generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Improved HKDF and TLS1-PRF documentation

Browse Source 
Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Viktor Dukhovni 2016-03-03 23:30:42 -05:00
parent c8cca980dc
commit f04abe7d50
3 changed files with 37 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
doc/apps/pkeyutl.pod
View File

@ -123,12 +123,15 @@ derive a shared secret using the peer key.
=item B<-kdf algorithm> =item B<-kdf algorithm>
Use key derivation function B<algorithm>. Note: additional paramers Use key derivation function B<algorithm>. The supported algorithms are
will normally have to be set and the KDF output length for this to work. at present B<TLS1-PRF> and B<HKDF>.
Note: additional paramers and the KDF output length will normally have to be
set for this to work. See L<EVP_PKEY_HKDF(3)> and L<EVP_PKEY_TLS1_PRF(3)>
for the supported string parameters of each algorithm.
=item B<-kdflen length> =item B<-kdflen length>
Set the ouput length for KDF. Set the output length for KDF.
=item B<-pkeyopt opt:value> =item B<-pkeyopt opt:value>
@ -155,7 +158,6 @@ for all available algorithms.
When used with the B<-engine> option, it specifies to also use When used with the B<-engine> option, it specifies to also use
engine B<id> for crypto operations. engine B<id> for crypto operations.
=back =back
=head1 NOTES =head1 NOTES
@ -269,4 +271,5 @@ seed consisting of the single byte 0xFF.
=head1 SEE ALSO =head1 SEE ALSO
L<genpkey(1)>, L<pkey(1)>, L<rsautl(1)> L<genpkey(1)>, L<pkey(1)>, L<rsautl(1)>
L<dgst(1)>, L<rsa(1)>, L<genrsa(1)> L<dgst(1)>, L<rsa(1)>, L<genrsa(1)>,
L<EVP_PKEY_HKDF(3)>, L<EVP_PKEY_TLS1_PRF(3)>

26
doc/crypto/EVP_PKEY_HKDF.pod
View File

@ -23,7 +23,7 @@ HMAC-based Extract-and-Expand key derivation algorithm
=head1 DESCRIPTION =head1 DESCRIPTION
The EVP_PKEY_HKDF alogorithm implements the HKDF key derivation function. The EVP_PKEY_HKDF algorithm implements the HKDF key derivation function.
HKDF follows the "extract-then-expand" paradigm, where the KDF logically HKDF follows the "extract-then-expand" paradigm, where the KDF logically
consists of two modules. The first stage takes the input keying material consists of two modules. The first stage takes the input keying material
and "extracts" from it a fixed-length pseudorandom key K. The second stage and "extracts" from it a fixed-length pseudorandom key K. The second stage
@ -42,6 +42,17 @@ EVP_PKEY_CTX_add1_hkdf_info() sets the info value to B<infolen> bytes of the
buffer B<info>. If a value is already set, it is appended to the existing buffer B<info>. If a value is already set, it is appended to the existing
value. value.
=head1 STRING CTRLS
HKDF also supports string based control operations via
L<EVP_PKEY_CTX_ctrl_str(3)>.
The B<type> parameter "md" uses the supplied B<value> as the name of the digest
algorithm to use.
The B<type> parameters "salt", "key" and "info" use the supplied B<value>
parameter as a B<seed>, B<key> or B<info> value.
The names "hexsalt", "hexkey" and "hexinfo" are similar except they take a hex
string which is converted to binary.
=head1 NOTES =head1 NOTES
All these functions are implemented as macros. All these functions are implemented as macros.
@ -56,9 +67,13 @@ an error occurs.
The total length of the info buffer cannot exceed 1024 bytes in length: this The total length of the info buffer cannot exceed 1024 bytes in length: this
should be more than enough for any normal use of HKDF. should be more than enough for any normal use of HKDF.
The output length of the KDF is specified by the length parameter in the The output length of the KDF is specified via the length parameter to the
EVP_PKEY_derive() function. Since the output length is variable, setting L<EVP_PKEY_derive(3)> function.
the buffer to B<NULL> is not meaningful for HKDF. Since the HKDF output length is variable, passing a B<NULL> buffer as a means
to obtain the requisite length is not meaningful with HKDF.
Instead, the caller must allocate a buffer of the desired length, and pass that
buffer to L<EVP_PKEY_derive(3)> along with (a pointer initialized to) the
desired length.
Optimised versions of HKDF can be implemented in an ENGINE. Optimised versions of HKDF can be implemented in an ENGINE.
@ -98,6 +113,7 @@ RFC 5869
=head1 SEE ALSO =head1 SEE ALSO
L<EVP_PKEY_CTX_new(3)>, L<EVP_PKEY_CTX_new(3)>,
L<EVP_PKEY_derive(3)>, L<EVP_PKEY_CTX_ctrl_str(3)>,
L<EVP_PKEY_derive(3)>
=cut =cut

13
doc/crypto/EVP_PKEY_TLS1_PRF.pod
View File

@ -36,10 +36,13 @@ If a seed is already set it is appended to the existing value.
=head1 STRING CTRLS =head1 STRING CTRLS
The TLS PRF also supports string based control operations using The TLS PRF also supports string based control operations using
EVP_PKEY_CTX_ctrl_str(). The B<type> parameters "secret" and "seed" use L<EVP_PKEY_CTX_ctrl_str(3)>.
the supplied B<value> parameter as a secret or seed value. The names The B<type> parameter "md" uses the supplied B<value> as the name of the digest
"hexsecret" and "hexseed" are similar except they take a hex string which algorithm to use.
is converted to binary. The B<type> parameters "secret" and "seed" use the supplied B<value> parameter
as a secret or seed value.
The names "hexsecret" and "hexseed" are similar except they take a hex string
which is converted to binary.
=head1 NOTES =head1 NOTES
@ -90,7 +93,7 @@ and seed value "seed":
=head1 SEE ALSO =head1 SEE ALSO
L<EVP_PKEY_CTX_new(3)>, L<EVP_PKEY_CTX_new(3)>,
L<EVP_PKEY_CTX_ctrl(3)>, L<EVP_PKEY_CTX_ctrl_str(3)>,
L<EVP_PKEY_derive(3)> L<EVP_PKEY_derive(3)>
=cut =cut