如何使用OpenSSL 1.1.1实现HDF-Extract?

How to use OpenSSL 1.1.1 to implement HDF-Extract?

我正在尝试实现 QUIC RFC 的部分内容,他们指出:

   initial_salt = 0xc3eef712c72ebb5a11a7d2432bb46365bef9f502
   initial_secret = HKDF-Extract(initial_salt,
                                 client_dst_connection_id)

我只是想知道,如何将其映射到此处:https://www.openssl.org/docs/man1.1.1/man3/EVP_PKEY_CTX_set_hkdf_md.html

我明白了:

EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY In this mode calling EVP_PKEY_derive(3) will just perform the extract operation. The value returned will be the intermediate fixed-length pseudorandom key K.

The digest, key and salt values must be set before a key is derived or an error occurs.

但我在这里很困惑。我可以看到如何设置模式、算法、盐,但我不知道在哪里设置 client_dst_connection_id

RFC5869 中描述了 HKDF,它定义了 HKDF-Extract 操作,如下所示:

HKDF-Extract(salt, IKM) -> PRK

Options: Hash a hash function; HashLen denotes the length of the hash function output in octets

Inputs: salt optional salt value (a non-secret random value); if not provided, it is set to a string of HashLen zeros. IKM input keying material

Output: PRK a pseudorandom key (of HashLen octets)

因此,第二个参数(在本例中为 client_dst_connection_id)是 "input keying material"。

在您链接到的 OpenSSL 手册页上,您可以看到可以使用 EVP_PKEY_CTX_set1_hkdf_key().

设置键控 material

请注意,手册页还为 EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY 说明了以下内容:

The digest, key and salt values must be set before a key is derived or an error occurs.

至此,键值和盐值就清楚了。您还需要通过 EVP_PKEY_CTX_set_hkdf_md()

指定正在使用的摘要