1b077aed3SPierre Pronchery=pod 2b077aed3SPierre Pronchery 3b077aed3SPierre Pronchery=head1 NAME 4b077aed3SPierre Pronchery 5b077aed3SPierre ProncheryEVP_KDF, EVP_KDF_fetch, EVP_KDF_free, EVP_KDF_up_ref, 6b077aed3SPierre ProncheryEVP_KDF_CTX, EVP_KDF_CTX_new, EVP_KDF_CTX_free, EVP_KDF_CTX_dup, 7b077aed3SPierre ProncheryEVP_KDF_CTX_reset, EVP_KDF_derive, 8b077aed3SPierre ProncheryEVP_KDF_CTX_get_kdf_size, 9b077aed3SPierre ProncheryEVP_KDF_get0_provider, EVP_KDF_CTX_kdf, EVP_KDF_is_a, 10b077aed3SPierre ProncheryEVP_KDF_get0_name, EVP_KDF_names_do_all, EVP_KDF_get0_description, 11b077aed3SPierre ProncheryEVP_KDF_CTX_get_params, EVP_KDF_CTX_set_params, EVP_KDF_do_all_provided, 12b077aed3SPierre ProncheryEVP_KDF_get_params, EVP_KDF_gettable_params, 13b077aed3SPierre ProncheryEVP_KDF_gettable_ctx_params, EVP_KDF_settable_ctx_params, 14b077aed3SPierre ProncheryEVP_KDF_CTX_gettable_params, EVP_KDF_CTX_settable_params - EVP KDF routines 15b077aed3SPierre Pronchery 16b077aed3SPierre Pronchery=head1 SYNOPSIS 17b077aed3SPierre Pronchery 18b077aed3SPierre Pronchery #include <openssl/kdf.h> 19b077aed3SPierre Pronchery 20b077aed3SPierre Pronchery typedef struct evp_kdf_st EVP_KDF; 21b077aed3SPierre Pronchery typedef struct evp_kdf_ctx_st EVP_KDF_CTX; 22b077aed3SPierre Pronchery 23*44096ebdSEnji Cooper EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf); 24b077aed3SPierre Pronchery const EVP_KDF *EVP_KDF_CTX_kdf(EVP_KDF_CTX *ctx); 25b077aed3SPierre Pronchery void EVP_KDF_CTX_free(EVP_KDF_CTX *ctx); 26b077aed3SPierre Pronchery EVP_KDF_CTX *EVP_KDF_CTX_dup(const EVP_KDF_CTX *src); 27b077aed3SPierre Pronchery void EVP_KDF_CTX_reset(EVP_KDF_CTX *ctx); 28b077aed3SPierre Pronchery size_t EVP_KDF_CTX_get_kdf_size(EVP_KDF_CTX *ctx); 29b077aed3SPierre Pronchery int EVP_KDF_derive(EVP_KDF_CTX *ctx, unsigned char *key, size_t keylen, 30b077aed3SPierre Pronchery const OSSL_PARAM params[]); 31b077aed3SPierre Pronchery int EVP_KDF_up_ref(EVP_KDF *kdf); 32b077aed3SPierre Pronchery void EVP_KDF_free(EVP_KDF *kdf); 33b077aed3SPierre Pronchery EVP_KDF *EVP_KDF_fetch(OSSL_LIB_CTX *libctx, const char *algorithm, 34b077aed3SPierre Pronchery const char *properties); 35b077aed3SPierre Pronchery int EVP_KDF_is_a(const EVP_KDF *kdf, const char *name); 36b077aed3SPierre Pronchery const char *EVP_KDF_get0_name(const EVP_KDF *kdf); 37b077aed3SPierre Pronchery const char *EVP_KDF_get0_description(const EVP_KDF *kdf); 38b077aed3SPierre Pronchery const OSSL_PROVIDER *EVP_KDF_get0_provider(const EVP_KDF *kdf); 39b077aed3SPierre Pronchery void EVP_KDF_do_all_provided(OSSL_LIB_CTX *libctx, 40b077aed3SPierre Pronchery void (*fn)(EVP_KDF *kdf, void *arg), 41b077aed3SPierre Pronchery void *arg); 42b077aed3SPierre Pronchery int EVP_KDF_names_do_all(const EVP_KDF *kdf, 43b077aed3SPierre Pronchery void (*fn)(const char *name, void *data), 44b077aed3SPierre Pronchery void *data); 45b077aed3SPierre Pronchery int EVP_KDF_get_params(EVP_KDF *kdf, OSSL_PARAM params[]); 46b077aed3SPierre Pronchery int EVP_KDF_CTX_get_params(EVP_KDF_CTX *ctx, OSSL_PARAM params[]); 47b077aed3SPierre Pronchery int EVP_KDF_CTX_set_params(EVP_KDF_CTX *ctx, const OSSL_PARAM params[]); 48b077aed3SPierre Pronchery const OSSL_PARAM *EVP_KDF_gettable_params(const EVP_KDF *kdf); 49b077aed3SPierre Pronchery const OSSL_PARAM *EVP_KDF_gettable_ctx_params(const EVP_KDF *kdf); 50b077aed3SPierre Pronchery const OSSL_PARAM *EVP_KDF_settable_ctx_params(const EVP_KDF *kdf); 51b077aed3SPierre Pronchery const OSSL_PARAM *EVP_KDF_CTX_gettable_params(const EVP_KDF *kdf); 52b077aed3SPierre Pronchery const OSSL_PARAM *EVP_KDF_CTX_settable_params(const EVP_KDF *kdf); 53b077aed3SPierre Pronchery const OSSL_PROVIDER *EVP_KDF_get0_provider(const EVP_KDF *kdf); 54b077aed3SPierre Pronchery 55b077aed3SPierre Pronchery=head1 DESCRIPTION 56b077aed3SPierre Pronchery 57b077aed3SPierre ProncheryThe EVP KDF routines are a high-level interface to Key Derivation Function 58b077aed3SPierre Proncheryalgorithms and should be used instead of algorithm-specific functions. 59b077aed3SPierre Pronchery 60b077aed3SPierre ProncheryAfter creating a B<EVP_KDF_CTX> for the required algorithm using 61b077aed3SPierre ProncheryEVP_KDF_CTX_new(), inputs to the algorithm are supplied either by 62b077aed3SPierre Proncherypassing them as part of the EVP_KDF_derive() call or using calls 63b077aed3SPierre Proncheryto EVP_KDF_CTX_set_params() before calling EVP_KDF_derive() to derive 64b077aed3SPierre Proncherythe key. 65b077aed3SPierre Pronchery 66b077aed3SPierre Pronchery=head2 Types 67b077aed3SPierre Pronchery 68b077aed3SPierre ProncheryB<EVP_KDF> is a type that holds the implementation of a KDF. 69b077aed3SPierre Pronchery 70b077aed3SPierre ProncheryB<EVP_KDF_CTX> is a context type that holds the algorithm inputs. 71b077aed3SPierre Pronchery 72b077aed3SPierre Pronchery=head2 Algorithm implementation fetching 73b077aed3SPierre Pronchery 74b077aed3SPierre ProncheryEVP_KDF_fetch() fetches an implementation of a KDF I<algorithm>, given 75b077aed3SPierre Proncherya library context I<libctx> and a set of I<properties>. 76b077aed3SPierre ProncherySee L<crypto(7)/ALGORITHM FETCHING> for further information. 77b077aed3SPierre Pronchery 78b077aed3SPierre ProncherySee L<OSSL_PROVIDER-default(7)/Key Derivation Function (KDF)> for the lists of 79b077aed3SPierre Proncheryalgorithms supported by the default provider. 80b077aed3SPierre Pronchery 81b077aed3SPierre ProncheryThe returned value must eventually be freed with 82b077aed3SPierre ProncheryL<EVP_KDF_free(3)>. 83b077aed3SPierre Pronchery 84b077aed3SPierre ProncheryEVP_KDF_up_ref() increments the reference count of an already fetched 85b077aed3SPierre ProncheryKDF. 86b077aed3SPierre Pronchery 87b077aed3SPierre ProncheryEVP_KDF_free() frees a fetched algorithm. 88b077aed3SPierre ProncheryNULL is a valid parameter, for which this function is a no-op. 89b077aed3SPierre Pronchery 90b077aed3SPierre Pronchery=head2 Context manipulation functions 91b077aed3SPierre Pronchery 92b077aed3SPierre ProncheryEVP_KDF_CTX_new() creates a new context for the KDF implementation I<kdf>. 93b077aed3SPierre Pronchery 94b077aed3SPierre ProncheryEVP_KDF_CTX_free() frees up the context I<ctx>. If I<ctx> is NULL, nothing 95b077aed3SPierre Proncheryis done. 96b077aed3SPierre Pronchery 97b077aed3SPierre ProncheryEVP_KDF_CTX_kdf() returns the B<EVP_KDF> associated with the context 98b077aed3SPierre ProncheryI<ctx>. 99b077aed3SPierre Pronchery 100b077aed3SPierre Pronchery=head2 Computing functions 101b077aed3SPierre Pronchery 102b077aed3SPierre ProncheryEVP_KDF_CTX_reset() resets the context to the default state as if the context 103b077aed3SPierre Proncheryhad just been created. 104b077aed3SPierre Pronchery 105b077aed3SPierre ProncheryEVP_KDF_derive() processes any parameters in I<Params> and then derives 106b077aed3SPierre ProncheryI<keylen> bytes of key material and places it in the I<key> buffer. 107b077aed3SPierre ProncheryIf the algorithm produces a fixed amount of output then an error will 108b077aed3SPierre Proncheryoccur unless the I<keylen> parameter is equal to that output size, 109b077aed3SPierre Proncheryas returned by EVP_KDF_CTX_get_kdf_size(). 110b077aed3SPierre Pronchery 111b077aed3SPierre ProncheryEVP_KDF_get_params() retrieves details about the implementation 112b077aed3SPierre ProncheryI<kdf>. 113b077aed3SPierre ProncheryThe set of parameters given with I<params> determine exactly what 114b077aed3SPierre Proncheryparameters should be retrieved. 115b077aed3SPierre ProncheryNote that a parameter that is unknown in the underlying context is 116b077aed3SPierre Proncherysimply ignored. 117b077aed3SPierre Pronchery 118b077aed3SPierre ProncheryEVP_KDF_CTX_get_params() retrieves chosen parameters, given the 119b077aed3SPierre Proncherycontext I<ctx> and its underlying context. 120b077aed3SPierre ProncheryThe set of parameters given with I<params> determine exactly what 121b077aed3SPierre Proncheryparameters should be retrieved. 122b077aed3SPierre ProncheryNote that a parameter that is unknown in the underlying context is 123b077aed3SPierre Proncherysimply ignored. 124b077aed3SPierre Pronchery 125b077aed3SPierre ProncheryEVP_KDF_CTX_set_params() passes chosen parameters to the underlying 126b077aed3SPierre Proncherycontext, given a context I<ctx>. 127b077aed3SPierre ProncheryThe set of parameters given with I<params> determine exactly what 128b077aed3SPierre Proncheryparameters are passed down. 129b077aed3SPierre ProncheryNote that a parameter that is unknown in the underlying context is 130b077aed3SPierre Proncherysimply ignored. 131b077aed3SPierre ProncheryAlso, what happens when a needed parameter isn't passed down is 132b077aed3SPierre Proncherydefined by the implementation. 133b077aed3SPierre Pronchery 134b077aed3SPierre ProncheryEVP_KDF_gettable_params() returns an L<OSSL_PARAM(3)> array that describes 135b077aed3SPierre Proncherythe retrievable and settable parameters. EVP_KDF_gettable_params() 136b077aed3SPierre Proncheryreturns parameters that can be used with EVP_KDF_get_params(). 137b077aed3SPierre Pronchery 138b077aed3SPierre ProncheryEVP_KDF_gettable_ctx_params() and EVP_KDF_CTX_gettable_params() 139b077aed3SPierre Proncheryreturn constant L<OSSL_PARAM(3)> arrays that describe the retrievable 140b077aed3SPierre Proncheryparameters that can be used with EVP_KDF_CTX_get_params(). 141b077aed3SPierre ProncheryEVP_KDF_gettable_ctx_params() returns the parameters that can be retrieved 142b077aed3SPierre Proncheryfrom the algorithm, whereas EVP_KDF_CTX_gettable_params() returns 143b077aed3SPierre Proncherythe parameters that can be retrieved in the context's current state. 144b077aed3SPierre Pronchery 145b077aed3SPierre ProncheryEVP_KDF_settable_ctx_params() and EVP_KDF_CTX_settable_params() return 146b077aed3SPierre Proncheryconstant L<OSSL_PARAM(3)> arrays that describe the settable parameters that 147b077aed3SPierre Proncherycan be used with EVP_KDF_CTX_set_params(). EVP_KDF_settable_ctx_params() 148b077aed3SPierre Proncheryreturns the parameters that can be retrieved from the algorithm, 149b077aed3SPierre Proncherywhereas EVP_KDF_CTX_settable_params() returns the parameters that can 150b077aed3SPierre Proncherybe retrieved in the context's current state. 151b077aed3SPierre Pronchery 152b077aed3SPierre Pronchery=head2 Information functions 153b077aed3SPierre Pronchery 154b077aed3SPierre ProncheryEVP_KDF_CTX_get_kdf_size() returns the output size if the algorithm produces a fixed amount 155b077aed3SPierre Proncheryof output and B<SIZE_MAX> otherwise. If an error occurs then 0 is returned. 156b077aed3SPierre ProncheryFor some algorithms an error may result if input parameters necessary to 157b077aed3SPierre Proncherycalculate a fixed output size have not yet been supplied. 158b077aed3SPierre Pronchery 159b077aed3SPierre ProncheryEVP_KDF_is_a() returns 1 if I<kdf> is an implementation of an 160b077aed3SPierre Proncheryalgorithm that's identifiable with I<name>, otherwise 0. 161b077aed3SPierre Pronchery 162b077aed3SPierre ProncheryEVP_KDF_get0_provider() returns the provider that holds the implementation 163b077aed3SPierre Proncheryof the given I<kdf>. 164b077aed3SPierre Pronchery 165b077aed3SPierre ProncheryEVP_KDF_do_all_provided() traverses all KDF implemented by all activated 166b077aed3SPierre Proncheryproviders in the given library context I<libctx>, and for each of the 167b077aed3SPierre Proncheryimplementations, calls the given function I<fn> with the implementation method 168b077aed3SPierre Proncheryand the given I<arg> as argument. 169b077aed3SPierre Pronchery 170b077aed3SPierre ProncheryEVP_KDF_get0_name() return the name of the given KDF. For fetched KDFs 171b077aed3SPierre Proncherywith multiple names, only one of them is returned; it's 172b077aed3SPierre Proncheryrecommended to use EVP_KDF_names_do_all() instead. 173b077aed3SPierre Pronchery 174b077aed3SPierre ProncheryEVP_KDF_names_do_all() traverses all names for I<kdf>, and calls 175b077aed3SPierre ProncheryI<fn> with each name and I<data>. 176b077aed3SPierre Pronchery 177b077aed3SPierre ProncheryEVP_KDF_get0_description() returns a description of the I<kdf>, meant for 178b077aed3SPierre Proncherydisplay and human consumption. The description is at the discretion of 179b077aed3SPierre Proncherythe I<kdf> implementation. 180b077aed3SPierre Pronchery 181b077aed3SPierre Pronchery=head1 PARAMETERS 182b077aed3SPierre Pronchery 183b077aed3SPierre ProncheryThe standard parameter names are: 184b077aed3SPierre Pronchery 185b077aed3SPierre Pronchery=over 4 186b077aed3SPierre Pronchery 187b077aed3SPierre Pronchery=item "pass" (B<OSSL_KDF_PARAM_PASSWORD>) <octet string> 188b077aed3SPierre Pronchery 189b077aed3SPierre ProncherySome KDF implementations require a password. 190b077aed3SPierre ProncheryFor those KDF implementations that support it, this parameter sets the password. 191b077aed3SPierre Pronchery 192b077aed3SPierre Pronchery=item "salt" (B<OSSL_KDF_PARAM_SALT>) <octet string> 193b077aed3SPierre Pronchery 194aa795734SPierre ProncherySome KDF implementations can take a non-secret unique cryptographic salt. 195b077aed3SPierre ProncheryFor those KDF implementations that support it, this parameter sets the salt. 196b077aed3SPierre Pronchery 197b077aed3SPierre ProncheryThe default value, if any, is implementation dependent. 198b077aed3SPierre Pronchery 199b077aed3SPierre Pronchery=item "iter" (B<OSSL_KDF_PARAM_ITER>) <unsigned integer> 200b077aed3SPierre Pronchery 201b077aed3SPierre ProncherySome KDF implementations require an iteration count. 202b077aed3SPierre ProncheryFor those KDF implementations that support it, this parameter sets the 203b077aed3SPierre Proncheryiteration count. 204b077aed3SPierre Pronchery 205b077aed3SPierre ProncheryThe default value, if any, is implementation dependent. 206b077aed3SPierre Pronchery 207b077aed3SPierre Pronchery=item "properties" (B<OSSL_KDF_PARAM_PROPERTIES>) <UTF8 string> 208b077aed3SPierre Pronchery 209b077aed3SPierre Pronchery=item "mac" (B<OSSL_KDF_PARAM_MAC>) <UTF8 string> 210b077aed3SPierre Pronchery 211b077aed3SPierre Pronchery=item "digest" (B<OSSL_KDF_PARAM_DIGEST>) <UTF8 string> 212b077aed3SPierre Pronchery 213b077aed3SPierre Pronchery=item "cipher" (B<OSSL_KDF_PARAM_CIPHER>) <UTF8 string> 214b077aed3SPierre Pronchery 215b077aed3SPierre ProncheryFor KDF implementations that use an underlying computation MAC, digest or 216b077aed3SPierre Proncherycipher, these parameters set what the algorithm should be. 217b077aed3SPierre Pronchery 218b077aed3SPierre ProncheryThe value is always the name of the intended algorithm, 219b077aed3SPierre Proncheryor the properties. 220b077aed3SPierre Pronchery 221b077aed3SPierre ProncheryNote that not all algorithms may support all possible underlying 222b077aed3SPierre Proncheryimplementations. 223b077aed3SPierre Pronchery 224b077aed3SPierre Pronchery=item "key" (B<OSSL_KDF_PARAM_KEY>) <octet string> 225b077aed3SPierre Pronchery 226b077aed3SPierre ProncherySome KDF implementations require a key. 227b077aed3SPierre ProncheryFor those KDF implementations that support it, this octet string parameter 228b077aed3SPierre Proncherysets the key. 229b077aed3SPierre Pronchery 230aa795734SPierre Pronchery=item "info" (B<OSSL_KDF_PARAM_INFO>) <octet string> 231aa795734SPierre Pronchery 232aa795734SPierre ProncherySome KDF implementations, such as L<EVP_KDF-HKDF(7)>, take an 'info' parameter 233aa795734SPierre Proncheryfor binding the derived key material 234aa795734SPierre Proncheryto application- and context-specific information. 235aa795734SPierre ProncheryThis parameter sets the info, fixed info, other info or shared info argument. 236aa795734SPierre ProncheryYou can specify this parameter multiple times, and each instance will 237aa795734SPierre Proncherybe concatenated to form the final value. 238aa795734SPierre Pronchery 239b077aed3SPierre Pronchery=item "maclen" (B<OSSL_KDF_PARAM_MAC_SIZE>) <unsigned integer> 240b077aed3SPierre Pronchery 241b077aed3SPierre ProncheryUsed by implementations that use a MAC with a variable output size (KMAC). 242b077aed3SPierre ProncheryFor those KDF implementations that support it, this parameter 243b077aed3SPierre Proncherysets the MAC output size. 244b077aed3SPierre Pronchery 245b077aed3SPierre ProncheryThe default value, if any, is implementation dependent. 246b077aed3SPierre ProncheryThe length must never exceed what can be given with a B<size_t>. 247b077aed3SPierre Pronchery 248b077aed3SPierre Pronchery=item "maxmem_bytes" (B<OSSL_KDF_PARAM_SCRYPT_MAXMEM>) <unsigned integer> 249b077aed3SPierre Pronchery 250b077aed3SPierre ProncheryMemory-hard password-based KDF algorithms, such as scrypt, use an amount of 251b077aed3SPierre Proncherymemory that depends on the load factors provided as input. 252b077aed3SPierre ProncheryFor those KDF implementations that support it, this B<uint64_t> parameter sets 253b077aed3SPierre Proncheryan upper limit on the amount of memory that may be consumed while performing 254b077aed3SPierre Proncherya key derivation. 255b077aed3SPierre ProncheryIf this memory usage limit is exceeded because the load factors are chosen 256b077aed3SPierre Proncherytoo high, the key derivation will fail. 257b077aed3SPierre Pronchery 258b077aed3SPierre ProncheryThe default value is implementation dependent. 259b077aed3SPierre ProncheryThe memory size must never exceed what can be given with a B<size_t>. 260b077aed3SPierre Pronchery 261b077aed3SPierre Pronchery=back 262b077aed3SPierre Pronchery 263b077aed3SPierre Pronchery=head1 RETURN VALUES 264b077aed3SPierre Pronchery 265b077aed3SPierre ProncheryEVP_KDF_fetch() returns a pointer to a newly fetched B<EVP_KDF>, or 266b077aed3SPierre ProncheryNULL if allocation failed. 267b077aed3SPierre Pronchery 268b077aed3SPierre ProncheryEVP_KDF_get0_provider() returns a pointer to the provider for the KDF, or 269b077aed3SPierre ProncheryNULL on error. 270b077aed3SPierre Pronchery 271b077aed3SPierre ProncheryEVP_KDF_up_ref() returns 1 on success, 0 on error. 272b077aed3SPierre Pronchery 273b077aed3SPierre ProncheryEVP_KDF_CTX_new() returns either the newly allocated 274b077aed3SPierre ProncheryB<EVP_KDF_CTX> structure or NULL if an error occurred. 275b077aed3SPierre Pronchery 276b077aed3SPierre ProncheryEVP_KDF_CTX_free() and EVP_KDF_CTX_reset() do not return a value. 277b077aed3SPierre Pronchery 278b077aed3SPierre ProncheryEVP_KDF_CTX_get_kdf_size() returns the output size. B<SIZE_MAX> is returned to indicate 279b077aed3SPierre Proncherythat the algorithm produces a variable amount of output; 0 to indicate failure. 280b077aed3SPierre Pronchery 281b077aed3SPierre ProncheryEVP_KDF_get0_name() returns the name of the KDF, or NULL on error. 282b077aed3SPierre Pronchery 283b077aed3SPierre ProncheryEVP_KDF_names_do_all() returns 1 if the callback was called for all names. A 284b077aed3SPierre Proncheryreturn value of 0 means that the callback was not called for any names. 285b077aed3SPierre Pronchery 286b077aed3SPierre ProncheryThe remaining functions return 1 for success and 0 or a negative value for 287b077aed3SPierre Proncheryfailure. In particular, a return value of -2 indicates the operation is not 288b077aed3SPierre Proncherysupported by the KDF algorithm. 289b077aed3SPierre Pronchery 290b077aed3SPierre Pronchery=head1 NOTES 291b077aed3SPierre Pronchery 292b077aed3SPierre ProncheryThe KDF life-cycle is described in L<life_cycle-kdf(7)>. In the future, 293b077aed3SPierre Proncherythe transitions described there will be enforced. When this is done, it will 294b077aed3SPierre Proncherynot be considered a breaking change to the API. 295b077aed3SPierre Pronchery 296b077aed3SPierre Pronchery=head1 SEE ALSO 297b077aed3SPierre Pronchery 298b077aed3SPierre ProncheryL<OSSL_PROVIDER-default(7)/Key Derivation Function (KDF)>, 299b077aed3SPierre ProncheryL<life_cycle-kdf(7)>. 300b077aed3SPierre Pronchery 301b077aed3SPierre Pronchery=head1 HISTORY 302b077aed3SPierre Pronchery 303b077aed3SPierre ProncheryThis functionality was added in OpenSSL 3.0. 304b077aed3SPierre Pronchery 305b077aed3SPierre Pronchery=head1 COPYRIGHT 306b077aed3SPierre Pronchery 307*44096ebdSEnji CooperCopyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. 308b077aed3SPierre Pronchery 309b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 310b077aed3SPierre Proncherythis file except in compliance with the License. You can obtain a copy 311b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at 312b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>. 313b077aed3SPierre Pronchery 314b077aed3SPierre Pronchery=cut 315