1*b077aed3SPierre Pronchery=pod 2*b077aed3SPierre Pronchery 3*b077aed3SPierre Pronchery=head1 NAME 4*b077aed3SPierre Pronchery 5*b077aed3SPierre ProncheryEVP_PKEY-DSA, EVP_KEYMGMT-DSA - EVP_PKEY DSA keytype and algorithm support 6*b077aed3SPierre Pronchery 7*b077aed3SPierre Pronchery=head1 DESCRIPTION 8*b077aed3SPierre Pronchery 9*b077aed3SPierre ProncheryFor B<DSA> the FIPS186-4 standard specifies that the values used for FFC 10*b077aed3SPierre Proncheryparameter generation are also required for parameter validation. 11*b077aed3SPierre ProncheryThis means that optional FFC domain parameter values for I<seed>, I<pcounter> 12*b077aed3SPierre Proncheryand I<gindex> may need to be stored for validation purposes. For B<DSA> these 13*b077aed3SPierre Proncheryfields are not stored in the ASN1 data so they need to be stored externally if 14*b077aed3SPierre Proncheryvalidation is required. 15*b077aed3SPierre Pronchery 16*b077aed3SPierre Pronchery=head2 DSA parameters 17*b077aed3SPierre Pronchery 18*b077aed3SPierre ProncheryThe B<DSA> key type supports the FFC parameters (see 19*b077aed3SPierre ProncheryL<EVP_PKEY-FFC(7)/FFC parameters>). 20*b077aed3SPierre Pronchery 21*b077aed3SPierre Pronchery=head2 DSA key generation parameters 22*b077aed3SPierre Pronchery 23*b077aed3SPierre ProncheryThe B<DSA> key type supports the FFC key generation parameters (see 24*b077aed3SPierre ProncheryL<EVP_PKEY-FFC(7)/FFC key generation parameters> 25*b077aed3SPierre Pronchery 26*b077aed3SPierre ProncheryThe following restrictions apply to the "pbits" field: 27*b077aed3SPierre Pronchery 28*b077aed3SPierre ProncheryFor "fips186_4" this must be either 2048 or 3072. 29*b077aed3SPierre ProncheryFor "fips186_2" this must be 1024. 30*b077aed3SPierre ProncheryFor "group" this can be any one of 2048, 3072, 4096, 6144 or 8192. 31*b077aed3SPierre Pronchery 32*b077aed3SPierre Pronchery=head2 DSA key validation 33*b077aed3SPierre Pronchery 34*b077aed3SPierre ProncheryFor DSA keys, L<EVP_PKEY_param_check(3)> behaves in the following way: 35*b077aed3SPierre ProncheryThe OpenSSL FIPS provider conforms to the rules within the FIPS186-4 36*b077aed3SPierre Proncherystandard for FFC parameter validation. For backwards compatibility the OpenSSL 37*b077aed3SPierre Proncherydefault provider uses a much simpler check (see below) for parameter validation, 38*b077aed3SPierre Proncheryunless the seed parameter is set. 39*b077aed3SPierre Pronchery 40*b077aed3SPierre ProncheryFor DSA keys, L<EVP_PKEY_param_check_quick(3)> behaves in the following way: 41*b077aed3SPierre ProncheryA simple check of L and N and partial g is performed. The default provider 42*b077aed3SPierre Proncheryalso supports validation of legacy "fips186_2" keys. 43*b077aed3SPierre Pronchery 44*b077aed3SPierre ProncheryFor DSA keys, L<EVP_PKEY_public_check(3)>, L<EVP_PKEY_private_check(3)> and 45*b077aed3SPierre ProncheryL<EVP_PKEY_pairwise_check(3)> the OpenSSL default and FIPS providers conform to 46*b077aed3SPierre Proncherythe rules within SP800-56Ar3 for public, private and pairwise tests respectively. 47*b077aed3SPierre Pronchery 48*b077aed3SPierre Pronchery=head1 EXAMPLES 49*b077aed3SPierre Pronchery 50*b077aed3SPierre ProncheryAn B<EVP_PKEY> context can be obtained by calling: 51*b077aed3SPierre Pronchery 52*b077aed3SPierre Pronchery EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL); 53*b077aed3SPierre Pronchery 54*b077aed3SPierre ProncheryThe B<DSA> domain parameters can be generated by calling: 55*b077aed3SPierre Pronchery 56*b077aed3SPierre Pronchery unsigned int pbits = 2048; 57*b077aed3SPierre Pronchery unsigned int qbits = 256; 58*b077aed3SPierre Pronchery int gindex = 1; 59*b077aed3SPierre Pronchery OSSL_PARAM params[5]; 60*b077aed3SPierre Pronchery EVP_PKEY *param_key = NULL; 61*b077aed3SPierre Pronchery EVP_PKEY_CTX *pctx = NULL; 62*b077aed3SPierre Pronchery 63*b077aed3SPierre Pronchery pctx = EVP_PKEY_CTX_new_from_name(NULL, "DSA", NULL); 64*b077aed3SPierre Pronchery EVP_PKEY_paramgen_init(pctx); 65*b077aed3SPierre Pronchery 66*b077aed3SPierre Pronchery params[0] = OSSL_PARAM_construct_uint("pbits", &pbits); 67*b077aed3SPierre Pronchery params[1] = OSSL_PARAM_construct_uint("qbits", &qbits); 68*b077aed3SPierre Pronchery params[2] = OSSL_PARAM_construct_int("gindex", &gindex); 69*b077aed3SPierre Pronchery params[3] = OSSL_PARAM_construct_utf8_string("digest", "SHA384", 0); 70*b077aed3SPierre Pronchery params[4] = OSSL_PARAM_construct_end(); 71*b077aed3SPierre Pronchery EVP_PKEY_CTX_set_params(pctx, params); 72*b077aed3SPierre Pronchery 73*b077aed3SPierre Pronchery EVP_PKEY_generate(pctx, ¶m_key); 74*b077aed3SPierre Pronchery EVP_PKEY_CTX_free(pctx); 75*b077aed3SPierre Pronchery 76*b077aed3SPierre Pronchery EVP_PKEY_print_params(bio_out, param_key, 0, NULL); 77*b077aed3SPierre Pronchery 78*b077aed3SPierre ProncheryA B<DSA> key can be generated using domain parameters by calling: 79*b077aed3SPierre Pronchery 80*b077aed3SPierre Pronchery EVP_PKEY *key = NULL; 81*b077aed3SPierre Pronchery EVP_PKEY_CTX *gctx = NULL; 82*b077aed3SPierre Pronchery 83*b077aed3SPierre Pronchery gctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL); 84*b077aed3SPierre Pronchery EVP_PKEY_keygen_init(gctx); 85*b077aed3SPierre Pronchery EVP_PKEY_generate(gctx, &key); 86*b077aed3SPierre Pronchery EVP_PKEY_CTX_free(gctx); 87*b077aed3SPierre Pronchery EVP_PKEY_print_private(bio_out, key, 0, NULL); 88*b077aed3SPierre Pronchery 89*b077aed3SPierre Pronchery 90*b077aed3SPierre Pronchery=head1 CONFORMING TO 91*b077aed3SPierre Pronchery 92*b077aed3SPierre ProncheryThe following sections of FIPS186-4: 93*b077aed3SPierre Pronchery 94*b077aed3SPierre Pronchery=over 4 95*b077aed3SPierre Pronchery 96*b077aed3SPierre Pronchery=item A.1.1.2 Generation of Probable Primes p and q Using an Approved Hash Function. 97*b077aed3SPierre Pronchery 98*b077aed3SPierre Pronchery=item A.2.3 Generation of canonical generator g. 99*b077aed3SPierre Pronchery 100*b077aed3SPierre Pronchery=item A.2.1 Unverifiable Generation of the Generator g. 101*b077aed3SPierre Pronchery 102*b077aed3SPierre Pronchery=back 103*b077aed3SPierre Pronchery 104*b077aed3SPierre Pronchery=head1 SEE ALSO 105*b077aed3SPierre Pronchery 106*b077aed3SPierre ProncheryL<EVP_PKEY-FFC(7)>, 107*b077aed3SPierre ProncheryL<EVP_SIGNATURE-DSA(7)> 108*b077aed3SPierre ProncheryL<EVP_PKEY(3)>, 109*b077aed3SPierre ProncheryL<provider-keymgmt(7)>, 110*b077aed3SPierre ProncheryL<EVP_KEYMGMT(3)>, 111*b077aed3SPierre ProncheryL<OSSL_PROVIDER-default(7)>, 112*b077aed3SPierre ProncheryL<OSSL_PROVIDER-FIPS(7)> 113*b077aed3SPierre Pronchery 114*b077aed3SPierre Pronchery=head1 COPYRIGHT 115*b077aed3SPierre Pronchery 116*b077aed3SPierre ProncheryCopyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved. 117*b077aed3SPierre Pronchery 118*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 119*b077aed3SPierre Proncherythis file except in compliance with the License. You can obtain a copy 120*b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at 121*b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>. 122*b077aed3SPierre Pronchery 123*b077aed3SPierre Pronchery=cut 124