Kdf class¶

class cryptosyspki.Kdf¶

Key Derivation Functions.

class HashAlg¶

Hash algorithm for key derivation function.

class KdfAlg¶

Key derivation functions .

class KeyWrapAlg¶

Key wrap algorithm for KDF.

static bytes(dklen, ikm, kdfalg, hashalg=0, sharedinfo=None, paramstring='')¶

Generate a key-encryption key (KEK) from input keying material using a key derivation function (KDF).

Parameters:

dklen (int) -- Required length of output key material in bytes
ikm (bytes) -- Input key material/shared secret.
kdfalg (KdfAlg) -- Key derivation function to use
hashalg (HashAlg) -- Hash algorithm to use with the key derivation function
sharedinfo (bytes) -- SharedInfo (optional)
paramstring (str) -- Optional parameters. Set as "" for defaults. Pass attribute-value salt=<hex-digits> to set the optional salt parameter for the HKDF algorithm, e.g. "salt=606162636465666768696a6b6c6d6e6f;"

Returns:

Output key material (KEK).

Return type:

bytes

static for_cms(zz, keywrapalg, kdfalg=0, hashalg=0, ukm=None)¶

Generate a key-encryption key (KEK) for ECDH key exchange in a CMS EnvelopedData object.

Parameters:

zz (bytes) -- Input key material/shared secret (denoted variously as ZZ/Z/K/IKM).
keywrapalg (KeyWrapAlg) -- Key wrap algorithm (required)
kdfalg (KdfAlg) -- Key derivation function to use
hashalg (HashAlg) -- Hash algorithm to use with the key derivation function
ukm (bytes) -- Optional user key material (ukm)

Returns:

Output key material (KEK).

Return type:

bytes

Remarks:: This is a specialist function using the key definition algorithms described in [RFC5753] and [RFC8418] when used for key agreement with ECDH in a CMS EnvelopedData object using the ECC-CMS-SharedInfo structure. The output length is fixed by the key wrap algorithm.