5 EVP_KDF_X942 - The X9.42-2001 asn1 EVP_KDF implementation
9 The EVP_KDF_X942 algorithm implements the key derivation function (X942KDF).
10 X942KDF is used by Cryptographic Message Syntax (CMS) for DH KeyAgreement, to
11 derive a key using input such as a shared secret key and other info. The other
12 info is DER encoded data that contains a 32 bit counter.
14 =head2 Numeric identity
16 B<EVP_KDF_X942> is the numeric identity for this implementation; it
17 can be used with the EVP_KDF_CTX_new_id() function.
19 =head2 Supported controls
21 The supported controls are:
25 =item B<EVP_KDF_CTRL_SET_MD>
27 This control works as described in L<EVP_KDF_CTX(3)/CONTROLS>.
29 =item B<EVP_KDF_CTRL_SET_KEY>
31 This control expects two arguments: C<unsigned char *secret>, C<size_t secretlen>
33 The shared secret used for key derivation. This control sets the secret.
35 EVP_KDF_ctrl_str() takes two type strings for this control:
41 The value string is used as is.
45 The value string is expected to be a hexadecimal number, which will be
46 decoded before being passed on as the control value.
50 =item B<EVP_KDF_CTRL_SET_UKM>
52 This control expects two arguments: C<unsigned char *ukm>, C<size_t ukmlen>
54 An optional random string that is provided by the sender called "partyAInfo".
55 In CMS this is the user keying material.
57 EVP_KDF_ctrl_str() takes two type strings for this control:
63 The value string is used as is.
67 The value string is expected to be a hexadecimal number, which will be
68 decoded before being passed on as the control value.
72 =item B<EVP_KDF_CTRL_SET_CEK_ALG>
74 This control expects one argument: C<char *alg>
76 The CEK wrapping algorithm name.
78 EVP_KDF_ctrl_str() type string: "cekalg"
80 The value string is used as is.
86 A context for X942KDF can be obtained by calling:
88 EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_KDF_X942);
90 The output length of an X942KDF is specified via the C<keylen>
91 parameter to the L<EVP_KDF_derive(3)> function.
95 This example derives 24 bytes, with the secret key "secret" and a random user
99 unsigned char out[192/8];
100 unsignred char ukm[64];
102 if (RAND_bytes(ukm, sizeof(ukm)) <= 0)
105 kctx = EVP_KDF_CTX_new_id(EVP_KDF_X942);
107 error("EVP_KDF_CTX_new_id");
109 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0)
110 error("EVP_KDF_CTRL_SET_MD");
111 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret", (size_t)6) <= 0)
112 error("EVP_KDF_CTRL_SET_KEY");
113 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_UKM, ukm, sizeof(ukm)) <= 0)
114 error("EVP_KDF_CTRL_SET_UKM");
115 if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_CEK_ALG,
116 SN_id_smime_alg_CMS3DESwrap) <= 0)
117 error("EVP_KDF_CTRL_SET_CEK_ALG");
118 if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0)
119 error("EVP_KDF_derive");
121 EVP_KDF_CTX_free(kctx);
130 L<EVP_KDF_CTX_new_id(3)>,
131 L<EVP_KDF_CTX_free(3)>,
134 L<EVP_KDF_derive(3)>,
135 L<EVP_KDF_CTX(3)/CONTROLS>
139 This functionality was added to OpenSSL 3.0.
143 Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
145 Licensed under the Apache License 2.0 (the "License"). You may not use
146 this file except in compliance with the License. You can obtain a copy
147 in the file LICENSE in the source distribution or at
148 L<https://www.openssl.org/source/license.html>.