5 EVP_KDF, EVP_KDF_CTX, EVP_KDF_CTX_new, EVP_KDF_CTX_new_id, EVP_KDF_CTX_free,
6 EVP_KDF_CTX_kdf, EVP_KDF_reset, EVP_KDF_ctrl, EVP_KDF_vctrl, EVP_KDF_ctrl_str,
7 EVP_KDF_size, EVP_KDF_derive, EVP_KDF_nid, EVP_KDF_name,
8 EVP_get_kdfbyname, EVP_get_kdfbynid, EVP_get_kdfbyobj - EVP KDF routines
12 #include <openssl/kdf.h>
14 typedef struct evp_kdf_st EVP_KDF;
15 typedef struct evp_kdf_ctx_st EVP_KDF_CTX;
17 EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf);
18 EVP_KDF_CTX *EVP_KDF_CTX_new_id(int nid);
19 const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx);
20 void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx);
21 void EVP_KDF_reset(EVP_KDF_CTX *ctx);
22 int EVP_KDF_ctrl(EVP_KDF_CTX *ctx, int cmd, ...);
23 int EVP_KDF_vctrl(EVP_KDF_CTX *ctx, int cmd, va_list args);
24 int EVP_KDF_ctrl_str(EVP_KDF_CTX *ctx, const char *type, const char *value);
25 size_t EVP_KDF_size(EVP_KDF_CTX *ctx);
26 int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen);
27 int EVP_KDF_nid(const EVP_KDF *kdf);
28 const char *EVP_KDF_name(const EVP_KDF *kdf);
29 const EVP_KDF *EVP_get_kdfbyname(const char *name);
30 const EVP_KDF *EVP_get_kdfbynid(int nid);
31 const EVP_KDF *EVP_get_kdfbyobj(const ASN1_OBJECT *o);
35 The EVP KDF routines are a high level interface to Key Derivation Function
36 algorithms and should be used instead of algorithm-specific functions.
38 After creating a C<EVP_KDF_CTX> for the required algorithm using either
39 EVP_KDF_CTX_new() or EVP_KDF_CTX_new_id(), inputs to the algorithm are supplied
40 using calls to EVP_KDF_ctrl(), EVP_KDF_vctrl() or EVP_KDF_ctrl_str() before
41 calling EVP_KDF_derive() to derive the key.
45 B<EVP_KDF> is a type that holds the implementation of a KDF.
47 B<EVP_KDF_CTX> is a context type that holds the algorithm inputs.
49 =head2 Context manipulation functions
51 EVP_KDF_CTX_new() creates a new context for the KDF type C<kdf>.
53 EVP_KDF_CTX_new_id() creates a new context for the numerical KDF identity C<nid>.
55 EVP_KDF_CTX_free() frees up the context C<ctx>. If C<ctx> is C<NULL>, nothing
58 EVP_KDF_CTX_kdf() returns the B<EVP_KDF> associated with the context
61 =head2 Computing functions
63 EVP_KDF_reset() resets the context to the default state as if the context
64 had just been created.
66 EVP_KDF_ctrl() is used to provide inputs to the KDF algorithm prior to
67 EVP_KDF_derive() being called. The inputs that may be provided will vary
68 depending on the KDF algorithm or its implementation. This functions takes
69 variable arguments, the exact expected arguments depend on C<cmd>.
70 See L</CONTROLS> below for a description of standard controls.
72 EVP_KDF_vctrl() is the variant of EVP_KDF_ctrl() that takes a C<va_list>
73 argument instead of variadic arguments.
75 EVP_KDF_ctrl_str() allows an application to send an algorithm specific control
76 operation to a context C<ctx> in string form. This is intended to be used for
77 options specified on the command line or in text files.
79 EVP_KDF_derive() derives C<keylen> bytes of key material and places it in the
80 C<key> buffer. If the algorithm produces a fixed amount of output then an
81 error will occur unless the C<keylen> parameter is equal to that output size,
82 as returned by EVP_KDF_size().
84 =head2 Information functions
86 EVP_KDF_size() returns the output size if the algorithm produces a fixed amount
87 of output and C<SIZE_MAX> otherwise. If an error occurs then 0 is returned.
88 For some algorithms an error may result if input parameters necessary to
89 calculate a fixed output size have not yet been supplied.
91 EVP_KDF_nid() returns the numeric identity of the given KDF implementation.
93 EVP_KDF_name() returns the name of the given KDF implementation.
95 =head2 Object database functions
97 EVP_get_kdfbyname() fetches a KDF implementation from the object
100 EVP_get_kdfbynid() fetches a KDF implementation from the object
101 database by numeric identity.
103 EVP_get_kdfbyobj() fetches a KDF implementation from the object
104 database by ASN.1 OBJECT (i.e. an encoded OID).
108 The standard controls are:
112 =item B<EVP_KDF_CTRL_SET_PASS>
114 This control expects two arguments: C<unsigned char *pass>, C<size_t passlen>
116 Some KDF implementations require a password. For those KDF implementations
117 that support it, this control sets the password.
119 EVP_KDF_ctrl_str() takes two type strings for this control:
125 The value string is used as is.
129 The value string is expected to be a hexadecimal number, which will be
130 decoded before being passed on as the control value.
134 =item B<EVP_KDF_CTRL_SET_SALT>
136 This control expects two arguments: C<unsigned char *salt>, C<size_t saltlen>
138 Some KDF implementations can take a salt. For those KDF implementations that
139 support it, this control sets the salt.
141 The default value, if any, is implementation dependent.
143 EVP_KDF_ctrl_str() takes two type strings for this control:
149 The value string is used as is.
153 The value string is expected to be a hexadecimal number, which will be
154 decoded before being passed on as the control value.
158 =item B<EVP_KDF_CTRL_SET_ITER>
160 This control expects one argument: C<int iter>
162 Some KDF implementations require an iteration count. For those KDF implementations that support it, this control sets the iteration count.
164 The default value, if any, is implementation dependent.
166 EVP_KDF_ctrl_str() type string: "iter"
168 The value string is expected to be a decimal number.
170 =item B<EVP_KDF_CTRL_SET_MAC>
172 This control expects one argument: C<EVP_MAC *mac>
174 Some KDF implementations use a MAC as an underlying computation
175 algorithm, this control sets what the MAC algorithm should be.
177 EVP_KDF_ctrl_str() type string: "mac"
179 The value string is expected to be the name of a MAC.
181 =item B<EVP_KDF_CTRL_SET_MD>
183 This control expects one argument: C<EVP_MD *md>
185 For MAC implementations that use a message digest as an underlying computation
186 algorithm, this control sets what the digest algorithm should be.
188 EVP_KDF_ctrl_str() type string: "digest"
190 The value string is expected to be the name of a digest.
192 =item B<EVP_KDF_CTRL_SET_KEY>
194 This control expects two arguments: C<unsigned char *key>, C<size_t keylen>
196 Some KDF implementations require a key. For those KDF implementations that
197 support it, this control sets the key.
199 EVP_KDF_ctrl_str() takes two type strings for this control:
205 The value string is used as is.
209 The value string is expected to be a hexadecimal number, which will be
210 decoded before being passed on as the control value.
214 =item B<EVP_KDF_CTRL_SET_MAC_SIZE>
216 This control expects one argument: C<size_t size>
218 Used by implementations that use a MAC with a variable output size (KMAC). For
219 those KDF implementations that support it, this control sets the MAC output size.
221 The default value, if any, is implementation dependent.
223 EVP_KDF_ctrl_str() type string: "outlen"
225 The value string is expected to be a decimal number.
227 =item B<EVP_KDF_CTRL_SET_MAXMEM_BYTES>
229 This control expects one argument: C<uint64_t maxmem_bytes>
231 Memory-hard password-based KDF algorithms, such as scrypt, use an amount of
232 memory that depends on the load factors provided as input. For those KDF
233 implementations that support it, this control sets an upper limit on the amount
234 of memory that may be consumed while performing a key derivation. If this
235 memory usage limit is exceeded because the load factors are chosen too high,
236 the key derivation will fail.
238 The default value is implementation dependent.
240 EVP_KDF_ctrl_str() type string: "maxmem_bytes"
242 The value string is expected to be a decimal number.
248 EVP_KDF_CTX_new() and EVP_KDF_CTX_new_id() return either the newly allocated
249 C<EVP_KDF_CTX> structure or C<NULL> if an error occurred.
251 EVP_KDF_CTX_free() and EVP_KDF_reset() do not return a value.
253 EVP_KDF_size() returns the output size. C<SIZE_MAX> is returned to indicate
254 that the algorithm produces a variable amount of output; 0 to indicate failure.
256 EVP_KDF_nid() returns the numeric identity for the given C<kdf>.
258 EVP_KDF_name() returns the name for the given C<kdf>, if it has been
259 added to the object database.
261 EVP_add_kdf() returns 1 if the given C<kdf> was successfully added to
262 the object database, otherwise 0.
264 EVP_get_kdfbyname(), EVP_get_kdfbynid() and EVP_get_kdfbyobj() return
265 the requested KDF implementation, if it exists in the object database,
268 The remaining functions return 1 for success and 0 or a negative value for
269 failure. In particular, a return value of -2 indicates the operation is not
270 supported by the KDF algorithm.
275 L<EVP_KDF_TLS1_PRF(7)>
283 This functionality was added to OpenSSL 3.0.0.
287 Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
289 Licensed under the Apache License 2.0 (the "License"). You may not use
290 this file except in compliance with the License. You can obtain a copy
291 in the file LICENSE in the source distribution or at
292 L<https://www.openssl.org/source/license.html>.