|
Server : Apache System : Linux server.lienzindia.com 4.18.0-348.7.1.el8_5.x86_64 #1 SMP Wed Dec 22 13:25:12 UTC 2021 x86_64 User : plutus ( 1007) PHP Version : 7.4.33 Disable Function : NONE Directory : /usr/local/emps/share/doc/openssl/html/man7/ |
Upload File : |
<?xml version="1.0" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>provider-asym_cipher</title>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<link rev="made" href="mailto:root@localhost" />
</head>
<body style="background-color: white">
<ul id="index">
<li><a href="#NAME">NAME</a></li>
<li><a href="#SYNOPSIS">SYNOPSIS</a></li>
<li><a href="#DESCRIPTION">DESCRIPTION</a>
<ul>
<li><a href="#Context-Management-Functions">Context Management Functions</a></li>
<li><a href="#Encryption-Functions">Encryption Functions</a></li>
<li><a href="#Decryption-Functions">Decryption Functions</a></li>
<li><a href="#Asymmetric-Cipher-Parameters">Asymmetric Cipher Parameters</a></li>
</ul>
</li>
<li><a href="#RETURN-VALUES">RETURN VALUES</a></li>
<li><a href="#SEE-ALSO">SEE ALSO</a></li>
<li><a href="#HISTORY">HISTORY</a></li>
<li><a href="#COPYRIGHT">COPYRIGHT</a></li>
</ul>
<h1 id="NAME">NAME</h1>
<p>provider-asym_cipher - The asym_cipher library <-> provider functions</p>
<h1 id="SYNOPSIS">SYNOPSIS</h1>
<pre><code> #include <openssl/core_dispatch.h>
#include <openssl/core_names.h>
/*
* None of these are actual functions, but are displayed like this for
* the function signatures for functions that are offered as function
* pointers in OSSL_DISPATCH arrays.
*/
/* Context management */
void *OSSL_FUNC_asym_cipher_newctx(void *provctx);
void OSSL_FUNC_asym_cipher_freectx(void *ctx);
void *OSSL_FUNC_asym_cipher_dupctx(void *ctx);
/* Encryption */
int OSSL_FUNC_asym_cipher_encrypt_init(void *ctx, void *provkey,
const OSSL_PARAM params[]);
int OSSL_FUNC_asym_cipher_encrypt(void *ctx, unsigned char *out, size_t *outlen,
size_t outsize, const unsigned char *in,
size_t inlen);
/* Decryption */
int OSSL_FUNC_asym_cipher_decrypt_init(void *ctx, void *provkey,
const OSSL_PARAM params[]);
int OSSL_FUNC_asym_cipher_decrypt(void *ctx, unsigned char *out, size_t *outlen,
size_t outsize, const unsigned char *in,
size_t inlen);
/* Asymmetric Cipher parameters */
int OSSL_FUNC_asym_cipher_get_ctx_params(void *ctx, OSSL_PARAM params[]);
const OSSL_PARAM *OSSL_FUNC_asym_cipher_gettable_ctx_params(void *provctx);
int OSSL_FUNC_asym_cipher_set_ctx_params(void *ctx, const OSSL_PARAM params[]);
const OSSL_PARAM *OSSL_FUNC_asym_cipher_settable_ctx_params(void *provctx);</code></pre>
<h1 id="DESCRIPTION">DESCRIPTION</h1>
<p>This documentation is primarily aimed at provider authors. See <a href="../man7/provider.html">provider(7)</a> for further information.</p>
<p>The asymmetric cipher (OSSL_OP_ASYM_CIPHER) operation enables providers to implement asymmetric cipher algorithms and make them available to applications via the API functions <a href="../man3/EVP_PKEY_encrypt.html">EVP_PKEY_encrypt(3)</a>, <a href="../man3/EVP_PKEY_decrypt.html">EVP_PKEY_decrypt(3)</a> and other related functions).</p>
<p>All "functions" mentioned here are passed as function pointers between <i>libcrypto</i> and the provider in <b>OSSL_DISPATCH</b> arrays via <b>OSSL_ALGORITHM</b> arrays that are returned by the provider's provider_query_operation() function (see <a href="../man7/provider-base.html">"Provider Functions" in provider-base(7)</a>).</p>
<p>All these "functions" have a corresponding function type definition named <b>OSSL_FUNC_{name}_fn</b>, and a helper function to retrieve the function pointer from an <b>OSSL_DISPATCH</b> element named <b>OSSL_FUNC_{name}</b>. For example, the "function" OSSL_FUNC_asym_cipher_newctx() has these:</p>
<pre><code> typedef void *(OSSL_FUNC_asym_cipher_newctx_fn)(void *provctx);
static ossl_inline OSSL_FUNC_asym_cipher_newctx_fn
OSSL_FUNC_asym_cipher_newctx(const OSSL_DISPATCH *opf);</code></pre>
<p><b>OSSL_DISPATCH</b> arrays are indexed by numbers that are provided as macros in <a href="../man7/openssl-core_dispatch.h.html">openssl-core_dispatch.h(7)</a>, as follows:</p>
<pre><code> OSSL_FUNC_asym_cipher_newctx OSSL_FUNC_ASYM_CIPHER_NEWCTX
OSSL_FUNC_asym_cipher_freectx OSSL_FUNC_ASYM_CIPHER_FREECTX
OSSL_FUNC_asym_cipher_dupctx OSSL_FUNC_ASYM_CIPHER_DUPCTX
OSSL_FUNC_asym_cipher_encrypt_init OSSL_FUNC_ASYM_CIPHER_ENCRYPT_INIT
OSSL_FUNC_asym_cipher_encrypt OSSL_FUNC_ASYM_CIPHER_ENCRYPT
OSSL_FUNC_asym_cipher_decrypt_init OSSL_FUNC_ASYM_CIPHER_DECRYPT_INIT
OSSL_FUNC_asym_cipher_decrypt OSSL_FUNC_ASYM_CIPHER_DECRYPT
OSSL_FUNC_asym_cipher_get_ctx_params OSSL_FUNC_ASYM_CIPHER_GET_CTX_PARAMS
OSSL_FUNC_asym_cipher_gettable_ctx_params OSSL_FUNC_ASYM_CIPHER_GETTABLE_CTX_PARAMS
OSSL_FUNC_asym_cipher_set_ctx_params OSSL_FUNC_ASYM_CIPHER_SET_CTX_PARAMS
OSSL_FUNC_asym_cipher_settable_ctx_params OSSL_FUNC_ASYM_CIPHER_SETTABLE_CTX_PARAMS</code></pre>
<p>An asymmetric cipher algorithm implementation may not implement all of these functions. In order to be a consistent set of functions a provider must implement OSSL_FUNC_asym_cipher_newctx and OSSL_FUNC_asym_cipher_freectx. It must also implement both of OSSL_FUNC_asym_cipher_encrypt_init and OSSL_FUNC_asym_cipher_encrypt, or both of OSSL_FUNC_asym_cipher_decrypt_init and OSSL_FUNC_asym_cipher_decrypt. OSSL_FUNC_asym_cipher_get_ctx_params is optional but if it is present then so must OSSL_FUNC_asym_cipher_gettable_ctx_params. Similarly, OSSL_FUNC_asym_cipher_set_ctx_params is optional but if it is present then so must OSSL_FUNC_asym_cipher_settable_ctx_params.</p>
<p>An asymmetric cipher algorithm must also implement some mechanism for generating, loading or importing keys via the key management (OSSL_OP_KEYMGMT) operation. See <a href="../man7/provider-keymgmt.html">provider-keymgmt(7)</a> for further details.</p>
<h2 id="Context-Management-Functions">Context Management Functions</h2>
<p>OSSL_FUNC_asym_cipher_newctx() should create and return a pointer to a provider side structure for holding context information during an asymmetric cipher operation. A pointer to this context will be passed back in a number of the other asymmetric cipher operation function calls. The parameter <i>provctx</i> is the provider context generated during provider initialisation (see <a href="../man7/provider.html">provider(7)</a>).</p>
<p>OSSL_FUNC_asym_cipher_freectx() is passed a pointer to the provider side asymmetric cipher context in the <i>ctx</i> parameter. This function should free any resources associated with that context.</p>
<p>OSSL_FUNC_asym_cipher_dupctx() should duplicate the provider side asymmetric cipher context in the <i>ctx</i> parameter and return the duplicate copy.</p>
<h2 id="Encryption-Functions">Encryption Functions</h2>
<p>OSSL_FUNC_asym_cipher_encrypt_init() initialises a context for an asymmetric encryption given a provider side asymmetric cipher context in the <i>ctx</i> parameter, and a pointer to a provider key object in the <i>provkey</i> parameter. The <i>params</i>, if not NULL, should be set on the context in a manner similar to using OSSL_FUNC_asym_cipher_set_ctx_params(). The key object should have been previously generated, loaded or imported into the provider using the key management (OSSL_OP_KEYMGMT) operation (see provider-keymgmt(7)>. OSSL_FUNC_asym_cipher_encrypt() performs the actual encryption itself. A previously initialised asymmetric cipher context is passed in the <i>ctx</i> parameter. The data to be encrypted is pointed to by the <i>in</i> parameter which is <i>inlen</i> bytes long. Unless <i>out</i> is NULL, the encrypted data should be written to the location pointed to by the <i>out</i> parameter and it should not exceed <i>outsize</i> bytes in length. The length of the encrypted data should be written to <i>*outlen</i>. If <i>out</i> is NULL then the maximum length of the encrypted data should be written to <i>*outlen</i>.</p>
<h2 id="Decryption-Functions">Decryption Functions</h2>
<p>OSSL_FUNC_asym_cipher_decrypt_init() initialises a context for an asymmetric decryption given a provider side asymmetric cipher context in the <i>ctx</i> parameter, and a pointer to a provider key object in the <i>provkey</i> parameter. The <i>params</i>, if not NULL, should be set on the context in a manner similar to using OSSL_FUNC_asym_cipher_set_ctx_params(). The key object should have been previously generated, loaded or imported into the provider using the key management (OSSL_OP_KEYMGMT) operation (see provider-keymgmt(7)>.</p>
<p>OSSL_FUNC_asym_cipher_decrypt() performs the actual decryption itself. A previously initialised asymmetric cipher context is passed in the <i>ctx</i> parameter. The data to be decrypted is pointed to by the <i>in</i> parameter which is <i>inlen</i> bytes long. Unless <i>out</i> is NULL, the decrypted data should be written to the location pointed to by the <i>out</i> parameter and it should not exceed <i>outsize</i> bytes in length. The length of the decrypted data should be written to <i>*outlen</i>. If <i>out</i> is NULL then the maximum length of the decrypted data should be written to <i>*outlen</i>.</p>
<h2 id="Asymmetric-Cipher-Parameters">Asymmetric Cipher Parameters</h2>
<p>See <a href="../man3/OSSL_PARAM.html">OSSL_PARAM(3)</a> for further details on the parameters structure used by the OSSL_FUNC_asym_cipher_get_ctx_params() and OSSL_FUNC_asym_cipher_set_ctx_params() functions.</p>
<p>OSSL_FUNC_asym_cipher_get_ctx_params() gets asymmetric cipher parameters associated with the given provider side asymmetric cipher context <i>ctx</i> and stores them in <i>params</i>. Passing NULL for <i>params</i> should return true.</p>
<p>OSSL_FUNC_asym_cipher_set_ctx_params() sets the asymmetric cipher parameters associated with the given provider side asymmetric cipher context <i>ctx</i> to <i>params</i>. Any parameter settings are additional to any that were previously set. Passing NULL for <i>params</i> should return true.</p>
<p>Parameters currently recognised by built-in asymmetric cipher algorithms are as follows. Not all parameters are relevant to, or are understood by all asymmetric cipher algorithms:</p>
<dl>
<dt id="pad-mode-OSSL_ASYM_CIPHER_PARAM_PAD_MODE-integer">"pad-mode" (<b>OSSL_ASYM_CIPHER_PARAM_PAD_MODE</b>) <integer></dt>
<dd>
<p>The type of padding to be used. The interpretation of this value will depend on the algorithm in use. The default provider understands these RSA padding modes: 1 (RSA_PKCS1_PADDING), 3 (RSA_NO_PADDING), 4 (RSA_PKCS1_OAEP_PADDING), 5 (RSA_X931_PADDING), 6 (RSA_PKCS1_PSS_PADDING) and 7 (RSA_PKCS1_WITH_TLS_PADDING). See <a href="../man3/EVP_PKEY_CTX_set_rsa_padding.html">EVP_PKEY_CTX_set_rsa_padding(3)</a> for further details.</p>
</dd>
<dt id="digest-OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST-UTF8-string">"digest" (<b>OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST</b>) <UTF8 string></dt>
<dd>
<p>Gets or sets the name of the OAEP digest algorithm used when OAEP padding is in use.</p>
</dd>
<dt id="digest-OSSL_ASYM_CIPHER_PARAM_DIGEST-UTF8-string">"digest" (<b>OSSL_ASYM_CIPHER_PARAM_DIGEST</b>) <UTF8 string></dt>
<dd>
<p>Gets or sets the name of the digest algorithm used by the algorithm (where applicable).</p>
</dd>
<dt id="digest-props-OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS-UTF8-string">"digest-props" (<b>OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS</b>) <UTF8 string></dt>
<dd>
<p>Gets or sets the properties to use when fetching the OAEP digest algorithm.</p>
</dd>
<dt id="digest-props-OSSL_ASYM_CIPHER_PARAM_DIGEST_PROPS-UTF8-string">"digest-props" (<b>OSSL_ASYM_CIPHER_PARAM_DIGEST_PROPS</b>) <UTF8 string></dt>
<dd>
<p>Gets or sets the properties to use when fetching the cipher digest algorithm.</p>
</dd>
<dt id="mgf1-digest-OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST-UTF8-string">"mgf1-digest" (<b>OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST</b>) <UTF8 string></dt>
<dd>
<p>Gets or sets the name of the MGF1 digest algorithm used when OAEP or PSS padding is in use.</p>
</dd>
<dt id="mgf1-digest-props-OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS-UTF8-string">"mgf1-digest-props" (<b>OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS</b>) <UTF8 string></dt>
<dd>
<p>Gets or sets the properties to use when fetching the MGF1 digest algorithm.</p>
</dd>
<dt id="oaep-label-OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL-octet-string">"oaep-label" (<b>OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL</b>) <octet string></dt>
<dd>
<p>Gets or sets the OAEP label used when OAEP padding is in use.</p>
</dd>
<dt id="tls-client-version-OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION-unsigned-integer">"tls-client-version" (<b>OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION</b>) <unsigned integer></dt>
<dd>
<p>The TLS protocol version first requested by the client. See <b>RSA_PKCS1_WITH_TLS_PADDING</b> on the page <a href="../man3/EVP_PKEY_CTX_set_rsa_padding.html">EVP_PKEY_CTX_set_rsa_padding(3)</a>.</p>
</dd>
<dt id="tls-negotiated-version-OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION-unsigned-integer">"tls-negotiated-version" (<b>OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION</b>) <unsigned integer></dt>
<dd>
<p>The negotiated TLS protocol version. See <b>RSA_PKCS1_WITH_TLS_PADDING</b> on the page <a href="../man3/EVP_PKEY_CTX_set_rsa_padding.html">EVP_PKEY_CTX_set_rsa_padding(3)</a>.</p>
</dd>
</dl>
<p>OSSL_FUNC_asym_cipher_gettable_ctx_params() and OSSL_FUNC_asym_cipher_settable_ctx_params() get a constant <b>OSSL_PARAM</b> array that describes the gettable and settable parameters, i.e. parameters that can be used with OSSL_FUNC_asym_cipherget_ctx_params() and OSSL_FUNC_asym_cipher_set_ctx_params() respectively. See <a href="../man3/OSSL_PARAM.html">OSSL_PARAM(3)</a> for the use of <b>OSSL_PARAM</b> as parameter descriptor.</p>
<h1 id="RETURN-VALUES">RETURN VALUES</h1>
<p>OSSL_FUNC_asym_cipher_newctx() and OSSL_FUNC_asym_cipher_dupctx() should return the newly created provider side asymmetric cipher context, or NULL on failure.</p>
<p>All other functions should return 1 for success or 0 on error.</p>
<h1 id="SEE-ALSO">SEE ALSO</h1>
<p><a href="../man7/provider.html">provider(7)</a></p>
<h1 id="HISTORY">HISTORY</h1>
<p>The provider ASYM_CIPHER interface was introduced in OpenSSL 3.0.</p>
<h1 id="COPYRIGHT">COPYRIGHT</h1>
<p>Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.</p>
<p>Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <a href="https://www.openssl.org/source/license.html">https://www.openssl.org/source/license.html</a>.</p>
</body>
</html>