1EVP_KDF-X942-ASN1(7ossl)            OpenSSL           EVP_KDF-X942-ASN1(7ossl)
2
3
4

NAME

6       EVP_KDF-X942-ASN1 - The X9.42-2003 asn1 EVP_KDF implementation
7

DESCRIPTION

9       The EVP_KDF-X942-ASN1 algorithm implements the key derivation function
10       X942KDF-ASN1. It is used by DH KeyAgreement, to derive a key using
11       input such as a shared secret key and other info. The other info is DER
12       encoded data that contains a 32 bit counter as well as optional fields
13       for "partyu-info", "partyv-info", "supp-pubinfo" and "supp-privinfo".
14       This kdf is used by Cryptographic Message Syntax (CMS).
15
16   Identity
17       "X942KDF-ASN1" or "X942KDF" is the name for this implementation; it can
18       be used with the EVP_KDF_fetch() function.
19
20   Supported parameters
21       The supported parameters are:
22
23       "properties" (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>
24       "digest" (OSSL_KDF_PARAM_DIGEST) <UTF8 string>
25           These parameters work as described in "PARAMETERS" in EVP_KDF(3).
26
27       "key" (OSSL_KDF_PARAM_KEY) <octet string>
28           The shared secret used for key derivation.  This parameter sets the
29           secret.
30
31       "acvp-info" (OSSL_KDF_PARAM_X942_ACVPINFO) <octet string>
32           This value should not be used in production and should only be used
33           for ACVP testing. It is an optional octet string containing a
34           combined DER encoded blob of any of the optional fields related to
35           "partyu-info", "partyv-info", "supp-pubinfo" and "supp-privinfo".
36           If it is specified then none of these other fields should be used.
37
38       "partyu-info" (OSSL_KDF_PARAM_X942_PARTYUINFO) <octet string>
39           An optional octet string containing public info contributed by the
40           initiator.
41
42       "ukm" (OSSL_KDF_PARAM_UKM) <octet string>
43           An alias for "partyu-info".  In CMS this is the user keying
44           material.
45
46       "partyv-info" (OSSL_KDF_PARAM_X942_PARTYVINFO) <octet string>
47           An optional octet string containing public info contributed by the
48           responder.
49
50       "supp-pubinfo" (OSSL_KDF_PARAM_X942_SUPP_PUBINFO) <octet string>
51           An optional octet string containing some additional, mutually-known
52           public information. Setting this value also sets "use-keybits" to
53           0.
54
55       "use-keybits" (OSSL_KDF_PARAM_X942_SUPP_PRIVINFO) <integer>
56           The default value of 1 will use the KEK key length (in bits) as the
57           "supp-pubinfo". A value of 0 disables setting the "supp-pubinfo".
58
59       "supp-privinfo" (OSSL_KDF_PARAM_X942_SUPP_PRIVINFO) <octet string>
60           An optional octet string containing some additional, mutually-known
61           private information.
62
63       "cekalg" (OSSL_KDF_PARAM_CEK_ALG) <UTF8 string>
64           This parameter sets the CEK wrapping algorithm name.  Valid values
65           are "AES-128-WRAP", "AES-192-WRAP", "AES-256-WRAP" and "DES3-WRAP".
66

NOTES

68       A context for X942KDF can be obtained by calling:
69
70        EVP_KDF *kdf = EVP_KDF_fetch(NULL, "X942KDF", NULL);
71        EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
72
73       The output length of an X942KDF is specified via the keylen parameter
74       to the EVP_KDF_derive(3) function.
75

EXAMPLES

77       This example derives 24 bytes, with the secret key "secret" and random
78       user keying material:
79
80         EVP_KDF_CTX *kctx;
81         EVP_KDF_CTX *kctx;
82         unsigned char out[192/8];
83         unsignred char ukm[64];
84         OSSL_PARAM params[5], *p = params;
85
86         if (RAND_bytes(ukm, sizeof(ukm)) <= 0)
87             error("RAND_bytes");
88
89         kdf = EVP_KDF_fetch(NULL, "X942KDF", NULL);
90         if (kctx == NULL)
91             error("EVP_KDF_fetch");
92         kctx = EVP_KDF_CTX_new(kdf);
93         EVP_KDF_free(kdf);
94         if (kctx == NULL)
95             error("EVP_KDF_CTX_new");
96
97         *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, "SHA256", 0);
98         *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
99                                                  "secret", (size_t)6);
100         *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_UKM, ukm, sizeof(ukm));
101         *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG, "AES-256-WRAP, 0);
102         *p = OSSL_PARAM_construct_end();
103         if (EVP_KDF_derive(kctx, out, sizeof(out), params) <= 0)
104             error("EVP_KDF_derive");
105
106         EVP_KDF_CTX_free(kctx);
107

CONFORMING TO

109       ANS1 X9.42-2003 RFC 2631
110

SEE ALSO

112       EVP_KDF(3), EVP_KDF_CTX_new(3), EVP_KDF_CTX_free(3),
113       EVP_KDF_CTX_set_params(3), EVP_KDF_CTX_get_kdf_size(3),
114       EVP_KDF_derive(3), "PARAMETERS" in EVP_KDF(3)
115

HISTORY

117       This functionality was added to OpenSSL 3.0.
118

COPYRIGHT

120       Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
121
122       Licensed under the Apache License 2.0 (the "License").  You may not use
123       this file except in compliance with the License.  You can obtain a copy
124       in the file LICENSE in the source distribution or at
125       <https://www.openssl.org/source/license.html>.
126
127
128
1293.0.5                             2022-07-05          EVP_KDF-X942-ASN1(7ossl)