xref: /freebsd/secure/lib/libcrypto/man/man7/EVP_PKEY-FFC.7 (revision a18b956b73cee784e5c422d20fd0e4dabebd7eee)
Automatically generated by Pod::Man 4.14 (Pod::Simple 3.40)

Standard preamble:
========================================================================
..
..
.. Set up some character translations and predefined strings. \*(-- will
give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
double quote, and \*(R" will give a right double quote. \*(C+ will
give a nicer C++. Capital omega is used to do unbreakable dashes and
therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
nothing in troff, for use with C<>.
.tr \(*W- . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' . ds C` . ds C' 'br\}
Escape single quotes in literal strings from groff's Unicode transform.

If the F register is >0, we'll generate index entries on stderr for
titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
entries marked with X<> in POD. Of course, you'll have to process the
output yourself in some meaningful fashion.

Avoid warning from groff about undefined register 'F'.
.. .nr rF 0 . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF
Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2).
Fear. Run. Save yourself. No user-serviceable parts.
. \" fudge factors for nroff and troff . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] .\} . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents . \" corrections for vroff . \" for low resolution devices (crt and lpr) \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} ========================================================================

Title "EVP_PKEY-FFC 7"
EVP_PKEY-FFC 7 "2023-05-30" "3.0.9" "OpenSSL"
For nroff, turn off justification. Always turn off hyphenation; it makes
way too many mistakes in technical documents.
"NAME"
EVP_PKEY-FFC - EVP_PKEY DSA and DH/DHX shared FFC parameters.
"DESCRIPTION"
Header "DESCRIPTION" Finite field cryptography (\s-1FFC\s0) is a method of implementing discrete logarithm cryptography using finite field mathematics. \s-1DSA\s0 is an example of \s-1FFC\s0 and Diffie-Hellman key establishment algorithms specified in \s-1SP800-56A\s0 can also be implemented as \s-1FFC.\s0

The \s-1DSA\s0, \s-1DH\s0 and \s-1DHX\s0 keytypes are implemented in OpenSSL's default and \s-1FIPS\s0 providers. The implementations support the basic \s-1DSA, DH\s0 and \s-1DHX\s0 keys, containing the public and private keys pub and priv as well as the three main domain parameters \fIp, q and g.

For \s-1DSA\s0 (and \s-1DH\s0 that is not a named group) the \s-1FIPS186-4\s0 standard specifies that the values used for \s-1FFC\s0 parameter generation are also required for parameter validation. This means that optional \s-1FFC\s0 domain parameter values for seed, pcounter and gindex may need to be stored for validation purposes. For \s-1DH\s0 the seed and pcounter can be stored in \s-1ASN1\s0 data (but the gindex is not). For \s-1DSA\s0 however, these fields are not stored in the \s-1ASN1\s0 data so they need to be stored externally if validation is required.

The \s-1DH\s0 key type uses PKCS#3 format which saves p and g, but not the 'q' value. The \s-1DHX\s0 key type uses X9.42 format which saves the value of 'q' and this must be used for \s-1FIPS186-4.\s0

"\s-1FFC\s0 parameters"
Subsection "FFC parameters" In addition to the common parameters that all keytypes should support (see \*(L"Common parameters\*(R" in provider-keymgmt\|(7)), the \s-1DSA\s0, \s-1DH\s0 and \s-1DHX\s0 keytype implementations support the following. Item "pub (OSSL_PKEY_PARAM_PUB_KEY) <unsigned integer>" The public key value. Item "priv (OSSL_PKEY_PARAM_PRIV_KEY) <unsigned integer>" The private key value.
"\s-1FFC DSA, DH\s0 and \s-1DHX\s0 domain parameters"
Subsection "FFC DSA, DH and DHX domain parameters" Item "p (OSSL_PKEY_PARAM_FFC_P) <unsigned integer>" A \s-1DSA\s0 or Diffie-Hellman prime \*(L"p\*(R" value. Item "g (OSSL_PKEY_PARAM_FFC_G) <unsigned integer>" A \s-1DSA\s0 or Diffie-Hellman generator \*(L"g\*(R" value.
"\s-1FFC DSA\s0 and \s-1DHX\s0 domain parameters"
Subsection "FFC DSA and DHX domain parameters" Item "q (OSSL_PKEY_PARAM_FFC_Q) <unsigned integer>" A \s-1DSA\s0 or Diffie-Hellman prime \*(L"q\*(R" value. Item "seed (OSSL_PKEY_PARAM_FFC_SEED) <octet string>" An optional domain parameter seed value used during generation and validation of p, q and canonical g. For validation this needs to set the seed that was produced during generation. Item "gindex (OSSL_PKEY_PARAM_FFC_GINDEX) <integer>" Sets the index to use for canonical generation and verification of the generator \fIg. Set this to a positive value from 0..FF to use this mode. This gindex can then be reused during key validation to verify the value of g. If this value is not set or is -1 then unverifiable generation of the generator g will be used. Item "pcounter (OSSL_PKEY_PARAM_FFC_PCOUNTER) <integer>" An optional domain parameter counter value that is output during generation of p. This value must be saved if domain parameter validation is required. Item "hindex (OSSL_PKEY_PARAM_FFC_H) <integer>" For unverifiable generation of the generator g this value is output during generation of g. Its value is the first integer larger than one that satisfies g = h^j mod p (where g != 1 and \*(L"j\*(R" is the cofactor). Item "j (OSSL_PKEY_PARAM_FFC_COFACTOR) <unsigned integer>" An optional informational cofactor parameter that should equal to (p - 1) / q. Item "validate-pq (OSSL_PKEY_PARAM_FFC_VALIDATE_PQ) <unsigned integer>"

0 Item "validate-g (OSSL_PKEY_PARAM_FFC_VALIDATE_G) <unsigned integer>"

These boolean values are used during \s-1FIPS186-4\s0 or \s-1FIPS186-2\s0 key validation checks (See EVP_PKEY_param_check\|(3)) to select validation options. By default \fIvalidate-pq and validate-g are both set to 1 to check that p,q and g are valid. Either of these may be set to 0 to skip a test, which is mainly useful for testing purposes. Item "validate-legacy (OSSL_PKEY_PARAM_FFC_VALIDATE_LEGACY) <unsigned integer>" This boolean value is used during key validation checks (See EVP_PKEY_param_check\|(3)) to select the validation type. The default value of 0 selects \s-1FIPS186-4\s0 validation. Setting this value to 1 selects \s-1FIPS186-2\s0 validation.

"\s-1FFC\s0 key generation parameters"
Subsection "FFC key generation parameters" The following key generation types are available for \s-1DSA\s0 and \s-1DHX\s0 algorithms: Item "type (OSSL_PKEY_PARAM_FFC_TYPE) <UTF8 string>" Sets the type of parameter generation. The shared valid values are:

Item "fips186_4" The current standard. Item "fips186_2" The old standard that should only be used for legacy purposes. Item "default" This can choose one of \*(L"fips186_4\*(R" or \*(L"fips186_2\*(R" depending on other parameters set for parameter generation.

Item "pbits (OSSL_PKEY_PARAM_FFC_PBITS) <unsigned integer>" Sets the size (in bits) of the prime 'p'. Item "qbits (OSSL_PKEY_PARAM_FFC_QBITS) <unsigned integer>" Sets the size (in bits) of the prime 'q'. .Sp For \*(L"fips186_4\*(R" this can be either 224 or 256. For \*(L"fips186_2\*(R" this has a size of 160. Item "digest (OSSL_PKEY_PARAM_FFC_DIGEST) <UTF8 string>" Sets the Digest algorithm to be used as part of the Key Generation Function associated with the given Key Generation ctx. This must also be set for key validation. Item "properties (OSSL_PKEY_PARAM_FFC_DIGEST_PROPS) <UTF8 string>" Sets properties to be used upon look up of the implementation for the selected Digest algorithm for the Key Generation Function associated with the given key generation ctx. This may also be set for key validation. Item "seed (OSSL_PKEY_PARAM_FFC_SEED) <octet string>" For \*(L"fips186_4\*(R" or \*(L"fips186_2\*(R" generation this sets the seed data to use instead of generating a random seed internally. This should be used for testing purposes only. This will either produce fixed values for the generated parameters \s-1OR\s0 it will fail if the seed did not generate valid primes. Item "gindex (OSSL_PKEY_PARAM_FFC_GINDEX) <integer>"

0 Item "pcounter (OSSL_PKEY_PARAM_FFC_PCOUNTER) <integer>" Item "hindex (OSSL_PKEY_PARAM_FFC_H) <integer>"

These types are described above.

"CONFORMING TO"
Header "CONFORMING TO" The following sections of SP800-56Ar3:
"5.5.1.1 \s-1FFC\s0 Domain Parameter Selection/Generation" 4
Item "5.5.1.1 FFC Domain Parameter Selection/Generation"

The following sections of \s-1FIPS186-4:\s0

"A.1.1.2 Generation of Probable Primes p and q Using an Approved Hash Function." 4
Item "A.1.1.2 Generation of Probable Primes p and q Using an Approved Hash Function."

0

"A.2.3 Generation of canonical generator g." 4
Item "A.2.3 Generation of canonical generator g."
"A.2.1 Unverifiable Generation of the Generator g." 4
Item "A.2.1 Unverifiable Generation of the Generator g."

"SEE ALSO"
Header "SEE ALSO" \s-1EVP_PKEY-DSA\s0\|(7), \s-1EVP_PKEY-DH\s0\|(7), \s-1EVP_SIGNATURE-DSA\s0\|(7), \s-1EVP_KEYEXCH-DH\s0\|(7) \s-1EVP_KEYMGMT\s0\|(3), \s-1EVP_PKEY\s0\|(3), \fBprovider-keymgmt\|(7), \fBOSSL_PROVIDER-default\|(7), \s-1OSSL_PROVIDER-FIPS\s0\|(7),
"COPYRIGHT"
Header "COPYRIGHT" Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.

Licensed under the Apache License 2.0 (the \*(L"License\*(R"). You may not use this file except in compliance with the License. You can obtain a copy in the file \s-1LICENSE\s0 in the source distribution or at <https://www.openssl.org/source/license.html>.