5 provider-signature - The signature library E<lt>-E<gt> provider functions
9 =for openssl multiple includes
11 #include <openssl/core_dispatch.h>
12 #include <openssl/core_names.h>
15 * None of these are actual functions, but are displayed like this for
16 * the function signatures for functions that are offered as function
17 * pointers in OSSL_DISPATCH arrays.
20 /* Context management */
21 void *OSSL_FUNC_signature_newctx(void *provctx, const char *propq);
22 void OSSL_FUNC_signature_freectx(void *ctx);
23 void *OSSL_FUNC_signature_dupctx(void *ctx);
26 int OSSL_FUNC_signature_sign_init(void *ctx, void *provkey,
27 const OSSL_PARAM params[]);
28 int OSSL_FUNC_signature_sign(void *ctx, unsigned char *sig, size_t *siglen,
29 size_t sigsize, const unsigned char *tbs, size_t tbslen);
32 int OSSL_FUNC_signature_verify_init(void *ctx, void *provkey,
33 const OSSL_PARAM params[]);
34 int OSSL_FUNC_signature_verify(void *ctx, const unsigned char *sig, size_t siglen,
35 const unsigned char *tbs, size_t tbslen);
38 int OSSL_FUNC_signature_verify_recover_init(void *ctx, void *provkey,
39 const OSSL_PARAM params[]);
40 int OSSL_FUNC_signature_verify_recover(void *ctx, unsigned char *rout,
41 size_t *routlen, size_t routsize,
42 const unsigned char *sig, size_t siglen);
45 int OSSL_FUNC_signature_digest_sign_init(void *ctx, const char *mdname,
46 const char *props, void *provkey,
47 const OSSL_PARAM params[]);
48 int OSSL_FUNC_signature_digest_sign_update(void *ctx, const unsigned char *data,
50 int OSSL_FUNC_signature_digest_sign_final(void *ctx, unsigned char *sig,
51 size_t *siglen, size_t sigsize);
52 int OSSL_FUNC_signature_digest_sign(void *ctx,
53 unsigned char *sigret, size_t *siglen,
54 size_t sigsize, const unsigned char *tbs,
58 int OSSL_FUNC_signature_digest_verify_init(void *ctx, const char *mdname,
59 const char *props, void *provkey,
60 const OSSL_PARAM params[]);
61 int OSSL_FUNC_signature_digest_verify_update(void *ctx,
62 const unsigned char *data,
64 int OSSL_FUNC_signature_digest_verify_final(void *ctx, const unsigned char *sig,
66 int OSSL_FUNC_signature_digest_verify(void *ctx, const unsigned char *sig,
67 size_t siglen, const unsigned char *tbs,
70 /* Signature parameters */
71 int OSSL_FUNC_signature_get_ctx_params(void *ctx, OSSL_PARAM params[]);
72 const OSSL_PARAM *OSSL_FUNC_signature_gettable_ctx_params(void *ctx,
74 int OSSL_FUNC_signature_set_ctx_params(void *ctx, const OSSL_PARAM params[]);
75 const OSSL_PARAM *OSSL_FUNC_signature_settable_ctx_params(void *ctx,
78 int OSSL_FUNC_signature_get_ctx_md_params(void *ctx, OSSL_PARAM params[]);
79 const OSSL_PARAM * OSSL_FUNC_signature_gettable_ctx_md_params(void *ctx);
80 int OSSL_FUNC_signature_set_ctx_md_params(void *ctx, const OSSL_PARAM params[]);
81 const OSSL_PARAM * OSSL_FUNC_signature_settable_ctx_md_params(void *ctx);
85 This documentation is primarily aimed at provider authors. See L<provider(7)>
86 for further information.
88 The signature (OSSL_OP_SIGNATURE) operation enables providers to implement
89 signature algorithms and make them available to applications via the API
90 functions L<EVP_PKEY_sign(3)>,
91 L<EVP_PKEY_verify(3)>,
92 and L<EVP_PKEY_verify_recover(3)> (as well
93 as other related functions).
95 All "functions" mentioned here are passed as function pointers between
96 F<libcrypto> and the provider in B<OSSL_DISPATCH> arrays via
97 B<OSSL_ALGORITHM> arrays that are returned by the provider's
98 provider_query_operation() function
99 (see L<provider-base(7)/Provider Functions>).
101 All these "functions" have a corresponding function type definition
102 named B<OSSL_FUNC_{name}_fn>, and a helper function to retrieve the
103 function pointer from an B<OSSL_DISPATCH> element named
105 For example, the "function" OSSL_FUNC_signature_newctx() has these:
107 typedef void *(OSSL_FUNC_signature_newctx_fn)(void *provctx, const char *propq);
108 static ossl_inline OSSL_FUNC_signature_newctx_fn
109 OSSL_FUNC_signature_newctx(const OSSL_DISPATCH *opf);
111 B<OSSL_DISPATCH> arrays are indexed by numbers that are provided as
112 macros in L<openssl-core_dispatch.h(7)>, as follows:
114 OSSL_FUNC_signature_newctx OSSL_FUNC_SIGNATURE_NEWCTX
115 OSSL_FUNC_signature_freectx OSSL_FUNC_SIGNATURE_FREECTX
116 OSSL_FUNC_signature_dupctx OSSL_FUNC_SIGNATURE_DUPCTX
118 OSSL_FUNC_signature_sign_init OSSL_FUNC_SIGNATURE_SIGN_INIT
119 OSSL_FUNC_signature_sign OSSL_FUNC_SIGNATURE_SIGN
121 OSSL_FUNC_signature_verify_init OSSL_FUNC_SIGNATURE_VERIFY_INIT
122 OSSL_FUNC_signature_verify OSSL_FUNC_SIGNATURE_VERIFY
124 OSSL_FUNC_signature_verify_recover_init OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT
125 OSSL_FUNC_signature_verify_recover OSSL_FUNC_SIGNATURE_VERIFY_RECOVER
127 OSSL_FUNC_signature_digest_sign_init OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT
128 OSSL_FUNC_signature_digest_sign_update OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE
129 OSSL_FUNC_signature_digest_sign_final OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL
130 OSSL_FUNC_signature_digest_sign OSSL_FUNC_SIGNATURE_DIGEST_SIGN
132 OSSL_FUNC_signature_digest_verify_init OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT
133 OSSL_FUNC_signature_digest_verify_update OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE
134 OSSL_FUNC_signature_digest_verify_final OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL
135 OSSL_FUNC_signature_digest_verify OSSL_FUNC_SIGNATURE_DIGEST_VERIFY
137 OSSL_FUNC_signature_get_ctx_params OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS
138 OSSL_FUNC_signature_gettable_ctx_params OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS
139 OSSL_FUNC_signature_set_ctx_params OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS
140 OSSL_FUNC_signature_settable_ctx_params OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS
142 OSSL_FUNC_signature_get_ctx_md_params OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS
143 OSSL_FUNC_signature_gettable_ctx_md_params OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS
144 OSSL_FUNC_signature_set_ctx_md_params OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS
145 OSSL_FUNC_signature_settable_ctx_md_params OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS
147 A signature algorithm implementation may not implement all of these functions.
148 In order to be a consistent set of functions we must have at least a set of
149 context functions (OSSL_FUNC_signature_newctx and OSSL_FUNC_signature_freectx) as well as a
150 set of "signature" functions, i.e. at least one of:
154 =item OSSL_FUNC_signature_sign_init and OSSL_FUNC_signature_sign
156 =item OSSL_FUNC_signature_verify_init and OSSL_FUNC_signature_verify
158 =item OSSL_FUNC_signature_verify_recover_init and OSSL_FUNC_signature_verify_init
160 =item OSSL_FUNC_signature_digest_sign_init, OSSL_FUNC_signature_digest_sign_update and OSSL_FUNC_signature_digest_sign_final
162 =item OSSL_FUNC_signature_digest_verify_init, OSSL_FUNC_signature_digest_verify_update and OSSL_FUNC_signature_digest_verify_final
164 =item OSSL_FUNC_signature_digest_sign_init and OSSL_FUNC_signature_digest_sign
166 =item OSSL_FUNC_signature_digest_verify_init and OSSL_FUNC_signature_digest_verify
170 OSSL_FUNC_signature_set_ctx_params and OSSL_FUNC_signature_settable_ctx_params are optional,
171 but if one of them is present then the other one must also be present. The same
172 applies to OSSL_FUNC_signature_get_ctx_params and OSSL_FUNC_signature_gettable_ctx_params, as
173 well as the "md_params" functions. The OSSL_FUNC_signature_dupctx function is optional.
175 A signature algorithm must also implement some mechanism for generating,
176 loading or importing keys via the key management (OSSL_OP_KEYMGMT) operation.
177 See L<provider-keymgmt(7)> for further details.
179 =head2 Context Management Functions
181 OSSL_FUNC_signature_newctx() should create and return a pointer to a provider side
182 structure for holding context information during a signature operation.
183 A pointer to this context will be passed back in a number of the other signature
184 operation function calls.
185 The parameter I<provctx> is the provider context generated during provider
186 initialisation (see L<provider(7)>). The I<propq> parameter is a property query
187 string that may be (optionally) used by the provider during any "fetches" that
188 it may perform (if it performs any).
190 OSSL_FUNC_signature_freectx() is passed a pointer to the provider side signature
191 context in the I<ctx> parameter.
192 This function should free any resources associated with that context.
194 OSSL_FUNC_signature_dupctx() should duplicate the provider side signature context in
195 the I<ctx> parameter and return the duplicate copy.
197 =head2 Signing Functions
199 OSSL_FUNC_signature_sign_init() initialises a context for signing given a provider side
200 signature context in the I<ctx> parameter, and a pointer to a provider key object
201 in the I<provkey> parameter.
202 The I<params>, if not NULL, should be set on the context in a manner similar to
203 using OSSL_FUNC_signature_set_ctx_params().
204 The key object should have been previously generated, loaded or imported into
205 the provider using the key management (OSSL_OP_KEYMGMT) operation (see
206 provider-keymgmt(7)>.
208 OSSL_FUNC_signature_sign() performs the actual signing itself.
209 A previously initialised signature context is passed in the I<ctx>
211 The data to be signed is pointed to be the I<tbs> parameter which is I<tbslen>
213 Unless I<sig> is NULL, the signature should be written to the location pointed
214 to by the I<sig> parameter and it should not exceed I<sigsize> bytes in length.
215 The length of the signature should be written to I<*siglen>.
216 If I<sig> is NULL then the maximum length of the signature should be written to
219 =head2 Verify Functions
221 OSSL_FUNC_signature_verify_init() initialises a context for verifying a signature given
222 a provider side signature context in the I<ctx> parameter, and a pointer to a
223 provider key object in the I<provkey> parameter.
224 The I<params>, if not NULL, should be set on the context in a manner similar to
225 using OSSL_FUNC_signature_set_ctx_params().
226 The key object should have been previously generated, loaded or imported into
227 the provider using the key management (OSSL_OP_KEYMGMT) operation (see
228 provider-keymgmt(7)>.
230 OSSL_FUNC_signature_verify() performs the actual verification itself.
231 A previously initialised signature context is passed in the I<ctx> parameter.
232 The data that the signature covers is pointed to be the I<tbs> parameter which
233 is I<tbslen> bytes long.
234 The signature is pointed to by the I<sig> parameter which is I<siglen> bytes
237 =head2 Verify Recover Functions
239 OSSL_FUNC_signature_verify_recover_init() initialises a context for recovering the
240 signed data given a provider side signature context in the I<ctx> parameter, and
241 a pointer to a provider key object in the I<provkey> parameter.
242 The I<params>, if not NULL, should be set on the context in a manner similar to
243 using OSSL_FUNC_signature_set_ctx_params().
244 The key object should have been previously generated, loaded or imported into
245 the provider using the key management (OSSL_OP_KEYMGMT) operation (see
246 provider-keymgmt(7)>.
248 OSSL_FUNC_signature_verify_recover() performs the actual verify recover itself.
249 A previously initialised signature context is passed in the I<ctx> parameter.
250 The signature is pointed to by the I<sig> parameter which is I<siglen> bytes
252 Unless I<rout> is NULL, the recovered data should be written to the location
253 pointed to by I<rout> which should not exceed I<routsize> bytes in length.
254 The length of the recovered data should be written to I<*routlen>.
255 If I<rout> is NULL then the maximum size of the output buffer is written to
256 the I<routlen> parameter.
258 =head2 Digest Sign Functions
260 OSSL_FUNC_signature_digeset_sign_init() initialises a context for signing given a
261 provider side signature context in the I<ctx> parameter, and a pointer to a
262 provider key object in the I<provkey> parameter.
263 The I<params>, if not NULL, should be set on the context in a manner similar to
264 using OSSL_FUNC_signature_set_ctx_params() and
265 OSSL_FUNC_signature_set_ctx_md_params().
266 The key object should have been
267 previously generated, loaded or imported into the provider using the
268 key management (OSSL_OP_KEYMGMT) operation (see provider-keymgmt(7)>.
269 The name of the digest to be used will be in the I<mdname> parameter. There may
270 also be properties to be used in fetching the digest in the I<props> parameter,
271 although this may be ignored by providers.
273 OSSL_FUNC_signature_digest_sign_update() provides data to be signed in the I<data>
274 parameter which should be of length I<datalen>. A previously initialised
275 signature context is passed in the I<ctx> parameter. This function may be called
276 multiple times to cumulatively add data to be signed.
278 OSSL_FUNC_signature_digest_sign_final() finalises a signature operation previously
279 started through OSSL_FUNC_signature_digest_sign_init() and
280 OSSL_FUNC_signature_digest_sign_update() calls. Once finalised no more data will be
281 added through OSSL_FUNC_signature_digest_sign_update(). A previously initialised
282 signature context is passed in the I<ctx> parameter. Unless I<sig> is NULL, the
283 signature should be written to the location pointed to by the I<sig> parameter
284 and it should not exceed I<sigsize> bytes in length. The length of the signature
285 should be written to I<*siglen>. If I<sig> is NULL then the maximum length of
286 the signature should be written to I<*siglen>.
288 OSSL_FUNC_signature_digest_sign() implements a "one shot" digest sign operation
289 previously started through OSSL_FUNC_signature_digeset_sign_init(). A previously
290 initialised signature context is passed in the I<ctx> parameter. The data to be
291 signed is in I<tbs> which should be I<tbslen> bytes long. Unless I<sig> is NULL,
292 the signature should be written to the location pointed to by the I<sig>
293 parameter and it should not exceed I<sigsize> bytes in length. The length of the
294 signature should be written to I<*siglen>. If I<sig> is NULL then the maximum
295 length of the signature should be written to I<*siglen>.
297 =head2 Digest Verify Functions
299 OSSL_FUNC_signature_digeset_verify_init() initialises a context for verifying given a
300 provider side verification context in the I<ctx> parameter, and a pointer to a
301 provider key object in the I<provkey> parameter.
302 The I<params>, if not NULL, should be set on the context in a manner similar to
303 OSSL_FUNC_signature_set_ctx_params() and
304 OSSL_FUNC_signature_set_ctx_md_params().
305 The key object should have been
306 previously generated, loaded or imported into the provider using the
307 key management (OSSL_OP_KEYMGMT) operation (see provider-keymgmt(7)>.
308 The name of the digest to be used will be in the I<mdname> parameter. There may
309 also be properties to be used in fetching the digest in the I<props> parameter,
310 although this may be ignored by providers.
312 OSSL_FUNC_signature_digest_verify_update() provides data to be verified in the I<data>
313 parameter which should be of length I<datalen>. A previously initialised
314 verification context is passed in the I<ctx> parameter. This function may be
315 called multiple times to cumulatively add data to be verified.
317 OSSL_FUNC_signature_digest_verify_final() finalises a verification operation previously
318 started through OSSL_FUNC_signature_digest_verify_init() and
319 OSSL_FUNC_signature_digest_verify_update() calls. Once finalised no more data will be
320 added through OSSL_FUNC_signature_digest_verify_update(). A previously initialised
321 verification context is passed in the I<ctx> parameter. The signature to be
322 verified is in I<sig> which is I<siglen> bytes long.
324 OSSL_FUNC_signature_digest_verify() implements a "one shot" digest verify operation
325 previously started through OSSL_FUNC_signature_digeset_verify_init(). A previously
326 initialised verification context is passed in the I<ctx> parameter. The data to be
327 verified is in I<tbs> which should be I<tbslen> bytes long. The signature to be
328 verified is in I<sig> which is I<siglen> bytes long.
330 =head2 Signature parameters
332 See L<OSSL_PARAM(3)> for further details on the parameters structure used by
333 the OSSL_FUNC_signature_get_ctx_params() and OSSL_FUNC_signature_set_ctx_params() functions.
335 OSSL_FUNC_signature_get_ctx_params() gets signature parameters associated with the
336 given provider side signature context I<ctx> and stored them in I<params>.
337 Passing NULL for I<params> should return true.
339 OSSL_FUNC_signature_set_ctx_params() sets the signature parameters associated with the
340 given provider side signature context I<ctx> to I<params>.
341 Any parameter settings are additional to any that were previously set.
342 Passing NULL for I<params> should return true.
344 Common parameters currently recognised by built-in signature algorithms are as
349 =item "digest" (B<OSSL_SIGNATURE_PARAM_DIGEST>) <UTF8 string>
351 Get or sets the name of the digest algorithm used for the input to the
352 signature functions. It is required in order to calculate the "algorithm-id".
354 =item "properties" (B<OSSL_SIGNATURE_PARAM_PROPERTIES>) <UTF8 string>
356 Sets the name of the property query associated with the "digest" algorithm.
357 NULL is used if this optional value is not set.
359 =item "digest-size" (B<OSSL_SIGNATURE_PARAM_DIGEST_SIZE>) <unsigned integer>
361 Gets or sets the output size of the digest algorithm used for the input to the
363 The length of the "digest-size" parameter should not exceed that of a B<size_t>.
365 =item "algorithm-id" (B<OSSL_SIGNATURE_PARAM_ALGORITHM_ID>) <octet string>
367 Gets the DER encoded AlgorithmIdentifier that corresponds to the combination of
368 signature algorithm and digest algorithm for the signature operation.
370 =item "kat" (B<OSSL_SIGNATURE_PARAM_KAT>) <unsigned integer>
372 Sets a flag to modify the sign operation to return an error if the initial
373 calculated signature is invalid.
374 In the normal mode of operation - new random values are chosen until the
375 signature operation succeeds.
376 By default it retries until a signature is calculated.
377 Setting the value to 0 causes the sign operation to retry,
378 otherwise the sign operation is only tried once and returns whether or not it
380 Known answer tests can be performed if the random generator is overridden to
381 supply known values that either pass or fail.
385 OSSL_FUNC_signature_gettable_ctx_params() and OSSL_FUNC_signature_settable_ctx_params() get a
386 constant B<OSSL_PARAM> array that describes the gettable and settable parameters,
387 i.e. parameters that can be used with OSSL_FUNC_signature_get_ctx_params() and
388 OSSL_FUNC_signature_set_ctx_params() respectively.
389 See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as parameter descriptor.
393 See L<OSSL_PARAM(3)> for further details on the parameters structure used by
394 the OSSL_FUNC_signature_get_md_ctx_params() and OSSL_FUNC_signature_set_md_ctx_params()
397 OSSL_FUNC_signature_get_md_ctx_params() gets digest parameters associated with the
398 given provider side digest signature context I<ctx> and stores them in I<params>.
399 Passing NULL for I<params> should return true.
401 OSSL_FUNC_signature_set_ms_ctx_params() sets the digest parameters associated with the
402 given provider side digest signature context I<ctx> to I<params>.
403 Any parameter settings are additional to any that were previously set.
404 Passing NULL for I<params> should return true.
406 Parameters currently recognised by built-in signature algorithms are the same
407 as those for built-in digest algorithms. See
408 L<provider-digest(7)/Digest Parameters> for further information.
410 OSSL_FUNC_signature_gettable_md_ctx_params() and OSSL_FUNC_signature_settable_md_ctx_params()
411 get a constant B<OSSL_PARAM> array that describes the gettable and settable
412 digest parameters, i.e. parameters that can be used with
413 OSSL_FUNC_signature_get_md_ctx_params() and OSSL_FUNC_signature_set_md_ctx_params()
414 respectively. See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as parameter
419 OSSL_FUNC_signature_newctx() and OSSL_FUNC_signature_dupctx() should return the newly created
420 provider side signature, or NULL on failure.
422 OSSL_FUNC_signature_gettable_ctx_params(), OSSL_FUNC_signature_settable_ctx_params(),
423 OSSL_FUNC_signature_gettable_md_ctx_params() and OSSL_FUNC_signature_settable_md_ctx_params(),
424 return the gettable or settable parameters in a constant B<OSSL_PARAM> array.
426 All other functions should return 1 for success or 0 on error.
434 The provider SIGNATURE interface was introduced in OpenSSL 3.0.
438 Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
440 Licensed under the Apache License 2.0 (the "License"). You may not use
441 this file except in compliance with the License. You can obtain a copy
442 in the file LICENSE in the source distribution or at
443 L<https://www.openssl.org/source/license.html>.