#define OSSL_PROV_PARAM_VERSION "version" /* utf8_string */
#define OSSL_PROV_PARAM_BUILDINFO "buildinfo" /* utf8_string */
#define OSSL_PROV_PARAM_STATUS "status" /* uint */
+#define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks" /* uint */
/* Self test callback parameters */
#define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase" /* utf8_string */
* This set of parameter names is explained in detail in provider-object(7)
* (doc/man7/provider-object.pod)
*/
-#define OSSL_OBJECT_PARAM_TYPE "type" /* INTEGER */
-#define OSSL_OBJECT_PARAM_DATA_TYPE "data-type" /* UTF8_STRING */
-#define OSSL_OBJECT_PARAM_REFERENCE "reference" /* OCTET_STRING */
-#define OSSL_OBJECT_PARAM_DATA "data" /* OCTET_STRING or UTF8_STRING */
-#define OSSL_OBJECT_PARAM_DESC "desc" /* UTF8_STRING */
+#define OSSL_OBJECT_PARAM_TYPE "type" /* INTEGER */
+#define OSSL_OBJECT_PARAM_DATA_TYPE "data-type" /* UTF8_STRING */
+#define OSSL_OBJECT_PARAM_DATA_STRUCTURE "data-structure" /* UTF8_STRING */
+#define OSSL_OBJECT_PARAM_REFERENCE "reference" /* OCTET_STRING */
+#define OSSL_OBJECT_PARAM_DATA "data" /* OCTET_STRING or UTF8_STRING */
+#define OSSL_OBJECT_PARAM_DESC "desc" /* UTF8_STRING */
/*
* Algorithm parameters
#define OSSL_CIPHER_PARAM_KEYLEN "keylen" /* size_t */
#define OSSL_CIPHER_PARAM_IVLEN "ivlen" /* size_t */
#define OSSL_CIPHER_PARAM_IV "iv" /* octet_string OR octet_ptr */
-#define OSSL_CIPHER_PARAM_IV_STATE "iv-state" /* octet_string OR octet_ptr */
+#define OSSL_CIPHER_PARAM_UPDATED_IV "updated-iv" /* octet_string OR octet_ptr */
#define OSSL_CIPHER_PARAM_NUM "num" /* uint */
#define OSSL_CIPHER_PARAM_ROUNDS "rounds" /* uint */
#define OSSL_CIPHER_PARAM_AEAD_TAG "tag" /* octet_string */
#define OSSL_DIGEST_NAME_SHA3_512 "SHA3-512"
#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+#define OSSL_DIGEST_NAME_SM3 "SM3"
/* MAC parameters */
#define OSSL_MAC_PARAM_KEY "key" /* octet string */
#define OSSL_KDF_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER /* utf8 string */
#define OSSL_KDF_PARAM_CONSTANT "constant" /* octet string */
#define OSSL_KDF_PARAM_PKCS12_ID "id" /* int */
+#define OSSL_KDF_PARAM_KBKDF_USE_L "use-l" /* int */
+#define OSSL_KDF_PARAM_KBKDF_USE_SEPARATOR "use-separator" /* int */
+#define OSSL_KDF_PARAM_X942_PARTYUINFO "partyu-info"
+#define OSSL_KDF_PARAM_X942_PARTYVINFO "partyv-info"
+#define OSSL_KDF_PARAM_X942_SUPP_PUBINFO "supp-pubinfo"
+#define OSSL_KDF_PARAM_X942_SUPP_PRIVINFO "supp-privinfo"
+#define OSSL_KDF_PARAM_X942_USE_KEYBITS "use-keybits"
/* Known KDF names */
-#define OSSL_KDF_NAME_HKDF "HKDF"
-#define OSSL_KDF_NAME_PBKDF2 "PBKDF2"
-#define OSSL_KDF_NAME_SCRYPT "SCRYPT"
-#define OSSL_KDF_NAME_SSHKDF "SSHKDF"
-#define OSSL_KDF_NAME_SSKDF "SSKDF"
-#define OSSL_KDF_NAME_TLS1_PRF "TLS1-PRF"
-#define OSSL_KDF_NAME_X942KDF "X942KDF"
-#define OSSL_KDF_NAME_X963KDF "X963KDF"
-#define OSSL_KDF_NAME_KBKDF "KBKDF"
-#define OSSL_KDF_NAME_KRB5KDF "KRB5KDF"
+#define OSSL_KDF_NAME_HKDF "HKDF"
+#define OSSL_KDF_NAME_PBKDF2 "PBKDF2"
+#define OSSL_KDF_NAME_SCRYPT "SCRYPT"
+#define OSSL_KDF_NAME_SSHKDF "SSHKDF"
+#define OSSL_KDF_NAME_SSKDF "SSKDF"
+#define OSSL_KDF_NAME_TLS1_PRF "TLS1-PRF"
+#define OSSL_KDF_NAME_X942KDF_ASN1 "X942KDF-ASN1"
+#define OSSL_KDF_NAME_X942KDF_CONCAT "X942KDF-CONCAT"
+#define OSSL_KDF_NAME_X963KDF "X963KDF"
+#define OSSL_KDF_NAME_KBKDF "KBKDF"
+#define OSSL_KDF_NAME_KRB5KDF "KRB5KDF"
/* Known RAND names */
#define OSSL_RAND_PARAM_STATE "state"
#define OSSL_RAND_PARAM_STRENGTH "strength"
+#define OSSL_RAND_PARAM_MAX_REQUEST "max_request"
#define OSSL_RAND_PARAM_TEST_ENTROPY "test_entropy"
#define OSSL_RAND_PARAM_TEST_NONCE "test_nonce"
/* RAND/DRBG names */
#define OSSL_DRBG_PARAM_RESEED_REQUESTS "reseed_requests"
#define OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL "reseed_time_interval"
-#define OSSL_DRBG_PARAM_MAX_REQUEST "max_request"
#define OSSL_DRBG_PARAM_MIN_ENTROPYLEN "min_entropylen"
#define OSSL_DRBG_PARAM_MAX_ENTROPYLEN "max_entropylen"
#define OSSL_DRBG_PARAM_MIN_NONCELEN "min_noncelen"
#define OSSL_DRBG_PARAM_MAX_NONCELEN "max_noncelen"
#define OSSL_DRBG_PARAM_MAX_PERSLEN "max_perslen"
#define OSSL_DRBG_PARAM_MAX_ADINLEN "max_adinlen"
-#define OSSL_DRBG_PARAM_RESEED_CTR "reseed_counter"
+#define OSSL_DRBG_PARAM_RESEED_COUNTER "reseed_counter"
#define OSSL_DRBG_PARAM_RESEED_TIME "reseed_time"
#define OSSL_DRBG_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
#define OSSL_DRBG_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
#define OSSL_PKEY_PARAM_MASKGENFUNC "mgf"
#define OSSL_PKEY_PARAM_MGF1_DIGEST "mgf1-digest"
#define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
-#define OSSL_PKEY_PARAM_TLS_ENCODED_PT "tls-encoded-pt"
+#define OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY "encoded-pub-key"
#define OSSL_PKEY_PARAM_GROUP_NAME "group"
+#define OSSL_PKEY_PARAM_DIST_ID "distid"
#define OSSL_PKEY_PARAM_PUB_KEY "pub"
#define OSSL_PKEY_PARAM_PRIV_KEY "priv"
#define OSSL_PKEY_PARAM_RSA_BITS OSSL_PKEY_PARAM_BITS
#define OSSL_PKEY_PARAM_RSA_PRIMES "primes"
#define OSSL_PKEY_PARAM_RSA_DIGEST OSSL_PKEY_PARAM_DIGEST
+#define OSSL_PKEY_PARAM_RSA_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
#define OSSL_PKEY_PARAM_RSA_MASKGENFUNC OSSL_PKEY_PARAM_MASKGENFUNC
#define OSSL_PKEY_PARAM_RSA_MGF1_DIGEST OSSL_PKEY_PARAM_MGF1_DIGEST
#define OSSL_PKEY_PARAM_RSA_PSS_SALTLEN "saltlen"
#define OSSL_PKEY_PARAM_FFC_DIGEST OSSL_PKEY_PARAM_DIGEST
#define OSSL_PKEY_PARAM_FFC_DIGEST_PROPS OSSL_PKEY_PARAM_PROPERTIES
-#define OSSL_PKEY_PARAM_EC_ENCODING "encoding" /* utf8_string */
+#define OSSL_PKEY_PARAM_EC_ENCODING "encoding" /* utf8_string */
+#define OSSL_PKEY_PARAM_EC_POINT_CONVERSION_FORMAT "point-format"
+#define OSSL_PKEY_PARAM_EC_GROUP_CHECK_TYPE "group-check"
+#define OSSL_PKEY_PARAM_EC_INCLUDE_PUBLIC "include-public"
/* OSSL_PKEY_PARAM_EC_ENCODING values */
#define OSSL_PKEY_EC_ENCODING_EXPLICIT "explicit"
#define OSSL_PKEY_EC_ENCODING_GROUP "named_curve"
+#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_UNCOMPRESSED "uncompressed"
+#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_COMPRESSED "compressed"
+#define OSSL_PKEY_EC_POINT_CONVERSION_FORMAT_HYBRID "hybrid"
+
+#define OSSL_PKEY_EC_GROUP_CHECK_DEFAULT "default"
+#define OSSL_PKEY_EC_GROUP_CHECK_NAMED "named"
+#define OSSL_PKEY_EC_GROUP_CHECK_NAMED_NIST "named-nist"
+
/* Key Exchange parameters */
#define OSSL_EXCHANGE_PARAM_PAD "pad" /* uint */
#define OSSL_EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE "ecdh-cofactor-mode" /* int */
* EVP_PKEY_CTX_{set0,get0}_rsa_oaep_label().
*/
#define OSSL_EXCHANGE_PARAM_KDF_UKM "kdf-ukm" /* see note above */
-#define OSSL_EXCHANGE_PARAM_KDF_UKM_LEN "kdf-ukm-len" /* size_t */
/* Signature parameters */
#define OSSL_SIGNATURE_PARAM_ALGORITHM_ID "algorithm-id"
#define OSSL_SIGNATURE_PARAM_DIGEST_SIZE OSSL_PKEY_PARAM_DIGEST_SIZE
/* Asym cipher parameters */
+#define OSSL_ASYM_CIPHER_PARAM_DIGEST OSSL_PKEY_PARAM_DIGEST
+#define OSSL_ASYM_CIPHER_PARAM_PROPERTIES OSSL_PKEY_PARAM_PROPERTIES
+#define OSSL_ASYM_CIPHER_PARAM_ENGINE OSSL_PKEY_PARAM_ENGINE
#define OSSL_ASYM_CIPHER_PARAM_PAD_MODE OSSL_PKEY_PARAM_PAD_MODE
#define OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST \
OSSL_PKEY_PARAM_MGF1_DIGEST
#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST OSSL_ALG_PARAM_DIGEST
#define OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS "digest-props"
#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL "oaep-label"
-#define OSSL_ASYM_CIPHER_PARAM_OAEP_LABEL_LEN "oaep-label-len"
#define OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION "tls-client-version"
#define OSSL_ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION "tls-negotiated-version"
/*
* Encoder / decoder parameters
*/
-/* The passphrase may be passed as a utf8 string or an octet string */
-#define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
-#define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_ENCODER_PARAM_PASS "passphrase"
-
-#define OSSL_DECODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
-#define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_DECODER_PARAM_PASS "passphrase"
-#define OSSL_DECODER_PARAM_INPUT_TYPE "input-type"
+#define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
+#define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+#define OSSL_ENCODER_PARAM_INPUT_TYPE "input-type"
+#define OSSL_ENCODER_PARAM_OUTPUT_TYPE "output-type"
+#define OSSL_ENCODER_PARAM_OUTPUT_STRUCTURE "output-structure"
+/* Currently PVK only, but reusable for others as needed */
+#define OSSL_ENCODER_PARAM_ENCRYPT_LEVEL "encrypt-level"
+
+#define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
+#define OSSL_DECODER_PARAM_INPUT_TYPE "input-type"
+#define OSSL_DECODER_PARAM_INPUT_STRUCTURE "input-structure"
/* Passphrase callback parameters */
#define OSSL_PASSPHRASE_PARAM_INFO "info"
#define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2"
#define OSSL_SIGNATURE_PARAM_KAT "kat"
+/* KEM parameters */
+#define OSSL_KEM_PARAM_OPERATION "operation"
+
+/* OSSL_KEM_PARAM_OPERATION values */
+#define OSSL_KEM_PARAM_OPERATION_RSASVE "RSASVE"
+
/* Capabilities */
-/* TLS-GROUP Capbility */
+/* TLS-GROUP Capability */
#define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name"
#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal"
#define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id"
#define OSSL_CAPABILITY_TLS_GROUP_ALG "tls-group-alg"
#define OSSL_CAPABILITY_TLS_GROUP_SECURITY_BITS "tls-group-sec-bits"
+#define OSSL_CAPABILITY_TLS_GROUP_IS_KEM "tls-group-is-kem"
#define OSSL_CAPABILITY_TLS_GROUP_MIN_TLS "tls-min-tls"
#define OSSL_CAPABILITY_TLS_GROUP_MAX_TLS "tls-max-tls"
#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls"