1=pod 2 3=head1 NAME 4 5provider-keyexch - The keyexch library E<lt>-E<gt> provider functions 6 7=head1 SYNOPSIS 8 9=for openssl multiple includes 10 11 #include <openssl/core_dispatch.h> 12 #include <openssl/core_names.h> 13 14 /* 15 * None of these are actual functions, but are displayed like this for 16 * the function signatures for functions that are offered as function 17 * pointers in OSSL_DISPATCH arrays. 18 */ 19 20 /* Context management */ 21 void *OSSL_FUNC_keyexch_newctx(void *provctx); 22 void OSSL_FUNC_keyexch_freectx(void *ctx); 23 void *OSSL_FUNC_keyexch_dupctx(void *ctx); 24 25 /* Shared secret derivation */ 26 int OSSL_FUNC_keyexch_init(void *ctx, void *provkey, 27 const OSSL_PARAM params[]); 28 int OSSL_FUNC_keyexch_set_peer(void *ctx, void *provkey); 29 int OSSL_FUNC_keyexch_derive(void *ctx, unsigned char *secret, size_t *secretlen, 30 size_t outlen); 31 32 /* Key Exchange parameters */ 33 int OSSL_FUNC_keyexch_set_ctx_params(void *ctx, const OSSL_PARAM params[]); 34 const OSSL_PARAM *OSSL_FUNC_keyexch_settable_ctx_params(void *ctx, 35 void *provctx); 36 int OSSL_FUNC_keyexch_get_ctx_params(void *ctx, OSSL_PARAM params[]); 37 const OSSL_PARAM *OSSL_FUNC_keyexch_gettable_ctx_params(void *ctx, 38 void *provctx); 39 40=head1 DESCRIPTION 41 42This documentation is primarily aimed at provider authors. See L<provider(7)> 43for further information. 44 45The key exchange (OSSL_OP_KEYEXCH) operation enables providers to implement key 46exchange algorithms and make them available to applications via 47L<EVP_PKEY_derive(3)> and 48other related functions). 49 50All "functions" mentioned here are passed as function pointers between 51F<libcrypto> and the provider in L<OSSL_DISPATCH(3)> arrays via 52L<OSSL_ALGORITHM(3)> arrays that are returned by the provider's 53provider_query_operation() function 54(see L<provider-base(7)/Provider Functions>). 55 56All these "functions" have a corresponding function type definition 57named B<OSSL_FUNC_{name}_fn>, and a helper function to retrieve the 58function pointer from an L<OSSL_DISPATCH(3)> element named 59B<OSSL_FUNC_{name}>. 60For example, the "function" OSSL_FUNC_keyexch_newctx() has these: 61 62 typedef void *(OSSL_FUNC_keyexch_newctx_fn)(void *provctx); 63 static ossl_inline OSSL_FUNC_keyexch_newctx_fn 64 OSSL_FUNC_keyexch_newctx(const OSSL_DISPATCH *opf); 65 66L<OSSL_DISPATCH(3)> arrays are indexed by numbers that are provided as 67macros in L<openssl-core_dispatch.h(7)>, as follows: 68 69 OSSL_FUNC_keyexch_newctx OSSL_FUNC_KEYEXCH_NEWCTX 70 OSSL_FUNC_keyexch_freectx OSSL_FUNC_KEYEXCH_FREECTX 71 OSSL_FUNC_keyexch_dupctx OSSL_FUNC_KEYEXCH_DUPCTX 72 73 OSSL_FUNC_keyexch_init OSSL_FUNC_KEYEXCH_INIT 74 OSSL_FUNC_keyexch_set_peer OSSL_FUNC_KEYEXCH_SET_PEER 75 OSSL_FUNC_keyexch_derive OSSL_FUNC_KEYEXCH_DERIVE 76 77 OSSL_FUNC_keyexch_set_ctx_params OSSL_FUNC_KEYEXCH_SET_CTX_PARAMS 78 OSSL_FUNC_keyexch_settable_ctx_params OSSL_FUNC_KEYEXCH_SETTABLE_CTX_PARAMS 79 OSSL_FUNC_keyexch_get_ctx_params OSSL_FUNC_KEYEXCH_GET_CTX_PARAMS 80 OSSL_FUNC_keyexch_gettable_ctx_params OSSL_FUNC_KEYEXCH_GETTABLE_CTX_PARAMS 81 82A key exchange algorithm implementation may not implement all of these functions. 83In order to be a consistent set of functions a provider must implement 84OSSL_FUNC_keyexch_newctx, OSSL_FUNC_keyexch_freectx, OSSL_FUNC_keyexch_init and OSSL_FUNC_keyexch_derive. 85All other functions are optional. 86 87A key exchange algorithm must also implement some mechanism for generating, 88loading or importing keys via the key management (OSSL_OP_KEYMGMT) operation. 89See L<provider-keymgmt(7)> for further details. 90 91=head2 Context Management Functions 92 93OSSL_FUNC_keyexch_newctx() should create and return a pointer to a provider side 94structure for holding context information during a key exchange operation. 95A pointer to this context will be passed back in a number of the other key 96exchange operation function calls. 97The parameter I<provctx> is the provider context generated during provider 98initialisation (see L<provider(7)>). 99 100OSSL_FUNC_keyexch_freectx() is passed a pointer to the provider side key exchange 101context in the I<ctx> parameter. 102This function should free any resources associated with that context. 103 104OSSL_FUNC_keyexch_dupctx() should duplicate the provider side key exchange context in 105the I<ctx> parameter and return the duplicate copy. 106 107=head2 Shared Secret Derivation Functions 108 109OSSL_FUNC_keyexch_init() initialises a key exchange operation given a provider side key 110exchange context in the I<ctx> parameter, and a pointer to a provider key object 111in the I<provkey> parameter. 112The I<params>, if not NULL, should be set on the context in a manner similar to 113using OSSL_FUNC_keyexch_set_params(). 114The key object should have been previously 115generated, loaded or imported into the provider using the key management 116(OSSL_OP_KEYMGMT) operation (see provider-keymgmt(7)>. 117 118OSSL_FUNC_keyexch_set_peer() is called to supply the peer's public key (in the 119I<provkey> parameter) to be used when deriving the shared secret. 120It is also passed a previously initialised key exchange context in the I<ctx> 121parameter. 122The key object should have been previously generated, loaded or imported into 123the provider using the key management (OSSL_OP_KEYMGMT) operation (see 124provider-keymgmt(7)>. 125 126OSSL_FUNC_keyexch_derive() performs the actual key exchange itself by deriving a shared 127secret. 128A previously initialised key exchange context is passed in the I<ctx> 129parameter. 130The derived secret should be written to the location I<secret> which should not 131exceed I<outlen> bytes. 132The length of the shared secret should be written to I<*secretlen>. 133If I<secret> is NULL then the maximum length of the shared secret should be 134written to I<*secretlen>. 135 136=head2 Key Exchange Parameters Functions 137 138OSSL_FUNC_keyexch_set_ctx_params() sets key exchange parameters associated with the 139given provider side key exchange context I<ctx> to I<params>, 140see L</Common Key Exchange parameters>. 141Any parameter settings are additional to any that were previously set. 142Passing NULL for I<params> should return true. 143 144OSSL_FUNC_keyexch_get_ctx_params() gets key exchange parameters associated with the 145given provider side key exchange context I<ctx> into I<params>, 146see L</Common Key Exchange parameters>. 147Passing NULL for I<params> should return true. 148 149OSSL_FUNC_keyexch_settable_ctx_params() yields a constant L<OSSL_PARAM(3)> array that 150describes the settable parameters, i.e. parameters that can be used with 151OP_signature_set_ctx_params(). 152If OSSL_FUNC_keyexch_settable_ctx_params() is present, OSSL_FUNC_keyexch_set_ctx_params() must 153also be present, and vice versa. 154Similarly, OSSL_FUNC_keyexch_gettable_ctx_params() yields a constant L<OSSL_PARAM(3)> 155array that describes the gettable parameters, i.e. parameters that can be 156handled by OP_signature_get_ctx_params(). 157If OSSL_FUNC_keyexch_gettable_ctx_params() is present, OSSL_FUNC_keyexch_get_ctx_params() must 158also be present, and vice versa. 159 160Notice that not all settable parameters are also gettable, and vice versa. 161 162=head2 Common Key Exchange parameters 163 164See L<OSSL_PARAM(3)> for further details on the parameters structure used by 165the OSSL_FUNC_keyexch_set_ctx_params() and OSSL_FUNC_keyexch_get_ctx_params() functions. 166 167Common parameters currently recognised by built-in key exchange algorithms are 168as follows. 169 170=over 4 171 172=item "kdf-type" (B<OSSL_EXCHANGE_PARAM_KDF_TYPE>) <UTF8 string> 173 174Sets or gets the Key Derivation Function type to apply within the associated key 175exchange ctx. 176 177=item "kdf-digest" (B<OSSL_EXCHANGE_PARAM_KDF_DIGEST>) <UTF8 string> 178 179Sets or gets the Digest algorithm to be used as part of the Key Derivation Function 180associated with the given key exchange ctx. 181 182=item "kdf-digest-props" (B<OSSL_EXCHANGE_PARAM_KDF_DIGEST_PROPS>) <UTF8 string> 183 184Sets properties to be used upon look up of the implementation for the selected 185Digest algorithm for the Key Derivation Function associated with the given key 186exchange ctx. 187 188=item "kdf-outlen" (B<OSSL_EXCHANGE_PARAM_KDF_OUTLEN>) <unsigned integer> 189 190Sets or gets the desired size for the output of the chosen Key Derivation Function 191associated with the given key exchange ctx. 192The length of the "kdf-outlen" parameter should not exceed that of a B<size_t>. 193 194=item "kdf-ukm" (B<OSSL_EXCHANGE_PARAM_KDF_UKM>) <octet string> 195 196Sets the User Key Material to be used as part of the selected Key Derivation 197Function associated with the given key exchange ctx. 198 199=item "kdf-ukm" (B<OSSL_EXCHANGE_PARAM_KDF_UKM>) <octet string ptr> 200 201Gets a pointer to the User Key Material to be used as part of the selected 202Key Derivation Function associated with the given key exchange ctx. Providers 203usually do not need to support this gettable parameter as its sole purpose 204is to support functionality of the deprecated EVP_PKEY_CTX_get0_ecdh_kdf_ukm() 205and EVP_PKEY_CTX_get0_dh_kdf_ukm() functions. 206 207=back 208 209The OpenSSL FIPS provider also supports the following parameters: 210 211=over 4 212 213=item "fips-indicator" (B<OSSL_EXCHANGE_PARAM_FIPS_APPROVED_INDICATOR>) <integer> 214 215A getter that returns 1 if the operation is FIPS approved, or 0 otherwise. 216This may be used after calling OSSL_FUNC_keyexch_derive(). It may 217return 0 if either the "digest-check" or the "key-check" are set to 0. 218 219=item "key-check" (B<OSSL_EXCHANGE_PARAM_FIPS_KEY_CHECK>) <integer> 220 221If required this parameter should be set using OSSL_FUNC_keyexch_init(). 222The default value of 1 causes an error during the init if the key is not FIPS 223approved (e.g. The key has a security strength of less than 112 bits). Setting 224this to 0 will ignore the error and set the approved "fips-indicator" to 0. 225This option breaks FIPS compliance if it causes the approved "fips-indicator" 226to return 0. 227 228=item "digest-check" (B<OSSL_EXCHANGE_PARAM_FIPS_DIGEST_CHECK>) <integer> 229 230If required this parameter should be set before any optional digest is set. 231The default value of 1 causes an error when the digest is set if the digest is 232not FIPS approved. Setting this to 0 will ignore the error and set the 233approved "fips-indicator" to 0. 234This option breaks FIPS compliance if it causes the approved "fips-indicator" 235to return 0. 236 237=back 238 239=head1 RETURN VALUES 240 241OSSL_FUNC_keyexch_newctx() and OSSL_FUNC_keyexch_dupctx() should return the newly created 242provider side key exchange context, or NULL on failure. 243 244OSSL_FUNC_keyexch_init(), OSSL_FUNC_keyexch_set_peer(), OSSL_FUNC_keyexch_derive(), 245OSSL_FUNC_keyexch_set_params(), and OSSL_FUNC_keyexch_get_params() should return 1 for success 246or 0 on error. 247 248OSSL_FUNC_keyexch_settable_ctx_params() and OSSL_FUNC_keyexch_gettable_ctx_params() should 249always return a constant L<OSSL_PARAM(3)> array. 250 251=head1 SEE ALSO 252 253L<provider(7)> 254 255=head1 HISTORY 256 257The provider KEYEXCH interface was introduced in OpenSSL 3.0. 258 259The Key Exchange Parameters "fips-indicator", "key-check" and "digest-check" 260were added in OpenSSL 3.4. 261 262=head1 COPYRIGHT 263 264Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved. 265 266Licensed under the Apache License 2.0 (the "License"). You may not use 267this file except in compliance with the License. You can obtain a copy 268in the file LICENSE in the source distribution or at 269L<https://www.openssl.org/source/license.html>. 270 271=cut 272
