5 provider-signature - The signature library E<lt>-E<gt> provider functions
9 =for openssl multiple includes
11 #include <openssl/core_dispatch.h>
12 #include <openssl/core_names.h>
15 * None of these are actual functions, but are displayed like this for
16 * the function signatures for functions that are offered as function
17 * pointers in OSSL_DISPATCH arrays.
20 /* Context management */
21 void *OSSL_FUNC_signature_newctx(void *provctx);
22 void OSSL_FUNC_signature_freectx(void *ctx);
23 void *OSSL_FUNC_signature_dupctx(void *ctx);
26 int OSSL_FUNC_signature_sign_init(void *ctx, void *provkey,
27 const OSSL_PARAM params[]);
28 int OSSL_FUNC_signature_sign(void *ctx, unsigned char *sig, size_t *siglen,
29 size_t sigsize, const unsigned char *tbs, size_t tbslen);
32 int OSSL_FUNC_signature_verify_init(void *ctx, void *provkey,
33 const OSSL_PARAM params[]);
34 int OSSL_FUNC_signature_verify(void *ctx, const unsigned char *sig, size_t siglen,
35 const unsigned char *tbs, size_t tbslen);
38 int OSSL_FUNC_signature_verify_recover_init(void *ctx, void *provkey,
39 const OSSL_PARAM params[]);
40 int OSSL_FUNC_signature_verify_recover(void *ctx, unsigned char *rout,
41 size_t *routlen, size_t routsize,
42 const unsigned char *sig, size_t siglen);
45 int OSSL_FUNC_signature_digest_sign_init(void *ctx, const char *mdname,
46 const char *props, void *provkey,
47 const OSSL_PARAM params[]);
48 int OSSL_FUNC_signature_digest_sign_update(void *ctx, const unsigned char *data,
50 int OSSL_FUNC_signature_digest_sign_final(void *ctx, unsigned char *sig,
51 size_t *siglen, size_t sigsize);
52 int OSSL_FUNC_signature_digest_sign(void *ctx,
53 unsigned char *sigret, size_t *siglen,
54 size_t sigsize, const unsigned char *tbs,
58 int OSSL_FUNC_signature_digest_verify_init(void *ctx, const char *mdname,
59 const char *props, void *provkey,
60 const OSSL_PARAM params[]);
61 int OSSL_FUNC_signature_digest_verify_update(void *ctx,
62 const unsigned char *data,
64 int OSSL_FUNC_signature_digest_verify_final(void *ctx, const unsigned char *sig,
66 int OSSL_FUNC_signature_digest_verify(void *ctx, const unsigned char *sig,
67 size_t siglen, const unsigned char *tbs,
70 /* Signature parameters */
71 int OSSL_FUNC_signature_get_ctx_params(void *ctx, OSSL_PARAM params[]);
72 const OSSL_PARAM *OSSL_FUNC_signature_gettable_ctx_params(void *ctx,
74 int OSSL_FUNC_signature_set_ctx_params(void *ctx, const OSSL_PARAM params[]);
75 const OSSL_PARAM *OSSL_FUNC_signature_settable_ctx_params(void *ctx,
78 int OSSL_FUNC_signature_get_ctx_md_params(void *ctx, OSSL_PARAM params[]);
79 const OSSL_PARAM * OSSL_FUNC_signature_gettable_ctx_md_params(void *ctx);
80 int OSSL_FUNC_signature_set_ctx_md_params(void *ctx, const OSSL_PARAM params[]);
81 const OSSL_PARAM * OSSL_FUNC_signature_settable_ctx_md_params(void *ctx);
85 This documentation is primarily aimed at provider authors. See L<provider(7)>
86 for further information.
88 The signature (OSSL_OP_SIGNATURE) operation enables providers to implement
89 signature algorithms and make them available to applications via the API
90 functions L<EVP_PKEY_sign(3)>,
91 L<EVP_PKEY_verify(3)>,
92 and L<EVP_PKEY_verify_recover(3)> (as well
93 as other related functions).
95 All "functions" mentioned here are passed as function pointers between
96 F<libcrypto> and the provider in B<OSSL_DISPATCH> arrays via
97 B<OSSL_ALGORITHM> arrays that are returned by the provider's
98 provider_query_operation() function
99 (see L<provider-base(7)/Provider Functions>).
101 All these "functions" have a corresponding function type definition
102 named B<OSSL_{name}_fn>, and a helper function to retrieve the
103 function pointer from an B<OSSL_DISPATCH> element named
105 For example, the "function" OSSL_FUNC_signature_newctx() has these:
107 typedef void *(OSSL_FUNC_signature_newctx_fn)(void *provctx);
108 static ossl_inline OSSL_FUNC_signature_newctx_fn
109 OSSL_FUNC_signature_newctx(const OSSL_DISPATCH *opf);
111 B<OSSL_DISPATCH> arrays are indexed by numbers that are provided as
112 macros in L<openssl-core_dispatch.h(7)>, as follows:
114 OSSL_FUNC_signature_newctx OSSL_FUNC_SIGNATURE_NEWCTX
115 OSSL_FUNC_signature_freectx OSSL_FUNC_SIGNATURE_FREECTX
116 OSSL_FUNC_signature_dupctx OSSL_FUNC_SIGNATURE_DUPCTX
118 OSSL_FUNC_signature_sign_init OSSL_FUNC_SIGNATURE_SIGN_INIT
119 OSSL_FUNC_signature_sign OSSL_FUNC_SIGNATURE_SIGN
121 OSSL_FUNC_signature_verify_init OSSL_FUNC_SIGNATURE_VERIFY_INIT
122 OSSL_FUNC_signature_verify OSSL_FUNC_SIGNATURE_VERIFY
124 OSSL_FUNC_signature_verify_recover_init OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT
125 OSSL_FUNC_signature_verify_recover OSSL_FUNC_SIGNATURE_VERIFY_RECOVER
127 OSSL_FUNC_signature_digest_sign_init OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT
128 OSSL_FUNC_signature_digest_sign_update OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE
129 OSSL_FUNC_signature_digest_sign_final OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL
130 OSSL_FUNC_signature_digest_sign OSSL_FUNC_SIGNATURE_DIGEST_SIGN
132 OSSL_FUNC_signature_digest_verify_init OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT
133 OSSL_FUNC_signature_digest_verify_update OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE
134 OSSL_FUNC_signature_digest_verify_final OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL
135 OSSL_FUNC_signature_digest_verify OSSL_FUNC_SIGNATURE_DIGEST_VERIFY
137 OSSL_FUNC_signature_get_ctx_params OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS
138 OSSL_FUNC_signature_gettable_ctx_params OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS
139 OSSL_FUNC_signature_set_ctx_params OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS
140 OSSL_FUNC_signature_settable_ctx_params OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS
142 OSSL_FUNC_signature_get_ctx_md_params OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS
143 OSSL_FUNC_signature_gettable_ctx_md_params OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS
144 OSSL_FUNC_signature_set_ctx_md_params OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS
145 OSSL_FUNC_signature_settable_ctx_md_params OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS
147 A signature algorithm implementation may not implement all of these functions.
148 In order to be a consistent set of functions we must have at least a set of
149 context functions (OSSL_FUNC_signature_newctx and OSSL_FUNC_signature_freectx) as well as a
150 set of "signature" functions, i.e. at least one of:
154 =item OSSL_FUNC_signature_sign_init and OSSL_FUNC_signature_sign
156 =item OSSL_FUNC_signature_verify_init and OSSL_FUNC_signature_verify
158 =item OSSL_FUNC_signature_verify_recover_init and OSSL_FUNC_signature_verify_init
160 =item OSSL_FUNC_signature_digest_sign_init, OSSL_FUNC_signature_digest_sign_update and OSSL_FUNC_signature_digest_sign_final
162 =item OSSL_FUNC_signature_digest_verify_init, OSSL_FUNC_signature_digest_verify_update and OSSL_FUNC_signature_digest_verify_final
164 =item OSSL_FUNC_signature_digest_sign_init and OSSL_FUNC_signature_digest_sign
166 =item OSSL_FUNC_signature_digest_verify_init and OSSL_FUNC_signature_digest_verify
170 OSSL_FUNC_signature_set_ctx_params and OSSL_FUNC_signature_settable_ctx_params are optional,
171 but if one of them is present then the other one must also be present. The same
172 applies to OSSL_FUNC_signature_get_ctx_params and OSSL_FUNC_signature_gettable_ctx_params, as
173 well as the "md_params" functions. The OSSL_FUNC_signature_dupctx function is optional.
175 A signature algorithm must also implement some mechanism for generating,
176 loading or importing keys via the key management (OSSL_OP_KEYMGMT) operation.
177 See L<provider-keymgmt(7)> for further details.
179 =head2 Context Management Functions
181 OSSL_FUNC_signature_newctx() should create and return a pointer to a provider side
182 structure for holding context information during a signature operation.
183 A pointer to this context will be passed back in a number of the other signature
184 operation function calls.
185 The parameter I<provctx> is the provider context generated during provider
186 initialisation (see L<provider(7)>).
188 OSSL_FUNC_signature_freectx() is passed a pointer to the provider side signature
189 context in the I<ctx> parameter.
190 This function should free any resources associated with that context.
192 OSSL_FUNC_signature_dupctx() should duplicate the provider side signature context in
193 the I<ctx> parameter and return the duplicate copy.
195 =head2 Signing Functions
197 OSSL_FUNC_signature_sign_init() initialises a context for signing given a provider side
198 signature context in the I<ctx> parameter, and a pointer to a provider key object
199 in the I<provkey> parameter.
200 The I<params>, if not NULL, should be set on the context in a manner similar to
201 using OSSL_FUNC_signature_set_ctx_params().
202 The key object should have been previously generated, loaded or imported into
203 the provider using the key management (OSSL_OP_KEYMGMT) operation (see
204 provider-keymgmt(7)>.
206 OSSL_FUNC_signature_sign() performs the actual signing itself.
207 A previously initialised signature context is passed in the I<ctx>
209 The data to be signed is pointed to be the I<tbs> parameter which is I<tbslen>
211 Unless I<sig> is NULL, the signature should be written to the location pointed
212 to by the I<sig> parameter and it should not exceed I<sigsize> bytes in length.
213 The length of the signature should be written to I<*siglen>.
214 If I<sig> is NULL then the maximum length of the signature should be written to
217 =head2 Verify Functions
219 OSSL_FUNC_signature_verify_init() initialises a context for verifying a signature given
220 a provider side signature context in the I<ctx> parameter, and a pointer to a
221 provider key object in the I<provkey> parameter.
222 The I<params>, if not NULL, should be set on the context in a manner similar to
223 using OSSL_FUNC_signature_set_ctx_params().
224 The key object should have been previously generated, loaded or imported into
225 the provider using the key management (OSSL_OP_KEYMGMT) operation (see
226 provider-keymgmt(7)>.
228 OSSL_FUNC_signature_verify() performs the actual verification itself.
229 A previously initialised signature context is passed in the I<ctx> parameter.
230 The data that the signature covers is pointed to be the I<tbs> parameter which
231 is I<tbslen> bytes long.
232 The signature is pointed to by the I<sig> parameter which is I<siglen> bytes
235 =head2 Verify Recover Functions
237 OSSL_FUNC_signature_verify_recover_init() initialises a context for recovering the
238 signed data given a provider side signature context in the I<ctx> parameter, and
239 a pointer to a provider key object in the I<provkey> parameter.
240 The I<params>, if not NULL, should be set on the context in a manner similar to
241 using OSSL_FUNC_signature_set_ctx_params().
242 The key object should have been previously generated, loaded or imported into
243 the provider using the key management (OSSL_OP_KEYMGMT) operation (see
244 provider-keymgmt(7)>.
246 OSSL_FUNC_signature_verify_recover() performs the actual verify recover itself.
247 A previously initialised signature context is passed in the I<ctx> parameter.
248 The signature is pointed to by the I<sig> parameter which is I<siglen> bytes
250 Unless I<rout> is NULL, the recovered data should be written to the location
251 pointed to by I<rout> which should not exceed I<routsize> bytes in length.
252 The length of the recovered data should be written to I<*routlen>.
253 If I<rout> is NULL then the maximum size of the output buffer is written to
254 the I<routlen> parameter.
256 =head2 Digest Sign Functions
258 OSSL_FUNC_signature_digeset_sign_init() initialises a context for signing given a
259 provider side signature context in the I<ctx> parameter, and a pointer to a
260 provider key object in the I<provkey> parameter.
261 The I<params>, if not NULL, should be set on the context in a manner similar to
262 using OSSL_FUNC_signature_set_ctx_params() and
263 OSSL_FUNC_signature_set_ctx_md_params().
264 The key object should have been
265 previously generated, loaded or imported into the provider using the
266 key management (OSSL_OP_KEYMGMT) operation (see provider-keymgmt(7)>.
267 The name of the digest to be used will be in the I<mdname> parameter. There may
268 also be properties to be used in fetching the digest in the I<props> parameter,
269 although this may be ignored by providers.
271 OSSL_FUNC_signature_digest_sign_update() provides data to be signed in the I<data>
272 parameter which should be of length I<datalen>. A previously initialised
273 signature context is passed in the I<ctx> parameter. This function may be called
274 multiple times to cumulatively add data to be signed.
276 OSSL_FUNC_signature_digest_sign_final() finalises a signature operation previously
277 started through OSSL_FUNC_signature_digest_sign_init() and
278 OSSL_FUNC_signature_digest_sign_update() calls. Once finalised no more data will be
279 added through OSSL_FUNC_signature_digest_sign_update(). A previously initialised
280 signature context is passed in the I<ctx> parameter. Unless I<sig> is NULL, the
281 signature should be written to the location pointed to by the I<sig> parameter
282 and it should not exceed I<sigsize> bytes in length. The length of the signature
283 should be written to I<*siglen>. If I<sig> is NULL then the maximum length of
284 the signature should be written to I<*siglen>.
286 OSSL_FUNC_signature_digest_sign() implements a "one shot" digest sign operation
287 previously started through OSSL_FUNC_signature_digeset_sign_init(). A previously
288 initialised signature context is passed in the I<ctx> parameter. The data to be
289 signed is in I<tbs> which should be I<tbslen> bytes long. Unless I<sig> is NULL,
290 the signature should be written to the location pointed to by the I<sig>
291 parameter and it should not exceed I<sigsize> bytes in length. The length of the
292 signature should be written to I<*siglen>. If I<sig> is NULL then the maximum
293 length of the signature should be written to I<*siglen>.
295 =head2 Digest Verify Functions
297 OSSL_FUNC_signature_digeset_verify_init() initialises a context for verifying given a
298 provider side verification context in the I<ctx> parameter, and a pointer to a
299 provider key object in the I<provkey> parameter.
300 The I<params>, if not NULL, should be set on the context in a manner similar to
301 OSSL_FUNC_signature_set_ctx_params() and
302 OSSL_FUNC_signature_set_ctx_md_params().
303 The key object should have been
304 previously generated, loaded or imported into the provider using the
305 key management (OSSL_OP_KEYMGMT) operation (see provider-keymgmt(7)>.
306 The name of the digest to be used will be in the I<mdname> parameter. There may
307 also be properties to be used in fetching the digest in the I<props> parameter,
308 although this may be ignored by providers.
310 OSSL_FUNC_signature_digest_verify_update() provides data to be verified in the I<data>
311 parameter which should be of length I<datalen>. A previously initialised
312 verification context is passed in the I<ctx> parameter. This function may be
313 called multiple times to cumulatively add data to be verified.
315 OSSL_FUNC_signature_digest_verify_final() finalises a verification operation previously
316 started through OSSL_FUNC_signature_digest_verify_init() and
317 OSSL_FUNC_signature_digest_verify_update() calls. Once finalised no more data will be
318 added through OSSL_FUNC_signature_digest_verify_update(). A previously initialised
319 verification context is passed in the I<ctx> parameter. The signature to be
320 verified is in I<sig> which is I<siglen> bytes long.
322 OSSL_FUNC_signature_digest_verify() implements a "one shot" digest verify operation
323 previously started through OSSL_FUNC_signature_digeset_verify_init(). A previously
324 initialised verification context is passed in the I<ctx> parameter. The data to be
325 verified is in I<tbs> which should be I<tbslen> bytes long. The signature to be
326 verified is in I<sig> which is I<siglen> bytes long.
328 =head2 Signature parameters
330 See L<OSSL_PARAM(3)> for further details on the parameters structure used by
331 the OSSL_FUNC_signature_get_ctx_params() and OSSL_FUNC_signature_set_ctx_params() functions.
333 OSSL_FUNC_signature_get_ctx_params() gets signature parameters associated with the
334 given provider side signature context I<ctx> and stored them in I<params>.
335 Passing NULL for I<params> should return true.
337 OSSL_FUNC_signature_set_ctx_params() sets the signature parameters associated with the
338 given provider side signature context I<ctx> to I<params>.
339 Any parameter settings are additional to any that were previously set.
340 Passing NULL for I<params> should return true.
342 Common parameters currently recognised by built-in signature algorithms are as
347 =item "digest" (B<OSSL_SIGNATURE_PARAM_DIGEST>) <UTF8 string>
349 Get or sets the name of the digest algorithm used for the input to the
350 signature functions. It is required in order to calculate the "algorithm-id".
352 =item "properties" (B<OSSL_SIGNATURE_PARAM_PROPERTIES>) <UTF8 string>
354 Sets the name of the property query associated with the "digest" algorithm.
355 NULL is used if this optional value is not set.
357 =item "digest-size" (B<OSSL_SIGNATURE_PARAM_DIGEST_SIZE>) <unsigned integer>
359 Gets or sets the output size of the digest algorithm used for the input to the
361 The length of the "digest-size" parameter should not exceed that of a B<size_t>.
363 =item "algorithm-id" (B<OSSL_SIGNATURE_PARAM_ALGORITHM_ID>) <octet string>
365 Gets the DER encoded AlgorithmIdentifier that corresponds to the combination of
366 signature algorithm and digest algorithm for the signature operation.
368 =item "kat" (B<OSSL_SIGNATURE_PARAM_KAT>) <unsigned integer>
370 Sets a flag to modify the sign operation to return an error if the initial
371 calculated signature is invalid.
372 In the normal mode of operation - new random values are chosen until the
373 signature operation succeeds.
374 By default it retries until a signature is calculated.
375 Setting the value to 0 causes the sign operation to retry,
376 otherwise the sign operation is only tried once and returns whether or not it
378 Known answer tests can be performed if the random generator is overridden to
379 supply known values that either pass or fail.
383 OSSL_FUNC_signature_gettable_ctx_params() and OSSL_FUNC_signature_settable_ctx_params() get a
384 constant B<OSSL_PARAM> array that describes the gettable and settable parameters,
385 i.e. parameters that can be used with OSSL_FUNC_signature_get_ctx_params() and
386 OSSL_FUNC_signature_set_ctx_params() respectively.
387 See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as parameter descriptor.
391 See L<OSSL_PARAM(3)> for further details on the parameters structure used by
392 the OSSL_FUNC_signature_get_md_ctx_params() and OSSL_FUNC_signature_set_md_ctx_params()
395 OSSL_FUNC_signature_get_md_ctx_params() gets digest parameters associated with the
396 given provider side digest signature context I<ctx> and stores them in I<params>.
397 Passing NULL for I<params> should return true.
399 OSSL_FUNC_signature_set_ms_ctx_params() sets the digest parameters associated with the
400 given provider side digest signature context I<ctx> to I<params>.
401 Any parameter settings are additional to any that were previously set.
402 Passing NULL for I<params> should return true.
404 Parameters currently recognised by built-in signature algorithms are the same
405 as those for built-in digest algorithms. See
406 L<provider-digest(7)/Digest Parameters> for further information.
408 OSSL_FUNC_signature_gettable_md_ctx_params() and OSSL_FUNC_signature_settable_md_ctx_params()
409 get a constant B<OSSL_PARAM> array that describes the gettable and settable
410 digest parameters, i.e. parameters that can be used with
411 OSSL_FUNC_signature_get_md_ctx_params() and OSSL_FUNC_signature_set_md_ctx_params()
412 respectively. See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as parameter
417 OSSL_FUNC_signature_newctx() and OSSL_FUNC_signature_dupctx() should return the newly created
418 provider side signature, or NULL on failure.
420 OSSL_FUNC_signature_gettable_ctx_params(), OSSL_FUNC_signature_settable_ctx_params(),
421 OSSL_FUNC_signature_gettable_md_ctx_params() and OSSL_FUNC_signature_settable_md_ctx_params(),
422 return the gettable or settable parameters in a constant B<OSSL_PARAM> array.
424 All other functions should return 1 for success or 0 on error.
432 The provider SIGNATURE interface was introduced in OpenSSL 3.0.
436 Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
438 Licensed under the Apache License 2.0 (the "License"). You may not use
439 this file except in compliance with the License. You can obtain a copy
440 in the file LICENSE in the source distribution or at
441 L<https://www.openssl.org/source/license.html>.