wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/doc/man3/EVP_KDF_CTX.pod
Shane Lontis 1aec7716c1 Add X9.42 KDF. 
Move the KDF code for CMS DH key agreement into an EVP_KDF object.
There are 2 specifications for X9.42 KDF. This implementation uses DER for
otherinfo which embeds the KDF loop counter inside the DER object.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8898)
2019-07-09 09:33:18 +10:00

296 lines
9 KiB
Text
Raw Blame History

=pod
=head1 NAME
EVP_KDF, EVP_KDF_CTX, EVP_KDF_CTX_new, EVP_KDF_CTX_new_id, EVP_KDF_CTX_free,
EVP_KDF_CTX_kdf, EVP_KDF_reset, EVP_KDF_ctrl, EVP_KDF_vctrl, EVP_KDF_ctrl_str,
EVP_KDF_size, EVP_KDF_derive, EVP_KDF_nid, EVP_KDF_name,
EVP_get_kdfbyname, EVP_get_kdfbynid, EVP_get_kdfbyobj - EVP KDF routines
=head1 SYNOPSIS
#include <openssl/kdf.h>
typedef struct evp_kdf_st EVP_KDF;
typedef struct evp_kdf_ctx_st EVP_KDF_CTX;
EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf);
EVP_KDF_CTX *EVP_KDF_CTX_new_id(int nid);
const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx);
void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx);
void EVP_KDF_reset(EVP_KDF_CTX *ctx);
int EVP_KDF_ctrl(EVP_KDF_CTX *ctx, int cmd, ...);
int EVP_KDF_vctrl(EVP_KDF_CTX *ctx, int cmd, va_list args);
int EVP_KDF_ctrl_str(EVP_KDF_CTX *ctx, const char *type, const char *value);
size_t EVP_KDF_size(EVP_KDF_CTX *ctx);
int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen);
int EVP_KDF_nid(const EVP_KDF *kdf);
const char *EVP_KDF_name(const EVP_KDF *kdf);
const EVP_KDF *EVP_get_kdfbyname(const char *name);
const EVP_KDF *EVP_get_kdfbynid(int nid);
const EVP_KDF *EVP_get_kdfbyobj(const ASN1_OBJECT *o);
=head1 DESCRIPTION
The EVP KDF routines are a high level interface to Key Derivation Function
algorithms and should be used instead of algorithm-specific functions.
After creating a C<EVP_KDF_CTX> for the required algorithm using either
EVP_KDF_CTX_new() or EVP_KDF_CTX_new_id(), inputs to the algorithm are supplied
using calls to EVP_KDF_ctrl(), EVP_KDF_vctrl() or EVP_KDF_ctrl_str() before
calling EVP_KDF_derive() to derive the key.
=head2 Types
B<EVP_KDF> is a type that holds the implementation of a KDF.
B<EVP_KDF_CTX> is a context type that holds the algorithm inputs.
=head2 Context manipulation functions
EVP_KDF_CTX_new() creates a new context for the KDF type C<kdf>.
EVP_KDF_CTX_new_id() creates a new context for the numerical KDF identity C<nid>.
EVP_KDF_CTX_free() frees up the context C<ctx>. If C<ctx> is C<NULL>, nothing
is done.
EVP_KDF_CTX_kdf() returns the B<EVP_KDF> associated with the context
C<ctx>.
=head2 Computing functions
EVP_KDF_reset() resets the context to the default state as if the context
had just been created.
EVP_KDF_ctrl() is used to provide inputs to the KDF algorithm prior to
EVP_KDF_derive() being called. The inputs that may be provided will vary
depending on the KDF algorithm or its implementation. This functions takes
variable arguments, the exact expected arguments depend on C<cmd>.
See L</CONTROLS> below for a description of standard controls.
EVP_KDF_vctrl() is the variant of EVP_KDF_ctrl() that takes a C<va_list>
argument instead of variadic arguments.
EVP_KDF_ctrl_str() allows an application to send an algorithm specific control
operation to a context C<ctx> in string form. This is intended to be used for
options specified on the command line or in text files.
EVP_KDF_derive() derives C<keylen> bytes of key material and places it in the
C<key> buffer. If the algorithm produces a fixed amount of output then an
error will occur unless the C<keylen> parameter is equal to that output size,
as returned by EVP_KDF_size().
=head2 Information functions
EVP_KDF_size() returns the output size if the algorithm produces a fixed amount
of output and C<SIZE_MAX> otherwise. If an error occurs then 0 is returned.
For some algorithms an error may result if input parameters necessary to
calculate a fixed output size have not yet been supplied.
EVP_KDF_nid() returns the numeric identity of the given KDF implementation.
EVP_KDF_name() returns the name of the given KDF implementation.
=head2 Object database functions
EVP_get_kdfbyname() fetches a KDF implementation from the object
database by name.
EVP_get_kdfbynid() fetches a KDF implementation from the object
database by numeric identity.
EVP_get_kdfbyobj() fetches a KDF implementation from the object
database by ASN.1 OBJECT (i.e. an encoded OID).
=head1 CONTROLS
The standard controls are:
=over 4
=item B<EVP_KDF_CTRL_SET_PASS>
This control expects two arguments: C<unsigned char *pass>, C<size_t passlen>
Some KDF implementations require a password. For those KDF implementations
that support it, this control sets the password.
EVP_KDF_ctrl_str() takes two type strings for this control:
=over 4
=item "pass"
The value string is used as is.
=item "hexpass"
The value string is expected to be a hexadecimal number, which will be
decoded before being passed on as the control value.
=back
=item B<EVP_KDF_CTRL_SET_SALT>
This control expects two arguments: C<unsigned char *salt>, C<size_t saltlen>
Some KDF implementations can take a salt. For those KDF implementations that
support it, this control sets the salt.
The default value, if any, is implementation dependent.
EVP_KDF_ctrl_str() takes two type strings for this control:
=over 4
=item "salt"
The value string is used as is.
=item "hexsalt"
The value string is expected to be a hexadecimal number, which will be
decoded before being passed on as the control value.
=back
=item B<EVP_KDF_CTRL_SET_ITER>
This control expects one argument: C<int iter>
Some KDF implementations require an iteration count. For those KDF implementations that support it, this control sets the iteration count.
The default value, if any, is implementation dependent.
EVP_KDF_ctrl_str() type string: "iter"
The value string is expected to be a decimal number.
=item B<EVP_KDF_CTRL_SET_MAC>
This control expects one argument: C<EVP_MAC *mac>
Some KDF implementations use a MAC as an underlying computation
algorithm, this control sets what the MAC algorithm should be.
EVP_KDF_ctrl_str() type string: "mac"
The value string is expected to be the name of a MAC.
=item B<EVP_KDF_CTRL_SET_MD>
This control expects one argument: C<EVP_MD *md>
For MAC implementations that use a message digest as an underlying computation
algorithm, this control sets what the digest algorithm should be.
EVP_KDF_ctrl_str() type string: "digest"
The value string is expected to be the name of a digest.
=item B<EVP_KDF_CTRL_SET_KEY>
This control expects two arguments: C<unsigned char *key>, C<size_t keylen>
Some KDF implementations require a key. For those KDF implementations that
support it, this control sets the key.
EVP_KDF_ctrl_str() takes two type strings for this control:
=over 4
=item "key"
The value string is used as is.
=item "hexkey"
The value string is expected to be a hexadecimal number, which will be
decoded before being passed on as the control value.
=back
=item B<EVP_KDF_CTRL_SET_MAC_SIZE>
This control expects one argument: C<size_t size>
Used by implementations that use a MAC with a variable output size (KMAC). For
those KDF implementations that support it, this control sets the MAC output size.
The default value, if any, is implementation dependent.
EVP_KDF_ctrl_str() type string: "outlen"
The value string is expected to be a decimal number.
=item B<EVP_KDF_CTRL_SET_MAXMEM_BYTES>
This control expects one argument: C<uint64_t maxmem_bytes>
Memory-hard password-based KDF algorithms, such as scrypt, use an amount of
memory that depends on the load factors provided as input. For those KDF
implementations that support it, this control sets an upper limit on the amount
of memory that may be consumed while performing a key derivation. If this
memory usage limit is exceeded because the load factors are chosen too high,
the key derivation will fail.
The default value is implementation dependent.
EVP_KDF_ctrl_str() type string: "maxmem_bytes"
The value string is expected to be a decimal number.
=back
=head1 RETURN VALUES
EVP_KDF_CTX_new() and EVP_KDF_CTX_new_id() return either the newly allocated
C<EVP_KDF_CTX> structure or C<NULL> if an error occurred.
EVP_KDF_CTX_free() and EVP_KDF_reset() do not return a value.
EVP_KDF_size() returns the output size. C<SIZE_MAX> is returned to indicate
that the algorithm produces a variable amount of output; 0 to indicate failure.
EVP_KDF_nid() returns the numeric identity for the given C<kdf>.
EVP_KDF_name() returns the name for the given C<kdf>, if it has been
added to the object database.
EVP_add_kdf() returns 1 if the given C<kdf> was successfully added to
the object database, otherwise 0.
EVP_get_kdfbyname(), EVP_get_kdfbynid() and EVP_get_kdfbyobj() return
the requested KDF implementation, if it exists in the object database,
otherwise B<NULL>.
The remaining functions return 1 for success and 0 or a negative value for
failure. In particular, a return value of -2 indicates the operation is not
supported by the KDF algorithm.
=head1 SEE ALSO
L<EVP_KDF_SCRYPT(7)>
L<EVP_KDF_TLS1_PRF(7)>
L<EVP_KDF_PBKDF2(7)>
L<EVP_KDF_HKDF(7)>
L<EVP_KDF_SS(7)>
L<EVP_KDF_SSHKDF(7)>
L<EVP_KDF_X963(7)>
L<EVP_KDF_X942KDF(7)>
=head1 HISTORY
This functionality was added to OpenSSL 3.0.0.
=head1 COPYRIGHT
Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut
Reference in a new issue View git blame Copy permalink