From: Pauli Date: Mon, 2 Aug 2021 11:44:38 +0000 (+1000) Subject: doc: add documentation for TLS13_KDF X-Git-Tag: openssl-3.0.0~153 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=94eb3cdd34bf391f50a59bbfcc6cb83138a77261;p=thirdparty%2Fopenssl.git doc: add documentation for TLS13_KDF Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell Reviewed-by: Shane Lontis (Merged from https://github.com/openssl/openssl/pull/16203) --- diff --git a/doc/man7/EVP_KDF-TLS13_KDF.pod b/doc/man7/EVP_KDF-TLS13_KDF.pod new file mode 100644 index 00000000000..a049a7cd7e7 --- /dev/null +++ b/doc/man7/EVP_KDF-TLS13_KDF.pod @@ -0,0 +1,128 @@ +=pod + +=head1 NAME + +EVP_KDF-TLS13_KDF - The TLS 1.3 EVP_KDF implementation + +=head1 DESCRIPTION + +Support for computing the TLS 1.3 version of the B KDF through +the B API. + +The EVP_KDF-TLS13_KDF algorithm implements the HKDF key derivation function +as used by TLS 1.3. + +=head2 Identity + +"TLS13-KDF" is the name for this implementation; it +can be used with the EVP_KDF_fetch() function. + +=head2 Supported parameters + +The supported parameters are: + +=over 4 + +=item "properties" (B) + +=item "digest" (B) + +=item "key" (B) + +=item "salt" (B) + +These parameters work as described in L. + +=item "prefix" (B) + +This parameter sets the label prefix on the specified TLS 1.3 KDF context. +For TLS 1.3 this should be set to the ASCII string "tls13 " without a +trailing zero byte. Refer to RFC 8446 section 7.1 "Key Schedule" for details. + +=item "label" (B) + +This parameter sets the label on the specified TLS 1.3 KDF context. +Refer to RFC 8446 section 7.1 "Key Schedule" for details. + +=item "data" (B) + +This parameter sets the context data on the specified TLS 1.3 KDF context. +Refer to RFC 8446 section 7.1 "Key Schedule" for details. + +=item "mode" (B) or + +This parameter sets the mode for the TLS 1.3 KDF operation. +There are two modes that are currently defined: + +=over 4 + +=item "EXTRACT_ONLY" or B + +In this mode calling L will just perform the extract +operation. The value returned will be the intermediate fixed-length pseudorandom +key K. The I parameter must match the size of K, which can be looked +up by calling EVP_KDF_CTX_get_kdf_size() after setting the mode and digest. + +The digest, key and salt values must be set before a key is derived otherwise +an error will occur. + +=item "EXPAND_ONLY" or B + +In this mode calling L will just perform the expand +operation. The input key should be set to the intermediate fixed-length +pseudorandom key K returned from a previous extract operation. + +The digest, key and info values must be set before a key is derived otherwise +an error will occur. + +=back + +=back + +=head1 NOTES + +This KDF is intended for use by the TLS 1.3 implementation in libssl. +It does not support all the options and capabilities that HKDF does. + +The I array passed to L or +L must specify all of the parameters required. +This KDF does not support a piecemeal approach to providing these. + +A context for a TLS 1.3 KDF can be obtained by calling: + + EVP_KDF *kdf = EVP_KDF_fetch(NULL, "TLS13-KDF", NULL); + EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); + +The output length of a TLS 1.3 KDF expand operation is specified via the +I parameter to the L function. When using +EVP_KDF_HKDF_MODE_EXTRACT_ONLY the I parameter must equal the size of +the intermediate fixed-length pseudorandom key otherwise an error will occur. +For that mode, the fixed output size can be looked up by calling +EVP_KDF_CTX_get_kdf_size() after setting the mode and digest on the +B. + +=head1 CONFORMING TO + +RFC 8446 + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L, +L, +L + +=head1 COPYRIGHT + +Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut