kdfBytes

Generate a key-encryption key (KEK) from input keying material (IKM) using a key derivation function (KDF).

Syntax

Public Function kdfBytes ( _
    nKekBytes As Long, _
    lpIkm() As Byte, _
    lpInfo() As Byte, _
    Optional nOptions As Long = 0, _
    Optional szParams As String = "" _
) As Byte()

Parameters

nKekBytes

Required length of output key material in bytes.

lpIkm

Input key material/shared secret.

lpInfo

SharedInfo (optional, but a properly dimensioned variable must be passed, even if empty).

nOptions

Algorithm to be used. Select one from:

PKI_KDF_X963 (default)
PKI_KDF_HKDF
PKI_KDF_KDF2
PKI_KDF_KDF3

and select one hash algorithm to use with the key derivation function:

PKI_HASH_SHA1 (default)
PKI_HASH_SHA224
PKI_HASH_SHA256
PKI_HASH_SHA384
PKI_HASH_SHA512

szParams

Optional parameters. Set as "" for defaults. Use salt=<hex-digits> to set the optional salt parameter for the HKDF algorithm encoded in hex, e.g. "salt=606162636465666768696a6b6c6d6e6f;".

Return Value

Remarks

Example

Dim lpKEK() As Byte
Dim lpZZ() As Byte
Dim lpInfo() As Byte
' ansx963_2001.rsp CAVS 12.0 'ANS X9.63-2001' information for sample
lpZZ = cnvFromHex("96c05619d56c328ab95fe84b18264b08725b85e33fd34f08")
lpKEK = kdfBytes(128 \ 8, lpZZ, lpInfo, PKI_HASH_SHA256)
Debug.Print "KEK = " & cnvToHex(lpKEK)
Debug.Print "OK  = 443024c3dae66b95e6f5670601558f71"
' [RFC 5869] A.1.  Test Case 1 Basic test case with SHA-256
lpZZ = cnvFromHex("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b")
lpInfo = cnvFromHex("f0f1f2f3f4f5f6f7f8f9")
lpKEK = kdfBytes(42, lpZZ, lpInfo, PKI_KDF_HKDF Or PKI_HASH_SHA256, "salt=000102030405060708090a0b0c")
Debug.Print "KEK = " & cnvToHex(lpKEK)
Debug.Print "OK  = 3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865"