EVP_KDF-HMAC-DRBG.7ossl - Man Page
The HMAC DRBG DETERMINISTIC EVP_KDF implementation
Description
Support for a deterministic HMAC DRBG using the EVP_KDF API. This is similar to EVP_RAND-HMAC-DRBG(7), but uses fixed values for its entropy and nonce values. This is used to generate deterministic nonce value required by ECDSA and DSA (as defined in RFC 6979).
Identity
"HMAC-DRBG-KDF" is the name for this implementation; it can be used with the EVP_KDF_fetch() function.
Supported parameters
The supported parameters are:
- "digest" (OSSL_DRBG_PARAM_DIGEST) <UTF8 string>
- "properties" (OSSL_DRBG_PARAM_PROPERTIES) <UTF8 string>
These parameters work as described in "PARAMETERS" in EVP_KDF(3).
- "entropy" (OSSL_KDF_PARAM_HMACDRBG_ENTROPY) <octet string>
Sets the entropy bytes supplied to the HMAC-DRBG.
- "nonce" (OSSL_KDF_PARAM_HMACDRBG_NONCE) <octet string>
Sets the nonce bytes supplied to the HMAC-DRBG.
Notes
A context for KDF HMAC DRBG can be obtained by calling:
EVP_KDF *kdf = EVP_KDF_fetch(NULL, "HMAC-DRBG-KDF", NULL); EVP_KDF_CTX *kdf_ctx = EVP_KDF_CTX_new(kdf, NULL);
Conforming to
RFC 6979
See Also
EVP_KDF(3), "PARAMETERS" in EVP_KDF(3)
History
The EVP_KDF-HMAC-DRBG functionality was added in OpenSSL 3.2.
Copyright
Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <https://www.openssl.org/source/license.html>.
Referenced By
OSSL_PROVIDER-default.7ossl(7).