{ "content": [ { "type": "text", "text": "# EVP_KDF-SSHKDF(7ssl) (man)\n\n**Summary:** EVPKDF-SSHKDF - The SSHKDF EVPKDF implementation\n\n## Examples\n\n- `This example derives an 8 byte IV using SHA-256 with a 1K \"key\" and appropriate \"xcghash\" and`\n- `\"sessionid\" values:`\n- `EVPKDF *kdf;`\n- `EVPKDFCTX *kctx;`\n- `const char type = EVPKDFSSHKDFTYPEINITIALIVCLITOSRV;`\n- `unsigned char key[1024] = \"01234...\";`\n- `unsigned char xcghash[32] = \"012345...\";`\n- `unsigned char sessionid[32] = \"012345...\";`\n- `unsigned char out[8];`\n- `sizet outlen = sizeof(out);`\n- `OSSLPARAM params[6], *p = params;`\n- `kdf = EVPKDFfetch(NULL, \"SSHKDF\", NULL);`\n- `kctx = EVPKDFCTXnew(kdf);`\n- `EVPKDFfree(kdf);`\n- `*p++ = OSSLPARAMconstructutf8string(OSSLKDFPARAMDIGEST,`\n- `SNsha256, strlen(SNsha256));`\n- `*p++ = OSSLPARAMconstructoctetstring(OSSLKDFPARAMKEY,`\n- `key, (sizet)1024);`\n- `*p++ = OSSLPARAMconstructoctetstring(OSSLKDFPARAMSSHKDFXCGHASH,`\n- `xcghash, (sizet)32);`\n- `*p++ = OSSLPARAMconstructoctetstring(OSSLKDFPARAMSSHKDFSESSIONID,`\n- `sessionid, (sizet)32);`\n- `*p++ = OSSLPARAMconstructutf8string(OSSLKDFPARAMSSHKDFTYPE,`\n- `&type, sizeof(type));`\n- `*p = OSSLPARAMconstructend();`\n- `if (EVPKDFderive(kctx, out, &outlen, params) <= 0)`\n- `/* Error */`\n\n## See Also\n\n- EVPKDF(3)\n- EVPKDFCTXnew(3)\n- EVPKDFCTXfree(3)\n- EVPKDFCTXsetparams(3)\n- EVPKDFCTXgetkdfsize(3)\n- EVPKDFderive(3)\n- EVPKDF(3)\n\n## Section Outline\n\n- **NAME** (2 lines)\n- **DESCRIPTION** (7 lines) — 2 subsections\n - Identity (3 lines)\n - Supported parameters (33 lines)\n- **NOTES** (11 lines)\n- **EXAMPLES** (31 lines)\n- **CONFORMING TO** (2 lines)\n- **SEE ALSO** (3 lines)\n- **COPYRIGHT** (9 lines)\n\n## Full Content\n\n### NAME\n\nEVPKDF-SSHKDF - The SSHKDF EVPKDF implementation\n\n### DESCRIPTION\n\nSupport for computing the SSHKDF KDF through the EVPKDF API.\n\nThe EVPKDF-SSHKDF algorithm implements the SSHKDF key derivation function. It is defined in\nRFC 4253, section 7.2 and is used by SSH to derive IVs, encryption keys and integrity keys.\nFive inputs are required to perform key derivation: The hashing function (for example\nSHA256), the Initial Key, the Exchange Hash, the Session ID, and the derivation key type.\n\n#### Identity\n\n\"SSHKDF\" is the name for this implementation; it can be used with the EVPKDFfetch()\nfunction.\n\n#### Supported parameters\n\nThe supported parameters are:\n\n\"properties\" (OSSLKDFPARAMPROPERTIES) \n\"digest\" (OSSLKDFPARAMDIGEST) \n\"key\" (OSSLKDFPARAMKEY) \nThese parameters work as described in \"PARAMETERS\" in EVPKDF(3).\n\n\"xcghash\" (OSSLKDFPARAMSSHKDFXCGHASH) \n\"sessionid\" (OSSLKDFPARAMSSHKDFSESSIONID) \nThese parameters set the respective values for the KDF. If a value is already set, the\ncontents are replaced.\n\n\"type\" (OSSLKDFPARAMSSHKDFTYPE) \nThis parameter sets the type for the SSHKDF operation. There are six supported types:\n\nEVPKDFSSHKDFTYPEINITIALIVCLITOSRV\nThe Initial IV from client to server. A single char of value 65 (ASCII char 'A').\n\nEVPKDFSSHKDFTYPEINITIALIVSRVTOCLI\nThe Initial IV from server to client A single char of value 66 (ASCII char 'B').\n\nEVPKDFSSHKDFTYPEENCRYPTIONKEYCLITOSRV\nThe Encryption Key from client to server A single char of value 67 (ASCII char 'C').\n\nEVPKDFSSHKDFTYPEENCRYPTIONKEYSRVTOCLI\nThe Encryption Key from server to client A single char of value 68 (ASCII char 'D').\n\nEVPKDFSSHKDFTYPEINTEGRITYKEYCLITOSRV\nThe Integrity Key from client to server A single char of value 69 (ASCII char 'E').\n\nEVPKDFSSHKDFTYPEINTEGRITYKEYSRVTOCLI\nThe Integrity Key from client to server A single char of value 70 (ASCII char 'F').\n\n### NOTES\n\nA context for SSHKDF can be obtained by calling:\n\nEVPKDF *kdf = EVPKDFfetch(NULL, \"SSHKDF\", NULL);\nEVPKDFCTX *kctx = EVPKDFCTXnew(kdf);\n\nThe output length of the SSHKDF derivation is specified via the keylen parameter to the\nEVPKDFderive(3) function. Since the SSHKDF output length is variable, calling\nEVPKDFCTXgetkdfsize(3) to obtain the requisite length is not meaningful. The caller must\nallocate a buffer of the desired length, and pass that buffer to the EVPKDFderive(3)\nfunction along with the desired length.\n\n### EXAMPLES\n\nThis example derives an 8 byte IV using SHA-256 with a 1K \"key\" and appropriate \"xcghash\" and\n\"sessionid\" values:\n\nEVPKDF *kdf;\nEVPKDFCTX *kctx;\nconst char type = EVPKDFSSHKDFTYPEINITIALIVCLITOSRV;\nunsigned char key[1024] = \"01234...\";\nunsigned char xcghash[32] = \"012345...\";\nunsigned char sessionid[32] = \"012345...\";\nunsigned char out[8];\nsizet outlen = sizeof(out);\nOSSLPARAM params[6], *p = params;\n\nkdf = EVPKDFfetch(NULL, \"SSHKDF\", NULL);\nkctx = EVPKDFCTXnew(kdf);\nEVPKDFfree(kdf);\n\n*p++ = OSSLPARAMconstructutf8string(OSSLKDFPARAMDIGEST,\nSNsha256, strlen(SNsha256));\n*p++ = OSSLPARAMconstructoctetstring(OSSLKDFPARAMKEY,\nkey, (sizet)1024);\n*p++ = OSSLPARAMconstructoctetstring(OSSLKDFPARAMSSHKDFXCGHASH,\nxcghash, (sizet)32);\n*p++ = OSSLPARAMconstructoctetstring(OSSLKDFPARAMSSHKDFSESSIONID,\nsessionid, (sizet)32);\n*p++ = OSSLPARAMconstructutf8string(OSSLKDFPARAMSSHKDFTYPE,\n&type, sizeof(type));\n*p = OSSLPARAMconstructend();\nif (EVPKDFderive(kctx, out, &outlen, params) <= 0)\n/* Error */\n\n### CONFORMING TO\n\nRFC 4253\n\n### SEE ALSO\n\nEVPKDF(3), EVPKDFCTXnew(3), EVPKDFCTXfree(3), EVPKDFCTXsetparams(3),\nEVPKDFCTXgetkdfsize(3), EVPKDFderive(3), \"PARAMETERS\" in EVPKDF(3)\n\n### COPYRIGHT\n\nCopyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.\n\nLicensed under the Apache License 2.0 (the \"License\"). You may not use this file except in\ncompliance with the License. You can obtain a copy in the file LICENSE in the source\ndistribution or at .\n\n\n\n3.0.2 2026-04-07 EVPKDF-SSHKDF(7SSL)\n\n" } ], "structuredContent": { "command": "EVP_KDF-SSHKDF", "section": "7ssl", "mode": "man", "summary": "EVPKDF-SSHKDF - The SSHKDF EVPKDF implementation", "synopsis": null, "tldr_summary": null, "tldr_examples": [], "tldr_source": null, "flags": [], "examples": [ "This example derives an 8 byte IV using SHA-256 with a 1K \"key\" and appropriate \"xcghash\" and", "\"sessionid\" values:", "EVPKDF *kdf;", "EVPKDFCTX *kctx;", "const char type = EVPKDFSSHKDFTYPEINITIALIVCLITOSRV;", "unsigned char key[1024] = \"01234...\";", "unsigned char xcghash[32] = \"012345...\";", "unsigned char sessionid[32] = \"012345...\";", "unsigned char out[8];", "sizet outlen = sizeof(out);", "OSSLPARAM params[6], *p = params;", "kdf = EVPKDFfetch(NULL, \"SSHKDF\", NULL);", "kctx = EVPKDFCTXnew(kdf);", "EVPKDFfree(kdf);", "*p++ = OSSLPARAMconstructutf8string(OSSLKDFPARAMDIGEST,", "SNsha256, strlen(SNsha256));", "*p++ = OSSLPARAMconstructoctetstring(OSSLKDFPARAMKEY,", "key, (sizet)1024);", "*p++ = OSSLPARAMconstructoctetstring(OSSLKDFPARAMSSHKDFXCGHASH,", "xcghash, (sizet)32);", "*p++ = OSSLPARAMconstructoctetstring(OSSLKDFPARAMSSHKDFSESSIONID,", "sessionid, (sizet)32);", "*p++ = OSSLPARAMconstructutf8string(OSSLKDFPARAMSSHKDFTYPE,", "&type, sizeof(type));", "*p = OSSLPARAMconstructend();", "if (EVPKDFderive(kctx, out, &outlen, params) <= 0)", "/* Error */" ], "see_also": [ { "name": "EVPKDF", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPKDF/3/json" }, { "name": "EVPKDFCTXnew", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPKDFCTXnew/3/json" }, { "name": "EVPKDFCTXfree", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPKDFCTXfree/3/json" }, { "name": "EVPKDFCTXsetparams", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPKDFCTXsetparams/3/json" }, { "name": "EVPKDFCTXgetkdfsize", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPKDFCTXgetkdfsize/3/json" }, { "name": "EVPKDFderive", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPKDFderive/3/json" }, { "name": "EVPKDF", "section": "3", "url": "https://www.chedong.com/phpMan.php/man/EVPKDF/3/json" } ], "section_outline": [ { "name": "NAME", "lines": 2, "subsections": [] }, { "name": "DESCRIPTION", "lines": 7, "subsections": [ { "name": "Identity", "lines": 3 }, { "name": "Supported parameters", "lines": 33 } ] }, { "name": "NOTES", "lines": 11, "subsections": [] }, { "name": "EXAMPLES", "lines": 31, "subsections": [] }, { "name": "CONFORMING TO", "lines": 2, "subsections": [] }, { "name": "SEE ALSO", "lines": 3, "subsections": [] }, { "name": "COPYRIGHT", "lines": 9, "subsections": [] } ] } }