1b077aed3SPierre Pronchery=pod 2b077aed3SPierre Pronchery 3b077aed3SPierre Pronchery=head1 NAME 4b077aed3SPierre Pronchery 5b077aed3SPierre ProncheryEVP_KDF-X942-ASN1 - The X9.42-2003 asn1 EVP_KDF implementation 6b077aed3SPierre Pronchery 7b077aed3SPierre Pronchery=head1 DESCRIPTION 8b077aed3SPierre Pronchery 9b077aed3SPierre ProncheryThe EVP_KDF-X942-ASN1 algorithm implements the key derivation function 10b077aed3SPierre ProncheryX942KDF-ASN1. It is used by DH KeyAgreement, to derive a key using input such as 11b077aed3SPierre Proncherya shared secret key and other info. The other info is DER encoded data that 12b077aed3SPierre Proncherycontains a 32 bit counter as well as optional fields for "partyu-info", 13b077aed3SPierre Pronchery"partyv-info", "supp-pubinfo" and "supp-privinfo". 14b077aed3SPierre ProncheryThis kdf is used by Cryptographic Message Syntax (CMS). 15b077aed3SPierre Pronchery 16*0d0c8621SEnji CooperThe output is considered to be keying material. 17*0d0c8621SEnji Cooper 18b077aed3SPierre Pronchery=head2 Identity 19b077aed3SPierre Pronchery 20b077aed3SPierre Pronchery"X942KDF-ASN1" or "X942KDF" is the name for this implementation; it 21b077aed3SPierre Proncherycan be used with the EVP_KDF_fetch() function. 22b077aed3SPierre Pronchery 23b077aed3SPierre Pronchery=head2 Supported parameters 24b077aed3SPierre Pronchery 25b077aed3SPierre ProncheryThe supported parameters are: 26b077aed3SPierre Pronchery 27b077aed3SPierre Pronchery=over 4 28b077aed3SPierre Pronchery 29b077aed3SPierre Pronchery=item "properties" (B<OSSL_KDF_PARAM_PROPERTIES>) <UTF8 string> 30b077aed3SPierre Pronchery 31b077aed3SPierre Pronchery=item "digest" (B<OSSL_KDF_PARAM_DIGEST>) <UTF8 string> 32b077aed3SPierre Pronchery 33b077aed3SPierre ProncheryThese parameters work as described in L<EVP_KDF(3)/PARAMETERS>. 34b077aed3SPierre Pronchery 35b077aed3SPierre Pronchery=item "secret" (B<OSSL_KDF_PARAM_SECRET>) <octet string> 36b077aed3SPierre Pronchery 37b077aed3SPierre ProncheryThe shared secret used for key derivation. This parameter sets the secret. 38b077aed3SPierre Pronchery 39b077aed3SPierre Pronchery=item "acvp-info" (B<OSSL_KDF_PARAM_X942_ACVPINFO>) <octet string> 40b077aed3SPierre Pronchery 41b077aed3SPierre ProncheryThis value should not be used in production and should only be used for ACVP 42b077aed3SPierre Proncherytesting. It is an optional octet string containing a combined DER encoded blob 43b077aed3SPierre Proncheryof any of the optional fields related to "partyu-info", "partyv-info", 44b077aed3SPierre Pronchery"supp-pubinfo" and "supp-privinfo". If it is specified then none of these other 45b077aed3SPierre Proncheryfields should be used. 46b077aed3SPierre Pronchery 47b077aed3SPierre Pronchery=item "partyu-info" (B<OSSL_KDF_PARAM_X942_PARTYUINFO>) <octet string> 48b077aed3SPierre Pronchery 49b077aed3SPierre ProncheryAn optional octet string containing public info contributed by the initiator. 50b077aed3SPierre Pronchery 51b077aed3SPierre Pronchery=item "ukm" (B<OSSL_KDF_PARAM_UKM>) <octet string> 52b077aed3SPierre Pronchery 53b077aed3SPierre ProncheryAn alias for "partyu-info". 54b077aed3SPierre ProncheryIn CMS this is the user keying material. 55b077aed3SPierre Pronchery 56b077aed3SPierre Pronchery=item "partyv-info" (B<OSSL_KDF_PARAM_X942_PARTYVINFO>) <octet string> 57b077aed3SPierre Pronchery 58b077aed3SPierre ProncheryAn optional octet string containing public info contributed by the responder. 59b077aed3SPierre Pronchery 60b077aed3SPierre Pronchery=item "supp-pubinfo" (B<OSSL_KDF_PARAM_X942_SUPP_PUBINFO>) <octet string> 61b077aed3SPierre Pronchery 62b077aed3SPierre ProncheryAn optional octet string containing some additional, mutually-known public 63b077aed3SPierre Proncheryinformation. Setting this value also sets "use-keybits" to 0. 64b077aed3SPierre Pronchery 65b077aed3SPierre Pronchery=item "use-keybits" (B<OSSL_KDF_PARAM_X942_USE_KEYBITS>) <integer> 66b077aed3SPierre Pronchery 67b077aed3SPierre ProncheryThe default value of 1 will use the KEK key length (in bits) as the 68b077aed3SPierre Pronchery"supp-pubinfo". A value of 0 disables setting the "supp-pubinfo". 69b077aed3SPierre Pronchery 70b077aed3SPierre Pronchery=item "supp-privinfo" (B<OSSL_KDF_PARAM_X942_SUPP_PRIVINFO>) <octet string> 71b077aed3SPierre Pronchery 72b077aed3SPierre ProncheryAn optional octet string containing some additional, mutually-known private 73b077aed3SPierre Proncheryinformation. 74b077aed3SPierre Pronchery 75b077aed3SPierre Pronchery=item "cekalg" (B<OSSL_KDF_PARAM_CEK_ALG>) <UTF8 string> 76b077aed3SPierre Pronchery 77b077aed3SPierre ProncheryThis parameter sets the CEK wrapping algorithm name. 78b077aed3SPierre ProncheryValid values are "AES-128-WRAP", "AES-192-WRAP", "AES-256-WRAP" and "DES3-WRAP". 79b077aed3SPierre Pronchery 80b077aed3SPierre Pronchery=back 81b077aed3SPierre Pronchery 82b077aed3SPierre Pronchery=head1 NOTES 83b077aed3SPierre Pronchery 84b077aed3SPierre ProncheryA context for X942KDF can be obtained by calling: 85b077aed3SPierre Pronchery 86b077aed3SPierre Pronchery EVP_KDF *kdf = EVP_KDF_fetch(NULL, "X942KDF", NULL); 87b077aed3SPierre Pronchery EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); 88b077aed3SPierre Pronchery 89b077aed3SPierre ProncheryThe output length of an X942KDF is specified via the I<keylen> 90b077aed3SPierre Proncheryparameter to the L<EVP_KDF_derive(3)> function. 91b077aed3SPierre Pronchery 92b077aed3SPierre Pronchery=head1 EXAMPLES 93b077aed3SPierre Pronchery 94b077aed3SPierre ProncheryThis example derives 24 bytes, with the secret key "secret" and random user 95b077aed3SPierre Proncherykeying material: 96b077aed3SPierre Pronchery 97b077aed3SPierre Pronchery EVP_KDF_CTX *kctx; 98b077aed3SPierre Pronchery EVP_KDF_CTX *kctx; 99b077aed3SPierre Pronchery unsigned char out[192/8]; 100b077aed3SPierre Pronchery unsignred char ukm[64]; 101b077aed3SPierre Pronchery OSSL_PARAM params[5], *p = params; 102b077aed3SPierre Pronchery 103b077aed3SPierre Pronchery if (RAND_bytes(ukm, sizeof(ukm)) <= 0) 104b077aed3SPierre Pronchery error("RAND_bytes"); 105b077aed3SPierre Pronchery 106b077aed3SPierre Pronchery kdf = EVP_KDF_fetch(NULL, "X942KDF", NULL); 107b077aed3SPierre Pronchery if (kctx == NULL) 108b077aed3SPierre Pronchery error("EVP_KDF_fetch"); 109b077aed3SPierre Pronchery kctx = EVP_KDF_CTX_new(kdf); 110b077aed3SPierre Pronchery EVP_KDF_free(kdf); 111b077aed3SPierre Pronchery if (kctx == NULL) 112b077aed3SPierre Pronchery error("EVP_KDF_CTX_new"); 113b077aed3SPierre Pronchery 114b077aed3SPierre Pronchery *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, "SHA256", 0); 115b077aed3SPierre Pronchery *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET, 116b077aed3SPierre Pronchery "secret", (size_t)6); 117b077aed3SPierre Pronchery *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_UKM, ukm, sizeof(ukm)); 118b077aed3SPierre Pronchery *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG, "AES-256-WRAP, 0); 119b077aed3SPierre Pronchery *p = OSSL_PARAM_construct_end(); 120b077aed3SPierre Pronchery if (EVP_KDF_derive(kctx, out, sizeof(out), params) <= 0) 121b077aed3SPierre Pronchery error("EVP_KDF_derive"); 122b077aed3SPierre Pronchery 123b077aed3SPierre Pronchery EVP_KDF_CTX_free(kctx); 124b077aed3SPierre Pronchery 125b077aed3SPierre Pronchery=head1 CONFORMING TO 126b077aed3SPierre Pronchery 127b077aed3SPierre ProncheryANS1 X9.42-2003 128b077aed3SPierre ProncheryRFC 2631 129b077aed3SPierre Pronchery 130b077aed3SPierre Pronchery=head1 SEE ALSO 131b077aed3SPierre Pronchery 132b077aed3SPierre ProncheryL<EVP_KDF(3)>, 133b077aed3SPierre ProncheryL<EVP_KDF_CTX_new(3)>, 134b077aed3SPierre ProncheryL<EVP_KDF_CTX_free(3)>, 135b077aed3SPierre ProncheryL<EVP_KDF_CTX_set_params(3)>, 136b077aed3SPierre ProncheryL<EVP_KDF_CTX_get_kdf_size(3)>, 137b077aed3SPierre ProncheryL<EVP_KDF_derive(3)>, 138b077aed3SPierre ProncheryL<EVP_KDF(3)/PARAMETERS> 139b077aed3SPierre Pronchery 140b077aed3SPierre Pronchery=head1 HISTORY 141b077aed3SPierre Pronchery 142b077aed3SPierre ProncheryThis functionality was added in OpenSSL 3.0. 143b077aed3SPierre Pronchery 144b077aed3SPierre Pronchery=head1 COPYRIGHT 145b077aed3SPierre Pronchery 146b077aed3SPierre ProncheryCopyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. 147b077aed3SPierre Pronchery 148b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 149b077aed3SPierre Proncherythis file except in compliance with the License. You can obtain a copy 150b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at 151b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>. 152b077aed3SPierre Pronchery 153b077aed3SPierre Pronchery=cut 154