xref: /openbsd-src/lib/libcrypto/man/RSA_security_bits.3 (revision 8e2ec202c6914d3979c1c4579a278c6ffe4257d0) 
1*8e2ec202Sschwarze.\" $OpenBSD: RSA_security_bits.3,v 1.1 2022/07/13 17:32:16 schwarze Exp $
2*8e2ec202Sschwarze.\"
3*8e2ec202Sschwarze.\" Copyright (c) 2022 Ingo Schwarze <schwarze@openbsd.org>
4*8e2ec202Sschwarze.\"
5*8e2ec202Sschwarze.\" Permission to use, copy, modify, and distribute this software for any
6*8e2ec202Sschwarze.\" purpose with or without fee is hereby granted, provided that the above
7*8e2ec202Sschwarze.\" copyright notice and this permission notice appear in all copies.
8*8e2ec202Sschwarze.\"
9*8e2ec202Sschwarze.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10*8e2ec202Sschwarze.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11*8e2ec202Sschwarze.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12*8e2ec202Sschwarze.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13*8e2ec202Sschwarze.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14*8e2ec202Sschwarze.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15*8e2ec202Sschwarze.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16*8e2ec202Sschwarze.\"
17*8e2ec202Sschwarze.Dd $Mdocdate: July 13 2022 $
18*8e2ec202Sschwarze.Dt RSA_SECURITY_BITS 3
19*8e2ec202Sschwarze.Os
20*8e2ec202Sschwarze.Sh NAME
21*8e2ec202Sschwarze.Nm RSA_security_bits ,
22*8e2ec202Sschwarze.Nm DSA_security_bits ,
23*8e2ec202Sschwarze.Nm DH_security_bits ,
24*8e2ec202Sschwarze.Nm BN_security_bits
25*8e2ec202Sschwarze.Nd get security strength
26*8e2ec202Sschwarze.Sh SYNOPSIS
27*8e2ec202Sschwarze.In openssl/rsa.h
28*8e2ec202Sschwarze.Ft int
29*8e2ec202Sschwarze.Fn RSA_security_bits "const RSA *rsa"
30*8e2ec202Sschwarze.In openssl/dsa.h
31*8e2ec202Sschwarze.Ft int
32*8e2ec202Sschwarze.Fn DSA_security_bits "const DSA *dsa"
33*8e2ec202Sschwarze.In openssl/dh.h
34*8e2ec202Sschwarze.Ft int
35*8e2ec202Sschwarze.Fn DH_security_bits "const DH *dh"
36*8e2ec202Sschwarze.In openssl/bn.h
37*8e2ec202Sschwarze.Ft int
38*8e2ec202Sschwarze.Fo BN_security_bits
39*8e2ec202Sschwarze.Fa "int pubbits"
40*8e2ec202Sschwarze.Fa "int privbits"
41*8e2ec202Sschwarze.Fc
42*8e2ec202Sschwarze.Sh DESCRIPTION
43*8e2ec202SschwarzeThese functions return the security strength of some specific types of
44*8e2ec202Sschwarzecryptographic keys, measured in bits.
45*8e2ec202SschwarzeIt is approximately the binary logarithm of the number of operations
46*8e2ec202Sschwarzean attacker has to perform in order to break the key.
47*8e2ec202Sschwarze.Pp
48*8e2ec202Sschwarze.Fn RSA_security_bits
49*8e2ec202Sschwarzeuses only the number of significant bits in the public modulus of
50*8e2ec202Sschwarze.Fa rsa
51*8e2ec202Sschwarzeas returned by
52*8e2ec202Sschwarze.Xr RSA_bits 3 .
53*8e2ec202SschwarzeIt returns
54*8e2ec202Sschwarze.Bl -column 256 for 15360 last_column -offset indent
55*8e2ec202Sschwarze.It 256 Ta for Ta 15360 Ta or more significant bits
56*8e2ec202Sschwarze.It 192 Ta     Ta  7680 Ta
57*8e2ec202Sschwarze.It 128 Ta     Ta  3072 Ta
58*8e2ec202Sschwarze.It 112 Ta     Ta  2048 Ta
59*8e2ec202Sschwarze.It  80 Ta     Ta  1024 Ta
60*8e2ec202Sschwarze.El
61*8e2ec202Sschwarze.Pp
62*8e2ec202Sschwarzeor 0 otherwise.
63*8e2ec202Sschwarze.Pp
64*8e2ec202Sschwarze.Fn DSA_security_bits
65*8e2ec202Sschwarzeuses the number of significant bits in the public domain parameter
66*8e2ec202Sschwarze.Fa p
67*8e2ec202Sschwarzecontained in the
68*8e2ec202Sschwarze.Fa dsa
69*8e2ec202Sschwarzeobject, which is equal to the size of the public key, in the same way as
70*8e2ec202Sschwarze.Fn RSA_security_bits .
71*8e2ec202SschwarzeIn addition, the public domain parameter
72*8e2ec202Sschwarze.Fa q
73*8e2ec202Sschwarzecontained in the
74*8e2ec202Sschwarze.Fa dsa
75*8e2ec202Sschwarzeobject, which is equal to the size of the private key, is inspected.
76*8e2ec202SschwarzeThe return value is either the security strength according to the above table
77*8e2ec202Sschwarzeor half the size of the private key, whichever is smaller.
78*8e2ec202SschwarzeIf the return value would be smaller than 80, 0 is returned instead.
79*8e2ec202Sschwarze.Pp
80*8e2ec202Sschwarze.Fn DH_security_bits
81*8e2ec202Sschwarzeuses the number of significant bits in the shared secret contained in the
82*8e2ec202Sschwarze.Fa dh
83*8e2ec202Sschwarzeobject as returned by
84*8e2ec202Sschwarze.Xr DH_bits 3
85*8e2ec202Sschwarzein the same way as
86*8e2ec202Sschwarze.Fn RSA_security_bits .
87*8e2ec202SschwarzeIf
88*8e2ec202Sschwarze.Fa dh
89*8e2ec202Sschwarzecontains the domain parameter
90*8e2ec202Sschwarze.Fa q ,
91*8e2ec202Sschwarzeits number of significant bits is used in the same way as for
92*8e2ec202Sschwarze.Fn DSA_security_bits
93*8e2ec202Sschwarzeto limit the return value.
94*8e2ec202SschwarzeOtherwise, if
95*8e2ec202Sschwarze.Fa dh
96*8e2ec202Sschwarzecontains the length of the secret exponent in bits,
97*8e2ec202Sschwarzethat number is used.
98*8e2ec202SschwarzeIf neither is available, only the above table is used
99*8e2ec202Sschwarzewithout calculating a minimum.
100*8e2ec202Sschwarze.Pp
101*8e2ec202Sschwarze.Fn BN_security_bits
102*8e2ec202Sschwarzeis a combined function.
103*8e2ec202SschwarzeIf \-1 is passed for the
104*8e2ec202Sschwarze.Fa privbits
105*8e2ec202Sschwarzeargument, it behaves like
106*8e2ec202Sschwarze.Fn RSA_security_bits .
107*8e2ec202SschwarzeOtherwise, it behaves like
108*8e2ec202Sschwarze.Fn DSA_security_bits .
109*8e2ec202Sschwarze.Sh RETURN VALUES
110*8e2ec202SschwarzeAll these functions return numbers in the range from 0 to 256 inclusive.
111*8e2ec202Sschwarze.Pp
112*8e2ec202Sschwarze.Fn DSA_security_bits
113*8e2ec202Sschwarzefails and returns \-1 unless both of the
114*8e2ec202Sschwarze.Fa p
115*8e2ec202Sschwarzeand
116*8e2ec202Sschwarze.Fa q
117*8e2ec202Sschwarzedomain parameters are present.
118*8e2ec202Sschwarze.Sh SEE ALSO
119*8e2ec202Sschwarze.Xr BN_num_bits 3 ,
120*8e2ec202Sschwarze.Xr DH_bits 3 ,
121*8e2ec202Sschwarze.Xr DH_get0_pqg 3 ,
122*8e2ec202Sschwarze.Xr DSA_get0_pqg 3 ,
123*8e2ec202Sschwarze.Xr RSA_bits 3 ,
124*8e2ec202Sschwarze.Xr SSL_CTX_set_security_level 3
125*8e2ec202Sschwarze.Rs
126*8e2ec202Sschwarze.%A Elaine Barker
127*8e2ec202Sschwarze.%T Recommendation for Key Management
128*8e2ec202Sschwarze.%I U.S. National Institute of Standards and Technology
129*8e2ec202Sschwarze.%R NIST Special Publication 800-57 Part 1 Revision 5
130*8e2ec202Sschwarze.%U https://doi.org/10.6028/NIST.SP.800-57pt1r5
131*8e2ec202Sschwarze.%C Gaithersburg, MD
132*8e2ec202Sschwarze.%D May 2020
133*8e2ec202Sschwarze.Re
134*8e2ec202Sschwarze.Sh HISTORY
135*8e2ec202SschwarzeThese functions first appeared in OpenSSL 1.1.0
136*8e2ec202Sschwarzeand have been available since
137*8e2ec202Sschwarze.Ox 7.2 .
138