source-git / openssl

Clone
Source Code
GIT

Blame doc/man7/EVP_KDF_SSHKDF.pod

c8 c8s master
  1.   f3830c93d16a7616a69ed9876ce5c40b4e5a7679
  2.   doc
  3.   man7
  4.   EVP_KDF_SSHKDF.pod
Blob History Raw
Packit c4476c 
=pod
Packit c4476c
Packit c4476c 
=head1 NAME
Packit c4476c
Packit c4476c 
EVP_KDF_SSHKDF - The SSHKDF EVP_KDF implementation
Packit c4476c
Packit c4476c 
=head1 DESCRIPTION
Packit c4476c
Packit c4476c 
Support for computing the B<SSHKDF> KDF through the B<EVP_KDF> API.
Packit c4476c
Packit c4476c 
The EVP_KDF_SSHKDF algorithm implements the SSHKDF key derivation function.
Packit c4476c 
It is defined in RFC 4253, section 7.2 and is used by SSH to derive IVs,
Packit c4476c 
encryption keys and integrity keys.
Packit c4476c 
Five inputs are required to perform key derivation: The hashing function
Packit c4476c 
(for example SHA256), the Initial Key, the Exchange Hash, the Session ID,
Packit c4476c 
and the derivation key type.
Packit c4476c
Packit c4476c 
=head2 Numeric identity
Packit c4476c
Packit c4476c 
B<EVP_KDF_SSHKDF> is the numeric identity for this implementation; it
Packit c4476c 
can be used with the EVP_KDF_CTX_new_id() function.
Packit c4476c
Packit c4476c 
=head2 Supported controls
Packit c4476c
Packit c4476c 
The supported controls are:
Packit c4476c
Packit c4476c 
=over 4
Packit c4476c
Packit c4476c 
=item B<EVP_KDF_CTRL_SET_MD>
Packit c4476c
Packit c4476c 
=item B<EVP_KDF_CTRL_SET_KEY>
Packit c4476c
Packit c4476c 
These controls work as described in L<EVP_KDF_CTX(3)/CONTROLS>.
Packit c4476c
Packit c4476c 
=item B<EVP_KDF_CTRL_SET_SSHKDF_XCGHASH>
Packit c4476c
Packit c4476c 
=item B<EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID>
Packit c4476c
Packit c4476c 
These controls expect two arguments: C<unsigned char *buffer>, C<size_t length>
Packit c4476c
Packit c4476c 
They set the respective values to the first B<length> bytes of the buffer
Packit c4476c 
B<buffer>. If a value is already set, the contents are replaced.
Packit c4476c
Packit c4476c 
EVP_KDF_ctrl_str() takes two type strings for these controls:
Packit c4476c
Packit c4476c 
=over 4
Packit c4476c
Packit c4476c 
=item "xcghash"
Packit c4476c
Packit c4476c 
=item "session_id"
Packit c4476c
Packit c4476c 
The value string is used as is.
Packit c4476c
Packit c4476c 
=item "hexxcghash"
Packit c4476c
Packit c4476c 
=item "hexsession_id"
Packit c4476c
Packit c4476c 
The value string is expected to be a hexadecimal number, which will be
Packit c4476c 
decoded before being passed on as the control value.
Packit c4476c
Packit c4476c 
=back
Packit c4476c
Packit c4476c 
=item B<EVP_KDF_CTRL_SET_SSHKDF_TYPE>
Packit c4476c
Packit c4476c 
This control expects one argument: C<int mode>
Packit c4476c
Packit c4476c 
Sets the type for the SSHHKDF operation. There are six supported types:
Packit c4476c
Packit c4476c 
=over 4
Packit c4476c
Packit c4476c 
=item EVP_KDF_SSHKDF_TYPE_ININITAL_IV_CLI_TO_SRV
Packit c4476c
Packit c4476c 
The Initial IV from client to server.
Packit c4476c 
A single char of value 65 (ASCII char 'A').
Packit c4476c
Packit c4476c 
=item EVP_KDF_SSHKDF_TYPE_ININITAL_IV_SRV_TO_CLI
Packit c4476c
Packit c4476c 
The Initial IV from server to client
Packit c4476c 
A single char of value 66 (ASCII char 'B').
Packit c4476c
Packit c4476c 
=item EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_CLI_TO_SRV
Packit c4476c
Packit c4476c 
The Encryption Key from client to server
Packit c4476c 
A single char of value 67 (ASCII char 'C').
Packit c4476c
Packit c4476c 
=item EVP_KDF_SSHKDF_TYPE_ENCRYPTION_KEY_SRV_TO_CLI
Packit c4476c
Packit c4476c 
The Encryption Key from server to client
Packit c4476c 
A single char of value 68 (ASCII char 'D').
Packit c4476c
Packit c4476c 
=item EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_CLI_TO_SRV
Packit c4476c
Packit c4476c 
The Integrity Key from client to server
Packit c4476c 
A single char of value 69 (ASCII char 'E').
Packit c4476c
Packit c4476c 
=item EVP_KDF_SSHKDF_TYPE_INTEGRITY_KEY_SRV_TO_CLI
Packit c4476c
Packit c4476c 
The Integrity Key from client to server
Packit c4476c 
A single char of value 70 (ASCII char 'F').
Packit c4476c
Packit c4476c 
=back
Packit c4476c
Packit c4476c 
EVP_KDF_ctrl_str() type string: "type"
Packit c4476c
Packit c4476c 
The value is a string of length one character. The only valid values
Packit c4476c 
are the numerical values of the ASCII caracters: "A" (65) to "F" (70).
Packit c4476c
Packit c4476c 
=back
Packit c4476c
Packit c4476c 
=head1 NOTES
Packit c4476c
Packit c4476c 
A context for SSHKDF can be obtained by calling:
Packit c4476c
Packit c4476c 
 EVP_KDF_CTX *kctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF);
Packit c4476c
Packit c4476c 
The output length of the SSHKDF derivation is specified via the C<keylen>
Packit c4476c 
parameter to the L<EVP_KDF_derive(3)> function.
Packit c4476c 
Since the SSHKDF output length is variable, calling L<EVP_KDF_size()>
Packit c4476c 
to obtain the requisite length is not meaningful. The caller must
Packit c4476c 
allocate a buffer of the desired length, and pass that buffer to the
Packit c4476c 
L<EVP_KDF_derive(3)> function along with the desired length.
Packit c4476c
Packit c4476c 
=head1 EXAMPLE
Packit c4476c
Packit c4476c 
This example derives an 8 byte IV using SHA-256 with a 1K "key" and appropriate
Packit c4476c 
"xcghash" and "session_id" values:
Packit c4476c
Packit c4476c 
 EVP_KDF_CTX *kctx;
Packit c4476c 
 unsigned char key[1024] = "01234...";
Packit c4476c 
 unsigned char xcghash[32] = "012345...";
Packit c4476c 
 unsigned char session_id[32] = "012345...";
Packit c4476c 
 unsigned char out[8];
Packit c4476c 
 size_t outlen = sizeof(out);
Packit c4476c 
 kctx = EVP_KDF_CTX_new_id(EVP_KDF_SSHKDF);
Packit c4476c
Packit c4476c 
 if (EVP_KDF_CTX_set_md(kctx, EVP_sha256()) <= 0)
Packit c4476c 
     /* Error */
Packit c4476c 
 if (EVP_KDF_CTX_set1_key(kctx, key, 1024) <= 0)
Packit c4476c 
     /* Error */
Packit c4476c 
 if (EVP_KDF_CTX_set1_sshkdf_xcghash(kctx, xcghash, 32) <= 0)
Packit c4476c 
     /* Error */
Packit c4476c 
 if (EVP_KDF_CTX_set1_sshkdf_session_id(kctx, session_id, 32) <= 0)
Packit c4476c 
     /* Error */
Packit c4476c 
 if (EVP_KDF_CTX_set_sshkdf_type(kctx,
Packit c4476c 
                    EVP_KDF_SSHKDF_TYPE_ININITAL_IV_CLI_TO_SRV) <= 0)
Packit c4476c 
     /* Error */
Packit c4476c 
 if (EVP_KDF_derive(kctx, out, &outlen) <= 0)
Packit c4476c 
     /* Error */
Packit c4476c
Packit c4476c
Packit c4476c 
=head1 CONFORMING TO
Packit c4476c
Packit c4476c 
RFC 4253
Packit c4476c
Packit c4476c 
=head1 SEE ALSO
Packit c4476c
Packit c4476c 
L<EVP_KDF_CTX>,
Packit c4476c 
L<EVP_KDF_CTX_new_id(3)>,
Packit c4476c 
L<EVP_KDF_CTX_free(3)>,
Packit c4476c 
L<EVP_KDF_ctrl(3)>,
Packit c4476c 
L<EVP_KDF_size(3)>,
Packit c4476c 
L<EVP_KDF_derive(3)>,
Packit c4476c 
L<EVP_KDF_CTX(3)/CONTROLS>
Packit c4476c
Packit c4476c 
=head1 COPYRIGHT
Packit c4476c
Packit c4476c 
Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
Packit c4476c
Packit c4476c 
Licensed under the OpenSSL license (the "License").  You may not use
Packit c4476c 
this file except in compliance with the License.  You can obtain a copy
Packit c4476c 
in the file LICENSE in the source distribution or at
Packit c4476c 
L<https://www.openssl.org/source/license.html>.
Packit c4476c
Packit c4476c 
=cut
Packit c4476c

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation