diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2020-04-15 21:02:52 +1000 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2020-04-15 21:02:52 +1000 |
commit | b03ec3b5d62ee26bf8437556b9040d4141d5bdd8 (patch) | |
tree | 1f27a892757c24efab70d2fb8f93110f71c0fbb3 /doc/man7 | |
parent | 09b3654096ed344edd78cf156cb3ddcdbced6f9a (diff) |
Add DSA keygen to provider
Moved some shared FFC code into the FFC files.
Added extra paramgen parameters for seed, gindex.
Fixed bug in ossl_prov util to print bignums.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11303)
Diffstat (limited to 'doc/man7')
-rw-r--r-- | doc/man7/provider-keymgmt.pod | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/doc/man7/provider-keymgmt.pod b/doc/man7/provider-keymgmt.pod index 52cb977cb4..c93abba8eb 100644 --- a/doc/man7/provider-keymgmt.pod +++ b/doc/man7/provider-keymgmt.pod @@ -328,6 +328,56 @@ from I<keydata_from> to I<keydata_to>. It is assumed that the caller has ensured that I<keydata_to> and I<keydata_from> are both owned by the implementation of this function. +=head2 Built-in DSA Key Generation Types + +The following Key Generation types are available for the built-in DSA algorithm: + +=over 4 + +=item "pbits" (B<OSSL_PKEY_PARAM_FFC_PBITS>) <unsigned integer> + +Sets the DSA size (in bits) of the prime 'p'. +The value should be 2048 or 3072. + +=item "qbits" (B<OSSL_PKEY_PARAM_FFC_QBITS>) <unsigned integer> + +Sets the DSA size (in bits) of the prime 'q'. +The value should be 224 or 256. + +=item "type" (B<OSSL_PKEY_PARAM_FFC_TYPE>) <integer> + +Sets the type of parameter generation. +Use 0 for FIPS186-4, or 1 for legacy FIPS186-2. +The default is 0. + +=item "digest" (B<OSSL_PKEY_PARAM_FFC_DIGEST>) <utf8_string> + +Sets the Digest algorithm to be used as part of the Key Generation Function +associated with the given Key Generation I<ctx>. + +=item "properties" (B<OSSL_PKEY_PARAM_FFC_DIGEST_PROPS>) <utf8_string> + +Sets properties to be used upon look up of the implementation for the selected +Digest algorithm for the Key Generation Function associated with the given key +Generation I<ctx>. + +=item "gindex" (B<OSSL_PKEY_PARAM_FFC_GINDEX>) <integer> + +Sets the index to use for canonical generation and verification of the generator g. +Set this to a positive value to use this mode. This I<index> can then be reused +during key validation to verify the value of g. If this value is not set then +g is not verifiable. The default value is -1. + +=item "seed" (B<OSSL_PKEY_PARAM_FFC_SEED>) <octet_string> + +Sets the I<seed> data to use instead of generating a random seed internally. +This should be used for testing purposes only. This will either produced fixed +values for the generated parameters OR it will fail if the seed did not +generate valid primes. + +=back + + =head2 Built-in RSA Import/Export Types The following Import/Export types are available for the built-in RSA algorithm: |