mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-17 14:32:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

DOC: Refactor provider-keymgmt(7) to give the keytypes their own pages

Browse Source 
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11546)
This commit is contained in:
Richard Levitte 2020-04-14 19:06:12 +02:00 committed by Pauli
parent 4114964865
commit 33df1cfdd5
6 changed files with 417 additions and 236 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
doc/man7/EVP_PKEY-DSA.pod Normal file
View File

@ -0,0 +1,65 @@
=pod
=head1 NAME
EVP_PKEY-DSA, EVP_KEYMGMT-DSA, EVP_PKEY-DH, EVP_KEYMGMT-DH
- EVP_PKEY DSA and DH keytype and algorithm support
=head1 DESCRIPTION
The B<DSA> and B<DH> keytypes are implemented in OpenSSL's default and FIPS
providers.
The implementations support the basic DSA and DH keys, containing the public
and private keys I<pub> and I<priv> as well as the three domain parameters
I<p>, I<q> and I<g>.
=head2 Common DSA / DH parameters
In addition to the common parameters that all keytypes should support (see
L<provider-keymgmt(7)/Common parameters>), the B<DSA> and B<DH> keytype
implementations support the following.
=over 4
=item "pub" (B<OSSL_PKEY_PARAM_PUB_KEY>) <unsigned integer>
The public key value.
=item "priv" (B<OSSL_PKEY_PARAM_PRIV_KEY>) <unsigned integer>
The private key value.
=item "p" (B<OSSL_PKEY_PARAM_FFC_P>) <unsigned integer>
A DSA or Diffie-Hellman "p" value.
=item "q" (B<OSSL_PKEY_PARAM_FFC_Q>) <unsigned integer>
A DSA or Diffie-Hellman "q" value.
=item "g" (B<OSSL_PKEY_PARAM_FFC_G>) <unsigned integer>
A DSA or Diffie-Hellman "g" value.
=back
=head1 CONFORMING TO
[TBA]
=head1 SEE ALSO
L<EVP_KEYMGMT(3)>, L<EVP_PKEY(3)>, L<provider-keymgmt(7)>,
L<OSSL_PROVIDER-default(7)>, L<OSSL_PROVIDER-FIPS(7)>,
L<EVP_SIGNATURE-DSA(7)>, L<EVP_KEYEXCH-DH(7)>
=head1 COPYRIGHT
Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

64
doc/man7/EVP_PKEY-EC.pod Normal file
View File

@ -0,0 +1,64 @@
=pod
=head1 NAME
EVP_PKEY-EC - EVP_PKEY EC keytype and algorithm support
=head1 DESCRIPTION
The B<EC> keytype is implemented in OpenSSL's default provider.
=head2 Common EC parameters
The following Import/Export types are available for the built-in EC algorithm:
=over 4
=item "curve-name" (B<OSSL_PKEY_PARAM_EC_NAME>) <utf8 string>
The EC curve name.
=item "use-cofactor-flag" (B<OSSL_PKEY_PARAM_USE_COFACTOR_ECDH>) <integer>
Enable Cofactor DH (ECC CDH) if this value is 1, otherwise it uses normal EC DH
if the value is zero. The cofactor variant multiplies the shared secret by the
EC curve's cofactor (note for some curves the cofactor is 1).
=for comment The following link should become L<EVP_KEYEXCH-ECDH(7)>
See also L<provider-keyexch(7)> for the related
B<OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE> parameter that can be set on a
per-operation basis.
=item "pub" (B<OSSL_PKEY_PARAM_PUB_KEY>) <octet string>
The public key value in EC point format.
=item "priv" (B<OSSL_PKEY_PARAM_PRIV_KEY>) <unsigned integer>
The private key value.
=back
=head1 EXAMPLES
An B<EVP_PKEY> context can be obtained by calling:
EVP_PKEY_CTX *pctx =
EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL);
=head1 SEE ALSO
L<EVP_KEYMGMT(3)>, L<EVP_PKEY(3)>, L<provider-keymgmt(7)>,
L<EVP_SIGNATURE-ECDSA(7)>, L<EVP_KEYEXCH-ECDH(7)>
=head1 COPYRIGHT
Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

185
doc/man7/EVP_PKEY-RSA.pod Normal file
View File

@ -0,0 +1,185 @@
=pod
=head1 NAME
EVP_PKEY-RSA, EVP_KEYMGMT-RSA, RSA
- EVP_PKEY RSA keytype and algorithm support
=head1 DESCRIPTION
The B<RSA> keytype is implemented in OpenSSL's default and FIPS providers.
That implementation supports the basic RSA keys, containing the modulus I<n>,
the public exponent I<e>, the private exponent I<d>, and a collection of prime
factors, exponents and coefficient for CRT calculations, of which the first
few are known as I<p> and I<q>, I<dP> and I<dQ>, and I<qInv>.
=head2 Common RSA parameters
In addition to the common parameters that all keytypes should support (see
L<provider-keymgmt(7)/Common parameters>), the B<RSA> keytype implementation
supports the following.
=over 4
=item "n" (B<OSSL_PKEY_PARAM_RSA_N>) <unsigned integer>
The RSA "n" value.
=item "e" (B<OSSL_PKEY_PARAM_RSA_E>) <unsigned integer>
The RSA "e" value.
=item "d" (B<OSSL_PKEY_PARAM_RSA_D>) <unsigned integer>
The RSA "d" value.
=item "rsa-factor1" (B<OSSL_PKEY_PARAM_RSA_FACTOR1>) <unsigned integer>
=item "rsa-factor2" (B<OSSL_PKEY_PARAM_RSA_FACTOR2>) <unsigned integer>
=item "rsa-factor3" (B<OSSL_PKEY_PARAM_RSA_FACTOR3>) <unsigned integer>
=item "rsa-factor4" (B<OSSL_PKEY_PARAM_RSA_FACTOR4>) <unsigned integer>
=item "rsa-factor5" (B<OSSL_PKEY_PARAM_RSA_FACTOR5>) <unsigned integer>
=item "rsa-factor6" (B<OSSL_PKEY_PARAM_RSA_FACTOR6>) <unsigned integer>
=item "rsa-factor7" (B<OSSL_PKEY_PARAM_RSA_FACTOR7>) <unsigned integer>
=item "rsa-factor8" (B<OSSL_PKEY_PARAM_RSA_FACTOR8>) <unsigned integer>
=item "rsa-factor9" (B<OSSL_PKEY_PARAM_RSA_FACTOR9>) <unsigned integer>
=item "rsa-factor10" (B<OSSL_PKEY_PARAM_RSA_FACTOR10>) <unsigned integer>
RSA prime factors. The factors are known as "p", "q" and "r_i" in RFC8017.
Up to eight additional "r_i" prime factors are supported.
=item "rsa-exponent1" (B<OSSL_PKEY_PARAM_RSA_EXPONENT1>) <unsigned integer>
=item "rsa-exponent2" (B<OSSL_PKEY_PARAM_RSA_EXPONENT2>) <unsigned integer>
=item "rsa-exponent3" (B<OSSL_PKEY_PARAM_RSA_EXPONENT3>) <unsigned integer>
=item "rsa-exponent4" (B<OSSL_PKEY_PARAM_RSA_EXPONENT4>) <unsigned integer>
=item "rsa-exponent5" (B<OSSL_PKEY_PARAM_RSA_EXPONENT5>) <unsigned integer>
=item "rsa-exponent6" (B<OSSL_PKEY_PARAM_RSA_EXPONENT6>) <unsigned integer>
=item "rsa-exponent7" (B<OSSL_PKEY_PARAM_RSA_EXPONENT7>) <unsigned integer>
=item "rsa-exponent8" (B<OSSL_PKEY_PARAM_RSA_EXPONENT8>) <unsigned integer>
=item "rsa-exponent9" (B<OSSL_PKEY_PARAM_RSA_EXPONENT9>) <unsigned integer>
=item "rsa-exponent10" (B<OSSL_PKEY_PARAM_RSA_EXPONENT10>) <unsigned integer>
RSA CRT (Chinese Remainder Theorem) exponents. The exponents are known
as "dP", "dQ" and "d_i in RFC8017".
Up to eight additional "d_i" exponents are supported.
=item "rsa-coefficient1" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT1>) <unsigned integer>
=item "rsa-coefficient2" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT2>) <unsigned integer>
=item "rsa-coefficient3" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT3>) <unsigned integer>
=item "rsa-coefficient4" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT4>) <unsigned integer>
=item "rsa-coefficient5" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT5>) <unsigned integer>
=item "rsa-coefficient6" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT6>) <unsigned integer>
=item "rsa-coefficient7" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT7>) <unsigned integer>
=item "rsa-coefficient8" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT8>) <unsigned integer>
=item "rsa-coefficient9" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT9>) <unsigned integer>
RSA CRT (Chinese Remainder Theorem) coefficients. The coefficients are known as
"qInv" and "t_i".
Up to eight additional "t_i" exponents are supported.
=back
=head2 RSA key generation parameters
When generating RSA keys, the following key generation parameters may be used.
=over 4
=item "bits" (B<OSSL_PKEY_PARAM_RSA_BITS>) <unsigned integer>
The value should be the cryptographic length for the B<RSA> cryptosystem, in
bits.
=item "primes" (B<OSSL_PKEY_PARAM_RSA_PRIMES>) <unsigned integer>
The value should be the number of primes for the generated B<RSA> key. The
default is 2. It isn't permitted to specify a larger number of primes than
10. Additionally, the number of primes is limited by the length of the key
being generated so the maximum number could be less.
=back
=head1 CONFORMING TO
=over 4
=item RFC 8017, excluding RSA-PSS and RSA-OAEP
=for comment RSA-PSS, and probably also RSA-OAEP, need separate keytypes,
and will be described in separate pages for those RSA keytypes.
=back
=head1 EXAMPLES
An B<EVP_PKEY> context can be obtained by calling:
EVP_PKEY_CTX *pctx =
EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
An B<RSA> key can be generated like this:
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx =
EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
EVP_PKEY_keygen_init(pctx);
EVP_PKEY_gen(pctx, &pkey);
EVP_PKEY_CTX_free(pctx);
An B<RSA> key can be generated with key generation parameters:
unsigned int primes = 3;
unsigned int bits = 4096;
OSSL_PARAM params[3];
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx =
EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
params[0] = OSSL_PARAM_construct_uint("bits", bits);
params[1] = OSSL_PARAM_construct_uint("primes", primes);
params[2] = OSSL_PARAM_END;
EVP_PKEY_keygen_init(pctx);
EVP_PKEY_CTX_set_params(pctx, params);
EVP_PKEY_gen(pctx, &pkey);
EVP_PKEY_CTX_free(pctx);
=head1 SEE ALSO
L<EVP_KEYMGMT(3)>, L<EVP_PKEY(3)>, L<provider-keymgmt(7)>
=head1 COPYRIGHT
Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

90
doc/man7/EVP_PKEY-X25519.pod Normal file
View File

@ -0,0 +1,90 @@
=pod
=head1 NAME
EVP_PKEY-X25519, EVP_PKEY-X448, EVP_PKEY-ED25519, EVP_PKEY-ED448,
EVP_KEYMGMT-X25519, EVP_KEYMGMT-X448, EVP_KEYMGMT-ED25519, EVP_KEYMGMT-ED448
- EVP_PKEY X25519, X448, ED25519 and ED448 keytype and algorithm support
=head1 DESCRIPTION
The B<X25519>, B<X448>, B<ED25519> and B<ED448> keytypes are
implemented in OpenSSL's default provider.
=head2 Common X25519, X448, ED25519 and ED448 parameters
The following Import/Export types are available for the built-in X25519, X448,
ED25519 and X448 algorithms:
=over 4
=item "pub" (B<OSSL_PKEY_PARAM_PUB_KEY>) <octet string>
The public key value.
=item "priv" (B<OSSL_PKEY_PARAM_PRIV_KEY>) <octet string>
The private key value.
=back
=head1 CONFORMING TO
=over 4
=item RFC 8032
=back
=head1 EXAMPLES
An B<EVP_PKEY> context can be obtained by calling:
EVP_PKEY_CTX *pctx =
EVP_PKEY_CTX_new_from_name(NULL, "X25519", NULL);
EVP_PKEY_CTX *pctx =
EVP_PKEY_CTX_new_from_name(NULL, "X448", NULL);
EVP_PKEY_CTX *pctx =
EVP_PKEY_CTX_new_from_name(NULL, "ED25519", NULL);
EVP_PKEY_CTX *pctx =
EVP_PKEY_CTX_new_from_name(NULL, "ED448", NULL);
An B<ED25519> key can be generated like this:
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx =
EVP_PKEY_CTX_new_from_name(NULL, "ED25519", NULL);
EVP_PKEY_keygen_init(pctx);
EVP_PKEY_gen(pctx, &pkey);
EVP_PKEY_CTX_free(pctx);
An B<X25519> key can be generated in a similar way:
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx =
EVP_PKEY_CTX_new_from_name(NULL, "X25519", NULL);
EVP_PKEY_keygen_init(pctx);
EVP_PKEY_gen(pctx, &pkey);
EVP_PKEY_CTX_free(pctx);
=head1 SEE ALSO
L<EVP_KEYMGMT(3)>, L<EVP_PKEY(3)>, L<provider-keymgmt(7)>,
L<EVP_KEYEXCH-X25519(7)>, L<EVP_KEYEXCH-X448(7)>,
L<EVP_SIGNATURE-ED25519(7)>, L<EVP_SIGNATURE-ED448(7)>
=head1 COPYRIGHT
Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut

245
doc/man7/provider-keymgmt.pod
View File

@ -258,7 +258,7 @@ present as well.
=head2 Key Object Information Functions
OP_keymgmt_get_params() should extract information data associated
with the given I<keydata>, see L</Information Parameters>.
with the given I<keydata>, see L</Common Information Parameters>.
OP_keymgmt_gettable_params() should return a constant array of
descriptor B<OSSL_PARAM>, for parameters that OP_keymgmt_get_params()
@ -268,7 +268,7 @@ If OP_keymgmt_gettable_params() is present, OP_keymgmt_get_params()
must also be present, and vice versa.
OP_keymgmt_set_params() should update information data associated
with the given I<keydata>, see L</Information Parameters>.
with the given I<keydata>, see L</Common Information Parameters>.
OP_keymgmt_settable_params() should return a constant array of
descriptor B<OSSL_PARAM>, for parameters that OP_keymgmt_set_params()
@ -328,227 +328,12 @@ from I<keydata_from> to I<keydata_to>. It is assumed that the caller
has ensured that I<keydata_to> and I<keydata_from> are both owned by
the implementation of this function.
=head2 Built-in DSA Key Generation Types
The following Key Generation types are available for the built-in DSA algorithm:
=over 4
=item "pbits" (B<OSSL_PKEY_PARAM_FFC_PBITS>) <unsigned integer>
Sets the DSA size (in bits) of the prime 'p'.
The value should be 2048 or 3072.
=item "qbits" (B<OSSL_PKEY_PARAM_FFC_QBITS>) <unsigned integer>
Sets the DSA size (in bits) of the prime 'q'.
The value should be 224 or 256.
=item "type" (B<OSSL_PKEY_PARAM_FFC_TYPE>) <integer>
Sets the type of parameter generation.
Use 0 for FIPS186-4, or 1 for legacy FIPS186-2.
The default is 0.
=item "digest" (B<OSSL_PKEY_PARAM_FFC_DIGEST>) <utf8_string>
Sets the Digest algorithm to be used as part of the Key Generation Function
associated with the given Key Generation I<ctx>.
=item "properties" (B<OSSL_PKEY_PARAM_FFC_DIGEST_PROPS>) <utf8_string>
Sets properties to be used upon look up of the implementation for the selected
Digest algorithm for the Key Generation Function associated with the given key
Generation I<ctx>.
=item "gindex" (B<OSSL_PKEY_PARAM_FFC_GINDEX>) <integer>
Sets the index to use for canonical generation and verification of the generator g.
Set this to a positive value to use this mode. This I<index> can then be reused
during key validation to verify the value of g. If this value is not set then
g is not verifiable. The default value is -1.
=item "seed" (B<OSSL_PKEY_PARAM_FFC_SEED>) <octet_string>
Sets the I<seed> data to use instead of generating a random seed internally.
This should be used for testing purposes only. This will either produced fixed
values for the generated parameters OR it will fail if the seed did not
generate valid primes.
=back
=head2 Built-in RSA Import/Export Types
The following Import/Export types are available for the built-in RSA algorithm:
=over 4
=item "n" (B<OSSL_PKEY_PARAM_RSA_N>) <unsigned integer>
The RSA "n" value.
=item "e" (B<OSSL_PKEY_PARAM_RSA_E>) <unsigned integer>
The RSA "e" value.
=item "d" (B<OSSL_PKEY_PARAM_RSA_D>) <unsigned integer>
The RSA "d" value.
=item "rsa-factor1" (B<OSSL_PKEY_PARAM_RSA_FACTOR1>) <unsigned integer>
=item "rsa-factor2" (B<OSSL_PKEY_PARAM_RSA_FACTOR2>) <unsigned integer>
=item "rsa-factor3" (B<OSSL_PKEY_PARAM_RSA_FACTOR3>) <unsigned integer>
=item "rsa-factor4" (B<OSSL_PKEY_PARAM_RSA_FACTOR4>) <unsigned integer>
=item "rsa-factor5" (B<OSSL_PKEY_PARAM_RSA_FACTOR5>) <unsigned integer>
=item "rsa-factor6" (B<OSSL_PKEY_PARAM_RSA_FACTOR6>) <unsigned integer>
=item "rsa-factor7" (B<OSSL_PKEY_PARAM_RSA_FACTOR7>) <unsigned integer>
=item "rsa-factor8" (B<OSSL_PKEY_PARAM_RSA_FACTOR8>) <unsigned integer>
=item "rsa-factor9" (B<OSSL_PKEY_PARAM_RSA_FACTOR9>) <unsigned integer>
=item "rsa-factor10" (B<OSSL_PKEY_PARAM_RSA_FACTOR10>) <unsigned integer>
RSA prime factors. The factors are known as "p", "q" and "r_i" in RFC8017.
Up to eight additional "r_i" prime factors are supported.
=item "rsa-exponent1" (B<OSSL_PKEY_PARAM_RSA_EXPONENT1>) <unsigned integer>
=item "rsa-exponent2" (B<OSSL_PKEY_PARAM_RSA_EXPONENT2>) <unsigned integer>
=item "rsa-exponent3" (B<OSSL_PKEY_PARAM_RSA_EXPONENT3>) <unsigned integer>
=item "rsa-exponent4" (B<OSSL_PKEY_PARAM_RSA_EXPONENT4>) <unsigned integer>
=item "rsa-exponent5" (B<OSSL_PKEY_PARAM_RSA_EXPONENT5>) <unsigned integer>
=item "rsa-exponent6" (B<OSSL_PKEY_PARAM_RSA_EXPONENT6>) <unsigned integer>
=item "rsa-exponent7" (B<OSSL_PKEY_PARAM_RSA_EXPONENT7>) <unsigned integer>
=item "rsa-exponent8" (B<OSSL_PKEY_PARAM_RSA_EXPONENT8>) <unsigned integer>
=item "rsa-exponent9" (B<OSSL_PKEY_PARAM_RSA_EXPONENT9>) <unsigned integer>
=item "rsa-exponent10" (B<OSSL_PKEY_PARAM_RSA_EXPONENT10>) <unsigned integer>
RSA CRT (Chinese Remainder Theorem) exponents. The exponents are known
as "dP", "dQ" and "d_i in RFC8017".
Up to eight additional "d_i" exponents are supported.
=item "rsa-coefficient1" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT1>) <unsigned integer>
=item "rsa-coefficient2" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT2>) <unsigned integer>
=item "rsa-coefficient3" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT3>) <unsigned integer>
=item "rsa-coefficient4" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT4>) <unsigned integer>
=item "rsa-coefficient5" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT5>) <unsigned integer>
=item "rsa-coefficient6" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT6>) <unsigned integer>
=item "rsa-coefficient7" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT7>) <unsigned integer>
=item "rsa-coefficient8" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT8>) <unsigned integer>
=item "rsa-coefficient9" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT9>) <unsigned integer>
RSA CRT (Chinese Remainder Theorem) coefficients. The coefficients are known as
"qInv" and "t_i".
Up to eight additional "t_i" exponents are supported.
=back
=head2 Built-in DSA and Diffie-Hellman Import/Export Types
The following Import/Export types are available for the built-in DSA and
Diffie-Hellman algorithms:
=over 4
=item "pub" (B<OSSL_PKEY_PARAM_PUB_KEY>) <unsigned integer>
The public key value.
=item "priv" (B<OSSL_PKEY_PARAM_PRIV_KEY>) <unsigned integer>
The private key value.
=item "p" (B<OSSL_PKEY_PARAM_FFC_P>) <unsigned integer>
A DSA or Diffie-Hellman "p" value.
=item "q" (B<OSSL_PKEY_PARAM_FFC_Q>) <unsigned integer>
A DSA or Diffie-Hellman "q" value.
=item "g" (B<OSSL_PKEY_PARAM_FFC_G>) <unsigned integer>
A DSA or Diffie-Hellman "g" value.
=back
=head2 Built-in X25519, X448, ED25519 and ED448 Import/Export Types
The following Import/Export types are available for the built-in X25519, X448,
ED25519 and X448 algorithms:
=over 4
=item "pub" (B<OSSL_PKEY_PARAM_PUB_KEY>) <octet string>
The public key value.
=item "priv" (B<OSSL_PKEY_PARAM_PRIV_KEY>) <octet string>
The private key value.
=back
=head2 Built-in EC Import/Export Types
The following Import/Export types are available for the built-in EC algorithm:
=over 4
=item "curve-name" (B<OSSL_PKEY_PARAM_EC_NAME>) <utf8 string>
The EC curve name.
=item "use-cofactor-flag" (B<OSSL_PKEY_PARAM_USE_COFACTOR_ECDH>) <integer>
Enable Cofactor DH (ECC CDH) if this value is 1, otherwise it uses normal EC DH
if the value is zero. The cofactor variant multiplies the shared secret by the
EC curve's cofactor (note for some curves the cofactor is 1).
=item "pub" (B<OSSL_PKEY_PARAM_PUB_KEY>) <octet string>
The public key value in EC point format.
=item "priv" (B<OSSL_PKEY_PARAM_PRIV_KEY>) <unsigned integer>
The private key value.
=back
=head2 Information Parameters
=head2 Common Information Parameters
See L<OSSL_PARAM(3)> for further details on the parameters structure.
The Built-in Import/Export Types listed above are also Information Parameters.
Not all parameters are relevant to, or are understood by all keymgmt
algorithms:
Parameters currently recognised by built-in keymgmt algorithms
also include the following.
Common information parameters currently recognised by all built-in
keymgmt algorithms are as follows:
=over 4
@ -576,21 +361,6 @@ dimensions handled in the rest of the same provider.
The value should be the number of security bits of the given key.
Bits of security is defined in SP800-57.
=item "use-cofactor-flag" (B<OSSL_PKEY_PARAM_USE_COFACTOR_FLAG>,
B<OSSL_PKEY_PARAM_USE_COFACTOR_ECDH>) <integer>
The value should be either 1 or 0, to respectively enable or disable
use of the cofactor in operations using this key.
In the context of a key that can be used to perform an Elliptic Curve
Diffie-Hellman key exchange, this parameter can be used to mark a requirement
for using the Cofactor Diffie-Hellman (CDH) variant of the key exchange
algorithm.
See also L<provider-keyexch(7)> for the related
B<OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE> parameter that can be set on a
per-operation basis.
=back
=head1 RETURN VALUES
@ -618,7 +388,10 @@ always return a constant B<OSSL_PARAM> array.
=head1 SEE ALSO
L<provider(7)>
L<provider(7)>,
L<EVP_PKEY-X25519(7)>, L<EVP_PKEY-X448(7)>, L<EVP_PKEY-ED25519(7)>,
L<EVP_PKEY-ED448(7)>, L<EVP_PKEY-EC(7)>, L<EVP_PKEY-RSA(7)>,
L<EVP_PKEY-DSA(7)>, L<EVP_PKEY-DH(7)>
=head1 HISTORY

4
util/missingcrypto.txt
View File

@ -588,6 +588,7 @@ EVP_CIPHER-RC4(7)
EVP_CIPHER-RC5(7)
EVP_CIPHER-SEED(7)
EVP_CIPHER-SM4(7)
EVP_PKEY(3)
EVP_KDF-KBKDF(7)
EVP_KDF-SSKDF(7)
EVP_KDF-TLS1-PRF(7)
@ -604,6 +605,9 @@ EVP_KEYMGMT-RSA(7)
EVP_KEYMGMT-X25519(7)
EVP_KEYMGMT-X448(7)
EVP_SIGNATURE-DSA(7)
EVP_SIGNATURE-ECDSA(7)
EVP_SIGNATURE-ED25519(7)
EVP_SIGNATURE-ED448(7)
EVP_SIGNATURE-RSA(7)
ERR_clear_last_mark(3)
ERR_get_state(3)