xref: /openssl/doc/man7/provider-kdf.pod (revision 13b47155) 
1=pod
2
3=head1 NAME
4
5provider-kdf - The KDF library E<lt>-E<gt> provider functions
6
7=head1 SYNOPSIS
8
9=for openssl multiple includes
10
11 #include <openssl/core_dispatch.h>
12 #include <openssl/core_names.h>
13
14 /*
15  * None of these are actual functions, but are displayed like this for
16  * the function signatures for functions that are offered as function
17  * pointers in OSSL_DISPATCH arrays.
18  */
19
20 /* Context management */
21 void *OSSL_FUNC_kdf_newctx(void *provctx);
22 void OSSL_FUNC_kdf_freectx(void *kctx);
23 void *OSSL_FUNC_kdf_dupctx(void *src);
24
25 /* Encryption/decryption */
26 int OSSL_FUNC_kdf_reset(void *kctx);
27 int OSSL_FUNC_kdf_derive(void *kctx, unsigned char *key, size_t keylen,
28                          const OSSL_PARAM params[]);
29
30 /* KDF parameter descriptors */
31 const OSSL_PARAM *OSSL_FUNC_kdf_gettable_params(void *provctx);
32 const OSSL_PARAM *OSSL_FUNC_kdf_gettable_ctx_params(void *kcxt, void *provctx);
33 const OSSL_PARAM *OSSL_FUNC_kdf_settable_ctx_params(void *kcxt, void *provctx);
34
35 /* KDF parameters */
36 int OSSL_FUNC_kdf_get_params(OSSL_PARAM params[]);
37 int OSSL_FUNC_kdf_get_ctx_params(void *kctx, OSSL_PARAM params[]);
38 int OSSL_FUNC_kdf_set_ctx_params(void *kctx, const OSSL_PARAM params[]);
39
40=head1 DESCRIPTION
41
42This documentation is primarily aimed at provider authors. See L<provider(7)>
43for further information.
44
45The KDF operation enables providers to implement KDF algorithms and make
46them available to applications via the API functions L<EVP_KDF_CTX_reset(3)>,
47and L<EVP_KDF_derive(3)>.
48
49All "functions" mentioned here are passed as function pointers between
50F<libcrypto> and the provider in B<OSSL_DISPATCH> arrays via
51B<OSSL_ALGORITHM> arrays that are returned by the provider's
52provider_query_operation() function
53(see L<provider-base(7)/Provider Functions>).
54
55All these "functions" have a corresponding function type definition
56named B<OSSL_FUNC_{name}_fn>, and a helper function to retrieve the
57function pointer from an B<OSSL_DISPATCH> element named
58B<OSSL_FUNC_{name}>.
59For example, the "function" OSSL_FUNC_kdf_newctx() has these:
60
61 typedef void *(OSSL_FUNC_kdf_newctx_fn)(void *provctx);
62 static ossl_inline OSSL_FUNC_kdf_newctx_fn
63     OSSL_FUNC_kdf_newctx(const OSSL_DISPATCH *opf);
64
65B<OSSL_DISPATCH> array entries are identified by numbers that are provided as
66macros in L<openssl-core_dispatch.h(7)>, as follows:
67
68 OSSL_FUNC_kdf_newctx               OSSL_FUNC_KDF_NEWCTX
69 OSSL_FUNC_kdf_freectx              OSSL_FUNC_KDF_FREECTX
70 OSSL_FUNC_kdf_dupctx               OSSL_FUNC_KDF_DUPCTX
71
72 OSSL_FUNC_kdf_reset                OSSL_FUNC_KDF_RESET
73 OSSL_FUNC_kdf_derive               OSSL_FUNC_KDF_DERIVE
74
75 OSSL_FUNC_kdf_get_params           OSSL_FUNC_KDF_GET_PARAMS
76 OSSL_FUNC_kdf_get_ctx_params       OSSL_FUNC_KDF_GET_CTX_PARAMS
77 OSSL_FUNC_kdf_set_ctx_params       OSSL_FUNC_KDF_SET_CTX_PARAMS
78
79 OSSL_FUNC_kdf_gettable_params      OSSL_FUNC_KDF_GETTABLE_PARAMS
80 OSSL_FUNC_kdf_gettable_ctx_params  OSSL_FUNC_KDF_GETTABLE_CTX_PARAMS
81 OSSL_FUNC_kdf_settable_ctx_params  OSSL_FUNC_KDF_SETTABLE_CTX_PARAMS
82
83A KDF algorithm implementation may not implement all of these functions.
84In order to be a consistent set of functions, at least the following functions
85must be implemented: OSSL_FUNC_kdf_newctx(), OSSL_FUNC_kdf_freectx(),
86OSSL_FUNC_kdf_set_ctx_params(), OSSL_FUNC_kdf_derive().
87All other functions are optional.
88
89=head2 Context Management Functions
90
91OSSL_FUNC_kdf_newctx() should create and return a pointer to a provider side
92structure for holding context information during a KDF operation.
93A pointer to this context will be passed back in a number of the other KDF
94operation function calls.
95The parameter I<provctx> is the provider context generated during provider
96initialisation (see L<provider(7)>).
97
98OSSL_FUNC_kdf_freectx() is passed a pointer to the provider side KDF context in
99the I<kctx> parameter.
100If it receives NULL as I<kctx> value, it should not do anything other than
101return.
102This function should free any resources associated with that context.
103
104OSSL_FUNC_kdf_dupctx() should duplicate the provider side KDF context in the
105I<kctx> parameter and return the duplicate copy.
106
107=head2 Encryption/Decryption Functions
108
109OSSL_FUNC_kdf_reset() initialises a KDF operation given a provider
110side KDF context in the I<kctx> parameter.
111
112OSSL_FUNC_kdf_derive() performs the KDF operation after processing the
113I<params> as per OSSL_FUNC_kdf_set_ctx_params().
114The I<kctx> parameter contains a pointer to the provider side context.
115The resulting key of the desired I<keylen> should be written to I<key>.
116If the algorithm does not support the requested I<keylen> the function must
117return error.
118
119=head2 KDF Parameters
120
121See L<OSSL_PARAM(3)> for further details on the parameters structure used by
122these functions.
123
124OSSL_FUNC_kdf_get_params() gets details of parameter values associated with the
125provider algorithm and stores them in I<params>.
126
127OSSL_FUNC_kdf_set_ctx_params() sets KDF parameters associated with the given
128provider side KDF context I<kctx> to I<params>.
129Any parameter settings are additional to any that were previously set.
130Passing NULL for I<params> should return true.
131
132OSSL_FUNC_kdf_get_ctx_params() retrieves gettable parameter values associated
133with the given provider side KDF context I<kctx> and stores them in I<params>.
134Passing NULL for I<params> should return true.
135
136OSSL_FUNC_kdf_gettable_params(), OSSL_FUNC_kdf_gettable_ctx_params(),
137and OSSL_FUNC_kdf_settable_ctx_params() all return constant B<OSSL_PARAM>
138arrays as descriptors of the parameters that OSSL_FUNC_kdf_get_params(),
139OSSL_FUNC_kdf_get_ctx_params(), and OSSL_FUNC_kdf_set_ctx_params()
140can handle, respectively.  OSSL_FUNC_kdf_gettable_ctx_params() and
141OSSL_FUNC_kdf_settable_ctx_params() will return the parameters associated
142with the provider side context I<kctx> in its current state if it is
143not NULL.  Otherwise, they return the parameters associated with the
144provider side algorithm I<provctx>.
145
146
147Parameters currently recognised by built-in KDFs are as follows. Not all
148parameters are relevant to, or are understood by all KDFs:
149
150=over 4
151
152=item "size" (B<OSSL_KDF_PARAM_SIZE>) <unsigned integer>
153
154Gets the output size from the associated KDF ctx.
155If the algorithm produces a variable amount of output, SIZE_MAX should be
156returned.
157If the input parameters required to calculate the fixed output size have not yet
158been supplied, 0 should be returned indicating an error.
159
160=item "key" (B<OSSL_KDF_PARAM_KEY>) <octet string>
161
162Sets the key in the associated KDF ctx.
163
164=item "secret" (B<OSSL_KDF_PARAM_SECRET>) <octet string>
165
166Sets the secret in the associated KDF ctx.
167
168=item "pass" (B<OSSL_KDF_PARAM_PASSWORD>) <octet string>
169
170Sets the password in the associated KDF ctx.
171
172=item "cipher" (B<OSSL_KDF_PARAM_CIPHER>) <UTF8 string>
173
174=item "digest" (B<OSSL_KDF_PARAM_DIGEST>) <UTF8 string>
175
176=item "mac" (B<OSSL_KDF_PARAM_MAC>) <UTF8 string>
177
178Sets the name of the underlying cipher, digest or MAC to be used.
179It must name a suitable algorithm for the KDF that's being used.
180
181=item "maclen" (B<OSSL_KDF_PARAM_MAC_SIZE>) <octet string>
182
183Sets the length of the MAC in the associated KDF ctx.
184
185=item "properties" (B<OSSL_KDF_PARAM_PROPERTIES>) <UTF8 string>
186
187Sets the properties to be queried when trying to fetch the underlying algorithm.
188This must be given together with the algorithm naming parameter to be
189considered valid.
190
191=item "iter" (B<OSSL_KDF_PARAM_ITER>) <unsigned integer>
192
193Sets the number of iterations in the associated KDF ctx.
194
195=item "mode" (B<OSSL_KDF_PARAM_MODE>) <UTF8 string>
196
197Sets the mode in the associated KDF ctx.
198
199=item "pkcs5" (B<OSSL_KDF_PARAM_PKCS5>) <integer>
200
201Enables or disables the SP800-132 compliance checks.
202A mode of 0 enables the compliance checks.
203
204The checks performed are:
205
206=over 4
207
208=item - the iteration count is at least 1000.
209
210=item - the salt length is at least 128 bits.
211
212=item - the derived key length is at least 112 bits.
213
214=back
215
216=item "ukm" (B<OSSL_KDF_PARAM_UKM>) <octet string>
217
218Sets an optional random string that is provided by the sender called
219"partyAInfo".  In CMS this is the user keying material.
220
221
222=item "cekalg" (B<OSSL_KDF_PARAM_CEK_ALG>) <UTF8 string>
223
224Sets the CEK wrapping algorithm name in the associated KDF ctx.
225
226=item "n" (B<OSSL_KDF_PARAM_SCRYPT_N>) <unsigned integer>
227
228Sets the scrypt work factor parameter N in the associated KDF ctx.
229
230=item "r" (B<OSSL_KDF_PARAM_SCRYPT_R>) <unsigned integer>
231
232Sets the scrypt work factor parameter r in the associated KDF ctx.
233
234=item "p" (B<OSSL_KDF_PARAM_SCRYPT_P>) <unsigned integer>
235
236Sets the scrypt work factor parameter p in the associated KDF ctx.
237
238=item "maxmem_bytes" (B<OSSL_KDF_PARAM_SCRYPT_MAXMEM>) <unsigned integer>
239
240Sets the scrypt work factor parameter maxmem in the associated KDF ctx.
241
242=item "prefix" (B<OSSL_KDF_PARAM_PREFIX>) <octet string>
243
244Sets the prefix string using by the TLS 1.3 version of HKDF in the
245associated KDF ctx.
246
247=item "label" (B<OSSL_KDF_PARAM_LABEL>) <octet string>
248
249Sets the label string using by the TLS 1.3 version of HKDF in the
250associated KDF ctx.
251
252=item "data" (B<OSSL_KDF_PARAM_DATA>) <octet string>
253
254Sets the context string using by the TLS 1.3 version of HKDF in the
255associated KDF ctx.
256
257=item "info" (B<OSSL_KDF_PARAM_INFO>) <octet string>
258
259Sets the optional shared info in the associated KDF ctx.
260
261=item "seed" (B<OSSL_KDF_PARAM_SEED>) <octet string>
262
263Sets the IV in the associated KDF ctx.
264
265=item "xcghash" (B<OSSL_KDF_PARAM_SSHKDF_XCGHASH>) <octet string>
266
267Sets the xcghash in the associated KDF ctx.
268
269=item "session_id" (B<OSSL_KDF_PARAM_SSHKDF_SESSION_ID>) <octet string>
270
271Sets the session ID in the associated KDF ctx.
272
273=item "type" (B<OSSL_KDF_PARAM_SSHKDF_TYPE>) <UTF8 string>
274
275Sets the SSH KDF type parameter in the associated KDF ctx.
276There are six supported types:
277
278=over 4
279
280=item EVP_KDF_SSHKDF_TYPE_INITIAL_IV_CLI_TO_SRV
281
282The Initial IV from client to server.
283A single char of value 65 (ASCII char 'A').
284
285=item EVP_KDF_SSHKDF_TYPE_INITIAL_IV_SRV_TO_CLI
286
287The Initial IV from server to client
288A single char of value 66 (ASCII char 'B').
289
290=item EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV
291
292The Encryption Key from client to server
293A single char of value 67 (ASCII char 'C').
294
295=item EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI
296
297The Encryption Key from server to client
298A single char of value 68 (ASCII char 'D').
299
300=item EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV
301
302The Integrity Key from client to server
303A single char of value 69 (ASCII char 'E').
304
305=item EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI
306
307The Integrity Key from client to server
308A single char of value 70 (ASCII char 'F').
309
310=back
311
312=item "constant" (B<OSSL_KDF_PARAM_CONSTANT>) <octet string>
313
314Sets the constant value in the associated KDF ctx.
315
316=item "id" (B<OSSL_KDF_PARAM_PKCS12_ID>) <integer>
317
318Sets the intended usage of the output bits in the associated KDF ctx.
319It is defined as per RFC 7292 section B.3.
320
321=back
322
323=head1 RETURN VALUES
324
325OSSL_FUNC_kdf_newctx() and OSSL_FUNC_kdf_dupctx() should return the newly created
326provider side KDF context, or NULL on failure.
327
328OSSL_FUNC_kdf_derive(), OSSL_FUNC_kdf_get_params(),
329OSSL_FUNC_kdf_get_ctx_params() and OSSL_FUNC_kdf_set_ctx_params() should return 1 for
330success or 0 on error.
331
332OSSL_FUNC_kdf_gettable_params(), OSSL_FUNC_kdf_gettable_ctx_params() and
333OSSL_FUNC_kdf_settable_ctx_params() should return a constant B<OSSL_PARAM>
334array, or NULL if none is offered.
335
336=head1 NOTES
337
338The KDF life-cycle is described in L<life_cycle-kdf(7)>.  Providers should
339ensure that the various transitions listed there are supported.  At some point
340the EVP layer will begin enforcing the listed transitions.
341
342=head1 SEE ALSO
343
344L<provider(7)>, L<life_cycle-kdf(7)>, L<EVP_KDF(3)>.
345
346=head1 HISTORY
347
348The provider KDF interface was introduced in OpenSSL 3.0.
349
350=head1 COPYRIGHT
351
352Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
353
354Licensed under the Apache License 2.0 (the "License").  You may not use
355this file except in compliance with the License.  You can obtain a copy
356in the file LICENSE in the source distribution or at
357L<https://www.openssl.org/source/license.html>.
358
359=cut
360