |
48 | ||
49 | =item B<EVP_KDF_CTRL_SET_SHARED_INFO> | |
50 | ||
51 | This control expects two arguments: C<unsigned char *info>, C<size_t infolen> | |
52 | ||
53 | An optional value for shared info. This control sets the shared info. | |
54 | ||
55 | EVP_KDF_ctrl_str() takes two type strings for this control: | |
56 | ||
57 | =over 4 | |
58 | ||
59 | =item "info" | |
60 | ||
61 | The value string is used as is. | |
62 | ||
63 | =item "hexinfo" | |
64 | ||
65 | The value string is expected to be a hexadecimal number, which will be | |
66 | decoded before being passed on as the control value. | |
67 | ||
68 | =back | |
69 | ||
70 | =back | |
71 | ||
72 | =head1 NOTES | |
73 | ||
74 | X963KDF is very similar to the SSKDF that uses a digest as the auxiliary function, | |
75 | X963KDF appends the counter to the secret, whereas SSKDF prepends the counter. | |
76 | ||
77 | A context for X963KDF can be obtained by calling: | |
78 | ||
79 | EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_KDF_X963); | |
80 | ||
81 | The output length of an X963KDF is specified via the C<keylen> | |
82 | parameter to the L<EVP_KDF_derive(3)> function. | |
83 | ||
84 | =head1 EXAMPLE | |
85 | ||
86 | This example derives 10 bytes, with the secret key "secret" and sharedinfo | |
87 | value "label": | |
88 | ||
89 | EVP_KDF_CTX *kctx; | |
90 | unsigned char out[10]; | |
91 | ||
92 | kctx = EVP_KDF_CTX_new_id(EVP_KDF_X963); | |
93 | ||
94 | if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) { | |
95 | error("EVP_KDF_CTRL_SET_MD"); | |
96 | } | |
97 | if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret", (size_t)6) <= 0) { | |
98 | error("EVP_KDF_CTRL_SET_KEY"); | |
99 | } | |
100 | if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SHARED_INFO, "label", (size_t)5) <= 0) { | |
101 | error("EVP_KDF_CTRL_SET_SHARED_INFO"); | |
102 | } | |
103 | if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { | |
104 | error("EVP_KDF_derive"); | |
105 | } | |
106 | ||
107 | EVP_KDF_CTX_free(kctx); | |
108 | ||
109 | =head1 CONFORMING TO | |
110 | ||
111 | "SEC 1: Elliptic Curve Cryptography" | |
112 | ||
113 | =head1 SEE ALSO | |
114 | ||
115 | L<EVP_KDF_CTX>, | |
116 | L<EVP_KDF_CTX_new_id(3)>, | |
117 | L<EVP_KDF_CTX_free(3)>, | |
118 | L<EVP_KDF_ctrl(3)>, | |
119 | L<EVP_KDF_size(3)>, | |
120 | L<EVP_KDF_derive(3)>, | |
121 | L<EVP_KDF_CTX(3)/CONTROLS> | |
122 | ||
123 | =head1 HISTORY | |
124 | ||
125 | This functionality was added to OpenSSL 3.0.0. | |
126 | ||
127 | =head1 COPYRIGHT | |
128 | ||
129 | Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. | |
130 | ||
131 | Licensed under the Apache License 2.0 (the "License"). You may not use | |
132 | this file except in compliance with the License. You can obtain a copy | |
133 | in the file LICENSE in the source distribution or at | |
134 | L<https://www.openssl.org/source/license.html>. | |
135 | ||
136 | =cut |