1EVP_KDF-SS(7ossl) OpenSSL EVP_KDF-SS(7ossl)
2
6 EVP_KDF-SS - The Single Step / One Step EVP_KDF implementation
7
9 The EVP_KDF-SS algorithm implements the Single Step key derivation
10 function (SSKDF). SSKDF derives a key using input such as a shared
11 secret key (that was generated during the execution of a key
12 establishment scheme) and fixedinfo. SSKDF is also informally referred
13 to as 'Concat KDF'.
14 Auxiliary function
16 The implementation uses a selectable auxiliary function H, which can be
17 one of:
18 H(x) = hash(x, digest=md)
20 H(x) = HMAC_hash(x, key=salt, digest=md)
21 H(x) = KMACxxx(x, key=salt, custom="KDF", outlen=mac_size)
22 Both the HMAC and KMAC implementations set the key using the 'salt'
24 value. The hash and HMAC also require the digest to be set.
25 Identity
27 "SSKDF" is the name for this implementation; it can be used with the
28 EVP_KDF_fetch() function.
29 Supported parameters
31 The supported parameters are:
32 "properties" (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>
34 "digest" (OSSL_KDF_PARAM_DIGEST) <UTF8 string>
35 "mac" (OSSL_KDF_PARAM_MAC) <UTF8 string>
36 "maclen" (OSSL_KDF_PARAM_MAC_SIZE) <unsigned integer>
37 "salt" (OSSL_KDF_PARAM_SALT) <octet string>
38 These parameters work as described in "PARAMETERS" in EVP_KDF(3).
39 "key" (EVP_KDF_CTRL_SET_KEY) <octet string>
41 This parameter set the shared secret that is used for key
42 derivation.
43 "info" (OSSL_KDF_PARAM_INFO) <octet string>
45 This parameter sets an optional value for fixedinfo, also known as
46 otherinfo.
47
49 A context for SSKDF can be obtained by calling:
50 EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL);
52 EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
53 The output length of an SSKDF is specified via the keylen parameter to
55 the EVP_KDF_derive(3) function.
56
58 This example derives 10 bytes using H(x) = SHA-256, with the secret key
59 "secret" and fixedinfo value "label":
60 EVP_KDF *kdf;
62 EVP_KDF_CTX *kctx;
63 unsigned char out[10];
64 OSSL_PARAM params[4], *p = params;
65 kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL);
67 kctx = EVP_KDF_CTX_new(kdf);
68 EVP_KDF_free(kdf);
69 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
71 SN_sha256, strlen(SN_sha256));
72 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
73 "secret", (size_t)6);
74 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
75 "label", (size_t)5);
76 *p = OSSL_PARAM_construct_end();
77 if (EVP_KDF_derive(kctx, out, sizeof(out), params) <= 0) {
78 error("EVP_KDF_derive");
79 }
80 EVP_KDF_CTX_free(kctx);
82 This example derives 10 bytes using H(x) = HMAC(SHA-256), with the
84 secret key "secret", fixedinfo value "label" and salt "salt":
85 EVP_KDF *kdf;
87 EVP_KDF_CTX *kctx;
88 unsigned char out[10];
89 OSSL_PARAM params[6], *p = params;
90 kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL);
92 kctx = EVP_KDF_CTX_new(kdf);
93 EVP_KDF_free(kdf);
94 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
96 SN_hmac, strlen(SN_hmac));
97 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
98 SN_sha256, strlen(SN_sha256));
99 *p++ = OSSL_PARAM_construct_octet_string(EVP_KDF_CTRL_SET_KEY,
100 "secret", (size_t)6);
101 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
102 "label", (size_t)5);
103 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
104 "salt", (size_t)4);
105 *p = OSSL_PARAM_construct_end();
106 if (EVP_KDF_derive(kctx, out, sizeof(out), params) <= 0) {
107 error("EVP_KDF_derive");
108 }
109 EVP_KDF_CTX_free(kctx);
111 This example derives 10 bytes using H(x) = KMAC128(x,salt,outlen), with
113 the secret key "secret" fixedinfo value "label", salt of "salt" and
114 KMAC outlen of 20:
115 EVP_KDF *kdf;
117 EVP_KDF_CTX *kctx;
118 unsigned char out[10];
119 OSSL_PARAM params[7], *p = params;
120 kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL);
122 kctx = EVP_KDF_CTX_new(kdf);
123 EVP_KDF_free(kdf);
124 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
126 SN_kmac128, strlen(SN_kmac128));
127 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
128 SN_sha256, strlen(SN_sha256));
129 *p++ = OSSL_PARAM_construct_octet_string(EVP_KDF_CTRL_SET_KEY,
130 "secret", (size_t)6);
131 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
132 "label", (size_t)5);
133 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
134 "salt", (size_t)4);
135 *p++ = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_MAC_SIZE, (size_t)20);
136 *p = OSSL_PARAM_construct_end();
137 if (EVP_KDF_derive(kctx, out, sizeof(out), params) <= 0) {
138 error("EVP_KDF_derive");
139 }
140 EVP_KDF_CTX_free(kctx);
142
144 NIST SP800-56Cr1.
145
147 EVP_KDF(3), EVP_KDF_CTX_new(3), EVP_KDF_CTX_free(3),
148 EVP_KDF_CTX_set_params(3), EVP_KDF_CTX_get_kdf_size(3),
149 EVP_KDF_derive(3), "PARAMETERS" in EVP_KDF(3)
150
152 This functionality was added to OpenSSL 3.0.
153
155 Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
156 Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
157 Licensed under the Apache License 2.0 (the "License"). You may not use
159 this file except in compliance with the License. You can obtain a copy
160 in the file LICENSE in the source distribution or at
161 <https://www.openssl.org/source/license.html>.
1623.0.5 2022-07-05 EVP_KDF-SS(7ossl)