1=pod 2 3=head1 NAME 4 5EVP_PKEY_CTX_set_tls1_prf_md, 6EVP_PKEY_CTX_set1_tls1_prf_secret, EVP_PKEY_CTX_add1_tls1_prf_seed - 7TLS PRF key derivation algorithm 8 9=head1 SYNOPSIS 10 11 #include <openssl/kdf.h> 12 13 int EVP_PKEY_CTX_set_tls1_prf_md(EVP_PKEY_CTX *pctx, const EVP_MD *md); 14 int EVP_PKEY_CTX_set1_tls1_prf_secret(EVP_PKEY_CTX *pctx, 15 unsigned char *sec, int seclen); 16 int EVP_PKEY_CTX_add1_tls1_prf_seed(EVP_PKEY_CTX *pctx, 17 unsigned char *seed, int seedlen); 18 19=head1 DESCRIPTION 20 21The B<EVP_PKEY_TLS1_PRF> algorithm implements the PRF key derivation function for 22TLS. It has no associated private key and only implements key derivation 23using L<EVP_PKEY_derive(3)>. 24 25EVP_PKEY_set_tls1_prf_md() sets the message digest associated with the 26TLS PRF. EVP_md5_sha1() is treated as a special case which uses the PRF 27algorithm using both B<MD5> and B<SHA1> as used in TLS 1.0 and 1.1. 28 29EVP_PKEY_CTX_set_tls1_prf_secret() sets the secret value of the TLS PRF 30to B<seclen> bytes of the buffer B<sec>. Any existing secret value is replaced 31and any seed is reset. 32 33EVP_PKEY_CTX_add1_tls1_prf_seed() sets the seed to B<seedlen> bytes of B<seed>. 34If a seed is already set it is appended to the existing value. 35 36=head1 STRING CTRLS 37 38The TLS PRF also supports string based control operations using 39L<EVP_PKEY_CTX_ctrl_str(3)>. 40The B<type> parameter "md" uses the supplied B<value> as the name of the digest 41algorithm to use. 42The B<type> parameters "secret" and "seed" use the supplied B<value> parameter 43as a secret or seed value. 44The names "hexsecret" and "hexseed" are similar except they take a hex string 45which is converted to binary. 46 47=head1 NOTES 48 49A context for the TLS PRF can be obtained by calling: 50 51 EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); 52 53The digest, secret value and seed must be set before a key is derived or an 54error occurs. 55 56The total length of all seeds cannot exceed 1024 bytes in length: this should 57be more than enough for any normal use of the TLS PRF. 58 59The output length of the PRF is specified by the length parameter in the 60EVP_PKEY_derive() function. Since the output length is variable, setting 61the buffer to B<NULL> is not meaningful for the TLS PRF. 62 63Optimised versions of the TLS PRF can be implemented in an ENGINE. 64 65=head1 RETURN VALUES 66 67All these functions return 1 for success and 0 or a negative value for failure. 68In particular a return value of -2 indicates the operation is not supported by 69the public key algorithm. 70 71=head1 EXAMPLES 72 73This example derives 10 bytes using SHA-256 with the secret key "secret" 74and seed value "seed": 75 76 EVP_PKEY_CTX *pctx; 77 unsigned char out[10]; 78 size_t outlen = sizeof(out); 79 80 pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); 81 if (EVP_PKEY_derive_init(pctx) <= 0) 82 /* Error */ 83 if (EVP_PKEY_CTX_set_tls1_prf_md(pctx, EVP_sha256()) <= 0) 84 /* Error */ 85 if (EVP_PKEY_CTX_set1_tls1_prf_secret(pctx, "secret", 6) <= 0) 86 /* Error */ 87 if (EVP_PKEY_CTX_add1_tls1_prf_seed(pctx, "seed", 4) <= 0) 88 /* Error */ 89 if (EVP_PKEY_derive(pctx, out, &outlen) <= 0) 90 /* Error */ 91 92=head1 SEE ALSO 93 94L<EVP_PKEY_CTX_new(3)>, 95L<EVP_PKEY_CTX_ctrl_str(3)>, 96L<EVP_PKEY_derive(3)> 97 98=head1 HISTORY 99 100All of the functions described here were converted from macros to functions in 101OpenSSL 3.0. 102 103=head1 COPYRIGHT 104 105Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved. 106 107Licensed under the Apache License 2.0 (the "License"). You may not use 108this file except in compliance with the License. You can obtain a copy 109in the file LICENSE in the source distribution or at 110L<https://www.openssl.org/source/license.html>. 111 112=cut 113