#define OSSL_PROV_PARAM_VERSION "version" /* utf8_string */
#define OSSL_PROV_PARAM_BUILDINFO "buildinfo" /* utf8_string */
#define OSSL_PROV_PARAM_STATUS "status" /* uint */
+#define OSSL_PROV_PARAM_SECURITY_CHECKS "security-checks" /* uint */
/* Self test callback parameters */
#define OSSL_PROV_PARAM_SELF_TEST_PHASE "st-phase" /* utf8_string */
#define OSSL_PROV_PARAM_SELF_TEST_TYPE "st-type" /* utf8_string */
#define OSSL_PROV_PARAM_SELF_TEST_DESC "st-desc" /* utf8_string */
+/*-
+ * Provider-native object abstractions
+ *
+ * These are used when a provider wants to pass object data or an object
+ * reference back to libcrypto. This is only useful for provider functions
+ * that take a callback to which an OSSL_PARAM array with these parameters
+ * can be passed.
+ *
+ * This set of parameter names is explained in detail in provider-object(7)
+ * (doc/man7/provider-object.pod)
+ */
+#define OSSL_OBJECT_PARAM_TYPE "type" /* INTEGER */
+#define OSSL_OBJECT_PARAM_DATA_TYPE "data-type" /* UTF8_STRING */
+#define OSSL_OBJECT_PARAM_REFERENCE "reference" /* OCTET_STRING */
+#define OSSL_OBJECT_PARAM_DATA "data" /* OCTET_STRING or UTF8_STRING */
+#define OSSL_OBJECT_PARAM_DESC "desc" /* UTF8_STRING */
+
/*
* Algorithm parameters
* If "engine" or "properties" are specified, they should always be paired
*/
#define OSSL_ALG_PARAM_DIGEST "digest" /* utf8_string */
#define OSSL_ALG_PARAM_CIPHER "cipher" /* utf8_string */
+#define OSSL_ALG_PARAM_ENGINE "engine" /* utf8_string */
#define OSSL_ALG_PARAM_MAC "mac" /* utf8_string */
#define OSSL_ALG_PARAM_PROPERTIES "properties"/* utf8_string */
#define OSSL_DIGEST_NAME_SHA3_512 "SHA3-512"
#define OSSL_DIGEST_NAME_KECCAK_KMAC128 "KECCAK-KMAC-128"
#define OSSL_DIGEST_NAME_KECCAK_KMAC256 "KECCAK-KMAC-256"
+#define OSSL_DIGEST_NAME_SM3 "SM3"
/* MAC parameters */
#define OSSL_MAC_PARAM_KEY "key" /* octet string */
* If "engine" or "properties" are specified, they should always be paired
* with "cipher" or "digest".
*/
-#define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER /* utf8 string */
-#define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST /* utf8 string */
-#define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
-#define OSSL_MAC_PARAM_SIZE "size" /* size_t */
+#define OSSL_MAC_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER /* utf8 string */
+#define OSSL_MAC_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST /* utf8 string */
+#define OSSL_MAC_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES /* utf8 string */
+#define OSSL_MAC_PARAM_SIZE "size" /* size_t */
+#define OSSL_MAC_PARAM_TLS_DATA_SIZE "tls-data-size" /* size_t */
/* Known MAC names */
#define OSSL_MAC_NAME_BLAKE2BMAC "BLAKE2BMAC"
#define OSSL_PKEY_PARAM_MAX_SIZE "max-size" /* integer */
#define OSSL_PKEY_PARAM_SECURITY_BITS "security-bits" /* integer */
#define OSSL_PKEY_PARAM_DIGEST OSSL_ALG_PARAM_DIGEST
+#define OSSL_PKEY_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER /* utf8 string */
+#define OSSL_PKEY_PARAM_ENGINE OSSL_ALG_PARAM_ENGINE /* utf8 string */
#define OSSL_PKEY_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
#define OSSL_PKEY_PARAM_DEFAULT_DIGEST "default-digest" /* utf8 string */
#define OSSL_PKEY_PARAM_MANDATORY_DIGEST "mandatory-digest" /* utf8 string */
#define OSSL_PKEY_PARAM_MGF1_PROPERTIES "mgf1-properties"
#define OSSL_PKEY_PARAM_TLS_ENCODED_PT "tls-encoded-pt"
#define OSSL_PKEY_PARAM_GROUP_NAME "group"
-
-/* Diffie-Hellman/DSA public/private key */
+#define OSSL_PKEY_PARAM_DIST_ID "distid"
#define OSSL_PKEY_PARAM_PUB_KEY "pub"
#define OSSL_PKEY_PARAM_PRIV_KEY "priv"
/*
* Encoder / decoder parameters
*/
-/* The passphrase may be passed as a utf8 string or an octet string */
#define OSSL_ENCODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
#define OSSL_ENCODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_ENCODER_PARAM_PASS "passphrase"
+#define OSSL_ENCODER_PARAM_INPUT_TYPE "input-type"
+#define OSSL_ENCODER_PARAM_OUTPUT_TYPE "output-type"
-#define OSSL_DECODER_PARAM_CIPHER OSSL_ALG_PARAM_CIPHER
#define OSSL_DECODER_PARAM_PROPERTIES OSSL_ALG_PARAM_PROPERTIES
-#define OSSL_DECODER_PARAM_PASS "passphrase"
#define OSSL_DECODER_PARAM_INPUT_TYPE "input-type"
-#define OSSL_DECODER_PARAM_DATA_TYPE "data-type"
-#define OSSL_DECODER_PARAM_DATA "data"
-#define OSSL_DECODER_PARAM_REFERENCE "reference"
/* Passphrase callback parameters */
#define OSSL_PASSPHRASE_PARAM_INFO "info"
#define OSSL_PKEY_PARAM_RSA_TEST_Q2 "q2"
#define OSSL_SIGNATURE_PARAM_KAT "kat"
+/* KEM parameters */
+#define OSSL_KEM_PARAM_OPERATION "operation"
+
+/* OSSL_KEM_PARAM_OPERATION values */
+#define OSSL_KEM_PARAM_OPERATION_RSASVE "RSASVE"
+
/* Capabilities */
-/* TLS-GROUP Capbility */
+/* TLS-GROUP Capability */
#define OSSL_CAPABILITY_TLS_GROUP_NAME "tls-group-name"
#define OSSL_CAPABILITY_TLS_GROUP_NAME_INTERNAL "tls-group-name-internal"
#define OSSL_CAPABILITY_TLS_GROUP_ID "tls-group-id"
#define OSSL_CAPABILITY_TLS_GROUP_MIN_DTLS "tls-min-dtls"
#define OSSL_CAPABILITY_TLS_GROUP_MAX_DTLS "tls-max-dtls"
+/*-
+ * storemgmt parameters
+ */
+
+/*
+ * Used by storemgmt_ctx_set_params():
+ *
+ * - OSSL_STORE_PARAM_EXPECT is an INTEGER, and the value is any of the
+ * OSSL_STORE_INFO numbers. This is used to set the expected type of
+ * object loaded.
+ *
+ * - OSSL_STORE_PARAM_SUBJECT, OSSL_STORE_PARAM_ISSUER,
+ * OSSL_STORE_PARAM_SERIAL, OSSL_STORE_PARAM_FINGERPRINT,
+ * OSSL_STORE_PARAM_DIGEST, OSSL_STORE_PARAM_ALIAS
+ * are used as search criteria.
+ * (OSSL_STORE_PARAM_DIGEST is used with OSSL_STORE_PARAM_FINGERPRINT)
+ */
+#define OSSL_STORE_PARAM_EXPECT "expect" /* INTEGER */
+#define OSSL_STORE_PARAM_SUBJECT "subject" /* DER blob => OCTET_STRING */
+#define OSSL_STORE_PARAM_ISSUER "name" /* DER blob => OCTET_STRING */
+#define OSSL_STORE_PARAM_SERIAL "serial" /* INTEGER */
+#define OSSL_STORE_PARAM_DIGEST "digest" /* UTF8_STRING */
+#define OSSL_STORE_PARAM_FINGERPRINT "fingerprint" /* OCTET_STRING */
+#define OSSL_STORE_PARAM_ALIAS "alias" /* UTF8_STRING */
+
+/* You may want to pass properties for the provider implementation to use */
+#define OSSL_STORE_PARAM_PROPERTIES "properties" /* utf8_string */
+
# ifdef __cplusplus
}
# endif