wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/doc/man7/EVP_KDF_X942.pod
Richard Levitte 4674aaf4f2 In documentation, consistently refer to OpenSSL 3.0 
3.0.0 is a habit from pre-3.0 OpenSSL, which doesn't make sense with
the new version scheme.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9376)
2019-07-15 15:13:41 +02:00

150 lines
3.5 KiB
Text
Raw Blame History

=pod
=head1 NAME
EVP_KDF_X942 - The X9.42-2001 asn1 EVP_KDF implementation
=head1 DESCRIPTION
The EVP_KDF_X942 algorithm implements the key derivation function (X942KDF).
X942KDF is used by Cryptographic Message Syntax (CMS) for DH KeyAgreement, to
derive a key using input such as a shared secret key and other info. The other
info is DER encoded data that contains a 32 bit counter.
=head2 Numeric identity
B<EVP_KDF_X942> is the numeric identity for this implementation; it
can be used with the EVP_KDF_CTX_new_id() function.
=head2 Supported controls
The supported controls are:
=over 4
=item B<EVP_KDF_CTRL_SET_MD>
This control works as described in L<EVP_KDF_CTX(3)/CONTROLS>.
=item B<EVP_KDF_CTRL_SET_KEY>
This control expects two arguments: C<unsigned char *secret>, C<size_t secretlen>
The shared secret used for key derivation. This control sets the secret.
EVP_KDF_ctrl_str() takes two type strings for this control:
=over 4
=item "secret"
The value string is used as is.
=item "hexsecret"
The value string is expected to be a hexadecimal number, which will be
decoded before being passed on as the control value.
=back
=item B<EVP_KDF_CTRL_SET_UKM>
This control expects two arguments: C<unsigned char *ukm>, C<size_t ukmlen>
An optional random string that is provided by the sender called "partyAInfo".
In CMS this is the user keying material.
EVP_KDF_ctrl_str() takes two type strings for this control:
=over 4
=item "ukm"
The value string is used as is.
=item "hexukm"
The value string is expected to be a hexadecimal number, which will be
decoded before being passed on as the control value.
=back
=item B<EVP_KDF_CTRL_SET_CEK_ALG>
This control expects one argument: C<char *alg>
The CEK wrapping algorithm name.
EVP_KDF_ctrl_str() type string: "cekalg"
The value string is used as is.
=back
=head1 NOTES
A context for X942KDF can be obtained by calling:
EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_KDF_X942);
The output length of an X942KDF is specified via the C<keylen>
parameter to the L<EVP_KDF_derive(3)> function.
=head1 EXAMPLE
This example derives 24 bytes, with the secret key "secret" and a random user
keying material:
EVP_KDF_CTX *kctx;
unsigned char out[192/8];
unsignred char ukm[64];
if (RAND_bytes(ukm, sizeof(ukm)) <= 0)
error("RAND_bytes");
kctx = EVP_KDF_CTX_new_id(EVP_KDF_X942);
if (kctx == NULL)
error("EVP_KDF_CTX_new_id");
if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0)
error("EVP_KDF_CTRL_SET_MD");
if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret", (size_t)6) <= 0)
error("EVP_KDF_CTRL_SET_KEY");
if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_UKM, ukm, sizeof(ukm)) <= 0)
error("EVP_KDF_CTRL_SET_UKM");
if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_CEK_ALG,
SN_id_smime_alg_CMS3DESwrap) <= 0)
error("EVP_KDF_CTRL_SET_CEK_ALG");
if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0)
error("EVP_KDF_derive");
EVP_KDF_CTX_free(kctx);
=head1 CONFORMING TO
RFC 2631
=head1 SEE ALSO
L<EVP_KDF_CTX>,
L<EVP_KDF_CTX_new_id(3)>,
L<EVP_KDF_CTX_free(3)>,
L<EVP_KDF_ctrl(3)>,
L<EVP_KDF_size(3)>,
L<EVP_KDF_derive(3)>,
L<EVP_KDF_CTX(3)/CONTROLS>
=head1 HISTORY
This functionality was added to OpenSSL 3.0.
=head1 COPYRIGHT
Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut
Reference in a new issue View git blame Copy permalink