xref: /openssl/doc/man7/provider-keyexch.pod (revision 7ed6de99)
1=pod
2
3=head1 NAME
4
5provider-keyexch - The keyexch library E<lt>-E<gt> provider functions
6
7=head1 SYNOPSIS
8
9=for openssl multiple includes
10
11 #include <openssl/core_dispatch.h>
12 #include <openssl/core_names.h>
13
14 /*
15  * None of these are actual functions, but are displayed like this for
16  * the function signatures for functions that are offered as function
17  * pointers in OSSL_DISPATCH arrays.
18  */
19
20 /* Context management */
21 void *OSSL_FUNC_keyexch_newctx(void *provctx);
22 void OSSL_FUNC_keyexch_freectx(void *ctx);
23 void *OSSL_FUNC_keyexch_dupctx(void *ctx);
24
25 /* Shared secret derivation */
26 int OSSL_FUNC_keyexch_init(void *ctx, void *provkey,
27                            const OSSL_PARAM params[]);
28 int OSSL_FUNC_keyexch_set_peer(void *ctx, void *provkey);
29 int OSSL_FUNC_keyexch_derive(void *ctx, unsigned char *secret, size_t *secretlen,
30                              size_t outlen);
31
32 /* Key Exchange parameters */
33 int OSSL_FUNC_keyexch_set_ctx_params(void *ctx, const OSSL_PARAM params[]);
34 const OSSL_PARAM *OSSL_FUNC_keyexch_settable_ctx_params(void *ctx,
35                                                         void *provctx);
36 int OSSL_FUNC_keyexch_get_ctx_params(void *ctx, OSSL_PARAM params[]);
37 const OSSL_PARAM *OSSL_FUNC_keyexch_gettable_ctx_params(void *ctx,
38                                                         void *provctx);
39
40=head1 DESCRIPTION
41
42This documentation is primarily aimed at provider authors. See L<provider(7)>
43for further information.
44
45The key exchange (OSSL_OP_KEYEXCH) operation enables providers to implement key
46exchange algorithms and make them available to applications via
47L<EVP_PKEY_derive(3)> and
48other related functions).
49
50All "functions" mentioned here are passed as function pointers between
51F<libcrypto> and the provider in L<OSSL_DISPATCH(3)> arrays via
52L<OSSL_ALGORITHM(3)> arrays that are returned by the provider's
53provider_query_operation() function
54(see L<provider-base(7)/Provider Functions>).
55
56All these "functions" have a corresponding function type definition
57named B<OSSL_FUNC_{name}_fn>, and a helper function to retrieve the
58function pointer from an L<OSSL_DISPATCH(3)> element named
59B<OSSL_FUNC_{name}>.
60For example, the "function" OSSL_FUNC_keyexch_newctx() has these:
61
62 typedef void *(OSSL_FUNC_keyexch_newctx_fn)(void *provctx);
63 static ossl_inline OSSL_FUNC_keyexch_newctx_fn
64     OSSL_FUNC_keyexch_newctx(const OSSL_DISPATCH *opf);
65
66L<OSSL_DISPATCH(3)> arrays are indexed by numbers that are provided as
67macros in L<openssl-core_dispatch.h(7)>, as follows:
68
69 OSSL_FUNC_keyexch_newctx                OSSL_FUNC_KEYEXCH_NEWCTX
70 OSSL_FUNC_keyexch_freectx               OSSL_FUNC_KEYEXCH_FREECTX
71 OSSL_FUNC_keyexch_dupctx                OSSL_FUNC_KEYEXCH_DUPCTX
72
73 OSSL_FUNC_keyexch_init                  OSSL_FUNC_KEYEXCH_INIT
74 OSSL_FUNC_keyexch_set_peer              OSSL_FUNC_KEYEXCH_SET_PEER
75 OSSL_FUNC_keyexch_derive                OSSL_FUNC_KEYEXCH_DERIVE
76
77 OSSL_FUNC_keyexch_set_ctx_params        OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS
78 OSSL_FUNC_keyexch_settable_ctx_params   OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS
79 OSSL_FUNC_keyexch_get_ctx_params        OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS
80 OSSL_FUNC_keyexch_gettable_ctx_params   OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS
81
82A key exchange algorithm implementation may not implement all of these functions.
83In order to be a consistent set of functions a provider must implement
84OSSL_FUNC_keyexch_newctx, OSSL_FUNC_keyexch_freectx, OSSL_FUNC_keyexch_init and OSSL_FUNC_keyexch_derive.
85All other functions are optional.
86
87A key exchange algorithm must also implement some mechanism for generating,
88loading or importing keys via the key management (OSSL_OP_KEYMGMT) operation.
89See L<provider-keymgmt(7)> for further details.
90
91=head2 Context Management Functions
92
93OSSL_FUNC_keyexch_newctx() should create and return a pointer to a provider side
94structure for holding context information during a key exchange operation.
95A pointer to this context will be passed back in a number of the other key
96exchange operation function calls.
97The parameter I<provctx> is the provider context generated during provider
98initialisation (see L<provider(7)>).
99
100OSSL_FUNC_keyexch_freectx() is passed a pointer to the provider side key exchange
101context in the I<ctx> parameter.
102This function should free any resources associated with that context.
103
104OSSL_FUNC_keyexch_dupctx() should duplicate the provider side key exchange context in
105the I<ctx> parameter and return the duplicate copy.
106
107=head2 Shared Secret Derivation Functions
108
109OSSL_FUNC_keyexch_init() initialises a key exchange operation given a provider side key
110exchange context in the I<ctx> parameter, and a pointer to a provider key object
111in the I<provkey> parameter.
112The I<params>, if not NULL, should be set on the context in a manner similar to
113using OSSL_FUNC_keyexch_set_params().
114The key object should have been previously
115generated, loaded or imported into the provider using the key management
116(OSSL_OP_KEYMGMT) operation (see provider-keymgmt(7)>.
117
118OSSL_FUNC_keyexch_set_peer() is called to supply the peer's public key (in the
119I<provkey> parameter) to be used when deriving the shared secret.
120It is also passed a previously initialised key exchange context in the I<ctx>
121parameter.
122The key object should have been previously generated, loaded or imported into
123the provider using the key management (OSSL_OP_KEYMGMT) operation (see
124provider-keymgmt(7)>.
125
126OSSL_FUNC_keyexch_derive() performs the actual key exchange itself by deriving a shared
127secret.
128A previously initialised key exchange context is passed in the I<ctx>
129parameter.
130The derived secret should be written to the location I<secret> which should not
131exceed I<outlen> bytes.
132The length of the shared secret should be written to I<*secretlen>.
133If I<secret> is NULL then the maximum length of the shared secret should be
134written to I<*secretlen>.
135
136=head2 Key Exchange Parameters Functions
137
138OSSL_FUNC_keyexch_set_ctx_params() sets key exchange parameters associated with the
139given provider side key exchange context I<ctx> to I<params>,
140see L</Common Key Exchange parameters>.
141Any parameter settings are additional to any that were previously set.
142Passing NULL for I<params> should return true.
143
144OSSL_FUNC_keyexch_get_ctx_params() gets key exchange parameters associated with the
145given provider side key exchange context I<ctx> into I<params>,
146see L</Common Key Exchange parameters>.
147Passing NULL for I<params> should return true.
148
149OSSL_FUNC_keyexch_settable_ctx_params() yields a constant L<OSSL_PARAM(3)> array that
150describes the settable parameters, i.e. parameters that can be used with
151OP_signature_set_ctx_params().
152If OSSL_FUNC_keyexch_settable_ctx_params() is present, OSSL_FUNC_keyexch_set_ctx_params() must
153also be present, and vice versa.
154Similarly, OSSL_FUNC_keyexch_gettable_ctx_params() yields a constant L<OSSL_PARAM(3)>
155array that describes the gettable parameters, i.e. parameters that can be
156handled by OP_signature_get_ctx_params().
157If OSSL_FUNC_keyexch_gettable_ctx_params() is present, OSSL_FUNC_keyexch_get_ctx_params() must
158also be present, and vice versa.
159
160Notice that not all settable parameters are also gettable, and vice versa.
161
162=head2 Common Key Exchange parameters
163
164See L<OSSL_PARAM(3)> for further details on the parameters structure used by
165the OSSL_FUNC_keyexch_set_ctx_params() and OSSL_FUNC_keyexch_get_ctx_params() functions.
166
167Common parameters currently recognised by built-in key exchange algorithms are
168as follows.
169
170=over 4
171
172=item "kdf-type" (B<OSSL_EXCHANGE_PARAM_KDF_TYPE>) <UTF8 string>
173
174Sets or gets the Key Derivation Function type to apply within the associated key
175exchange ctx.
176
177=item "kdf-digest" (B<OSSL_EXCHANGE_PARAM_KDF_DIGEST>) <UTF8 string>
178
179Sets or gets the Digest algorithm to be used as part of the Key Derivation Function
180associated with the given key exchange ctx.
181
182=item "kdf-digest-props" (B<OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS>) <UTF8 string>
183
184Sets properties to be used upon look up of the implementation for the selected
185Digest algorithm for the Key Derivation Function associated with the given key
186exchange ctx.
187
188=item "kdf-outlen" (B<OSSL_EXCHANGE_PARAM_KDF_OUTLEN>) <unsigned integer>
189
190Sets or gets the desired size for the output of the chosen Key Derivation Function
191associated with the given key exchange ctx.
192The length of the "kdf-outlen" parameter should not exceed that of a B<size_t>.
193
194=item "kdf-ukm" (B<OSSL_EXCHANGE_PARAM_KDF_UKM>) <octet string>
195
196Sets the User Key Material to be used as part of the selected Key Derivation
197Function associated with the given key exchange ctx.
198
199=item "kdf-ukm" (B<OSSL_EXCHANGE_PARAM_KDF_UKM>) <octet string ptr>
200
201Gets a pointer to the User Key Material to be used as part of the selected
202Key Derivation Function associated with the given key exchange ctx. Providers
203usually do not need to support this gettable parameter as its sole purpose
204is to support functionality of the deprecated EVP_PKEY_CTX_get0_ecdh_kdf_ukm()
205and EVP_PKEY_CTX_get0_dh_kdf_ukm() functions.
206
207=back
208
209The OpenSSL FIPS provider also supports the following parameters:
210
211=over 4
212
213=item "fips-indicator" (B<OSSL_EXCHANGE_PARAM_FIPS_APPROVED_INDICATOR>) <integer>
214
215A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
216This may be used after calling OSSL_FUNC_keyexch_derive(). It may
217return 0 if either the "digest-check" or the "key-check" are set to 0.
218
219=item "key-check" (B<OSSL_EXCHANGE_PARAM_FIPS_KEY_CHECK>) <integer>
220
221If required this parameter should be set using OSSL_FUNC_keyexch_init().
222The default value of 1 causes an error during the init if the key is not FIPS
223approved (e.g. The key has a security strength of less than 112 bits). Setting
224this to 0 will ignore the error and set the approved "fips-indicator" to 0.
225This option breaks FIPS compliance if it causes the approved "fips-indicator"
226to return 0.
227
228=item "digest-check" (B<OSSL_EXCHANGE_PARAM_FIPS_DIGEST_CHECK>) <integer>
229
230If required this parameter should be set before any optional digest is set.
231The default value of 1 causes an error when the digest is set if the digest is
232not FIPS approved. Setting this to 0 will ignore the error and set the
233approved "fips-indicator" to 0.
234This option breaks FIPS compliance if it causes the approved "fips-indicator"
235to return 0.
236
237=back
238
239=head1 RETURN VALUES
240
241OSSL_FUNC_keyexch_newctx() and OSSL_FUNC_keyexch_dupctx() should return the newly created
242provider side key exchange context, or NULL on failure.
243
244OSSL_FUNC_keyexch_init(), OSSL_FUNC_keyexch_set_peer(), OSSL_FUNC_keyexch_derive(),
245OSSL_FUNC_keyexch_set_params(), and OSSL_FUNC_keyexch_get_params() should return 1 for success
246or 0 on error.
247
248OSSL_FUNC_keyexch_settable_ctx_params() and OSSL_FUNC_keyexch_gettable_ctx_params() should
249always return a constant L<OSSL_PARAM(3)> array.
250
251=head1 SEE ALSO
252
253L<provider(7)>
254
255=head1 HISTORY
256
257The provider KEYEXCH interface was introduced in OpenSSL 3.0.
258
259The Key Exchange Parameters "fips-indicator", "key-check" and "digest-check"
260were added in OpenSSL 3.4.
261
262=head1 COPYRIGHT
263
264Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
265
266Licensed under the Apache License 2.0 (the "License").  You may not use
267this file except in compliance with the License.  You can obtain a copy
268in the file LICENSE in the source distribution or at
269L<https://www.openssl.org/source/license.html>.
270
271=cut
272