[thirdparty/openssl.git] / doc / man7 / EVP_KDF_X963.pod

=pod

=head1 NAME

EVP_KDF_X963 - The X9.63-2001 EVP_KDF implementation

=head1 DESCRIPTION

The EVP_KDF_X963 algorithm implements the key derivation function (X963KDF).
X963KDF is used by Cryptographic Message Syntax (CMS) for EC KeyAgreement, to
derive a key using input such as a shared secret key and shared info.

=head2 Numeric identity

B<EVP_KDF_X963> is the numeric identity for this implementation; it
can be used with the EVP_KDF_CTX_new_id() function.

=head2 Supported controls

The supported controls are:

=over 4

=item B<EVP_KDF_CTRL_SET_MD>

This control works as described in L<EVP_KDF_CTX(3)/CONTROLS>.

=item B<EVP_KDF_CTRL_SET_KEY>

This control expects two arguments: C<unsigned char *secret>, C<size_t secretlen>

The shared secret used for key derivation.  This control sets the secret.

EVP_KDF_ctrl_str() takes two type strings for this control:

=over 4

=item "secret"

The value string is used as is.

=item "hexsecret"

The value string is expected to be a hexadecimal number, which will be
decoded before being passed on as the control value.

=back

=item B<EVP_KDF_CTRL_SET_SHARED_INFO>

This control expects two arguments: C<unsigned char *info>, C<size_t infolen>

An optional value for shared info. This control sets the shared info.

EVP_KDF_ctrl_str() takes two type strings for this control:

=over 4

=item "info"

The value string is used as is.

=item "hexinfo"

The value string is expected to be a hexadecimal number, which will be
decoded before being passed on as the control value.

=back

=back

=head1 NOTES

X963KDF is very similar to the SSKDF that uses a digest as the auxiliary function,
X963KDF appends the counter to the secret, whereas SSKDF prepends the counter.

A context for X963KDF can be obtained by calling:

EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_KDF_X963);

The output length of an X963KDF is specified via the C<keylen>
parameter to the L<EVP_KDF_derive(3)> function.

=head1 EXAMPLES

This example derives 10 bytes, with the secret key "secret" and sharedinfo
value "label":

  EVP_KDF_CTX *kctx;
  unsigned char out[10];

  kctx = EVP_KDF_CTX_new_id(EVP_KDF_X963);

  if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
      error("EVP_KDF_CTRL_SET_MD");
  }
  if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret", (size_t)6) <= 0) {
      error("EVP_KDF_CTRL_SET_KEY");
  }
  if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SHARED_INFO, "label", (size_t)5) <= 0) {
      error("EVP_KDF_CTRL_SET_SHARED_INFO");
  }
  if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
      error("EVP_KDF_derive");
  }

  EVP_KDF_CTX_free(kctx);

=head1 CONFORMING TO

"SEC 1: Elliptic Curve Cryptography"

=head1 SEE ALSO

L<EVP_KDF_CTX>,
L<EVP_KDF_CTX_new_id(3)>,
L<EVP_KDF_CTX_free(3)>,
L<EVP_KDF_ctrl(3)>,
L<EVP_KDF_size(3)>,
L<EVP_KDF_derive(3)>,
L<EVP_KDF_CTX(3)/CONTROLS>

=head1 HISTORY

This functionality was added to OpenSSL 3.0.

=head1 COPYRIGHT

Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut
Commit	Line	Data
8bbeaaa4 SL	1	=pod
	2
	3	=head1 NAME
	4
	5	EVP_KDF_X963 - The X9.63-2001 EVP_KDF implementation
	6
	7	=head1 DESCRIPTION
	8
	9	The EVP_KDF_X963 algorithm implements the key derivation function (X963KDF).
	10	X963KDF is used by Cryptographic Message Syntax (CMS) for EC KeyAgreement, to
	11	derive a key using input such as a shared secret key and shared info.
	12
	13	=head2 Numeric identity
	14
	15	B<EVP_KDF_X963> is the numeric identity for this implementation; it
	16	can be used with the EVP_KDF_CTX_new_id() function.
	17
	18	=head2 Supported controls
	19
	20	The supported controls are:
	21
	22	=over 4
	23
	24	=item B<EVP_KDF_CTRL_SET_MD>
	25
	26	This control works as described in L<EVP_KDF_CTX(3)/CONTROLS>.
	27
	28	=item B<EVP_KDF_CTRL_SET_KEY>
	29
	30	This control expects two arguments: C<unsigned char *secret>, C<size_t secretlen>
	31
	32	The shared secret used for key derivation. This control sets the secret.
	33
	34	EVP_KDF_ctrl_str() takes two type strings for this control:
	35
	36	=over 4
	37
	38	=item "secret"
	39
	40	The value string is used as is.
	41
	42	=item "hexsecret"
	43
	44	The value string is expected to be a hexadecimal number, which will be
	45	decoded before being passed on as the control value.
	46
	47	=back
	48
	49	=item B<EVP_KDF_CTRL_SET_SHARED_INFO>
	50
	51	This control expects two arguments: C<unsigned char *info>, C<size_t infolen>
	52
	53	An optional value for shared info. This control sets the shared info.
	54
	55	EVP_KDF_ctrl_str() takes two type strings for this control:
	56
	57	=over 4
	58
	59	=item "info"
	60
	61	The value string is used as is.
	62
	63	=item "hexinfo"
	64
65	The value string is expected to be a hexadecimal number, which will be
66	decoded before being passed on as the control value.
67
68	=back
69
70	=back
71
72	=head1 NOTES
73
c2969ff6	74	X963KDF is very similar to the SSKDF that uses a digest as the auxiliary function,
8bbeaaa4 SL	75	X963KDF appends the counter to the secret, whereas SSKDF prepends the counter.
	76
	77	A context for X963KDF can be obtained by calling:
	78
	79	EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_KDF_X963);
	80
	81	The output length of an X963KDF is specified via the C<keylen>
	82	parameter to the L<EVP_KDF_derive(3)> function.
	83
cda77422	84	=head1 EXAMPLES
8bbeaaa4 SL	85
	86	This example derives 10 bytes, with the secret key "secret" and sharedinfo
	87	value "label":
	88
	89	EVP_KDF_CTX *kctx;
	90	unsigned char out[10];
	91
	92	kctx = EVP_KDF_CTX_new_id(EVP_KDF_X963);
	93
	94	if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0) {
	95	error("EVP_KDF_CTRL_SET_MD");
	96	}
	97	if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret", (size_t)6) <= 0) {
	98	error("EVP_KDF_CTRL_SET_KEY");
	99	}
	100	if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_SHARED_INFO, "label", (size_t)5) <= 0) {
	101	error("EVP_KDF_CTRL_SET_SHARED_INFO");
	102	}
	103	if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) {
	104	error("EVP_KDF_derive");
	105	}
	106
	107	EVP_KDF_CTX_free(kctx);
	108
	109	=head1 CONFORMING TO
	110
	111	"SEC 1: Elliptic Curve Cryptography"
	112
	113	=head1 SEE ALSO
	114
	115	L<EVP_KDF_CTX>,
	116	L<EVP_KDF_CTX_new_id(3)>,
	117	L<EVP_KDF_CTX_free(3)>,
	118	L<EVP_KDF_ctrl(3)>,
	119	L<EVP_KDF_size(3)>,
	120	L<EVP_KDF_derive(3)>,
	121	L<EVP_KDF_CTX(3)/CONTROLS>
	122
	123	=head1 HISTORY
	124
4674aaf4	125	This functionality was added to OpenSSL 3.0.
8bbeaaa4 SL	126
	127	=head1 COPYRIGHT
	128
	129	Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
	130
	131	Licensed under the Apache License 2.0 (the "License"). You may not use
	132	this file except in compliance with the License. You can obtain a copy
	133	in the file LICENSE in the source distribution or at
	134	L<https://www.openssl.org/source/license.html>.
	135
	136	=cut