From 33f54da3dda8ef95c2a8d8580fde312c6fe4d3fb Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 17 Sep 2019 16:35:23 -0400 Subject: Add KRB5KDF from RFC 3961 Signed-off-by: Simo Sorce Reviewed-by: Tomas Mraz Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/9949) --- doc/man7/EVP_KDF-KRB5KDF.pod | 119 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 119 insertions(+) create mode 100644 doc/man7/EVP_KDF-KRB5KDF.pod (limited to 'doc/man7/EVP_KDF-KRB5KDF.pod') diff --git a/doc/man7/EVP_KDF-KRB5KDF.pod b/doc/man7/EVP_KDF-KRB5KDF.pod new file mode 100644 index 0000000000..08f50d1c05 --- /dev/null +++ b/doc/man7/EVP_KDF-KRB5KDF.pod @@ -0,0 +1,119 @@ +=pod + +=head1 NAME + +EVP_KDF-KRB5KDF - The RFC3961 Krb5 KDF EVP_KDF implementation + +=head1 DESCRIPTION + +Support for computing the B KDF through the B API. + +The EVP_KDF-KRB5KDF algorithm implements the key derivation function defined +in RFC 3961, section 5.1 and is used by Krb5 to derive session keys. +Three inputs are required to perform key derivation: a cipher, (for example +AES-128-CBC), the initial key, and a constant. + +=head2 Identity + +"KRB5KDF" is the name for this implementation; +it can be used with the EVP_KDF_fetch() function. + +=head2 Supported parameters + +The supported parameters are: + +=over 4 + +=item "properies" (B) + +=item "cipher" (B) + +=item "key" (B) + +These parameters work as described in L. + +=item "constant" (B) + +This parameter sets the constant value for the KDF. +If a value is already set, the contents are replaced. + +=back + +=head1 NOTES + +A context for KRB5KDF can be obtained by calling: + + EVP_KDF *kdf = EVP_KDF_fetch(NULL, "KRB5KDF", NULL); + EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); + +The output length of the KRB5KDF derivation is specified via the I +parameter to the L function, and MUST match the key +length for the chosen cipher or an error is returned. Moreover the +constant's length must not exceed the block size of the cipher. +Since the KRB5KDF output length depends on the chosen cipher, calling +L to obtain the requisite length returns the correct length +only after the cipher is set. Prior to that B is returned. +The caller must allocate a buffer of the correct length for the chosen +cipher, and pass that buffer to the L function along +with that length. + +=head1 EXAMPLES + +This example derives a key using the AES-128-CBC cipher: + + EVP_KDF *kdf; + EVP_KDF_CTX *kctx; + unsigned char key[16] = "01234..."; + unsigned char constant[] = "I'm a constant"; + unsigned char out[16]; + size_t outlen = sizeof(out); + OSSL_PARAM params[4], *p = params; + + kdf = EVP_KDF_fetch(NULL, "KRB5KDF", NULL); + kctx = EVP_KDF_CTX_new(kdf); + EVP_KDF_free(kdf); + + *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER, + SN_aes_128_cbc, + strlen(SN_aes_128_cbc)); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, + key, (size_t)16); + *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_CONSTANT, + constant, strlen(constant)); + *p = OSSL_PARAM_construct_end(); + if (EVP_KDF_set_params(kctx, params) <= 0) + /* Error */ + + if (EVP_KDF_derive(kctx, out, &outlen) <= 0) + /* Error */ + + +=head1 CONFORMING TO + +RFC 3961 + +=head1 SEE ALSO + +L, +L, +L, +L, +L, +L, +L + +=head1 HISTORY + +This functionality was added to OpenSSL 3.0. + +=head1 COPYRIGHT + +Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. + +Licensed under the OpenSSL license (the "License"). You may not use +this file except in compliance with the License. You can obtain a copy +in the file LICENSE in the source distribution or at +L. + +=cut + -- cgit v1.2.3