| 1 | =pod
|
|---|
| 2 |
|
|---|
| 3 | =head1 NAME
|
|---|
| 4 |
|
|---|
| 5 | provider-kem - The kem library E<lt>-E<gt> provider functions
|
|---|
| 6 |
|
|---|
| 7 | =head1 SYNOPSIS
|
|---|
| 8 |
|
|---|
| 9 | =for openssl multiple includes
|
|---|
| 10 |
|
|---|
| 11 | #include <openssl/core_dispatch.h>
|
|---|
| 12 | #include <openssl/core_names.h>
|
|---|
| 13 |
|
|---|
| 14 | /*
|
|---|
| 15 | * None of these are actual functions, but are displayed like this for
|
|---|
| 16 | * the function signatures for functions that are offered as function
|
|---|
| 17 | * pointers in OSSL_DISPATCH arrays.
|
|---|
| 18 | */
|
|---|
| 19 |
|
|---|
| 20 | /* Context management */
|
|---|
| 21 | void *OSSL_FUNC_kem_newctx(void *provctx);
|
|---|
| 22 | void OSSL_FUNC_kem_freectx(void *ctx);
|
|---|
| 23 | void *OSSL_FUNC_kem_dupctx(void *ctx);
|
|---|
| 24 |
|
|---|
| 25 | /* Encapsulation */
|
|---|
| 26 | int OSSL_FUNC_kem_encapsulate_init(void *ctx, void *provkey, const char *name,
|
|---|
| 27 | const OSSL_PARAM params[]);
|
|---|
| 28 | int OSSL_FUNC_kem_encapsulate(void *ctx, unsigned char *out, size_t *outlen,
|
|---|
| 29 | unsigned char *secret, size_t *secretlen);
|
|---|
| 30 |
|
|---|
| 31 | /* Decapsulation */
|
|---|
| 32 | int OSSL_FUNC_kem_decapsulate_init(void *ctx, void *provkey, const char *name);
|
|---|
| 33 | int OSSL_FUNC_kem_decapsulate(void *ctx, unsigned char *out, size_t *outlen,
|
|---|
| 34 | const unsigned char *in, size_t inlen);
|
|---|
| 35 |
|
|---|
| 36 | /* KEM parameters */
|
|---|
| 37 | int OSSL_FUNC_kem_get_ctx_params(void *ctx, OSSL_PARAM params[]);
|
|---|
| 38 | const OSSL_PARAM *OSSL_FUNC_kem_gettable_ctx_params(void *ctx, void *provctx);
|
|---|
| 39 | int OSSL_FUNC_kem_set_ctx_params(void *ctx, const OSSL_PARAM params[]);
|
|---|
| 40 | const OSSL_PARAM *OSSL_FUNC_kem_settable_ctx_params(void *ctx, void *provctx);
|
|---|
| 41 |
|
|---|
| 42 | =head1 DESCRIPTION
|
|---|
| 43 |
|
|---|
| 44 | This documentation is primarily aimed at provider authors. See L<provider(7)>
|
|---|
| 45 | for further information.
|
|---|
| 46 |
|
|---|
| 47 | The asymmetric kem (OSSL_OP_KEM) operation enables providers to
|
|---|
| 48 | implement asymmetric kem algorithms and make them available to applications
|
|---|
| 49 | via the API functions L<EVP_PKEY_encapsulate(3)>,
|
|---|
| 50 | L<EVP_PKEY_decapsulate(3)> and other related functions.
|
|---|
| 51 |
|
|---|
| 52 | All "functions" mentioned here are passed as function pointers between
|
|---|
| 53 | F<libcrypto> and the provider in L<OSSL_DISPATCH(3)> arrays via
|
|---|
| 54 | L<OSSL_ALGORITHM(3)> arrays that are returned by the provider's
|
|---|
| 55 | provider_query_operation() function
|
|---|
| 56 | (see L<provider-base(7)/Provider Functions>).
|
|---|
| 57 |
|
|---|
| 58 | All these "functions" have a corresponding function type definition
|
|---|
| 59 | named B<OSSL_FUNC_{name}_fn>, and a helper function to retrieve the
|
|---|
| 60 | function pointer from an L<OSSL_DISPATCH(3)> element named
|
|---|
| 61 | B<OSSL_FUNC_{name}>.
|
|---|
| 62 | For example, the "function" OSSL_FUNC_kem_newctx() has these:
|
|---|
| 63 |
|
|---|
| 64 | typedef void *(OSSL_FUNC_kem_newctx_fn)(void *provctx);
|
|---|
| 65 | static ossl_inline OSSL_FUNC_kem_newctx_fn
|
|---|
| 66 | OSSL_FUNC_kem_newctx(const OSSL_DISPATCH *opf);
|
|---|
| 67 |
|
|---|
| 68 | L<OSSL_DISPATCH(3)> arrays are indexed by numbers that are provided as
|
|---|
| 69 | macros in L<openssl-core_dispatch.h(7)>, as follows:
|
|---|
| 70 |
|
|---|
| 71 | OSSL_FUNC_kem_newctx OSSL_FUNC_KEM_NEWCTX
|
|---|
| 72 | OSSL_FUNC_kem_freectx OSSL_FUNC_KEM_FREECTX
|
|---|
| 73 | OSSL_FUNC_kem_dupctx OSSL_FUNC_KEM_DUPCTX
|
|---|
| 74 |
|
|---|
| 75 | OSSL_FUNC_kem_encapsulate_init OSSL_FUNC_KEM_ENCAPSULATE_INIT
|
|---|
| 76 | OSSL_FUNC_kem_encapsulate OSSL_FUNC_KEM_ENCAPSULATE
|
|---|
| 77 |
|
|---|
| 78 | OSSL_FUNC_kem_decapsulate_init OSSL_FUNC_KEM_DECAPSULATE_INIT
|
|---|
| 79 | OSSL_FUNC_kem_decapsulate OSSL_FUNC_KEM_DECAPSULATE
|
|---|
| 80 |
|
|---|
| 81 | OSSL_FUNC_kem_get_ctx_params OSSL_FUNC_KEM_GET_CTX_PARAMS
|
|---|
| 82 | OSSL_FUNC_kem_gettable_ctx_params OSSL_FUNC_KEM_GETTABLE_CTX_PARAMS
|
|---|
| 83 | OSSL_FUNC_kem_set_ctx_params OSSL_FUNC_KEM_SET_CTX_PARAMS
|
|---|
| 84 | OSSL_FUNC_kem_settable_ctx_params OSSL_FUNC_KEM_SETTABLE_CTX_PARAMS
|
|---|
| 85 |
|
|---|
| 86 | An asymmetric kem algorithm implementation may not implement all of these
|
|---|
| 87 | functions.
|
|---|
| 88 | In order to be a consistent set of functions a provider must implement
|
|---|
| 89 | OSSL_FUNC_kem_newctx and OSSL_FUNC_kem_freectx.
|
|---|
| 90 | It must also implement both of OSSL_FUNC_kem_encapsulate_init and
|
|---|
| 91 | OSSL_FUNC_kem_encapsulate, or both of OSSL_FUNC_kem_decapsulate_init and
|
|---|
| 92 | OSSL_FUNC_kem_decapsulate.
|
|---|
| 93 | OSSL_FUNC_kem_get_ctx_params is optional but if it is present then so must
|
|---|
| 94 | OSSL_FUNC_kem_gettable_ctx_params.
|
|---|
| 95 | Similarly, OSSL_FUNC_kem_set_ctx_params is optional but if it is present then
|
|---|
| 96 | so must OSSL_FUNC_kem_settable_ctx_params.
|
|---|
| 97 |
|
|---|
| 98 | An asymmetric kem algorithm must also implement some mechanism for generating,
|
|---|
| 99 | loading or importing keys via the key management (OSSL_OP_KEYMGMT) operation.
|
|---|
| 100 | See L<provider-keymgmt(7)> for further details.
|
|---|
| 101 |
|
|---|
| 102 | =head2 Context Management Functions
|
|---|
| 103 |
|
|---|
| 104 | OSSL_FUNC_kem_newctx() should create and return a pointer to a provider side
|
|---|
| 105 | structure for holding context information during an asymmetric kem operation.
|
|---|
| 106 | A pointer to this context will be passed back in a number of the other
|
|---|
| 107 | asymmetric kem operation function calls.
|
|---|
| 108 | The parameter I<provctx> is the provider context generated during provider
|
|---|
| 109 | initialisation (see L<provider(7)>).
|
|---|
| 110 |
|
|---|
| 111 | OSSL_FUNC_kem_freectx() is passed a pointer to the provider side asymmetric
|
|---|
| 112 | kem context in the I<ctx> parameter.
|
|---|
| 113 | This function should free any resources associated with that context.
|
|---|
| 114 |
|
|---|
| 115 | OSSL_FUNC_kem_dupctx() should duplicate the provider side asymmetric kem
|
|---|
| 116 | context in the I<ctx> parameter and return the duplicate copy.
|
|---|
| 117 |
|
|---|
| 118 | =head2 Asymmetric Key Encapsulation Functions
|
|---|
| 119 |
|
|---|
| 120 | OSSL_FUNC_kem_encapsulate_init() initialises a context for an asymmetric
|
|---|
| 121 | encapsulation given a provider side asymmetric kem context in the I<ctx>
|
|---|
| 122 | parameter, a pointer to a provider key object in the I<provkey> parameter and
|
|---|
| 123 | the I<name> of the algorithm.
|
|---|
| 124 | The I<params>, if not NULL, should be set on the context in a manner similar to
|
|---|
| 125 | using OSSL_FUNC_kem_set_ctx_params().
|
|---|
| 126 | The key object should have been previously generated, loaded or imported into
|
|---|
| 127 | the provider using the key management (OSSL_OP_KEYMGMT) operation (see
|
|---|
| 128 | provider-keymgmt(7)>.
|
|---|
| 129 |
|
|---|
| 130 | OSSL_FUNC_kem_encapsulate() performs the actual encapsulation itself.
|
|---|
| 131 | A previously initialised asymmetric kem context is passed in the I<ctx>
|
|---|
| 132 | parameter.
|
|---|
| 133 | Unless I<out> is NULL, the data to be encapsulated is internally generated,
|
|---|
| 134 | and returned into the buffer pointed to by the I<secret> parameter and the
|
|---|
| 135 | encapsulated data should also be written to the location pointed to by the
|
|---|
| 136 | I<out> parameter. The length of the encapsulated data should be written to
|
|---|
| 137 | I<*outlen> and the length of the generated secret should be written to
|
|---|
| 138 | I<*secretlen>.
|
|---|
| 139 |
|
|---|
| 140 | If I<out> is NULL then the maximum length of the encapsulated data should be
|
|---|
| 141 | written to I<*outlen>, and the maximum length of the generated secret should be
|
|---|
| 142 | written to I<*secretlen>.
|
|---|
| 143 |
|
|---|
| 144 | =head2 Decapsulation Functions
|
|---|
| 145 |
|
|---|
| 146 | OSSL_FUNC_kem_decapsulate_init() initialises a context for an asymmetric
|
|---|
| 147 | decapsulation given a provider side asymmetric kem context in the I<ctx>
|
|---|
| 148 | parameter, a pointer to a provider key object in the I<provkey> parameter, and
|
|---|
| 149 | a I<name> of the algorithm.
|
|---|
| 150 | The key object should have been previously generated, loaded or imported into
|
|---|
| 151 | the provider using the key management (OSSL_OP_KEYMGMT) operation (see
|
|---|
| 152 | provider-keymgmt(7)>.
|
|---|
| 153 |
|
|---|
| 154 | OSSL_FUNC_kem_decapsulate() performs the actual decapsulation itself.
|
|---|
| 155 | A previously initialised asymmetric kem context is passed in the I<ctx>
|
|---|
| 156 | parameter.
|
|---|
| 157 | The data to be decapsulated is pointed to by the I<in> parameter which is I<inlen>
|
|---|
| 158 | bytes long.
|
|---|
| 159 | Unless I<out> is NULL, the decapsulated data should be written to the location
|
|---|
| 160 | pointed to by the I<out> parameter.
|
|---|
| 161 | The length of the decapsulated data should be written to I<*outlen>.
|
|---|
| 162 | If I<out> is NULL then the maximum length of the decapsulated data should be
|
|---|
| 163 | written to I<*outlen>.
|
|---|
| 164 |
|
|---|
| 165 | =head2 Asymmetric Key Encapsulation Parameters
|
|---|
| 166 |
|
|---|
| 167 | See L<OSSL_PARAM(3)> for further details on the parameters structure used by
|
|---|
| 168 | the OSSL_FUNC_kem_get_ctx_params() and OSSL_FUNC_kem_set_ctx_params()
|
|---|
| 169 | functions.
|
|---|
| 170 |
|
|---|
| 171 | OSSL_FUNC_kem_get_ctx_params() gets asymmetric kem parameters associated
|
|---|
| 172 | with the given provider side asymmetric kem context I<ctx> and stores them in
|
|---|
| 173 | I<params>.
|
|---|
| 174 | Passing NULL for I<params> should return true.
|
|---|
| 175 |
|
|---|
| 176 | OSSL_FUNC_kem_set_ctx_params() sets the asymmetric kem parameters associated
|
|---|
| 177 | with the given provider side asymmetric kem context I<ctx> to I<params>.
|
|---|
| 178 | Any parameter settings are additional to any that were previously set.
|
|---|
| 179 | Passing NULL for I<params> should return true.
|
|---|
| 180 |
|
|---|
| 181 | No parameters are currently recognised by built-in asymmetric kem algorithms.
|
|---|
| 182 |
|
|---|
| 183 | OSSL_FUNC_kem_gettable_ctx_params() and OSSL_FUNC_kem_settable_ctx_params()
|
|---|
| 184 | get a constant L<OSSL_PARAM(3)> array that describes the gettable and settable
|
|---|
| 185 | parameters, i.e. parameters that can be used with OSSL_FUNC_kem_get_ctx_params()
|
|---|
| 186 | and OSSL_FUNC_kem_set_ctx_params() respectively.
|
|---|
| 187 |
|
|---|
| 188 | =head1 RETURN VALUES
|
|---|
| 189 |
|
|---|
| 190 | OSSL_FUNC_kem_newctx() and OSSL_FUNC_kem_dupctx() should return the newly
|
|---|
| 191 | created provider side asymmetric kem context, or NULL on failure.
|
|---|
| 192 |
|
|---|
| 193 | All other functions should return 1 for success or 0 on error.
|
|---|
| 194 |
|
|---|
| 195 | =head1 SEE ALSO
|
|---|
| 196 |
|
|---|
| 197 | L<provider(7)>
|
|---|
| 198 |
|
|---|
| 199 | =head1 HISTORY
|
|---|
| 200 |
|
|---|
| 201 | The provider KEM interface was introduced in OpenSSL 3.0.
|
|---|
| 202 |
|
|---|
| 203 | =head1 COPYRIGHT
|
|---|
| 204 |
|
|---|
| 205 | Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
|
|---|
| 206 |
|
|---|
| 207 | Licensed under the Apache License 2.0 (the "License"). You may not use
|
|---|
| 208 | this file except in compliance with the License. You can obtain a copy
|
|---|
| 209 | in the file LICENSE in the source distribution or at
|
|---|
| 210 | L<https://www.openssl.org/source/license.html>.
|
|---|
| 211 |
|
|---|
| 212 | =cut
|
|---|
