From a39bc4404baa4e065d01efe829a1f26eba737049 Mon Sep 17 00:00:00 2001 From: Robbie Harwood Date: Tue, 10 Sep 2019 17:46:44 -0400 Subject: [KDF] Add KBKDF implementation for counter-mode HMAC Implement SP800-108 section 5.1 with HMAC intended for use in Kerberos. Add test vectors from RFC 8009. Adds error codes PROV_R_INVALID_MAC and PROV_R_MISSING_MAC. Signed-off-by: Robbie Harwood Reviewed-by: Paul Dale Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9924) --- doc/man7/EVP_KDF-KB.pod | 115 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 115 insertions(+) create mode 100644 doc/man7/EVP_KDF-KB.pod (limited to 'doc') diff --git a/doc/man7/EVP_KDF-KB.pod b/doc/man7/EVP_KDF-KB.pod new file mode 100644 index 0000000000..6fb5415dc1 --- /dev/null +++ b/doc/man7/EVP_KDF-KB.pod @@ -0,0 +1,115 @@ +=pod + +=head1 NAME + +EVP_KDF-KB - The Key-Based EVP_KDF implementation + +=head1 DESCRIPTION + +The EVP_KDF-KB algorithm implements the Key-Based key derivation function +(KBKDF). KBKDF derives a key from repeated application of a keyed MAC to an +input secret (and other optional values). + +=head2 Identity + +"KBKDF" is the name for this implementation; it can be used with the +EVP_KDF_fetch() function. + +=head2 Supported parameters + +The supported parameters are: + +=over 4 + +=item B ("properties") + +=item B ("digest") + +=item B ("mac") + +=item B ("key") + +=item B ("salt") + +=item B ("info") + +=back + +The parameters key, salt, and info correspond to KI, Label, and Context +(respectively) in SP800-108. As in that document, salt and info are optional +and may be omitted. Currently, only HMAC is supported for mac. + +=head1 NOTES + +A context for KBKDF can be obtained by calling: + + EVP_KDF *kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL); + EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); + +The output length of an KBKDF is specified via the C +parameter to the L function. + +Note that currently OpenSSL only implements Counter mode with HMAC. Other +variants may be supported in the future. + +=head1 EXAMPLES + +This example derives 10 bytes using COUNTER-HMAC-SHA256, with KI "secret", +Label "label", and Context "context". + + EVP_KDF *kdf; + EVP_KDF_CTX *kctx; + unsigned char out[10]; + OSSL_PARAM params[6], *p = params; + + kdf = EVP_KDF_fetch(NULL, "KBKDF", NULL); + kctx = EVP_KDF_CTX_new(kdf); + EVP_KDF_free(kdf); + + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, + "SHA256", 0); + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, + "HMAC", 0); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, + "secret", strlen("secret")) + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, + "context", strlen("context")); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, + "label", strlen("label")); + *p = OSSL_PARAM_construct_end(); + if (EVP_KDF_CTX_set_params(kctx, params) <= 0) + error("EVP_KDF_CTX_set_params"); + else if (EVP_KDF_derive(kctx, out, sizeof(out)) <= 0) + error("EVP_KDF_derive"); + + EVP_KDF_CTX_free(kctx); + +=head1 CONFORMING TO + +NIST SP800-108, IETF RFC 8009. + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L, +L + +=head1 HISTORY + +This functionality was added to OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2019 The OpenSSL Project Authors. All Rights Reserved. +Copyright 2019 Red Hat, Inc. + +Licensed under the Apache License 2.0 (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut -- cgit v1.2.3