=pod

=head1 NAME

EVP_KDF_X942 - The X9.42-2001 asn1 EVP_KDF implementation

=head1 DESCRIPTION

The EVP_KDF_X942 algorithm implements the key derivation function (X942KDF).
X942KDF is used by Cryptographic Message Syntax (CMS) for DH KeyAgreement, to
derive a key using input such as a shared secret key and other info. The other
info is DER encoded data that contains a 32 bit counter.

=head2 Numeric identity

B<EVP_KDF_X942> is the numeric identity for this implementation; it
can be used with the EVP_KDF_CTX_new_id() function.

=head2 Supported controls

The supported controls are:

=over 4

=item B<EVP_KDF_CTRL_SET_MD>

This control works as described in L<EVP_KDF_CTX(3)/CONTROLS>.

=item B<EVP_KDF_CTRL_SET_KEY>

This control expects two arguments: C<unsigned char *secret>, C<size_t secretlen>

The shared secret used for key derivation.  This control sets the secret.

EVP_KDF_ctrl_str() takes two type strings for this control:

=over 4

=item "secret"

The value string is used as is.

=item "hexsecret"

The value string is expected to be a hexadecimal number, which will be
decoded before being passed on as the control value.

=back

=item B<EVP_KDF_CTRL_SET_UKM>

This control expects two arguments: C<unsigned char *ukm>, C<size_t ukmlen>

An optional random string that is provided by the sender called "partyAInfo".
In CMS this is the user keying material.

EVP_KDF_ctrl_str() takes two type strings for this control:

=over 4

=item "ukm"

The value string is used as is.

=item "hexukm"

The value string is expected to be a hexadecimal number, which will be
decoded before being passed on as the control value.

=back

=item B<EVP_KDF_CTRL_SET_CEK_ALG>

This control expects one argument: C<char *alg>

The CEK wrapping algorithm name. 

EVP_KDF_ctrl_str() type string: "cekalg"

The value string is used as is.

=back

=head1 NOTES

A context for X942KDF can be obtained by calling:

EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_KDF_X942);

The output length of an X942KDF is specified via the C<keylen>
parameter to the L<EVP_KDF_derive(3)> function.

=head1 EXAMPLE

This example derives 24 bytes, with the secret key "secret" and a random user
keying material:

  EVP_KDF_CTX *kctx;
  unsigned char out[192/8];
  unsignred char ukm[64];

  if (RAND_bytes(ukm, sizeof(ukm)) <= 0)
      error("RAND_bytes");

  kctx = EVP_KDF_CTX_new_id(EVP_KDF_X942);
  if (kctx == NULL)
      error("EVP_KDF_CTX_new_id");

  if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_MD, EVP_sha256()) <= 0)
      error("EVP_KDF_CTRL_SET_MD");
  if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_KEY, "secret", (size_t)6) <= 0)
      error("EVP_KDF_CTRL_SET_KEY");
  if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_UKM, ukm, sizeof(ukm)) <= 0)
      error("EVP_KDF_CTRL_SET_UKM");
  if (EVP_KDF_ctrl(kctx, EVP_KDF_CTRL_SET_CEK_ALG,
                   SN_id_smime_alg_CMS3DESwrap) <= 0)
      error("EVP_KDF_CTRL_SET_CEK_ALG");
  if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0)
      error("EVP_KDF_derive");

  EVP_KDF_CTX_free(kctx);

=head1 CONFORMING TO

RFC 2631

=head1 SEE ALSO

L<EVP_KDF_CTX>,
L<EVP_KDF_CTX_new_id(3)>,
L<EVP_KDF_CTX_free(3)>,
L<EVP_KDF_ctrl(3)>,
L<EVP_KDF_size(3)>,
L<EVP_KDF_derive(3)>,
L<EVP_KDF_CTX(3)/CONTROLS>

=head1 HISTORY

This functionality was added to OpenSSL 3.0.

=head1 COPYRIGHT

Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the "License").  You may not use
this file except in compliance with the License.  You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.

=cut