xref: /freebsd/crypto/openssl/doc/man7/EVP_KDF-TLS1_PRF.pod (revision 0d0c8621fd181e507f0fb50ffcca606faf66a8c2) 
1=pod
2
3=head1 NAME
4
5EVP_KDF-TLS1_PRF - The TLS1 PRF EVP_KDF implementation
6
7=head1 DESCRIPTION
8
9Support for computing the B<TLS1> PRF through the B<EVP_KDF> API.
10
11The EVP_KDF-TLS1_PRF algorithm implements the PRF used by TLS versions up to
12and including TLS 1.2.
13
14The output is considered to be keying material.
15
16=head2 Identity
17
18"TLS1-PRF" is the name for this implementation; it
19can be used with the EVP_KDF_fetch() function.
20
21=head2 Supported parameters
22
23The supported parameters are:
24
25=over 4
26
27=item "properties" (B<OSSL_KDF_PARAM_PROPERTIES>) <UTF8 string>
28
29=item "digest" (B<OSSL_KDF_PARAM_DIGEST>) <UTF8 string>
30
31These parameters work as described in L<EVP_KDF(3)/PARAMETERS>.
32
33The B<OSSL_KDF_PARAM_DIGEST> parameter is used to set the message digest
34associated with the TLS PRF.
35EVP_md5_sha1() is treated as a special case which uses the
36PRF algorithm using both B<MD5> and B<SHA1> as used in TLS 1.0 and 1.1.
37
38=item "secret" (B<OSSL_KDF_PARAM_SECRET>) <octet string>
39
40This parameter sets the secret value of the TLS PRF.
41Any existing secret value is replaced.
42
43=item "seed" (B<OSSL_KDF_PARAM_SEED>) <octet string>
44
45This parameter sets the context seed.
46The length of the context seed cannot exceed 1024 bytes;
47this should be more than enough for any normal use of the TLS PRF.
48
49=back
50
51=head1 NOTES
52
53A context for the TLS PRF can be obtained by calling:
54
55 EVP_KDF *kdf = EVP_KDF_fetch(NULL, "TLS1-PRF", NULL);
56 EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
57
58The digest, secret value and seed must be set before a key is derived otherwise
59an error will occur.
60
61The output length of the PRF is specified by the I<keylen> parameter to the
62EVP_KDF_derive() function.
63
64=head1 EXAMPLES
65
66This example derives 10 bytes using SHA-256 with the secret key "secret"
67and seed value "seed":
68
69 EVP_KDF *kdf;
70 EVP_KDF_CTX *kctx;
71 unsigned char out[10];
72 OSSL_PARAM params[4], *p = params;
73
74 kdf = EVP_KDF_fetch(NULL, "TLS1-PRF", NULL);
75 kctx = EVP_KDF_CTX_new(kdf);
76 EVP_KDF_free(kdf);
77
78 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
79                                         SN_sha256, strlen(SN_sha256));
80 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
81                                          "secret", (size_t)6);
82 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
83                                          "seed", (size_t)4);
84 *p = OSSL_PARAM_construct_end();
85 if (EVP_KDF_derive(kctx, out, sizeof(out), params) <= 0) {
86     error("EVP_KDF_derive");
87 }
88 EVP_KDF_CTX_free(kctx);
89
90=head1 CONFORMING TO
91
92RFC 2246, RFC 5246 and NIST SP 800-135 r1
93
94=head1 SEE ALSO
95
96L<EVP_KDF(3)>,
97L<EVP_KDF_CTX_new(3)>,
98L<EVP_KDF_CTX_free(3)>,
99L<EVP_KDF_CTX_set_params(3)>,
100L<EVP_KDF_derive(3)>,
101L<EVP_KDF(3)/PARAMETERS>
102
103=head1 HISTORY
104
105This functionality was added in OpenSSL 3.0.
106
107=head1 COPYRIGHT
108
109Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
110
111Licensed under the Apache License 2.0 (the "License").  You may not use
112this file except in compliance with the License.  You can obtain a copy
113in the file LICENSE in the source distribution or at
114L<https://www.openssl.org/source/license.html>.
115
116=cut
117