| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071 |
- =pod
- =head1 NAME
- EVP_KDF-HMAC-DRBG
- - The HMAC DRBG DETERMINISTIC EVP_KDF implementation
- =head1 DESCRIPTION
- Support for a deterministic HMAC DRBG using the B<EVP_KDF> API. This is similar
- to L<EVP_RAND-HMAC-DRBG(7)>, but uses fixed values for its entropy and nonce
- values. This is used to generate deterministic nonce value required by ECDSA
- and DSA (as defined in RFC 6979).
- =head2 Identity
- "HMAC-DRBG-KDF" is the name for this implementation; it can be used
- with the EVP_KDF_fetch() function.
- =head2 Supported parameters
- The supported parameters are:
- =over 4
- =item "digest" (B<OSSL_DRBG_PARAM_DIGEST>) <UTF8 string>
- =item "properties" (B<OSSL_DRBG_PARAM_PROPERTIES>) <UTF8 string>
- These parameters work as described in L<EVP_KDF(3)/PARAMETERS>.
- =item "entropy" (B<OSSL_KDF_PARAM_HMACDRBG_ENTROPY>) <octet string>
- Sets the entropy bytes supplied to the HMAC-DRBG.
- =item "nonce" (B<OSSL_KDF_PARAM_HMACDRBG_NONCE>) <octet string>
- Sets the nonce bytes supplied to the HMAC-DRBG.
- =back
- =head1 NOTES
- A context for KDF HMAC DRBG can be obtained by calling:
- EVP_KDF *kdf = EVP_KDF_fetch(NULL, "HMAC-DRBG-KDF", NULL);
- EVP_KDF_CTX *kdf_ctx = EVP_KDF_CTX_new(kdf, NULL);
- =head1 CONFORMING TO
- RFC 6979
- =head1 SEE ALSO
- L<EVP_KDF(3)>,
- L<EVP_KDF(3)/PARAMETERS>
- =head1 HISTORY
- The EVP_KDF-HMAC-DRBG functionality was added in OpenSSL 3.2.
- =head1 COPYRIGHT
- Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
- Licensed under the Apache License 2.0 (the "License"). You may not use
- this file except in compliance with the License. You can obtain a copy
- in the file LICENSE in the source distribution or at
- L<https://www.openssl.org/source/license.html>.
- =cut
|
