-*- mode: troff; coding: utf-8 -*-
Automatically generated by Pod::Man 5.01 (Pod::Simple 3.43)
Standard preamble:
========================================================================
..
.... \*(C` and \*(C' are quotes in nroff, nothing in troff, for use with C<>.
. ds C` "" . ds C' "" 'br\} . ds C` . ds C' 'br\}
Escape single quotes in literal strings from groff's Unicode transform.
If the F register is >0, we'll generate index entries on stderr for
titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
entries marked with X<> in POD. Of course, you'll have to process the
output yourself in some meaningful fashion.
Avoid warning from groff about undefined register 'F'.
.. .nr rF 0 . if \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . if !\nF==2 \{\ . nr % 0 . nr F 2 . \} . \} .\} .rr rF ========================================================================
Title "EVP_PKEY-DH 7"
way too many mistakes in technical documents.
See EVP_PKEY-FFC\|(7) for more information about FFC keys.
The DH key type uses PKCS#3 format which saves p and g, but not the \fIq value. The DHX key type uses X9.42 format which saves the value of q and this must be used for FIPS186-4. If key validation is required, users should be aware of the nuances associated with FIPS186-4 style parameters as discussed in "DH and DHX key validation".
0
These are described in "FFC key generation parameters" in EVP_PKEY-FFC\|(7)
With the OpenSSL FIPS provider, EVP_PKEY_param_check\|(3) and \fBEVP_PKEY_param_check_quick\|(3) behave in the following way: the parameters are tested if they are either an approved safe prime group OR that the FFC parameters conform to FIPS186-4 as defined in SP800-56Ar3 Assurances of Domain-Parameter Validity.
The OpenSSL default provider uses simpler checks that allows there to be no q value for backwards compatibility, however the EVP_PKEY_param_check\|(3) will test the p value for being a prime (and a safe prime if q is missing) which can take significant time. The EVP_PKEY_param_check_quick\|(3) avoids the prime tests.
\fBEVP_PKEY_public_check\|(3) conforms to SP800-56Ar3 \fIFFC Full Public-Key Validation.
\fBEVP_PKEY_public_check_quick\|(3) conforms to SP800-56Ar3 \fIFFC Partial Public-Key Validation when the key is an approved named safe prime group, otherwise it is the same as EVP_PKEY_public_check\|(3).
\fBEVP_PKEY_private_check\|(3) tests that the private key is in the correct range according to SP800-56Ar3. The OpenSSL FIPS provider requires the value of q to be set (note that this is implicitly set for named safe prime groups). For backwards compatibility the OpenSSL default provider only requires p to be set.
\fBEVP_PKEY_pairwise_check\|(3) conforms to SP800-56Ar3 \fIOwner Assurance of Pair-wise Consistency.
.Vb 1 EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL); .Ve
A DH key can be generated with a named safe prime group by calling:
.Vb 4 int priv_len = 2 * 112; OSSL_PARAM params[3]; EVP_PKEY *pkey = NULL; EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_from_name(NULL, "DH", NULL); \& params[0] = OSSL_PARAM_construct_utf8_string("group", "ffdhe2048", 0); /* "priv_len" is optional */ params[1] = OSSL_PARAM_construct_int("priv_len", &priv_len); params[2] = OSSL_PARAM_construct_end(); \& EVP_PKEY_keygen_init(pctx); EVP_PKEY_CTX_set_params(pctx, params); EVP_PKEY_generate(pctx, &pkey); ... EVP_PKEY_free(pkey); EVP_PKEY_CTX_free(pctx); .Ve
\fBDHX domain parameters can be generated according to FIPS186-4 by calling:
.Vb 6 int gindex = 2; unsigned int pbits = 2048; unsigned int qbits = 256; OSSL_PARAM params[6]; EVP_PKEY *param_key = NULL; EVP_PKEY_CTX *pctx = NULL; \& pctx = EVP_PKEY_CTX_new_from_name(NULL, "DHX", NULL); EVP_PKEY_paramgen_init(pctx); \& params[0] = OSSL_PARAM_construct_uint("pbits", &pbits); params[1] = OSSL_PARAM_construct_uint("qbits", &qbits); params[2] = OSSL_PARAM_construct_int("gindex", &gindex); params[3] = OSSL_PARAM_construct_utf8_string("type", "fips186_4", 0); params[4] = OSSL_PARAM_construct_utf8_string("digest", "SHA256", 0); params[5] = OSSL_PARAM_construct_end(); EVP_PKEY_CTX_set_params(pctx, params); \& EVP_PKEY_generate(pctx, ¶m_key); \& EVP_PKEY_print_params(bio_out, param_key, 0, NULL); ... EVP_PKEY_free(param_key); EVP_PKEY_CTX_free(pctx); .Ve
A DH key can be generated using domain parameters by calling:
.Vb 2 EVP_PKEY *key = NULL; EVP_PKEY_CTX *gctx = EVP_PKEY_CTX_new_from_pkey(NULL, param_key, NULL); \& EVP_PKEY_keygen_init(gctx); EVP_PKEY_generate(gctx, &key); EVP_PKEY_print_private(bio_out, key, 0, NULL); ... EVP_PKEY_free(key); EVP_PKEY_CTX_free(gctx); .Ve
To validate FIPS186-4 DHX domain parameters decoded from PEM or \fBDER data, additional values used during generation may be required to be set into the key.
\fBEVP_PKEY_todata(), OSSL_PARAM_merge(), and EVP_PKEY_fromdata() are useful to add these parameters to the original key or domain parameters before the actual validation. In production code the return values should be checked.
.Vb 11 EVP_PKEY *received_domp = ...; /* parameters received and decoded */ unsigned char *seed = ...; /* and additional parameters received */ size_t seedlen = ...; /* by other means, required */ int gindex = ...; /* for the validation */ int pcounter = ...; int hindex = ...; OSSL_PARAM extra_params[4]; OSSL_PARAM *domain_params = NULL; OSSL_PARAM *merged_params = NULL; EVP_PKEY_CTX *ctx = NULL, *validate_ctx = NULL; EVP_PKEY *complete_domp = NULL; \& EVP_PKEY_todata(received_domp, OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS, &domain_params); extra_params[0] = OSSL_PARAM_construct_octet_string("seed", seed, seedlen); /* * NOTE: For unverifiable g use "hindex" instead of "gindex" * extra_params[1] = OSSL_PARAM_construct_int("hindex", &hindex); */ extra_params[1] = OSSL_PARAM_construct_int("gindex", &gindex); extra_params[2] = OSSL_PARAM_construct_int("pcounter", &pcounter); extra_params[3] = OSSL_PARAM_construct_end(); merged_params = OSSL_PARAM_merge(domain_params, extra_params); \& ctx = EVP_PKEY_CTX_new_from_name(NULL, "DHX", NULL); EVP_PKEY_fromdata_init(ctx); EVP_PKEY_fromdata(ctx, &complete_domp, OSSL_KEYMGMT_SELECT_ALL, merged_params); \& validate_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, complete_domp, NULL); if (EVP_PKEY_param_check(validate_ctx) > 0) /* validation_passed(); */ else /* validation_failed(); */ \& OSSL_PARAM_free(domain_params); OSSL_PARAM_free(merged_params); EVP_PKEY_CTX_free(ctx); EVP_PKEY_CTX_free(validate_ctx); EVP_PKEY_free(complete_domp); .Ve
0
The following sections of SP800-56Ar3:
0
The following sections of FIPS186-4:
0
Licensed under the Apache License 2.0 (the "License"). You may not use this file except in compliance with the License. You can obtain a copy in the file LICENSE in the source distribution or at <https://www.openssl.org/source/license.html>.