Lines Matching full:s0

144 For \fB\s-1DH\s0\fR \s-1FFC\s0 key agreement, two classes of domain parameters can be used:
150 See \s-1\fBEVP_PKEY\-FFC\s0\fR\|(7) for more information about \s-1FFC\s0 keys.
152 The \fB\s-1DH\s0\fR key type uses PKCS#3 format which saves \fIp\fR and \fIg\fR, but not the
154 The \fB\s-1DHX\s0\fR key type uses X9.42 format which saves the value of \fIq\fR and this
155 must be used for \s-1FIPS186\-4.\s0 If key validation is required, users should be aware
156 of the nuances associated with \s-1FIPS186\-4\s0 style parameters as discussed in
157 \&\*(L"\s-1DH\s0 key validation\*(R".
158 .SS "\s-1DH\s0 and \s-1DHX\s0 domain parameters"
160 In addition to the common \s-1FCC\s0 parameters that all \s-1FFC\s0 keytypes should support
161 (see \*(L"\s-1FFC\s0 parameters\*(R" in \s-1\fBEVP_PKEY\-FFC\s0\fR\|(7)) the \fB\s-1DHX\s0\fR and \…
166 Sets or gets a string that associates a \fB\s-1DH\s0\fR or \fB\s-1DHX\s0\fR named safe prime group
169 The following values can be used by the OpenSSL's default and \s-1FIPS\s0 providers:
176 \&\s-1DH/DHX\s0 named groups can be easily validated since the parameters are well known.
179 .SS "\s-1DH\s0 and \s-1DHX\s0 additional parameters"
184 Used for getting and setting the encoding of the \s-1DH\s0 public key used in a key
185 exchange message for the \s-1TLS\s0 protocol.
187 .SS "\s-1DH\s0 additional domain parameters"
192 Used for \s-1DH\s0 generation of safe primes using the old safe prime generator code.
197 Randomly generated safe primes are not allowed by \s-1FIPS,\s0 so setting this value
198 for the OpenSSL \s-1FIPS\s0 provider will instead choose a named safe prime group
200 .SS "\s-1DH\s0 and \s-1DHX\s0 domain parameter / key generation parameters"
202 In addition to the common \s-1FFC\s0 key generation parameters that all \s-1FFC\s0 key types
203 should support (see \*(L"\s-1FFC\s0 key generation parameters\*(R" in \s-1\fBEVP_PKEY\-FFC\s0\fR\|(…
204 \&\fB\s-1DH\s0\fR and \fB\s-1DHX\s0\fR keytype implementation supports the following:
208 Sets the type of parameter generation. For \fB\s-1DH\s0\fR valid values are:
221 These are described in \*(L"\s-1FFC\s0 key generation parameters\*(R" in \s-1\fBEVP_PKEY\-FFC\s0\fR…
231 This is only valid for \fB\s-1DH\s0\fR keys.
251 .SS "\s-1DH\s0 key validation"
253 For \fB\s-1DHX\s0\fR that is not a named group the \s-1FIPS186\-4\s0 standard specifies that the
254 values used for \s-1FFC\s0 parameter generation are also required for parameter
255 validation. This means that optional \s-1FFC\s0 domain parameter values for
258 For \fB\s-1DHX\s0\fR the \fIseed\fR and \fIpcounter\fR can be stored in \s-1ASN1\s0 data
262 For \s-1DH\s0 keys, \fBEVP_PKEY_param_check\fR\|(3) behaves in the following way:
263 The OpenSSL \s-1FIPS\s0 provider tests if the parameters are either an approved safe
264 prime group \s-1OR\s0 that the \s-1FFC\s0 parameters conform to \s-1FIPS186\-4\s0 as defined in
269 For \s-1DH\s0 keys, \fBEVP_PKEY_param_check_quick\fR\|(3) is equivalent to
272 For \s-1DH\s0 keys, \fBEVP_PKEY_public_check\fR\|(3) conforms to
273 SP800\-56Ar3 \fI\s-1FFC\s0 Full Public-Key Validation\fR.
275 For \s-1DH\s0 keys, \fBEVP_PKEY_public_check_quick\fR\|(3) conforms to
276 SP800\-56Ar3 \fI\s-1FFC\s0 Partial Public-Key Validation\fR when the
277 \&\s-1DH\s0 key is an approved named safe prime group, otherwise it is the same as
280 For \s-1DH\s0 Keys, \fBEVP_PKEY_private_check\fR\|(3) tests that the private key is in the
281 correct range according to SP800\-56Ar3. The OpenSSL \s-1FIPS\s0 provider requires the
286 For \s-1DH\s0 keys, \fBEVP_PKEY_pairwise_check\fR\|(3) conforms to
290 An \fB\s-1EVP_PKEY\s0\fR context can be obtained by calling:
296 A \fB\s-1DH\s0\fR key can be generated with a named safe prime group by calling:
317 \&\fB\s-1DHX\s0\fR domain parameters can be generated according to \fB\s-1FIPS186\-4\s0\fR by calli…
346 A \fB\s-1DH\s0\fR key can be generated using domain parameters by calling:
360 To validate \fB\s-1FIPS186\-4\s0\fR \fB\s-1DHX\s0\fR domain parameters decoded from \fB\s-1PEM\s0\f…
361 \&\fB\s-1DER\s0\fR data, additional values used during generation may be required to
412 .IP "\s-1RFC 7919\s0 (\s-1TLS\s0 ffdhe named safe prime groups)" 4
415 .IP "\s-1RFC 3526\s0 (\s-1IKE\s0 modp named safe prime groups)" 4
423 .IP "5.5.1.1 \s-1FFC\s0 Domain Parameter Selection/Generation" 4
426 .IP "Appendix D: \s-1FFC\s0 Safe-prime Groups" 4
430 The following sections of \s-1FIPS186\-4:\s0
441 \&\s-1\fBEVP_PKEY\-FFC\s0\fR\|(7),
442 \&\s-1\fBEVP_KEYEXCH\-DH\s0\fR\|(7)
443 \&\s-1\fBEVP_PKEY\s0\fR\|(3),
445 \&\s-1\fBEVP_KEYMGMT\s0\fR\|(3),
447 \&\s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7)
454 in the file \s-1LICENSE\s0 in the source distribution or at