Key derivation functions (KDF) More...

Static Public Member Functions
static bvec_t	Bytes (int dklen, const bvec_t &ikm, KdfAlg kdfAlg=KdfAlg::X963, HashAlg hashAlg=HashAlg::Sha1, const bvec_t &sharedInfo={}, const std::string &paramString="")
	Generate a key-encryption key (KEK) from input keying material (IKM) using a key derivation function (KDF). More...

static bvec_t	ForCms (const bvec_t &zz, KeyWrapAlg keyWrapAlg, KdfAlg kdfAlg=KdfAlg::X963, HashAlg hashAlg=HashAlg::Sha1, const bvec_t &ukm={})
	Generate a key-encryption key (KEK) for ECDH key exchange in a CMS EnvelopedData object. More...

Detailed Description

Key derivation functions (KDF)

Member Enumeration Documentation

strong

Hash algorithm for KDF.

strong

KDF algorithm.

Enumerator
X963	ANSI-X9.63-KDF key derivation function.
Hkdf	HMAC-based Key Derivation Function (HKDF) from [RFC5869].
Kdf2	KDF2 from ANSI-X9.44.
Kdf3	KDF3 from ANSI-X9.44.

strong

Key wrap algorithm.

Enumerator
Default	Default for Cms::MakeEnvData only.
Cms3DESwrap	Triple-DES Key Wrap algorithm from [RFC3217].
Aes128_wrap	AES-128 key wrap from [RFC3394].
Aes192_wrap	AES-192 key wrap from [RFC3394].
Aes256_wrap	AES-256 key wrap from [RFC3394].

static

Generate a key-encryption key (KEK) from input keying material (IKM) using a key derivation function (KDF).

Parameters

dklen	Required length of output key material in bytes.
ikm	Input key material/shared secret.
kdfAlg	Key derivation function to use.
hashAlg	Hash algorithm to use with the key derivation function.
sharedInfo	SharedInfo (optional)
paramString	Optional parameters. Set as `""` for defaults. Use `salt=<hex-digits>` to set the optional salt parameter for the HKDF algorithm encoded in hex, e.g. `"salt=606162636465666768696a6b6c6d6e6f;"`.

Returns: Output key material (KEK).
TODO: dipki::bvec_t derived_key = dipki::Pbe::Kdf2(24, "password", dipki::Cnv::FromHex("78578E5A5D63CB06"), 2048);

cout << "derived_key=" << dipki::Cnv::ToHex(derived_key) << endl;

// derived_key=BFDE6BE94DF7E11DD409BCE20A0255EC327CB936FFE93643

dipki::Cnv::ToHex
static std::string ToHex(const bvec_t &bv)
Encodes an array of bytes as a hexadecimal-encoded string.

dipki::Cnv::FromHex
static bvec_t FromHex(const std::string &s)
Decodes a hexadecimal-encoded string as an array of bytes.

dipki::Pbe::Kdf2
static bvec_t Kdf2(int dklen, const std::string password, const bvec_t &salt, int count, PrfAlg prfalg=PrfAlg::Hmac_Sha1)
Derive a key of any length from a password using the PBKDF2 algorithm from PKCS #5 v2....

dipki::bvec_t
std::vector< unsigned char > bvec_t
A vector of bytes (our typedef for a byte array)
Definition: dipki.hpp:79

static bvec_t dipki::Kdf::ForCms	(	const bvec_t &	zz,
		KeyWrapAlg	keyWrapAlg,
		KdfAlg	kdfAlg = `KdfAlg::X963`,
		HashAlg	hashAlg = `HashAlg::Sha1`,
		const bvec_t &	ukm = `{}`
	)

static

Generate a key-encryption key (KEK) for ECDH key exchange in a CMS EnvelopedData object.

Parameters

zz	Input key material/shared secret value (denoted variously as ZZ/Z/K/IKM).
keyWrapAlg	Key wrap algorithm (required, cannot be KeyWrapAlg::Default).
kdfAlg	Key derivation function to use.
hashAlg	Hash algorithm to use with the key derivation function.
ukm	Optional user key material (ukm).

Remarks: This is a specialist function using the key definition algorithms described in [RFC5753] and [RFC8418] when used for key agreement with ECDH in a CMS EnvelopedData object. The key-encryption key is derived using the ECC-CMS-SharedInfo type, described in section 7.2 of [RFC5753].