EVP_PKEY-FFC.7 - OpenGrok cross reference for /freebsd/secure/lib/libcrypto/man/man7/EVP

Lines Matching +full:10 +full:g +full:- +full:support
18 .\" Set up some character translations and predefined strings.  \*(-- will
24 .tr \(*W-
27 .    ds -- \(*W-
29 .    if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
30 .    if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\"  diablo 12 pitch
37 .    ds -- \|\(em\|
71 .\" Fear.  Run.  Save yourself.  No user-serviceable parts.
81 .    ds #H ((1u-(\\\\n(.fu%2u))*.13m)
97 .    ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u"
98 .    ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u'
99 .    ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u'
100 .    ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u'
101 .    ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u'
102 .    ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u'
104 .    \" troff and (daisy-wheel) nroff accents
123 .    ds d- d\h'-1'\(ga
124 .    ds D- D\h'-1'\(hy
133 .IX Title "EVP_PKEY-FFC 7ossl"
134 .TH EVP_PKEY-FFC 7ossl "2023-09-19" "3.0.11" "OpenSSL"
140 EVP_PKEY\-FFC \- EVP_PKEY DSA and DH/DHX shared FFC parameters.
143 Finite field cryptography (\s-1FFC\s0) is a method of implementing discrete logarithm
144 cryptography using finite field mathematics. \s-1DSA\s0 is an example of \s-1FFC\s0 and
145 Diffie-Hellman key establishment algorithms specified in \s-1SP800\-56A\s0 can also be
146 implemented as \s-1FFC.\s0
148 The \fB\s-1DSA\s0\fR, \fB\s-1DH\s0\fR and \fB\s-1DHX\s0\fR keytypes are implemented in OpenSSL's de…
149 \&\s-1FIPS\s0 providers.
150 The implementations support the basic \s-1DSA, DH\s0 and \s-1DHX\s0 keys, containing the public
152 \&\fIp\fR, \fIq\fR and \fIg\fR.
154 For \fB\s-1DSA\s0\fR (and \fB\s-1DH\s0\fR that is not a named group) the \s-1FIPS186\-4\s0 standard
155 specifies that the values used for \s-1FFC\s0 parameter generation are also required
157 This means that optional \s-1FFC\s0 domain parameter values for \fIseed\fR, \fIpcounter\fR
159 For \fB\s-1DH\s0\fR the \fIseed\fR and \fIpcounter\fR can be stored in \s-1ASN1\s0 data
160 (but the \fIgindex\fR is not). For \fB\s-1DSA\s0\fR however, these fields are not stored in
161 the \s-1ASN1\s0 data so they need to be stored externally if validation is required.
163 The \fB\s-1DH\s0\fR key type uses PKCS#3 format which saves p and g, but not the 'q' value.
164 The \fB\s-1DHX\s0\fR key type uses X9.42 format which saves the value of 'q' and this
165 must be used for \s-1FIPS186\-4.\s0
166 .SS "\s-1FFC\s0 parameters"
168 In addition to the common parameters that all keytypes should support (see
169 …\*(L"Common parameters\*(R" in \fBprovider\-keymgmt\fR\|(7)), the \fB\s-1DSA\s0\fR, \fB\s-1DH\s0\f…
170 implementations support the following.
179 .SS "\s-1FFC DSA, DH\s0 and \s-1DHX\s0 domain parameters"
184 A \s-1DSA\s0 or Diffie-Hellman prime \*(L"p\*(R" value.
187 .IX Item "g (OSSL_PKEY_PARAM_FFC_G) <unsigned integer>"
188 A \s-1DSA\s0 or Diffie-Hellman generator \*(L"g\*(R" value.
189 .SS "\s-1FFC DSA\s0 and \s-1DHX\s0 domain parameters"
194 A \s-1DSA\s0 or Diffie-Hellman prime \*(L"q\*(R" value.
199 of \fIp\fR, \fIq\fR and canonical \fIg\fR.
207 then be reused during key validation to verify the value of \fIg\fR. If this value
208 is not set or is \-1 then unverifiable generation of the generator \fIg\fR will be
218 For unverifiable generation of the generator \fIg\fR this value is output during
219 generation of \fIg\fR. Its value is the first integer larger than one that
220 satisfies g = h^j mod p (where g != 1 and \*(L"j\*(R" is the cofactor).
224 An optional informational cofactor parameter that should equal to (p \- 1) / q.
227 .IX Item "validate-pq (OSSL_PKEY_PARAM_FFC_VALIDATE_PQ) <unsigned integer>"
231 .IX Item "validate-g (OSSL_PKEY_PARAM_FFC_VALIDATE_G) <unsigned integer>"
233 These boolean values are used during \s-1FIPS186\-4\s0 or \s-1FIPS186\-2\s0 key validation checks
235 \&\fIvalidate-pq\fR and \fIvalidate-g\fR are both set to 1 to check that p,q and g are
240 .IX Item "validate-legacy (OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY) <unsigned integer>"
243 value of 0 selects \s-1FIPS186\-4\s0 validation. Setting this value to 1 selects
244 \&\s-1FIPS186\-2\s0 validation.
245 .SS "\s-1FFC\s0 key generation parameters"
247 The following key generation types are available for \s-1DSA\s0 and \s-1DHX\s0 algorithms:
298 parameters \s-1OR\s0 it will fail if the seed did not generate valid primes.
313 The following sections of SP800\-56Ar3:
314 .IP "5.5.1.1 \s-1FFC\s0 Domain Parameter Selection/Generation" 4
317 The following sections of \s-1FIPS186\-4:\s0
321 .IP "A.2.3 Generation of canonical generator g." 4
322 .IX Item "A.2.3 Generation of canonical generator g."
323 .IP "A.2.1 Unverifiable Generation of the Generator g." 4
324 .IX Item "A.2.1 Unverifiable Generation of the Generator g."
328 \&\s-1\fBEVP_PKEY\-DSA\s0\fR\|(7),
329 \&\s-1\fBEVP_PKEY\-DH\s0\fR\|(7),
330 \&\s-1\fBEVP_SIGNATURE\-DSA\s0\fR\|(7),
331 \&\s-1\fBEVP_KEYEXCH\-DH\s0\fR\|(7)
332 \&\s-1\fBEVP_KEYMGMT\s0\fR\|(3),
333 \&\s-1\fBEVP_PKEY\s0\fR\|(3),
334 \&\fBprovider\-keymgmt\fR\|(7),
335 \&\fBOSSL_PROVIDER\-default\fR\|(7),
336 \&\s-1\fBOSSL_PROVIDER\-FIPS\s0\fR\|(7),
339 Copyright 2020\-2022 The OpenSSL Project Authors. All Rights Reserved.
343 in the file \s-1LICENSE\s0 in the source distribution or at