1=pod
2
3=head1 NAME
4
5EVP_KDF-KRB5KDF - The RFC3961 Krb5 KDF EVP_KDF implementation
6
7=head1 DESCRIPTION
8
9Support for computing the B<KRB5KDF> KDF through the B<EVP_KDF> API.
10
11The EVP_KDF-KRB5KDF algorithm implements the key derivation function defined
12in RFC 3961, section 5.1 and is used by Krb5 to derive session keys.
13Three inputs are required to perform key derivation: a cipher, (for example
14AES-128-CBC), the initial key, and a constant.
15
16=head2 Identity
17
18"KRB5KDF" is the name for this implementation;
19it can be used with the EVP_KDF_fetch() function.
20
21=head2 Supported parameters
22
23The supported parameters are:
24
25=over 4
26
27=item "properties" (B<OSSL_KDF_PARAM_PROPERTIES>) <UTF8 string>
28
29=item "cipher" (B<OSSL_KDF_PARAM_CIPHER>) <UTF8 string>
30
31=item "key" (B<OSSL_KDF_PARAM_KEY>) <octet string>
32
33These parameters work as described in L<EVP_KDF(3)/PARAMETERS>.
34
35=item "constant" (B<OSSL_KDF_PARAM_CONSTANT>) <octet string>
36
37This parameter sets the constant value for the KDF.
38If a value is already set, the contents are replaced.
39
40=back
41
42=head1 NOTES
43
44A context for KRB5KDF can be obtained by calling:
45
46 EVP_KDF *kdf = EVP_KDF_fetch(NULL, "KRB5KDF", NULL);
47 EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf);
48
49The output length of the KRB5KDF derivation is specified via the I<keylen>
50parameter to the L<EVP_KDF_derive(3)> function, and MUST match the key
51length for the chosen cipher or an error is returned. Moreover, the
52constant's length must not exceed the block size of the cipher.
53Since the KRB5KDF output length depends on the chosen cipher, calling
54L<EVP_KDF_CTX_get_kdf_size(3)> to obtain the requisite length returns the correct length
55only after the cipher is set. Prior to that B<EVP_MAX_KEY_LENGTH> is returned.
56The caller must allocate a buffer of the correct length for the chosen
57cipher, and pass that buffer to the L<EVP_KDF_derive(3)> function along
58with that length.
59
60=head1 EXAMPLES
61
62This example derives a key using the AES-128-CBC cipher:
63
64 EVP_KDF *kdf;
65 EVP_KDF_CTX *kctx;
66 unsigned char key[16] = "01234...";
67 unsigned char constant[] = "I'm a constant";
68 unsigned char out[16];
69 size_t outlen = sizeof(out);
70 OSSL_PARAM params[4], *p = params;
71
72 kdf = EVP_KDF_fetch(NULL, "KRB5KDF", NULL);
73 kctx = EVP_KDF_CTX_new(kdf);
74 EVP_KDF_free(kdf);
75
76 *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CIPHER,
77                                         SN_aes_128_cbc,
78                                         strlen(SN_aes_128_cbc));
79 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
80                                          key, (size_t)16);
81 *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_CONSTANT,
82                                          constant, strlen(constant));
83 *p = OSSL_PARAM_construct_end();
84 if (EVP_KDF_derive(kctx, out, outlen, params) <= 0)
85     /* Error */
86
87 EVP_KDF_CTX_free(kctx);
88
89=head1 CONFORMING TO
90
91RFC 3961
92
93=head1 SEE ALSO
94
95L<EVP_KDF(3)>,
96L<EVP_KDF_CTX_free(3)>,
97L<EVP_KDF_CTX_get_kdf_size(3)>,
98L<EVP_KDF_derive(3)>,
99L<EVP_KDF(3)/PARAMETERS>
100
101=head1 HISTORY
102
103This functionality was added in OpenSSL 3.0.
104
105=head1 COPYRIGHT
106
107Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
108
109Licensed under the Apache License 2.0 (the "License").  You may not use
110this file except in compliance with the License.  You can obtain a copy
111in the file LICENSE in the source distribution or at
112L<https://www.openssl.org/source/license.html>.
113
114=cut
115
116