diff options
author | Pauli <paul.dale@oracle.com> | 2019-09-02 13:58:22 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2019-09-06 19:27:57 +1000 |
commit | ccd7115a4158a34008975ae83c3a733ba0be9911 (patch) | |
tree | b1dc5c6e85c84e6ad7a1784213836795be5444d4 /doc/man7/EVP_KDF-SS.pod | |
parent | 53598b22987faead115463bf8bd027cd8f794cf3 (diff) |
Update KDF documentation (section 7)
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9662)
Diffstat (limited to 'doc/man7/EVP_KDF-SS.pod')
-rw-r--r-- | doc/man7/EVP_KDF-SS.pod | 197 |
1 files changed, 197 insertions, 0 deletions
diff --git a/doc/man7/EVP_KDF-SS.pod b/doc/man7/EVP_KDF-SS.pod new file mode 100644 index 0000000000..be69606701 --- /dev/null +++ b/doc/man7/EVP_KDF-SS.pod @@ -0,0 +1,197 @@ +=pod + +=head1 NAME + +EVP_KDF-SS - The Single Step / One Step EVP_KDF implementation + +=head1 DESCRIPTION + +The EVP_KDF-SS algorithm implements the Single Step key derivation function (SSKDF). +SSKDF derives a key using input such as a shared secret key (that was generated +during the execution of a key establishment scheme) and fixedinfo. +SSKDF is also informally referred to as 'Concat KDF'. + +=head2 Auxiliary function + +The implementation uses a selectable auxiliary function H, which can be one of: + +=over 4 + +=item B<H(x) = hash(x, digest=md)> + +=item B<H(x) = HMAC_hash(x, key=salt, digest=md)> + +=item B<H(x) = KMACxxx(x, key=salt, custom="KDF", outlen=mac_size)> + +=back + +Both the HMAC and KMAC implementations set the key using the 'salt' value. +The hash and HMAC also require the digest to be set. + +=head2 Identity + +"SSKDF" is the name for this implementation; it +can be used with the EVP_KDF_fetch() function. + +=head2 Supported parameters + +The supported parameters are: + +=over 4 + +=item B<OSSL_KDF_PARAM_PROPERTIES> ("properties") <UTF8 string> + +=item B<OSSL_KDF_PARAM_DIGEST> ("digest") <UTF8 string> + +=item B<OSSL_KDF_PARAM_MAC> ("mac") <UTF8 string> + +=item B<OSSL_KDF_PARAM_MAC_SIZE> ("maclen") <size_t> + +=item B<OSSL_KDF_PARAM_SALT> ("salt") <octet string> + +These parameters work as described in L<EVP_KDF(3)/PARAMETERS>. + +=item B<EVP_KDF_CTRL_SET_KEY> ("key") <octet string> + +This parameter set the shared secret that is used for key derivation. + +=item B<OSSL_KDF_PARAM_INFO> ("info") <octet string> + +This parameter sets an optional value for fixedinfo, also known as otherinfo. + +=back + +=head1 NOTES + +A context for SSKDF can be obtained by calling: + + EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL); + EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); + +The output length of an SSKDF is specified via the C<keylen> +parameter to the L<EVP_KDF-derive(3)> function. + +=head1 EXAMPLES + +This example derives 10 bytes using H(x) = SHA-256, with the secret key "secret" +and fixedinfo value "label": + + EVP_KDF *kdf; + EVP_KDF_CTX *kctx; + unsigned char out[10]; + OSSL_PARAM params[4], *p = params; + + kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL); + kctx = EVP_KDF_CTX_new(kdf); + EVP_KDF_free(kdf); + + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, + SN_sha256, strlen(SN_sha256)); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, + "secret", (size_t)6); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, + "label", (size_t)5); + *p = OSSL_PARAM_construct_end(); + if (EVP_KDF_set_params(kctx, params) <= 0) { + error("EVP_KDF_set_params"); + } + if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { + error("EVP_KDF_derive"); + } + + EVP_KDF_CTX_free(kctx); + +This example derives 10 bytes using H(x) = HMAC(SHA-256), with the secret key "secret", +fixedinfo value "label" and salt "salt": + + EVP_KDF *kdf; + EVP_KDF_CTX *kctx; + unsigned char out[10]; + OSSL_PARAM params[6], *p = params; + + kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL); + kctx = EVP_KDF_CTX_new(kdf); + EVP_KDF_free(kdf); + + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, + SN_hmac, strlen(SN_hmac)); + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, + SN_sha256, strlen(SN_sha256)); + *p++ = OSSL_PARAM_construct_octet_string(EVP_KDF_CTRL_SET_KEY, + "secret", (size_t)6); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, + "label", (size_t)5); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, + "salt", (size_t)4); + *p = OSSL_PARAM_construct_end(); + if (EVP_KDF_set_params(kctx, params) <= 0) { + error("EVP_KDF_set_params"); + } + if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { + error("EVP_KDF_derive"); + } + + EVP_KDF_CTX_free(kctx); + +This example derives 10 bytes using H(x) = KMAC128(x,salt,outlen), with the secret key "secret" +fixedinfo value "label", salt of "salt" and KMAC outlen of 20: + + EVP_KDF *kdf; + EVP_KDF_CTX *kctx; + unsigned char out[10]; + OSSL_PARAM params[7], *p = params; + + kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL); + kctx = EVP_KDF_CTX_new(kdf); + EVP_KDF_free(kdf); + + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, + SN_kmac128, strlen(SN_kmac128)); + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, + SN_sha256, strlen(SN_sha256)); + *p++ = OSSL_PARAM_construct_octet_string(EVP_KDF_CTRL_SET_KEY, + "secret", (size_t)6); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, + "label", (size_t)5); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, + "salt", (size_t)4); + *p++ = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_MAC_SIZE, (size_t)20); + *p = OSSL_PARAM_construct_end(); + if (EVP_KDF_set_params(kctx, params) <= 0) { + error("EVP_KDF_set_params"); + } + if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) { + error("EVP_KDF_derive"); + } + + EVP_KDF_CTX_free(kctx); + +=head1 CONFORMING TO + +NIST SP800-56Cr1. + +=head1 SEE ALSO + +L<EVP_KDF>, +L<EVP_KDF-CTX_new_id(3)>, +L<EVP_KDF-CTX_free(3)>, +L<EVP_KDF-ctrl(3)>, +L<EVP_KDF-size(3)>, +L<EVP_KDF-derive(3)>, +L<EVP_KDF(3)/PARAMETERS> + +=head1 HISTORY + +This functionality was added to OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. Copyright +(c) 2019, Oracle and/or its affiliates. All rights reserved. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L<https://www.openssl.org/source/license.html>. + +=cut |