provider-signature.pod 20 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417
  1. =pod
  2. =head1 NAME
  3. provider-signature - The signature library E<lt>-E<gt> provider functions
  4. =head1 SYNOPSIS
  5. =for openssl multiple includes
  6. #include <openssl/core_dispatch.h>
  7. #include <openssl/core_names.h>
  8. /*
  9. * None of these are actual functions, but are displayed like this for
  10. * the function signatures for functions that are offered as function
  11. * pointers in OSSL_DISPATCH arrays.
  12. */
  13. /* Context management */
  14. void *OSSL_FUNC_signature_newctx(void *provctx);
  15. void OSSL_FUNC_signature_freectx(void *ctx);
  16. void *OSSL_FUNC_signature_dupctx(void *ctx);
  17. /* Signing */
  18. int OSSL_FUNC_signature_sign_init(void *ctx, void *provkey);
  19. int OSSL_FUNC_signature_sign(void *ctx, unsigned char *sig, size_t *siglen,
  20. size_t sigsize, const unsigned char *tbs, size_t tbslen);
  21. /* Verifying */
  22. int OSSL_FUNC_signature_verify_init(void *ctx, void *provkey);
  23. int OSSL_FUNC_signature_verify(void *ctx, const unsigned char *sig, size_t siglen,
  24. const unsigned char *tbs, size_t tbslen);
  25. /* Verify Recover */
  26. int OSSL_FUNC_signature_verify_recover_init(void *ctx, void *provkey);
  27. int OSSL_FUNC_signature_verify_recover(void *ctx, unsigned char *rout,
  28. size_t *routlen, size_t routsize,
  29. const unsigned char *sig, size_t siglen);
  30. /* Digest Sign */
  31. int OSSL_FUNC_signature_digest_sign_init(void *ctx, const char *mdname,
  32. const char *props, void *provkey);
  33. int OSSL_FUNC_signature_digest_sign_update(void *ctx, const unsigned char *data,
  34. size_t datalen);
  35. int OSSL_FUNC_signature_digest_sign_final(void *ctx, unsigned char *sig,
  36. size_t *siglen, size_t sigsize);
  37. int OSSL_FUNC_signature_digest_sign(void *ctx,
  38. unsigned char *sigret, size_t *siglen,
  39. size_t sigsize, const unsigned char *tbs,
  40. size_t tbslen);
  41. /* Digest Verify */
  42. int OSSL_FUNC_signature_digest_verify_init(void *ctx, const char *mdname,
  43. const char *props, void *provkey);
  44. int OSSL_FUNC_signature_digest_verify_update(void *ctx,
  45. const unsigned char *data,
  46. size_t datalen);
  47. int OSSL_FUNC_signature_digest_verify_final(void *ctx, const unsigned char *sig,
  48. size_t siglen);
  49. int OSSL_FUNC_signature_digest_verify(void *ctx, const unsigned char *sig,
  50. size_t siglen, const unsigned char *tbs,
  51. size_t tbslen);
  52. /* Signature parameters */
  53. int OSSL_FUNC_signature_get_ctx_params(void *ctx, OSSL_PARAM params[]);
  54. const OSSL_PARAM *OSSL_FUNC_signature_gettable_ctx_params(void *provctx);
  55. int OSSL_FUNC_signature_set_ctx_params(void *ctx, const OSSL_PARAM params[]);
  56. const OSSL_PARAM *OSSL_FUNC_signature_settable_ctx_params(void *provctx);
  57. /* MD parameters */
  58. int OSSL_FUNC_signature_get_ctx_md_params(void *ctx, OSSL_PARAM params[]);
  59. const OSSL_PARAM * OSSL_FUNC_signature_gettable_ctx_md_params(void *ctx);
  60. int OSSL_FUNC_signature_set_ctx_md_params(void *ctx, const OSSL_PARAM params[]);
  61. const OSSL_PARAM * OSSL_FUNC_signature_settable_ctx_md_params(void *ctx);
  62. =head1 DESCRIPTION
  63. This documentation is primarily aimed at provider authors. See L<provider(7)>
  64. for further information.
  65. The signature (OSSL_OP_SIGNATURE) operation enables providers to implement
  66. signature algorithms and make them available to applications via the API
  67. functions L<EVP_PKEY_sign(3)>,
  68. L<EVP_PKEY_verify(3)>,
  69. and L<EVP_PKEY_verify_recover(3)> (as well
  70. as other related functions).
  71. All "functions" mentioned here are passed as function pointers between
  72. F<libcrypto> and the provider in B<OSSL_DISPATCH> arrays via
  73. B<OSSL_ALGORITHM> arrays that are returned by the provider's
  74. provider_query_operation() function
  75. (see L<provider-base(7)/Provider Functions>).
  76. All these "functions" have a corresponding function type definition
  77. named B<OSSL_{name}_fn>, and a helper function to retrieve the
  78. function pointer from an B<OSSL_DISPATCH> element named
  79. B<OSSL_FUNC_{name}>.
  80. For example, the "function" OSSL_FUNC_signature_newctx() has these:
  81. typedef void *(OSSL_FUNC_signature_newctx_fn)(void *provctx);
  82. static ossl_inline OSSL_FUNC_signature_newctx_fn
  83. OSSL_FUNC_signature_newctx(const OSSL_DISPATCH *opf);
  84. B<OSSL_DISPATCH> arrays are indexed by numbers that are provided as
  85. macros in L<openssl-core_dispatch.h(7)>, as follows:
  86. OSSL_FUNC_signature_newctx OSSL_FUNC_SIGNATURE_NEWCTX
  87. OSSL_FUNC_signature_freectx OSSL_FUNC_SIGNATURE_FREECTX
  88. OSSL_FUNC_signature_dupctx OSSL_FUNC_SIGNATURE_DUPCTX
  89. OSSL_FUNC_signature_sign_init OSSL_FUNC_SIGNATURE_SIGN_INIT
  90. OSSL_FUNC_signature_sign OSSL_FUNC_SIGNATURE_SIGN
  91. OSSL_FUNC_signature_verify_init OSSL_FUNC_SIGNATURE_VERIFY_INIT
  92. OSSL_FUNC_signature_verify OSSL_FUNC_SIGNATURE_VERIFY
  93. OSSL_FUNC_signature_verify_recover_init OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT
  94. OSSL_FUNC_signature_verify_recover OSSL_FUNC_SIGNATURE_VERIFY_RECOVER
  95. OSSL_FUNC_signature_digest_sign_init OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT
  96. OSSL_FUNC_signature_digest_sign_update OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE
  97. OSSL_FUNC_signature_digest_sign_final OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL
  98. OSSL_FUNC_signature_digest_sign OSSL_FUNC_SIGNATURE_DIGEST_SIGN
  99. OSSL_FUNC_signature_digest_verify_init OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT
  100. OSSL_FUNC_signature_digest_verify_update OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE
  101. OSSL_FUNC_signature_digest_verify_final OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL
  102. OSSL_FUNC_signature_digest_verify OSSL_FUNC_SIGNATURE_DIGEST_VERIFY
  103. OSSL_FUNC_signature_get_ctx_params OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS
  104. OSSL_FUNC_signature_gettable_ctx_params OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS
  105. OSSL_FUNC_signature_set_ctx_params OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS
  106. OSSL_FUNC_signature_settable_ctx_params OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS
  107. OSSL_FUNC_signature_get_ctx_md_params OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS
  108. OSSL_FUNC_signature_gettable_ctx_md_params OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS
  109. OSSL_FUNC_signature_set_ctx_md_params OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS
  110. OSSL_FUNC_signature_settable_ctx_md_params OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS
  111. A signature algorithm implementation may not implement all of these functions.
  112. In order to be a consistent set of functions we must have at least a set of
  113. context functions (OSSL_FUNC_signature_newctx and OSSL_FUNC_signature_freectx) as well as a
  114. set of "signature" functions, i.e. at least one of:
  115. =over 4
  116. =item OSSL_FUNC_signature_sign_init and OSSL_FUNC_signature_sign
  117. =item OSSL_FUNC_signature_verify_init and OSSL_FUNC_signature_verify
  118. =item OSSL_FUNC_signature_verify_recover_init and OSSL_FUNC_signature_verify_init
  119. =item OSSL_FUNC_signature_digest_sign_init, OSSL_FUNC_signature_digest_sign_update and OSSL_FUNC_signature_digest_sign_final
  120. =item OSSL_FUNC_signature_digest_verify_init, OSSL_FUNC_signature_digest_verify_update and OSSL_FUNC_signature_digest_verify_final
  121. =item OSSL_FUNC_signature_digest_sign_init and OSSL_FUNC_signature_digest_sign
  122. =item OSSL_FUNC_signature_digest_verify_init and OSSL_FUNC_signature_digest_verify
  123. =back
  124. OSSL_FUNC_signature_set_ctx_params and OSSL_FUNC_signature_settable_ctx_params are optional,
  125. but if one of them is present then the other one must also be present. The same
  126. applies to OSSL_FUNC_signature_get_ctx_params and OSSL_FUNC_signature_gettable_ctx_params, as
  127. well as the "md_params" functions. The OSSL_FUNC_signature_dupctx function is optional.
  128. A signature algorithm must also implement some mechanism for generating,
  129. loading or importing keys via the key management (OSSL_OP_KEYMGMT) operation.
  130. See L<provider-keymgmt(7)> for further details.
  131. =head2 Context Management Functions
  132. OSSL_FUNC_signature_newctx() should create and return a pointer to a provider side
  133. structure for holding context information during a signature operation.
  134. A pointer to this context will be passed back in a number of the other signature
  135. operation function calls.
  136. The parameter I<provctx> is the provider context generated during provider
  137. initialisation (see L<provider(7)>).
  138. OSSL_FUNC_signature_freectx() is passed a pointer to the provider side signature
  139. context in the I<ctx> parameter.
  140. This function should free any resources associated with that context.
  141. OSSL_FUNC_signature_dupctx() should duplicate the provider side signature context in
  142. the I<ctx> parameter and return the duplicate copy.
  143. =head2 Signing Functions
  144. OSSL_FUNC_signature_sign_init() initialises a context for signing given a provider side
  145. signature context in the I<ctx> parameter, and a pointer to a provider key object
  146. in the I<provkey> parameter.
  147. The key object should have been previously generated, loaded or imported into
  148. the provider using the key management (OSSL_OP_KEYMGMT) operation (see
  149. provider-keymgmt(7)>.
  150. OSSL_FUNC_signature_sign() performs the actual signing itself.
  151. A previously initialised signature context is passed in the I<ctx>
  152. parameter.
  153. The data to be signed is pointed to be the I<tbs> parameter which is I<tbslen>
  154. bytes long.
  155. Unless I<sig> is NULL, the signature should be written to the location pointed
  156. to by the I<sig> parameter and it should not exceed I<sigsize> bytes in length.
  157. The length of the signature should be written to I<*siglen>.
  158. If I<sig> is NULL then the maximum length of the signature should be written to
  159. I<*siglen>.
  160. =head2 Verify Functions
  161. OSSL_FUNC_signature_verify_init() initialises a context for verifying a signature given
  162. a provider side signature context in the I<ctx> parameter, and a pointer to a
  163. provider key object in the I<provkey> parameter.
  164. The key object should have been previously generated, loaded or imported into
  165. the provider using the key management (OSSL_OP_KEYMGMT) operation (see
  166. provider-keymgmt(7)>.
  167. OSSL_FUNC_signature_verify() performs the actual verification itself.
  168. A previously initialised signature context is passed in the I<ctx> parameter.
  169. The data that the signature covers is pointed to be the I<tbs> parameter which
  170. is I<tbslen> bytes long.
  171. The signature is pointed to by the I<sig> parameter which is I<siglen> bytes
  172. long.
  173. =head2 Verify Recover Functions
  174. OSSL_FUNC_signature_verify_recover_init() initialises a context for recovering the
  175. signed data given a provider side signature context in the I<ctx> parameter, and
  176. a pointer to a provider key object in the I<provkey> parameter.
  177. The key object should have been previously generated, loaded or imported into
  178. the provider using the key management (OSSL_OP_KEYMGMT) operation (see
  179. provider-keymgmt(7)>.
  180. OSSL_FUNC_signature_verify_recover() performs the actual verify recover itself.
  181. A previously initialised signature context is passed in the I<ctx> parameter.
  182. The signature is pointed to by the I<sig> parameter which is I<siglen> bytes
  183. long.
  184. Unless I<rout> is NULL, the recovered data should be written to the location
  185. pointed to by I<rout> which should not exceed I<routsize> bytes in length.
  186. The length of the recovered data should be written to I<*routlen>.
  187. If I<rout> is NULL then the maximum size of the output buffer is written to
  188. the I<routlen> parameter.
  189. =head2 Digest Sign Functions
  190. OSSL_FUNC_signature_digeset_sign_init() initialises a context for signing given a
  191. provider side signature context in the I<ctx> parameter, and a pointer to a
  192. provider key object in the I<provkey> parameter. The key object should have been
  193. previously generated, loaded or imported into the provider using the
  194. key management (OSSL_OP_KEYMGMT) operation (see provider-keymgmt(7)>.
  195. The name of the digest to be used will be in the I<mdname> parameter. There may
  196. also be properties to be used in fetching the digest in the I<props> parameter,
  197. although this may be ignored by providers.
  198. OSSL_FUNC_signature_digest_sign_update() provides data to be signed in the I<data>
  199. parameter which should be of length I<datalen>. A previously initialised
  200. signature context is passed in the I<ctx> parameter. This function may be called
  201. multiple times to cumulatively add data to be signed.
  202. OSSL_FUNC_signature_digest_sign_final() finalises a signature operation previously
  203. started through OSSL_FUNC_signature_digest_sign_init() and
  204. OSSL_FUNC_signature_digest_sign_update() calls. Once finalised no more data will be
  205. added through OSSL_FUNC_signature_digest_sign_update(). A previously initialised
  206. signature context is passed in the I<ctx> parameter. Unless I<sig> is NULL, the
  207. signature should be written to the location pointed to by the I<sig> parameter
  208. and it should not exceed I<sigsize> bytes in length. The length of the signature
  209. should be written to I<*siglen>. If I<sig> is NULL then the maximum length of
  210. the signature should be written to I<*siglen>.
  211. OSSL_FUNC_signature_digest_sign() implements a "one shot" digest sign operation
  212. previously started through OSSL_FUNC_signature_digeset_sign_init(). A previously
  213. initialised signature context is passed in the I<ctx> parameter. The data to be
  214. signed is in I<tbs> which should be I<tbslen> bytes long. Unless I<sig> is NULL,
  215. the signature should be written to the location pointed to by the I<sig>
  216. parameter and it should not exceed I<sigsize> bytes in length. The length of the
  217. signature should be written to I<*siglen>. If I<sig> is NULL then the maximum
  218. length of the signature should be written to I<*siglen>.
  219. =head2 Digest Verify Functions
  220. OSSL_FUNC_signature_digeset_verify_init() initialises a context for verifying given a
  221. provider side verification context in the I<ctx> parameter, and a pointer to a
  222. provider key object in the I<provkey> parameter. The key object should have been
  223. previously generated, loaded or imported into the provider using the
  224. key management (OSSL_OP_KEYMGMT) operation (see provider-keymgmt(7)>.
  225. The name of the digest to be used will be in the I<mdname> parameter. There may
  226. also be properties to be used in fetching the digest in the I<props> parameter,
  227. although this may be ignored by providers.
  228. OSSL_FUNC_signature_digest_verify_update() provides data to be verified in the I<data>
  229. parameter which should be of length I<datalen>. A previously initialised
  230. verification context is passed in the I<ctx> parameter. This function may be
  231. called multiple times to cumulatively add data to be verified.
  232. OSSL_FUNC_signature_digest_verify_final() finalises a verification operation previously
  233. started through OSSL_FUNC_signature_digest_verify_init() and
  234. OSSL_FUNC_signature_digest_verify_update() calls. Once finalised no more data will be
  235. added through OSSL_FUNC_signature_digest_verify_update(). A previously initialised
  236. verification context is passed in the I<ctx> parameter. The signature to be
  237. verified is in I<sig> which is I<siglen> bytes long.
  238. OSSL_FUNC_signature_digest_verify() implements a "one shot" digest verify operation
  239. previously started through OSSL_FUNC_signature_digeset_verify_init(). A previously
  240. initialised verification context is passed in the I<ctx> parameter. The data to be
  241. verified is in I<tbs> which should be I<tbslen> bytes long. The signature to be
  242. verified is in I<sig> which is I<siglen> bytes long.
  243. =head2 Signature parameters
  244. See L<OSSL_PARAM(3)> for further details on the parameters structure used by
  245. the OSSL_FUNC_signature_get_ctx_params() and OSSL_FUNC_signature_set_ctx_params() functions.
  246. OSSL_FUNC_signature_get_ctx_params() gets signature parameters associated with the
  247. given provider side signature context I<ctx> and stored them in I<params>.
  248. OSSL_FUNC_signature_set_ctx_params() sets the signature parameters associated with the
  249. given provider side signature context I<ctx> to I<params>.
  250. Any parameter settings are additional to any that were previously set.
  251. Common parameters currently recognised by built-in signature algorithms are as
  252. follows.
  253. =over 4
  254. =item "digest" (B<OSSL_SIGNATURE_PARAM_DIGEST>) <UTF8 string>
  255. Get or sets the name of the digest algorithm used for the input to the signature
  256. functions. It is required in order to calculate the "algorithm-id".
  257. = item "properties" (B<OSSL_SIGNATURE_PARAM_PROPERTIES>) <UTF8 string>
  258. Sets the name of the property query associated with the "digest" algorithm.
  259. NULL is used if this optional value is not set.
  260. =item "digest-size" (B<OSSL_SIGNATURE_PARAM_DIGEST_SIZE>) <unsigned integer>
  261. Gets or sets the output size of the digest algorithm used for the input to the
  262. signature functions.
  263. The length of the "digest-size" parameter should not exceed that of a B<size_t>.
  264. = item "algorithm-id" (B<OSSL_SIGNATURE_PARAM_ALGORITHM_ID>) <octet string>
  265. Gets the DER encoded AlgorithmIdentifier that corresponds to the combination of
  266. signature algorithm and digest algorithm for the signature operation.
  267. =item "kat" (B<OSSL_SIGNATURE_PARAM_KAT>) <unsigned integer>
  268. Sets a flag to modify the sign operation to return an error if the initial
  269. calculated signature is invalid.
  270. In the normal mode of operation - new random values are chosen until the
  271. signature operation succeeds.
  272. By default it retries until a signature is calculated.
  273. Setting the value to 0 causes the sign operation to retry,
  274. otherwise the sign operation is only tried once and returns whether or not it
  275. was successful.
  276. Known answer tests can be performed if the random generator is overridden to
  277. supply known values that either pass or fail.
  278. =back
  279. OSSL_FUNC_signature_gettable_ctx_params() and OSSL_FUNC_signature_settable_ctx_params() get a
  280. constant B<OSSL_PARAM> array that describes the gettable and settable parameters,
  281. i.e. parameters that can be used with OSSL_FUNC_signature_get_ctx_params() and
  282. OSSL_FUNC_signature_set_ctx_params() respectively.
  283. See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as parameter descriptor.
  284. =head2 MD parameters
  285. See L<OSSL_PARAM(3)> for further details on the parameters structure used by
  286. the OSSL_FUNC_signature_get_md_ctx_params() and OSSL_FUNC_signature_set_md_ctx_params()
  287. functions.
  288. OSSL_FUNC_signature_get_md_ctx_params() gets digest parameters associated with the
  289. given provider side digest signature context I<ctx> and stores them in I<params>.
  290. OSSL_FUNC_signature_set_ms_ctx_params() sets the digest parameters associated with the
  291. given provider side digest signature context I<ctx> to I<params>.
  292. Any parameter settings are additional to any that were previously set.
  293. Parameters currently recognised by built-in signature algorithms are the same
  294. as those for built-in digest algorithms. See
  295. L<provider-digest(7)/Digest Parameters> for further information.
  296. OSSL_FUNC_signature_gettable_md_ctx_params() and OSSL_FUNC_signature_settable_md_ctx_params()
  297. get a constant B<OSSL_PARAM> array that describes the gettable and settable
  298. digest parameters, i.e. parameters that can be used with
  299. OSSL_FUNC_signature_get_md_ctx_params() and OSSL_FUNC_signature_set_md_ctx_params()
  300. respectively. See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as parameter
  301. descriptor.
  302. =head1 RETURN VALUES
  303. OSSL_FUNC_signature_newctx() and OSSL_FUNC_signature_dupctx() should return the newly created
  304. provider side signature, or NULL on failure.
  305. OSSL_FUNC_signature_gettable_ctx_params(), OSSL_FUNC_signature_settable_ctx_params(),
  306. OSSL_FUNC_signature_gettable_md_ctx_params() and OSSL_FUNC_signature_settable_md_ctx_params(),
  307. return the gettable or settable parameters in a constant B<OSSL_PARAM> array.
  308. All other functions should return 1 for success or 0 on error.
  309. =head1 SEE ALSO
  310. L<provider(7)>
  311. =head1 HISTORY
  312. The provider SIGNATURE interface was introduced in OpenSSL 3.0.
  313. =head1 COPYRIGHT
  314. Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
  315. Licensed under the Apache License 2.0 (the "License"). You may not use
  316. this file except in compliance with the License. You can obtain a copy
  317. in the file LICENSE in the source distribution or at
  318. L<https://www.openssl.org/source/license.html>.
  319. =cut