xref: /freebsd/crypto/openssl/doc/man7/provider-kdf.pod (revision aa7957345732816fb0ba8308798d2f79f45597f9) 
1b077aed3SPierre Pronchery=pod
2b077aed3SPierre Pronchery
3b077aed3SPierre Pronchery=head1 NAME
4b077aed3SPierre Pronchery
5b077aed3SPierre Proncheryprovider-kdf - The KDF library E<lt>-E<gt> provider functions
6b077aed3SPierre Pronchery
7b077aed3SPierre Pronchery=head1 SYNOPSIS
8b077aed3SPierre Pronchery
9b077aed3SPierre Pronchery=for openssl multiple includes
10b077aed3SPierre Pronchery
11b077aed3SPierre Pronchery #include <openssl/core_dispatch.h>
12b077aed3SPierre Pronchery #include <openssl/core_names.h>
13b077aed3SPierre Pronchery
14b077aed3SPierre Pronchery /*
15b077aed3SPierre Pronchery  * None of these are actual functions, but are displayed like this for
16b077aed3SPierre Pronchery  * the function signatures for functions that are offered as function
17b077aed3SPierre Pronchery  * pointers in OSSL_DISPATCH arrays.
18b077aed3SPierre Pronchery  */
19b077aed3SPierre Pronchery
20b077aed3SPierre Pronchery /* Context management */
21b077aed3SPierre Pronchery void *OSSL_FUNC_kdf_newctx(void *provctx);
22b077aed3SPierre Pronchery void OSSL_FUNC_kdf_freectx(void *kctx);
23b077aed3SPierre Pronchery void *OSSL_FUNC_kdf_dupctx(void *src);
24b077aed3SPierre Pronchery
25b077aed3SPierre Pronchery /* Encryption/decryption */
26b077aed3SPierre Pronchery int OSSL_FUNC_kdf_reset(void *kctx);
27b077aed3SPierre Pronchery int OSSL_FUNC_kdf_derive(void *kctx, unsigned char *key, size_t keylen,
28b077aed3SPierre Pronchery                          const OSSL_PARAM params[]);
29b077aed3SPierre Pronchery
30b077aed3SPierre Pronchery /* KDF parameter descriptors */
31b077aed3SPierre Pronchery const OSSL_PARAM *OSSL_FUNC_kdf_gettable_params(void *provctx);
32b077aed3SPierre Pronchery const OSSL_PARAM *OSSL_FUNC_kdf_gettable_ctx_params(void *kcxt, void *provctx);
33b077aed3SPierre Pronchery const OSSL_PARAM *OSSL_FUNC_kdf_settable_ctx_params(void *kcxt, void *provctx);
34b077aed3SPierre Pronchery
35b077aed3SPierre Pronchery /* KDF parameters */
36b077aed3SPierre Pronchery int OSSL_FUNC_kdf_get_params(OSSL_PARAM params[]);
37b077aed3SPierre Pronchery int OSSL_FUNC_kdf_get_ctx_params(void *kctx, OSSL_PARAM params[]);
38b077aed3SPierre Pronchery int OSSL_FUNC_kdf_set_ctx_params(void *kctx, const OSSL_PARAM params[]);
39b077aed3SPierre Pronchery
40b077aed3SPierre Pronchery=head1 DESCRIPTION
41b077aed3SPierre Pronchery
42b077aed3SPierre ProncheryThis documentation is primarily aimed at provider authors. See L<provider(7)>
43b077aed3SPierre Proncheryfor further information.
44b077aed3SPierre Pronchery
45b077aed3SPierre ProncheryThe KDF operation enables providers to implement KDF algorithms and make
46b077aed3SPierre Proncherythem available to applications via the API functions L<EVP_KDF_CTX_reset(3)>,
47b077aed3SPierre Proncheryand L<EVP_KDF_derive(3)>.
48b077aed3SPierre Pronchery
49b077aed3SPierre ProncheryAll "functions" mentioned here are passed as function pointers between
50b077aed3SPierre ProncheryF<libcrypto> and the provider in L<OSSL_DISPATCH(3)> arrays via
51b077aed3SPierre ProncheryL<OSSL_ALGORITHM(3)> arrays that are returned by the provider's
52b077aed3SPierre Proncheryprovider_query_operation() function
53b077aed3SPierre Pronchery(see L<provider-base(7)/Provider Functions>).
54b077aed3SPierre Pronchery
55b077aed3SPierre ProncheryAll these "functions" have a corresponding function type definition
56b077aed3SPierre Proncherynamed B<OSSL_FUNC_{name}_fn>, and a helper function to retrieve the
57b077aed3SPierre Proncheryfunction pointer from an L<OSSL_DISPATCH(3)> element named
58b077aed3SPierre ProncheryB<OSSL_FUNC_{name}>.
59b077aed3SPierre ProncheryFor example, the "function" OSSL_FUNC_kdf_newctx() has these:
60b077aed3SPierre Pronchery
61b077aed3SPierre Pronchery typedef void *(OSSL_FUNC_kdf_newctx_fn)(void *provctx);
62b077aed3SPierre Pronchery static ossl_inline OSSL_FUNC_kdf_newctx_fn
63b077aed3SPierre Pronchery     OSSL_FUNC_kdf_newctx(const OSSL_DISPATCH *opf);
64b077aed3SPierre Pronchery
65b077aed3SPierre ProncheryL<OSSL_DISPATCH(3)> array entries are identified by numbers that are provided as
66b077aed3SPierre Proncherymacros in L<openssl-core_dispatch.h(7)>, as follows:
67b077aed3SPierre Pronchery
68b077aed3SPierre Pronchery OSSL_FUNC_kdf_newctx               OSSL_FUNC_KDF_NEWCTX
69b077aed3SPierre Pronchery OSSL_FUNC_kdf_freectx              OSSL_FUNC_KDF_FREECTX
70b077aed3SPierre Pronchery OSSL_FUNC_kdf_dupctx               OSSL_FUNC_KDF_DUPCTX
71b077aed3SPierre Pronchery
72b077aed3SPierre Pronchery OSSL_FUNC_kdf_reset                OSSL_FUNC_KDF_RESET
73b077aed3SPierre Pronchery OSSL_FUNC_kdf_derive               OSSL_FUNC_KDF_DERIVE
74b077aed3SPierre Pronchery
75b077aed3SPierre Pronchery OSSL_FUNC_kdf_get_params           OSSL_FUNC_KDF_GET_PARAMS
76b077aed3SPierre Pronchery OSSL_FUNC_kdf_get_ctx_params       OSSL_FUNC_KDF_GET_CTX_PARAMS
77b077aed3SPierre Pronchery OSSL_FUNC_kdf_set_ctx_params       OSSL_FUNC_KDF_SET_CTX_PARAMS
78b077aed3SPierre Pronchery
79b077aed3SPierre Pronchery OSSL_FUNC_kdf_gettable_params      OSSL_FUNC_KDF_GETTABLE_PARAMS
80b077aed3SPierre Pronchery OSSL_FUNC_kdf_gettable_ctx_params  OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS
81b077aed3SPierre Pronchery OSSL_FUNC_kdf_settable_ctx_params  OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS
82b077aed3SPierre Pronchery
83b077aed3SPierre ProncheryA KDF algorithm implementation may not implement all of these functions.
84b077aed3SPierre ProncheryIn order to be a consistent set of functions, at least the following functions
85b077aed3SPierre Proncherymust be implemented: OSSL_FUNC_kdf_newctx(), OSSL_FUNC_kdf_freectx(),
86b077aed3SPierre ProncheryOSSL_FUNC_kdf_set_ctx_params(), OSSL_FUNC_kdf_derive().
87b077aed3SPierre ProncheryAll other functions are optional.
88b077aed3SPierre Pronchery
89b077aed3SPierre Pronchery=head2 Context Management Functions
90b077aed3SPierre Pronchery
91b077aed3SPierre ProncheryOSSL_FUNC_kdf_newctx() should create and return a pointer to a provider side
92b077aed3SPierre Proncherystructure for holding context information during a KDF operation.
93b077aed3SPierre ProncheryA pointer to this context will be passed back in a number of the other KDF
94b077aed3SPierre Proncheryoperation function calls.
95b077aed3SPierre ProncheryThe parameter I<provctx> is the provider context generated during provider
96b077aed3SPierre Proncheryinitialisation (see L<provider(7)>).
97b077aed3SPierre Pronchery
98b077aed3SPierre ProncheryOSSL_FUNC_kdf_freectx() is passed a pointer to the provider side KDF context in
99b077aed3SPierre Proncherythe I<kctx> parameter.
100b077aed3SPierre ProncheryIf it receives NULL as I<kctx> value, it should not do anything other than
101b077aed3SPierre Proncheryreturn.
102b077aed3SPierre ProncheryThis function should free any resources associated with that context.
103b077aed3SPierre Pronchery
104b077aed3SPierre ProncheryOSSL_FUNC_kdf_dupctx() should duplicate the provider side KDF context in the
105b077aed3SPierre ProncheryI<kctx> parameter and return the duplicate copy.
106b077aed3SPierre Pronchery
107b077aed3SPierre Pronchery=head2 Encryption/Decryption Functions
108b077aed3SPierre Pronchery
109b077aed3SPierre ProncheryOSSL_FUNC_kdf_reset() initialises a KDF operation given a provider
110b077aed3SPierre Proncheryside KDF context in the I<kctx> parameter.
111b077aed3SPierre Pronchery
112b077aed3SPierre ProncheryOSSL_FUNC_kdf_derive() performs the KDF operation after processing the
113b077aed3SPierre ProncheryI<params> as per OSSL_FUNC_kdf_set_ctx_params().
114b077aed3SPierre ProncheryThe I<kctx> parameter contains a pointer to the provider side context.
115b077aed3SPierre ProncheryThe resulting key of the desired I<keylen> should be written to I<key>.
116b077aed3SPierre ProncheryIf the algorithm does not support the requested I<keylen> the function must
117b077aed3SPierre Proncheryreturn error.
118b077aed3SPierre Pronchery
119b077aed3SPierre Pronchery=head2 KDF Parameters
120b077aed3SPierre Pronchery
121b077aed3SPierre ProncherySee L<OSSL_PARAM(3)> for further details on the parameters structure used by
122b077aed3SPierre Proncherythese functions.
123b077aed3SPierre Pronchery
124b077aed3SPierre ProncheryOSSL_FUNC_kdf_get_params() gets details of parameter values associated with the
125b077aed3SPierre Proncheryprovider algorithm and stores them in I<params>.
126b077aed3SPierre Pronchery
127b077aed3SPierre ProncheryOSSL_FUNC_kdf_set_ctx_params() sets KDF parameters associated with the given
128b077aed3SPierre Proncheryprovider side KDF context I<kctx> to I<params>.
129b077aed3SPierre ProncheryAny parameter settings are additional to any that were previously set.
130b077aed3SPierre ProncheryPassing NULL for I<params> should return true.
131b077aed3SPierre Pronchery
132b077aed3SPierre ProncheryOSSL_FUNC_kdf_get_ctx_params() retrieves gettable parameter values associated
133b077aed3SPierre Proncherywith the given provider side KDF context I<kctx> and stores them in I<params>.
134b077aed3SPierre ProncheryPassing NULL for I<params> should return true.
135b077aed3SPierre Pronchery
136b077aed3SPierre ProncheryOSSL_FUNC_kdf_gettable_params(), OSSL_FUNC_kdf_gettable_ctx_params(),
137b077aed3SPierre Proncheryand OSSL_FUNC_kdf_settable_ctx_params() all return constant L<OSSL_PARAM(3)>
138b077aed3SPierre Proncheryarrays as descriptors of the parameters that OSSL_FUNC_kdf_get_params(),
139b077aed3SPierre ProncheryOSSL_FUNC_kdf_get_ctx_params(), and OSSL_FUNC_kdf_set_ctx_params()
140b077aed3SPierre Proncherycan handle, respectively.  OSSL_FUNC_kdf_gettable_ctx_params() and
141b077aed3SPierre ProncheryOSSL_FUNC_kdf_settable_ctx_params() will return the parameters associated
142b077aed3SPierre Proncherywith the provider side context I<kctx> in its current state if it is
143b077aed3SPierre Proncherynot NULL.  Otherwise, they return the parameters associated with the
144b077aed3SPierre Proncheryprovider side algorithm I<provctx>.
145b077aed3SPierre Pronchery
146b077aed3SPierre Pronchery
147b077aed3SPierre ProncheryParameters currently recognised by built-in KDFs are as follows. Not all
148b077aed3SPierre Proncheryparameters are relevant to, or are understood by all KDFs:
149b077aed3SPierre Pronchery
150b077aed3SPierre Pronchery=over 4
151b077aed3SPierre Pronchery
152b077aed3SPierre Pronchery=item "size" (B<OSSL_KDF_PARAM_SIZE>) <unsigned integer>
153b077aed3SPierre Pronchery
154b077aed3SPierre ProncheryGets the output size from the associated KDF ctx.
155b077aed3SPierre ProncheryIf the algorithm produces a variable amount of output, SIZE_MAX should be
156b077aed3SPierre Proncheryreturned.
157b077aed3SPierre ProncheryIf the input parameters required to calculate the fixed output size have not yet
158b077aed3SPierre Proncherybeen supplied, 0 should be returned indicating an error.
159b077aed3SPierre Pronchery
160b077aed3SPierre Pronchery=item "key" (B<OSSL_KDF_PARAM_KEY>) <octet string>
161b077aed3SPierre Pronchery
162b077aed3SPierre ProncherySets the key in the associated KDF ctx.
163b077aed3SPierre Pronchery
164b077aed3SPierre Pronchery=item "secret" (B<OSSL_KDF_PARAM_SECRET>) <octet string>
165b077aed3SPierre Pronchery
166b077aed3SPierre ProncherySets the secret in the associated KDF ctx.
167b077aed3SPierre Pronchery
168b077aed3SPierre Pronchery=item "pass" (B<OSSL_KDF_PARAM_PASSWORD>) <octet string>
169b077aed3SPierre Pronchery
170b077aed3SPierre ProncherySets the password in the associated KDF ctx.
171b077aed3SPierre Pronchery
172b077aed3SPierre Pronchery=item "cipher" (B<OSSL_KDF_PARAM_CIPHER>) <UTF8 string>
173b077aed3SPierre Pronchery
174b077aed3SPierre Pronchery=item "digest" (B<OSSL_KDF_PARAM_DIGEST>) <UTF8 string>
175b077aed3SPierre Pronchery
176b077aed3SPierre Pronchery=item "mac" (B<OSSL_KDF_PARAM_MAC>) <UTF8 string>
177b077aed3SPierre Pronchery
178b077aed3SPierre ProncherySets the name of the underlying cipher, digest or MAC to be used.
179b077aed3SPierre ProncheryIt must name a suitable algorithm for the KDF that's being used.
180b077aed3SPierre Pronchery
181b077aed3SPierre Pronchery=item "maclen" (B<OSSL_KDF_PARAM_MAC_SIZE>) <octet string>
182b077aed3SPierre Pronchery
183b077aed3SPierre ProncherySets the length of the MAC in the associated KDF ctx.
184b077aed3SPierre Pronchery
185b077aed3SPierre Pronchery=item "properties" (B<OSSL_KDF_PARAM_PROPERTIES>) <UTF8 string>
186b077aed3SPierre Pronchery
187b077aed3SPierre ProncherySets the properties to be queried when trying to fetch the underlying algorithm.
188b077aed3SPierre ProncheryThis must be given together with the algorithm naming parameter to be
189b077aed3SPierre Proncheryconsidered valid.
190b077aed3SPierre Pronchery
191b077aed3SPierre Pronchery=item "iter" (B<OSSL_KDF_PARAM_ITER>) <unsigned integer>
192b077aed3SPierre Pronchery
193b077aed3SPierre ProncherySets the number of iterations in the associated KDF ctx.
194b077aed3SPierre Pronchery
195b077aed3SPierre Pronchery=item "mode" (B<OSSL_KDF_PARAM_MODE>) <UTF8 string>
196b077aed3SPierre Pronchery
197b077aed3SPierre ProncherySets the mode in the associated KDF ctx.
198b077aed3SPierre Pronchery
199b077aed3SPierre Pronchery=item "pkcs5" (B<OSSL_KDF_PARAM_PKCS5>) <integer>
200b077aed3SPierre Pronchery
201*aa795734SPierre ProncheryEnables or disables the SP800-132 compliance checks.
202b077aed3SPierre ProncheryA mode of 0 enables the compliance checks.
203b077aed3SPierre Pronchery
204b077aed3SPierre ProncheryThe checks performed are:
205b077aed3SPierre Pronchery
206b077aed3SPierre Pronchery=over 4
207b077aed3SPierre Pronchery
208b077aed3SPierre Pronchery=item - the iteration count is at least 1000.
209b077aed3SPierre Pronchery
210b077aed3SPierre Pronchery=item - the salt length is at least 128 bits.
211b077aed3SPierre Pronchery
212b077aed3SPierre Pronchery=item - the derived key length is at least 112 bits.
213b077aed3SPierre Pronchery
214b077aed3SPierre Pronchery=back
215b077aed3SPierre Pronchery
216b077aed3SPierre Pronchery=item "ukm" (B<OSSL_KDF_PARAM_UKM>) <octet string>
217b077aed3SPierre Pronchery
218b077aed3SPierre ProncherySets an optional random string that is provided by the sender called
219b077aed3SPierre Pronchery"partyAInfo".  In CMS this is the user keying material.
220b077aed3SPierre Pronchery
221b077aed3SPierre Pronchery
222b077aed3SPierre Pronchery=item "cekalg" (B<OSSL_KDF_PARAM_CEK_ALG>) <UTF8 string>
223b077aed3SPierre Pronchery
224b077aed3SPierre ProncherySets the CEK wrapping algorithm name in the associated KDF ctx.
225b077aed3SPierre Pronchery
226b077aed3SPierre Pronchery=item "n" (B<OSSL_KDF_PARAM_SCRYPT_N>) <unsigned integer>
227b077aed3SPierre Pronchery
228b077aed3SPierre ProncherySets the scrypt work factor parameter N in the associated KDF ctx.
229b077aed3SPierre Pronchery
230b077aed3SPierre Pronchery=item "r" (B<OSSL_KDF_PARAM_SCRYPT_R>) <unsigned integer>
231b077aed3SPierre Pronchery
232b077aed3SPierre ProncherySets the scrypt work factor parameter r in the associated KDF ctx.
233b077aed3SPierre Pronchery
234b077aed3SPierre Pronchery=item "p" (B<OSSL_KDF_PARAM_SCRYPT_P>) <unsigned integer>
235b077aed3SPierre Pronchery
236b077aed3SPierre ProncherySets the scrypt work factor parameter p in the associated KDF ctx.
237b077aed3SPierre Pronchery
238b077aed3SPierre Pronchery=item "maxmem_bytes" (B<OSSL_KDF_PARAM_SCRYPT_MAXMEM>) <unsigned integer>
239b077aed3SPierre Pronchery
240b077aed3SPierre ProncherySets the scrypt work factor parameter maxmem in the associated KDF ctx.
241b077aed3SPierre Pronchery
242b077aed3SPierre Pronchery=item "prefix" (B<OSSL_KDF_PARAM_PREFIX>) <octet string>
243b077aed3SPierre Pronchery
244b077aed3SPierre ProncherySets the prefix string using by the TLS 1.3 version of HKDF in the
245b077aed3SPierre Proncheryassociated KDF ctx.
246b077aed3SPierre Pronchery
247b077aed3SPierre Pronchery=item "label" (B<OSSL_KDF_PARAM_LABEL>) <octet string>
248b077aed3SPierre Pronchery
249b077aed3SPierre ProncherySets the label string using by the TLS 1.3 version of HKDF in the
250b077aed3SPierre Proncheryassociated KDF ctx.
251b077aed3SPierre Pronchery
252b077aed3SPierre Pronchery=item "data" (B<OSSL_KDF_PARAM_DATA>) <octet string>
253b077aed3SPierre Pronchery
254b077aed3SPierre ProncherySets the context string using by the TLS 1.3 version of HKDF in the
255b077aed3SPierre Proncheryassociated KDF ctx.
256b077aed3SPierre Pronchery
257b077aed3SPierre Pronchery=item "info" (B<OSSL_KDF_PARAM_INFO>) <octet string>
258b077aed3SPierre Pronchery
259b077aed3SPierre ProncherySets the optional shared info in the associated KDF ctx.
260b077aed3SPierre Pronchery
261b077aed3SPierre Pronchery=item "seed" (B<OSSL_KDF_PARAM_SEED>) <octet string>
262b077aed3SPierre Pronchery
263b077aed3SPierre ProncherySets the IV in the associated KDF ctx.
264b077aed3SPierre Pronchery
265b077aed3SPierre Pronchery=item "xcghash" (B<OSSL_KDF_PARAM_SSHKDF_XCGHASH>) <octet string>
266b077aed3SPierre Pronchery
267b077aed3SPierre ProncherySets the xcghash in the associated KDF ctx.
268b077aed3SPierre Pronchery
269b077aed3SPierre Pronchery=item "session_id" (B<OSSL_KDF_PARAM_SSHKDF_SESSION_ID>) <octet string>
270b077aed3SPierre Pronchery
271b077aed3SPierre ProncherySets the session ID in the associated KDF ctx.
272b077aed3SPierre Pronchery
273b077aed3SPierre Pronchery=item "type" (B<OSSL_KDF_PARAM_SSHKDF_TYPE>) <UTF8 string>
274b077aed3SPierre Pronchery
275b077aed3SPierre ProncherySets the SSH KDF type parameter in the associated KDF ctx.
276b077aed3SPierre ProncheryThere are six supported types:
277b077aed3SPierre Pronchery
278b077aed3SPierre Pronchery=over 4
279b077aed3SPierre Pronchery
280b077aed3SPierre Pronchery=item EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV
281b077aed3SPierre Pronchery
282b077aed3SPierre ProncheryThe Initial IV from client to server.
283b077aed3SPierre ProncheryA single char of value 65 (ASCII char 'A').
284b077aed3SPierre Pronchery
285b077aed3SPierre Pronchery=item EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI
286b077aed3SPierre Pronchery
287b077aed3SPierre ProncheryThe Initial IV from server to client
288b077aed3SPierre ProncheryA single char of value 66 (ASCII char 'B').
289b077aed3SPierre Pronchery
290b077aed3SPierre Pronchery=item EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV
291b077aed3SPierre Pronchery
292b077aed3SPierre ProncheryThe Encryption Key from client to server
293b077aed3SPierre ProncheryA single char of value 67 (ASCII char 'C').
294b077aed3SPierre Pronchery
295b077aed3SPierre Pronchery=item EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI
296b077aed3SPierre Pronchery
297b077aed3SPierre ProncheryThe Encryption Key from server to client
298b077aed3SPierre ProncheryA single char of value 68 (ASCII char 'D').
299b077aed3SPierre Pronchery
300b077aed3SPierre Pronchery=item EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV
301b077aed3SPierre Pronchery
302b077aed3SPierre ProncheryThe Integrity Key from client to server
303b077aed3SPierre ProncheryA single char of value 69 (ASCII char 'E').
304b077aed3SPierre Pronchery
305b077aed3SPierre Pronchery=item EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI
306b077aed3SPierre Pronchery
307b077aed3SPierre ProncheryThe Integrity Key from client to server
308b077aed3SPierre ProncheryA single char of value 70 (ASCII char 'F').
309b077aed3SPierre Pronchery
310b077aed3SPierre Pronchery=back
311b077aed3SPierre Pronchery
312b077aed3SPierre Pronchery=item "constant" (B<OSSL_KDF_PARAM_CONSTANT>) <octet string>
313b077aed3SPierre Pronchery
314b077aed3SPierre ProncherySets the constant value in the associated KDF ctx.
315b077aed3SPierre Pronchery
316b077aed3SPierre Pronchery=item "id" (B<OSSL_KDF_PARAM_PKCS12_ID>) <integer>
317b077aed3SPierre Pronchery
318b077aed3SPierre ProncherySets the intended usage of the output bits in the associated KDF ctx.
319b077aed3SPierre ProncheryIt is defined as per RFC 7292 section B.3.
320b077aed3SPierre Pronchery
321b077aed3SPierre Pronchery=back
322b077aed3SPierre Pronchery
323b077aed3SPierre Pronchery=head1 RETURN VALUES
324b077aed3SPierre Pronchery
325b077aed3SPierre ProncheryOSSL_FUNC_kdf_newctx() and OSSL_FUNC_kdf_dupctx() should return the newly created
326b077aed3SPierre Proncheryprovider side KDF context, or NULL on failure.
327b077aed3SPierre Pronchery
328b077aed3SPierre ProncheryOSSL_FUNC_kdf_derive(), OSSL_FUNC_kdf_get_params(),
329b077aed3SPierre ProncheryOSSL_FUNC_kdf_get_ctx_params() and OSSL_FUNC_kdf_set_ctx_params() should return 1 for
330b077aed3SPierre Proncherysuccess or 0 on error.
331b077aed3SPierre Pronchery
332b077aed3SPierre ProncheryOSSL_FUNC_kdf_gettable_params(), OSSL_FUNC_kdf_gettable_ctx_params() and
333b077aed3SPierre ProncheryOSSL_FUNC_kdf_settable_ctx_params() should return a constant L<OSSL_PARAM(3)>
334b077aed3SPierre Proncheryarray, or NULL if none is offered.
335b077aed3SPierre Pronchery
336b077aed3SPierre Pronchery=head1 NOTES
337b077aed3SPierre Pronchery
338b077aed3SPierre ProncheryThe KDF life-cycle is described in L<life_cycle-kdf(7)>.  Providers should
339b077aed3SPierre Proncheryensure that the various transitions listed there are supported.  At some point
340b077aed3SPierre Proncherythe EVP layer will begin enforcing the listed transitions.
341b077aed3SPierre Pronchery
342b077aed3SPierre Pronchery=head1 SEE ALSO
343b077aed3SPierre Pronchery
344b077aed3SPierre ProncheryL<provider(7)>, L<life_cycle-kdf(7)>, L<EVP_KDF(3)>.
345b077aed3SPierre Pronchery
346b077aed3SPierre Pronchery=head1 HISTORY
347b077aed3SPierre Pronchery
348b077aed3SPierre ProncheryThe provider KDF interface was introduced in OpenSSL 3.0.
349b077aed3SPierre Pronchery
350b077aed3SPierre Pronchery=head1 COPYRIGHT
351b077aed3SPierre Pronchery
352*aa795734SPierre ProncheryCopyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
353b077aed3SPierre Pronchery
354b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License").  You may not use
355b077aed3SPierre Proncherythis file except in compliance with the License.  You can obtain a copy
356b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at
357b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>.
358b077aed3SPierre Pronchery
359b077aed3SPierre Pronchery=cut
360