xref: /freebsd/crypto/openssl/doc/man7/provider-asym_cipher.pod (revision 911f0260390e18cf85f3dbf2c719b593efdc1e3c)
1=pod
2
3=head1 NAME
4
5provider-asym_cipher - The asym_cipher library E<lt>-E<gt> provider functions
6
7=head1 SYNOPSIS
8
9=for openssl multiple includes
10
11 #include <openssl/core_dispatch.h>
12 #include <openssl/core_names.h>
13
14 /*
15  * None of these are actual functions, but are displayed like this for
16  * the function signatures for functions that are offered as function
17  * pointers in OSSL_DISPATCH arrays.
18  */
19
20 /* Context management */
21 void *OSSL_FUNC_asym_cipher_newctx(void *provctx);
22 void OSSL_FUNC_asym_cipher_freectx(void *ctx);
23 void *OSSL_FUNC_asym_cipher_dupctx(void *ctx);
24
25 /* Encryption */
26 int OSSL_FUNC_asym_cipher_encrypt_init(void *ctx, void *provkey,
27                                        const OSSL_PARAM params[]);
28 int OSSL_FUNC_asym_cipher_encrypt(void *ctx, unsigned char *out, size_t *outlen,
29                                   size_t outsize, const unsigned char *in,
30                                   size_t inlen);
31
32 /* Decryption */
33 int OSSL_FUNC_asym_cipher_decrypt_init(void *ctx, void *provkey,
34                                        const OSSL_PARAM params[]);
35 int OSSL_FUNC_asym_cipher_decrypt(void *ctx, unsigned char *out, size_t *outlen,
36                                   size_t outsize, const unsigned char *in,
37                                   size_t inlen);
38
39 /* Asymmetric Cipher parameters */
40 int OSSL_FUNC_asym_cipher_get_ctx_params(void *ctx, OSSL_PARAM params[]);
41 const OSSL_PARAM *OSSL_FUNC_asym_cipher_gettable_ctx_params(void *provctx);
42 int OSSL_FUNC_asym_cipher_set_ctx_params(void *ctx, const OSSL_PARAM params[]);
43 const OSSL_PARAM *OSSL_FUNC_asym_cipher_settable_ctx_params(void *provctx);
44
45=head1 DESCRIPTION
46
47This documentation is primarily aimed at provider authors. See L<provider(7)>
48for further information.
49
50The asymmetric cipher (OSSL_OP_ASYM_CIPHER) operation enables providers to
51implement asymmetric cipher algorithms and make them available to applications
52via the API functions L<EVP_PKEY_encrypt(3)>,
53L<EVP_PKEY_decrypt(3)> and
54other related functions).
55
56All "functions" mentioned here are passed as function pointers between
57F<libcrypto> and the provider in L<OSSL_DISPATCH(3)> arrays via
58L<OSSL_ALGORITHM(3)> arrays that are returned by the provider's
59provider_query_operation() function
60(see L<provider-base(7)/Provider Functions>).
61
62All these "functions" have a corresponding function type definition
63named B<OSSL_FUNC_{name}_fn>, and a helper function to retrieve the
64function pointer from an L<OSSL_DISPATCH(3)> element named
65B<OSSL_FUNC_{name}>.
66For example, the "function" OSSL_FUNC_asym_cipher_newctx() has these:
67
68 typedef void *(OSSL_FUNC_asym_cipher_newctx_fn)(void *provctx);
69 static ossl_inline OSSL_FUNC_asym_cipher_newctx_fn
70     OSSL_FUNC_asym_cipher_newctx(const OSSL_DISPATCH *opf);
71
72L<OSSL_DISPATCH(3)> arrays are indexed by numbers that are provided as
73macros in L<openssl-core_dispatch.h(7)>, as follows:
74
75 OSSL_FUNC_asym_cipher_newctx               OSSL_FUNC_ASYM_CIPHER_NEWCTX
76 OSSL_FUNC_asym_cipher_freectx              OSSL_FUNC_ASYM_CIPHER_FREECTX
77 OSSL_FUNC_asym_cipher_dupctx               OSSL_FUNC_ASYM_CIPHER_DUPCTX
78
79 OSSL_FUNC_asym_cipher_encrypt_init         OSSL_FUNC_ASYM_CIPHER_ENCRYPT_INIT
80 OSSL_FUNC_asym_cipher_encrypt              OSSL_FUNC_ASYM_CIPHER_ENCRYPT
81
82 OSSL_FUNC_asym_cipher_decrypt_init         OSSL_FUNC_ASYM_CIPHER_DECRYPT_INIT
83 OSSL_FUNC_asym_cipher_decrypt              OSSL_FUNC_ASYM_CIPHER_DECRYPT
84
85 OSSL_FUNC_asym_cipher_get_ctx_params       OSSL_FUNC_ASYM_CIPHER_GET_CTX_PARAMS
86 OSSL_FUNC_asym_cipher_gettable_ctx_params  OSSL_FUNC_ASYM_CIPHER_GETTABLE_CTX_PARAMS
87 OSSL_FUNC_asym_cipher_set_ctx_params       OSSL_FUNC_ASYM_CIPHER_SET_CTX_PARAMS
88 OSSL_FUNC_asym_cipher_settable_ctx_params  OSSL_FUNC_ASYM_CIPHER_SETTABLE_CTX_PARAMS
89
90An asymmetric cipher algorithm implementation may not implement all of these
91functions.
92In order to be a consistent set of functions a provider must implement
93OSSL_FUNC_asym_cipher_newctx and OSSL_FUNC_asym_cipher_freectx.
94It must also implement both of OSSL_FUNC_asym_cipher_encrypt_init and
95OSSL_FUNC_asym_cipher_encrypt, or both of OSSL_FUNC_asym_cipher_decrypt_init and
96OSSL_FUNC_asym_cipher_decrypt.
97OSSL_FUNC_asym_cipher_get_ctx_params is optional but if it is present then so must
98OSSL_FUNC_asym_cipher_gettable_ctx_params.
99Similarly, OSSL_FUNC_asym_cipher_set_ctx_params is optional but if it is present then
100so must OSSL_FUNC_asym_cipher_settable_ctx_params.
101
102An asymmetric cipher algorithm must also implement some mechanism for generating,
103loading or importing keys via the key management (OSSL_OP_KEYMGMT) operation.
104See L<provider-keymgmt(7)> for further details.
105
106=head2 Context Management Functions
107
108OSSL_FUNC_asym_cipher_newctx() should create and return a pointer to a provider side
109structure for holding context information during an asymmetric cipher operation.
110A pointer to this context will be passed back in a number of the other
111asymmetric cipher operation function calls.
112The parameter I<provctx> is the provider context generated during provider
113initialisation (see L<provider(7)>).
114
115OSSL_FUNC_asym_cipher_freectx() is passed a pointer to the provider side asymmetric
116cipher context in the I<ctx> parameter.
117This function should free any resources associated with that context.
118
119OSSL_FUNC_asym_cipher_dupctx() should duplicate the provider side asymmetric cipher
120context in the I<ctx> parameter and return the duplicate copy.
121
122=head2 Encryption Functions
123
124OSSL_FUNC_asym_cipher_encrypt_init() initialises a context for an asymmetric encryption
125given a provider side asymmetric cipher context in the I<ctx> parameter, and a
126pointer to a provider key object in the I<provkey> parameter.
127The I<params>, if not NULL, should be set on the context in a manner similar to
128using OSSL_FUNC_asym_cipher_set_ctx_params().
129The key object should have been previously generated, loaded or imported into
130the provider using the key management (OSSL_OP_KEYMGMT) operation (see L<provider-keymgmt(7)>).
131OSSL_FUNC_asym_cipher_encrypt() performs the actual encryption itself.
132A previously initialised asymmetric cipher context is passed in the I<ctx>
133parameter.
134The data to be encrypted is pointed to by the I<in> parameter which is I<inlen>
135bytes long.
136Unless I<out> is NULL, the encrypted data should be written to the location
137pointed to by the I<out> parameter and it should not exceed I<outsize> bytes in
138length.
139The length of the encrypted data should be written to I<*outlen>.
140If I<out> is NULL then the maximum length of the encrypted data should be
141written to I<*outlen>.
142
143=head2 Decryption Functions
144
145OSSL_FUNC_asym_cipher_decrypt_init() initialises a context for an asymmetric decryption
146given a provider side asymmetric cipher context in the I<ctx> parameter, and a
147pointer to a provider key object in the I<provkey> parameter.
148The I<params>, if not NULL, should be set on the context in a manner similar to
149using OSSL_FUNC_asym_cipher_set_ctx_params().
150The key object should have been previously generated, loaded or imported into
151the provider using the key management (OSSL_OP_KEYMGMT) operation (see
152L<provider-keymgmt(7)>).
153
154OSSL_FUNC_asym_cipher_decrypt() performs the actual decryption itself.
155A previously initialised asymmetric cipher context is passed in the I<ctx>
156parameter.
157The data to be decrypted is pointed to by the I<in> parameter which is I<inlen>
158bytes long.
159Unless I<out> is NULL, the decrypted data should be written to the location
160pointed to by the I<out> parameter and it should not exceed I<outsize> bytes in
161length.
162The length of the decrypted data should be written to I<*outlen>.
163If I<out> is NULL then the maximum length of the decrypted data should be
164written to I<*outlen>.
165
166=head2 Asymmetric Cipher Parameters
167
168See L<OSSL_PARAM(3)> for further details on the parameters structure used by
169the OSSL_FUNC_asym_cipher_get_ctx_params() and OSSL_FUNC_asym_cipher_set_ctx_params()
170functions.
171
172OSSL_FUNC_asym_cipher_get_ctx_params() gets asymmetric cipher parameters associated
173with the given provider side asymmetric cipher context I<ctx> and stores them in
174I<params>.
175Passing NULL for I<params> should return true.
176
177OSSL_FUNC_asym_cipher_set_ctx_params() sets the asymmetric cipher parameters associated
178with the given provider side asymmetric cipher context I<ctx> to I<params>.
179Any parameter settings are additional to any that were previously set.
180Passing NULL for I<params> should return true.
181
182Parameters currently recognised by built-in asymmetric cipher algorithms are as
183follows.
184Not all parameters are relevant to, or are understood by all asymmetric cipher
185algorithms:
186
187=over 4
188
189=item "pad-mode" (B<OSSL_ASYM_CIPHER_PARAM_PAD_MODE>) <UTF8 string> OR <integer>
190
191The type of padding to be used. The interpretation of this value will depend
192on the algorithm in use.
193
194=item "digest" (B<OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST>) <UTF8 string>
195
196Gets or sets the name of the OAEP digest algorithm used when OAEP padding is in
197use.
198
199=item "digest" (B<OSSL_ASYM_CIPHER_PARAM_DIGEST>) <UTF8 string>
200
201Gets or sets the name of the digest algorithm used by the algorithm (where
202applicable).
203
204=item "digest-props" (B<OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS>) <UTF8 string>
205
206Gets or sets the properties to use when fetching the OAEP digest algorithm.
207
208=item "digest-props" (B<OSSL_ASYM_CIPHER_PARAM_DIGEST_PROPS>) <UTF8 string>
209
210Gets or sets the properties to use when fetching the cipher digest algorithm.
211
212=item "mgf1-digest" (B<OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST>) <UTF8 string>
213
214Gets or sets the name of the MGF1 digest algorithm used when OAEP or PSS padding
215is in use.
216
217=item "mgf1-digest-props" (B<OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS>) <UTF8 string>
218
219Gets or sets the properties to use when fetching the MGF1 digest algorithm.
220
221=item "oaep-label" (B<OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL>) <octet string ptr>
222
223Gets the OAEP label used when OAEP padding is in use.
224
225=item "oaep-label" (B<OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL>) <octet string>
226
227Sets the OAEP label used when OAEP padding is in use.
228
229=item "tls-client-version" (B<OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION>) <unsigned integer>
230
231The TLS protocol version first requested by the client.
232
233=item "tls-negotiated-version" (B<OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION>) <unsigned integer>
234
235The negotiated TLS protocol version.
236
237=back
238
239OSSL_FUNC_asym_cipher_gettable_ctx_params() and OSSL_FUNC_asym_cipher_settable_ctx_params()
240get a constant L<OSSL_PARAM(3)> array that describes the gettable and settable
241parameters, i.e. parameters that can be used with OSSL_FUNC_asym_cipherget_ctx_params()
242and OSSL_FUNC_asym_cipher_set_ctx_params() respectively.
243
244=head1 RETURN VALUES
245
246OSSL_FUNC_asym_cipher_newctx() and OSSL_FUNC_asym_cipher_dupctx() should return the newly
247created provider side asymmetric cipher context, or NULL on failure.
248
249All other functions should return 1 for success or 0 on error.
250
251=head1 SEE ALSO
252
253L<provider(7)>
254
255=head1 HISTORY
256
257The provider ASYM_CIPHER interface was introduced in OpenSSL 3.0.
258
259=head1 COPYRIGHT
260
261Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
262
263Licensed under the Apache License 2.0 (the "License").  You may not use
264this file except in compliance with the License.  You can obtain a copy
265in the file LICENSE in the source distribution or at
266L<https://www.openssl.org/source/license.html>.
267
268=cut
269