# phpman > man > EVP_KDF-SS(7ssl) [EVP_KDF-SS(7SSL)](https://www.chedong.com/phpMan.php/man/EVPKDF-SS/7SSL/markdown) OpenSSL [EVP_KDF-SS(7SSL)](https://www.chedong.com/phpMan.php/man/EVPKDF-SS/7SSL/markdown) ## NAME EVP_KDF-SS - The Single Step / One Step EVP_KDF implementation ## DESCRIPTION The EVP_KDF-SS algorithm implements the Single Step key derivation function (SSKDF). SSKDF derives a key using input such as a shared secret key (that was generated during the execution of a key establishment scheme) and fixedinfo. SSKDF is also informally referred to as 'Concat KDF'. ### Auxiliary function The implementation uses a selectable auxiliary function H, which can be one of: ### H(x) = hash(x, digest=md) **H(x)** **=** **HMAC**___**hash(x,** **key=salt,** **digest=md)** **H(x)** **=** **KMACxxx(x,** **key=salt,** **custom="KDF",** **outlen=mac**___**size)** Both the HMAC and KMAC implementations set the key using the 'salt' value. The hash and HMAC also require the digest to be set. ### Identity "SSKDF" is the name for this implementation; it can be used with the **EVP**___**KDF**___**fetch()** function. ### Supported parameters The supported parameters are: "properties" (**OSSL**___**KDF**___**PARAM**___**PROPERTIES**) "digest" (**OSSL**___**KDF**___**PARAM**___**DIGEST**) "mac" (**OSSL**___**KDF**___**PARAM**___**MAC**) "maclen" (**OSSL**___**KDF**___**PARAM**___**MAC**___**SIZE**) "salt" (**OSSL**___**KDF**___**PARAM**___**SALT**) These parameters work as described in "PARAMETERS" in **EVP**___**[KDF**(3)](https://www.chedong.com/phpMan.php/man/KDF/3/markdown). "key" (**EVP**___**KDF**___**CTRL**___**SET**___**KEY**) This parameter set the shared secret that is used for key derivation. "info" (**OSSL**___**KDF**___**PARAM**___**INFO**) This parameter sets an optional value for fixedinfo, also known as otherinfo. ## NOTES A context for SSKDF can be obtained by calling: EVP_KDF *kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL); EVP_KDF_CTX *kctx = EVP_KDF_CTX_new(kdf); The output length of an SSKDF is specified via the _keylen_ parameter to the **EVP**___**KDF**___**[derive**(3)](https://www.chedong.com/phpMan.php/man/derive/3/markdown) function. ## EXAMPLES This example derives 10 bytes using H(x) = SHA-256, with the secret key "secret" and fixedinfo value "label": EVP_KDF *kdf; EVP_KDF_CTX *kctx; unsigned char out[10]; OSSL_PARAM params[4], *p = params; kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL); kctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, SN_sha256, strlen(SN_sha256)); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, "secret", (size_t)6); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, "label", (size_t)5); *p = OSSL_PARAM_construct_end(); if (EVP_KDF_derive(kctx, out, sizeof(out), params) <= 0) { error("EVP_KDF_derive"); } EVP_KDF_CTX_free(kctx); This example derives 10 bytes using H(x) = HMAC(SHA-256), with the secret key "secret", fixedinfo value "label" and salt "salt": EVP_KDF *kdf; EVP_KDF_CTX *kctx; unsigned char out[10]; OSSL_PARAM params[6], *p = params; kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL); kctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, SN_hmac, strlen(SN_hmac)); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, SN_sha256, strlen(SN_sha256)); *p++ = OSSL_PARAM_construct_octet_string(EVP_KDF_CTRL_SET_KEY, "secret", (size_t)6); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, "label", (size_t)5); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, "salt", (size_t)4); *p = OSSL_PARAM_construct_end(); if (EVP_KDF_derive(kctx, out, sizeof(out), params) <= 0) { error("EVP_KDF_derive"); } EVP_KDF_CTX_free(kctx); This example derives 10 bytes using H(x) = KMAC128(x,salt,outlen), with the secret key "secret" fixedinfo value "label", salt of "salt" and KMAC outlen of 20: EVP_KDF *kdf; EVP_KDF_CTX *kctx; unsigned char out[10]; OSSL_PARAM params[7], *p = params; kdf = EVP_KDF_fetch(NULL, "SSKDF", NULL); kctx = EVP_KDF_CTX_new(kdf); EVP_KDF_free(kdf); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_MAC, SN_kmac128, strlen(SN_kmac128)); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, SN_sha256, strlen(SN_sha256)); *p++ = OSSL_PARAM_construct_octet_string(EVP_KDF_CTRL_SET_KEY, "secret", (size_t)6); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, "label", (size_t)5); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SALT, "salt", (size_t)4); *p++ = OSSL_PARAM_construct_size_t(OSSL_KDF_PARAM_MAC_SIZE, (size_t)20); *p = OSSL_PARAM_construct_end(); if (EVP_KDF_derive(kctx, out, sizeof(out), params) <= 0) { error("EVP_KDF_derive"); } EVP_KDF_CTX_free(kctx); ## CONFORMING TO NIST SP800-56Cr1. ## SEE ALSO **EVP**___**[KDF**(3)](https://www.chedong.com/phpMan.php/man/KDF/3/markdown), **EVP**___**KDF**___**CTX**___**[new**(3)](https://www.chedong.com/phpMan.php/man/new/3/markdown), **EVP**___**KDF**___**CTX**___**[free**(3)](https://www.chedong.com/phpMan.php/man/free/3/markdown), **EVP**___**KDF**___**CTX**___**set**___**[params**(3)](https://www.chedong.com/phpMan.php/man/params/3/markdown), **EVP**___**KDF**___**CTX**___**get**___**kdf**___**[size**(3)](https://www.chedong.com/phpMan.php/man/size/3/markdown), **EVP**___**KDF**___**[derive**(3)](https://www.chedong.com/phpMan.php/man/derive/3/markdown), "PARAMETERS" in **EVP**___**[KDF**(3)](https://www.chedong.com/phpMan.php/man/KDF/3/markdown) ## HISTORY This functionality was added to OpenSSL 3.0. ## COPYRIGHT Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved. Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <>. 3.0.2 2026-06-02 [EVP_KDF-SS(7SSL)](https://www.chedong.com/phpMan.php/man/EVPKDF-SS/7SSL/markdown)