5 EVP_KDF-KB - The Key-Based EVP_KDF implementation
9 The EVP_KDF-KB algorithm implements the Key-Based key derivation function
10 (KBKDF). KBKDF derives a key from repeated application of a keyed MAC to an
11 input secret (and other optional values).
15 "KBKDF" is the name for this implementation; it can be used with the
16 EVP_KDF_fetch() function.
18 =head2 Supported parameters
20 The supported parameters are:
24 =item "properties" (B<OSSL_KDF_PARAM_PROPERTIES>) <UTF8 string>
26 =item "mode" (B<OSSL_KDF_PARAM_MODE>) <UTF8 string>
28 =item "mac" (B<OSSL_KDF_PARAM_MAC>) <UTF8 string>
30 =item "digest" (B<OSSL_KDF_PARAM_DIGEST>) <UTF8 string>
32 =item "cipher" (B<OSSL_KDF_PARAM_DIGEST>) <UTF8 string>
34 =item "key" (B<OSSL_KDF_PARAM_KEY>) <octet string>
36 =item "salt" (B<OSSL_KDF_PARAM_SALT>) <octet string>
38 =item "info (B<OSSL_KDF_PARAM_INFO>) <octet string>
40 =item "seed" (B<OSSL_KDF_PARAM_SEED>) <octet string>
44 The mode parameter determines which flavor of KBKDF to use - currently the
45 choices are "counter" and "feedback". Counter is the default, and will be
46 used if unspecified. The seed parameter is unused in counter mode.
48 The parameters key, salt, info, and seed correspond to KI, Label, Context, and
49 IV (respectively) in SP800-108. As in that document, salt, info, and seed are
50 optional and may be omitted.
52 Depending on whether mac is CMAC or HMAC, either digest or cipher is required
53 (respectively) and the other is unused.
57 A context for KBKDF can be obtained by calling:
59 EVP_KDF *kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL);
60 EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
62 The output length of an KBKDF is specified via the C<keylen>
63 parameter to the L<EVP_KDF_derive(3)> function.
65 Note that currently OpenSSL only implements counter and feedback modes. Other
66 variants may be supported in the future.
70 This example derives 10 bytes using COUNTER-HMAC-SHA256, with KI "secret",
71 Label "label", and Context "context".
75 unsigned char out[10];
76 OSSL_PARAM params[6], *p = params;
78 kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL);
79 kctx = EVP_KDF_CTX_new(kdf);
82 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
84 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC,
86 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
87 "secret", strlen("secret"))
88 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
89 "label", strlen("label"));
90 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
91 "context", strlen("context"));
92 *p = OSSL_PARAM_construct_end();
93 if (EVP_KDF_CTX_set_params(kctx, params) <= 0)
94 error("EVP_KDF_CTX_set_params");
95 else if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0)
96 error("EVP_KDF_derive");
98 EVP_KDF_CTX_free(kctx);
100 This example derives 10 bytes using FEEDBACK-CMAC-AES256, with KI "secret",
101 Label "label", and IV "sixteen bytes iv".
105 unsigned char out[10];
106 OSSL_PARAM params[8], *p = params;
107 unsigned char *iv = "sixteen bytes iv";
109 kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL);
110 kctx = EVP_KDF_CTX_new(kdf);
113 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, "AES256", 0);
114 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, "CMAC", 0);
115 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MODE, "FEEDBACK", 0);
116 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
117 "secret", strlen("secret"));
118 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT,
119 "label", strlen("label"));
120 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
121 "context", strlen("context"));
122 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SEED,
124 *p = OSSL_PARAM_construct_end();
125 if (EVP_KDF_CTX_set_params(kctx, params) <= 0)
126 error("EVP_KDF_CTX_set_params");
127 else if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0)
128 error("EVP_KDF_derive");
130 EVP_KDF_CTX_free(kctx);
134 NIST SP800-108, IETF RFC 6803, IETF RFC 8009.
139 L<EVP_KDF_CTX_free(3)>,
141 L<EVP_KDF_derive(3)>,
142 L<EVP_KDF(3)/PARAMETERS>
146 This functionality was added to OpenSSL 3.0.
150 Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
151 Copyright 2019 Red Hat, Inc.
153 Licensed under the Apache License 2.0 (the "License"). You may not use
154 this file except in compliance with the License. You can obtain a copy
155 in the file LICENSE in the source distribution or at
156 L<https://www.openssl.org/source/license.html>.