1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
=pod
=head1 NAME
EVP_PKEY-X25519, EVP_PKEY-X448, EVP_PKEY-ED25519, EVP_PKEY-ED448,
EVP_KEYMGMT-X25519, EVP_KEYMGMT-X448, EVP_KEYMGMT-ED25519, EVP_KEYMGMT-ED448
- EVP_PKEY X25519, X448, ED25519 and ED448 keytype and algorithm support
=head1 DESCRIPTION
The B<X25519>, B<X448>, B<ED25519> and B<ED448> keytypes are
implemented in OpenSSL's default and FIPS providers. These implementations
support the associated key, containing the public key I<pub> and the
private key I<priv>.
In the FIPS provider they are non-approved algorithms and do not have the
"fips=yes" property set.
=head2 Common X25519, X448, ED25519 and ED448 parameters
In addition to the common parameters that all keytypes should support (see
L<provider-keymgmt(7)/Common parameters>), the implementation of these keytypes
support the following.
=over 4
=item "pub" (B<OSSL_PKEY_PARAM_PUB_KEY>) <octet string>
The public key value.
=item "priv" (B<OSSL_PKEY_PARAM_PRIV_KEY>) <octet string>
The private key value.
=back
=head2 ED25519 and ED448 parameters
=over 4
=item "mandatory-digest" (B<OSSL_PKEY_PARAM_MANDATORY_DIGEST>) <utf8 string>
The empty string, signifying that no digest may be specified.
=back
=head1 CONFORMING TO
=over 4
=item RFC 8032
=back
=head1 EXAMPLES
An B<EVP_PKEY> context can be obtained by calling:
EVP_PKEY_CTX *pctx =
EVP_PKEY_CTX_new_from_name(NULL, "X25519", NULL);
EVP_PKEY_CTX *pctx =
EVP_PKEY_CTX_new_from_name(NULL, "X448", NULL);
EVP_PKEY_CTX *pctx =
EVP_PKEY_CTX_new_from_name(NULL, "ED25519", NULL);
EVP_PKEY_CTX *pctx =
EVP_PKEY_CTX_new_from_name(NULL, "ED448", NULL);
An B<ED25519> key can be generated like this:
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx =
EVP_PKEY_CTX_new_from_name(NULL, "ED25519", NULL);
EVP_PKEY_keygen_init(pctx);
EVP_PKEY_gen(pctx, &pkey);
EVP_PKEY_CTX_free(pctx);
An B<X25519> key can be generated in a similar way:
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx =
EVP_PKEY_CTX_new_from_name(NULL, "X25519", NULL);
EVP_PKEY_keygen_init(pctx);
EVP_PKEY_gen(pctx, &pkey);
EVP_PKEY_CTX_free(pctx);
=head1 SEE ALSO
L<EVP_KEYMGMT(3)>, L<EVP_PKEY(3)>, L<provider-keymgmt(7)>,
L<EVP_KEYEXCH-X25519(7)>, L<EVP_KEYEXCH-X448(7)>,
L<EVP_SIGNATURE-ED25519(7)>, L<EVP_SIGNATURE-ED448(7)>
=head1 COPYRIGHT
Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut
|
