EVP_PKEY-RSA.pod 7.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247
  1. =pod
  2. =head1 NAME
  3. EVP_PKEY-RSA, EVP_KEYMGMT-RSA, RSA
  4. - EVP_PKEY RSA keytype and algorithm support
  5. =head1 DESCRIPTION
  6. The B<RSA> keytype is implemented in OpenSSL's default and FIPS providers.
  7. That implementation supports the basic RSA keys, containing the modulus I<n>,
  8. the public exponent I<e>, the private exponent I<d>, and a collection of prime
  9. factors, exponents and coefficient for CRT calculations, of which the first
  10. few are known as I<p> and I<q>, I<dP> and I<dQ>, and I<qInv>.
  11. =head2 Common RSA parameters
  12. In addition to the common parameters that all keytypes should support (see
  13. L<provider-keymgmt(7)/Common parameters>), the B<RSA> keytype implementation
  14. supports the following.
  15. =over 4
  16. =item "n" (B<OSSL_PKEY_PARAM_RSA_N>) <unsigned integer>
  17. The RSA "n" value.
  18. =item "e" (B<OSSL_PKEY_PARAM_RSA_E>) <unsigned integer>
  19. The RSA "e" value.
  20. =item "d" (B<OSSL_PKEY_PARAM_RSA_D>) <unsigned integer>
  21. The RSA "d" value.
  22. =item "rsa-factor1" (B<OSSL_PKEY_PARAM_RSA_FACTOR1>) <unsigned integer>
  23. =item "rsa-factor2" (B<OSSL_PKEY_PARAM_RSA_FACTOR2>) <unsigned integer>
  24. =item "rsa-factor3" (B<OSSL_PKEY_PARAM_RSA_FACTOR3>) <unsigned integer>
  25. =item "rsa-factor4" (B<OSSL_PKEY_PARAM_RSA_FACTOR4>) <unsigned integer>
  26. =item "rsa-factor5" (B<OSSL_PKEY_PARAM_RSA_FACTOR5>) <unsigned integer>
  27. =item "rsa-factor6" (B<OSSL_PKEY_PARAM_RSA_FACTOR6>) <unsigned integer>
  28. =item "rsa-factor7" (B<OSSL_PKEY_PARAM_RSA_FACTOR7>) <unsigned integer>
  29. =item "rsa-factor8" (B<OSSL_PKEY_PARAM_RSA_FACTOR8>) <unsigned integer>
  30. =item "rsa-factor9" (B<OSSL_PKEY_PARAM_RSA_FACTOR9>) <unsigned integer>
  31. =item "rsa-factor10" (B<OSSL_PKEY_PARAM_RSA_FACTOR10>) <unsigned integer>
  32. RSA prime factors. The factors are known as "p", "q" and "r_i" in RFC8017.
  33. Up to eight additional "r_i" prime factors are supported.
  34. =item "rsa-exponent1" (B<OSSL_PKEY_PARAM_RSA_EXPONENT1>) <unsigned integer>
  35. =item "rsa-exponent2" (B<OSSL_PKEY_PARAM_RSA_EXPONENT2>) <unsigned integer>
  36. =item "rsa-exponent3" (B<OSSL_PKEY_PARAM_RSA_EXPONENT3>) <unsigned integer>
  37. =item "rsa-exponent4" (B<OSSL_PKEY_PARAM_RSA_EXPONENT4>) <unsigned integer>
  38. =item "rsa-exponent5" (B<OSSL_PKEY_PARAM_RSA_EXPONENT5>) <unsigned integer>
  39. =item "rsa-exponent6" (B<OSSL_PKEY_PARAM_RSA_EXPONENT6>) <unsigned integer>
  40. =item "rsa-exponent7" (B<OSSL_PKEY_PARAM_RSA_EXPONENT7>) <unsigned integer>
  41. =item "rsa-exponent8" (B<OSSL_PKEY_PARAM_RSA_EXPONENT8>) <unsigned integer>
  42. =item "rsa-exponent9" (B<OSSL_PKEY_PARAM_RSA_EXPONENT9>) <unsigned integer>
  43. =item "rsa-exponent10" (B<OSSL_PKEY_PARAM_RSA_EXPONENT10>) <unsigned integer>
  44. RSA CRT (Chinese Remainder Theorem) exponents. The exponents are known
  45. as "dP", "dQ" and "d_i in RFC8017".
  46. Up to eight additional "d_i" exponents are supported.
  47. =item "rsa-coefficient1" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT1>) <unsigned integer>
  48. =item "rsa-coefficient2" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT2>) <unsigned integer>
  49. =item "rsa-coefficient3" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT3>) <unsigned integer>
  50. =item "rsa-coefficient4" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT4>) <unsigned integer>
  51. =item "rsa-coefficient5" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT5>) <unsigned integer>
  52. =item "rsa-coefficient6" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT6>) <unsigned integer>
  53. =item "rsa-coefficient7" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT7>) <unsigned integer>
  54. =item "rsa-coefficient8" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT8>) <unsigned integer>
  55. =item "rsa-coefficient9" (B<OSSL_PKEY_PARAM_RSA_COEFFICIENT9>) <unsigned integer>
  56. RSA CRT (Chinese Remainder Theorem) coefficients. The coefficients are known as
  57. "qInv" and "t_i".
  58. Up to eight additional "t_i" exponents are supported.
  59. =back
  60. =head2 RSA key generation parameters
  61. When generating RSA keys, the following key generation parameters may be used.
  62. =over 4
  63. =item "bits" (B<OSSL_PKEY_PARAM_RSA_BITS>) <unsigned integer>
  64. The value should be the cryptographic length for the B<RSA> cryptosystem, in
  65. bits.
  66. =item "primes" (B<OSSL_PKEY_PARAM_RSA_PRIMES>) <unsigned integer>
  67. The value should be the number of primes for the generated B<RSA> key. The
  68. default is 2. It isn't permitted to specify a larger number of primes than
  69. 10. Additionally, the number of primes is limited by the length of the key
  70. being generated so the maximum number could be less.
  71. Some providers may only support a value of 2.
  72. =item "e" (B<OSSL_PKEY_PARAM_RSA_E>) <unsigned integer>
  73. The RSA "e" value. The value may be any odd number greater than or equal to
  74. 65537. The default value is 65537.
  75. For legacy reasons a value of 3 is currently accepted but is deprecated.
  76. =back
  77. =head2 RSA key generation parameters for FIPS module testing
  78. When generating RSA keys, the following additional key generation parameters may
  79. be used for algorithm testing purposes only. Do not use these to generate
  80. RSA keys for a production environment.
  81. =over 4
  82. =item "xp" (B<OSSL_PKEY_PARAM_RSA_TEST_XP>) <unsigned integer>
  83. =item "xq" (B<OSSL_PKEY_PARAM_RSA_TEST_XQ>) <unsigned integer>
  84. These 2 fields are normally randomly generated and are used to generate "p" and
  85. "q".
  86. =item "xp1" (B<OSSL_PKEY_PARAM_RSA_TEST_XP1>) <unsigned integer>
  87. =item "xp2" (B<OSSL_PKEY_PARAM_RSA_TEST_XP2>) <unsigned integer>
  88. =item "xq1" (B<OSSL_PKEY_PARAM_RSA_TEST_XQ1>) <unsigned integer>
  89. =item "xq2" (B<OSSL_PKEY_PARAM_RSA_TEST_XQ2>) <unsigned integer>
  90. These 4 fields are normally randomly generated. The prime factors "p1", "p2",
  91. "q1" and "q2" are determined from these values.
  92. =back
  93. =head2 RSA key parameters for FIPS module testing
  94. The following intermediate values can be retrieved only if the values
  95. specified in L</"RSA key generation parameters for FIPS module testing"> are set.
  96. These should not be accessed in a production environment.
  97. =over 4
  98. =item "p1" (B<OSSL_PKEY_PARAM_RSA_TEST_P1>) <unsigned integer>
  99. =item "p2" (B<OSSL_PKEY_PARAM_RSA_TEST_P2>) <unsigned integer>
  100. =item "q1" (B<OSSL_PKEY_PARAM_RSA_TEST_Q1>) <unsigned integer>
  101. =item "q2" (B<OSSL_PKEY_PARAM_RSA_TEST_Q2>) <unsigned integer>
  102. The auxiliary probable primes.
  103. =back
  104. =head1 CONFORMING TO
  105. =over 4
  106. =item FIPS186-4
  107. Section B.3.6 Generation of Probable Primes with Conditions Based on
  108. Auxiliary Probable Primes
  109. =item RFC 8017, excluding RSA-PSS and RSA-OAEP
  110. =for comment RSA-PSS, and probably also RSA-OAEP, need separate keytypes,
  111. and will be described in separate pages for those RSA keytypes.
  112. =back
  113. =head1 EXAMPLES
  114. An B<EVP_PKEY> context can be obtained by calling:
  115. EVP_PKEY_CTX *pctx =
  116. EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
  117. An B<RSA> key can be generated like this:
  118. EVP_PKEY *pkey = NULL;
  119. EVP_PKEY_CTX *pctx =
  120. EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
  121. EVP_PKEY_keygen_init(pctx);
  122. EVP_PKEY_gen(pctx, &pkey);
  123. EVP_PKEY_CTX_free(pctx);
  124. An B<RSA> key can be generated with key generation parameters:
  125. unsigned int primes = 3;
  126. unsigned int bits = 4096;
  127. OSSL_PARAM params[3];
  128. EVP_PKEY *pkey = NULL;
  129. EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
  130. EVP_PKEY_keygen_init(pctx);
  131. params[0] = OSSL_PARAM_construct_uint("bits", &bits);
  132. params[1] = OSSL_PARAM_construct_uint("primes", &primes);
  133. params[2] = OSSL_PARAM_construct_end();
  134. EVP_PKEY_CTX_set_params(pctx, params);
  135. EVP_PKEY_gen(pctx, &pkey);
  136. EVP_PKEY_print_private(bio_out, pkey, 0, NULL);
  137. EVP_PKEY_CTX_free(pctx);
  138. =head1 SEE ALSO
  139. L<EVP_KEYMGMT(3)>, L<EVP_PKEY(3)>, L<provider-keymgmt(7)>
  140. =head1 COPYRIGHT
  141. Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
  142. Licensed under the Apache License 2.0 (the "License"). You may not use
  143. this file except in compliance with the License. You can obtain a copy
  144. in the file LICENSE in the source distribution or at
  145. L<https://www.openssl.org/source/license.html>.
  146. =cut