1EVP_KDF-SS(7ossl) OpenSSL EVP_KDF-SS(7ossl)
2
6 EVP_KDF-SS - The Single Step / One Step EVP_KDF implementation
7
9 The EVP_KDF-SS algorithm implements the Single Step key derivation
10 function (SSKDF). SSKDF derives a key using input such as a shared
11 secret key (that was generated during the execution of a key
12 establishment scheme) and fixedinfo. SSKDF is also informally referred
13 to as 'Concat KDF'.
14 Auxiliary function
16 The implementation uses a selectable auxiliary function H, which can be
17 one of:
18 H(x) = hash(x, digest=md)
20 H(x) = HMAC_hash(x, key=salt, digest=md)
21 H(x) = KMACxxx(x, key=salt, custom="KDF", outlen=mac_size)
22 Both the HMAC and KMAC implementations set the key using the 'salt'
24 value. The hash and HMAC also require the digest to be set.
25 Identity
27 "SSKDF" is the name for this implementation; it can be used with the
28 EVP_KDF_fetch() function.
29 Supported parameters
31 The supported parameters are:
32 "properties" (OSSL_KDF_PARAM_PROPERTIES) <UTF8 string>
34 "digest" (OSSL_KDF_PARAM_DIGEST) <UTF8 string>
35 This parameter is ignored for KMAC.
36 "mac" (OSSL_KDF_PARAM_MAC) <UTF8 string>
38 "maclen" (OSSL_KDF_PARAM_MAC_SIZE) <unsigned integer>
39 "salt" (OSSL_KDF_PARAM_SALT) <octet string>
40 These parameters work as described in "PARAMETERS" in EVP_KDF(3).
41 "key" (EVP_KDF_CTRL_SET_KEY) <octet string>
43 This parameter set the shared secret that is used for key
44 derivation.
45 "info" (OSSL_KDF_PARAM_INFO) <octet string>
47 This parameter sets an optional value for fixedinfo, also known as
48 otherinfo.
49
51 A context for SSKDF can be obtained by calling:
52 EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL);
54 EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
55 The output length of an SSKDF is specified via the keylen parameter to
57 the EVP_KDF_derive(3) function.
58
60 This example derives 10 bytes using H(x) = SHA-256, with the secret key
61 "secret" and fixedinfo value "label":
62 EVP_KDF *kdf;
64 EVP_KDF_CTX *kctx;
65 unsigned char out[10];
66 OSSL_PARAM params[4], *p = params;
67 kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL);
69 kctx = EVP_KDF_CTX_new(kdf);
70 EVP_KDF_free(kdf);
71 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
73 SN_sha256, strlen(SN_sha256));
74 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
75 "secret", (size_t)6);
76 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
77 "label", (size_t)5);
78 *p = OSSL_PARAM_construct_end();
79 if (EVP_KDF_derive(kctx, out, sizeof(out), params) <= 0) {
80 error("EVP_KDF_derive");
81 }
82 EVP_KDF_CTX_free(kctx);
84 This example derives 10 bytes using H(x) = HMAC(SHA-256), with the
86 secret key "secret", fixedinfo value "label" and salt "salt":
87 EVP_KDF *kdf;
89 EVP_KDF_CTX *kctx;
90 unsigned char out[10];
91 OSSL_PARAM params[6], *p = params;
92 kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL);
94 kctx = EVP_KDF_CTX_new(kdf);
95 EVP_KDF_free(kdf);
96 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
98 SN_hmac, strlen(SN_hmac));
99 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
100 SN_sha256, strlen(SN_sha256));
101 *p++ = OSSL_PARAM_construct_octet_string(EVP_KDF_CTRL_SET_KEY,
102 "secret", (size_t)6);
103 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
104 "label", (size_t)5);
105 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
106 "salt", (size_t)4);
107 *p = OSSL_PARAM_construct_end();
108 if (EVP_KDF_derive(kctx, out, sizeof(out), params) <= 0) {
109 error("EVP_KDF_derive");
110 }
111 EVP_KDF_CTX_free(kctx);
113 This example derives 10 bytes using H(x) = KMAC128(x,salt,outlen), with
115 the secret key "secret" fixedinfo value "label", salt of "salt" and
116 KMAC outlen of 20:
117 EVP_KDF *kdf;
119 EVP_KDF_CTX *kctx;
120 unsigned char out[10];
121 OSSL_PARAM params[6], *p = params;
122 kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL);
124 kctx = EVP_KDF_CTX_new(kdf);
125 EVP_KDF_free(kdf);
126 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
128 SN_kmac128, strlen(SN_kmac128));
129 *p++ = OSSL_PARAM_construct_octet_string(EVP_KDF_CTRL_SET_KEY,
130 "secret", (size_t)6);
131 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
132 "label", (size_t)5);
133 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
134 "salt", (size_t)4);
135 *p++ = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_MAC_SIZE, (size_t)20);
136 *p = OSSL_PARAM_construct_end();
137 if (EVP_KDF_derive(kctx, out, sizeof(out), params) <= 0) {
138 error("EVP_KDF_derive");
139 }
140 EVP_KDF_CTX_free(kctx);
142
144 NIST SP800-56Cr1.
145
147 EVP_KDF(3), EVP_KDF_CTX_new(3), EVP_KDF_CTX_free(3),
148 EVP_KDF_CTX_set_params(3), EVP_KDF_CTX_get_kdf_size(3),
149 EVP_KDF_derive(3), "PARAMETERS" in EVP_KDF(3)
150
152 This functionality was added in OpenSSL 3.0.
153
155 Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
156 Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
157 Licensed under the Apache License 2.0 (the "License"). You may not use
159 this file except in compliance with the License. You can obtain a copy
160 in the file LICENSE in the source distribution or at
161 <https://www.openssl.org/source/license.html>.
1623.0.9 2023-07-27 EVP_KDF-SS(7ossl)