mirror of https://github.com/openssl/openssl.git
114 lines
2.8 KiB
Plaintext
114 lines
2.8 KiB
Plaintext
|
=pod
|
||
|
|
|
||
|
|
=head1 NAME
|
||
|
|
|
||
|
|
EVP_PKEY-ML-KEM-512,
|
||
|
|
EVP_PKEY-ML-KEM-768,
|
||
|
|
EVP_PKEY-ML-KEM-1024,
|
||
|
|
EVP_KEYMGMT-ML-KEM-512,
|
||
|
|
EVP_KEYMGMT-ML-KEM-768,
|
||
|
|
EVP_KEYMGMT-ML-KEM-1024,
|
||
|
|
EVP_PKEY-ML-KEM
|
||
|
|
- ML-KEM keytype and algorithm support
|
||
|
|
|
||
|
|
=head1 DESCRIPTION
|
||
|
|
|
||
|
|
The B<ML-KEM-512>, B<ML-KEM-768>, and B<ML-KEM-1024> keytypes are implemented in
|
||
|
|
OpenSSL's default provider.
|
||
|
|
|
||
|
|
=for comment (TODO(ML-KEM): Add FIPS support).
|
||
|
|
|
||
|
|
=head2 Keygen Parameters
|
||
|
|
|
||
|
|
By default, no parameters are required for generating a key pair.
|
||
|
|
|
||
|
|
=over 4
|
||
|
|
|
||
|
|
=item "seed" (B<OSSL_PKEY_PARAM_ML_KEM_SEED>) <octet string>
|
||
|
|
|
||
|
|
ML-KEM internally requires the generation of a keypair using a random value (seed).
|
||
|
|
This optional parameter can be used to set the value prior to key pair generation.
|
||
|
|
According to FIPS 203, section 3.3, this parameter should only be used for
|
||
|
|
test purposes and be treated with the same care as private key material.
|
||
|
|
The length of the seed is 64 bytes.
|
||
|
|
|
||
|
|
This parameter is only settable.
|
||
|
|
|
||
|
|
See L<provider-keymgmt(7)/Common Information Parameters> for further information.
|
||
|
|
|
||
|
|
=back
|
||
|
|
|
||
|
|
Use EVP_PKEY_CTX_set_params() after calling EVP_PKEY_keygen_init().
|
||
|
|
|
||
|
|
=head2 Common parameters
|
||
|
|
|
||
|
|
In addition to the common parameters that all keytypes should support (see
|
||
|
|
L<provider-keymgmt(7)/Common parameters>), the implementation of these keytypes
|
||
|
|
support the following.
|
||
|
|
|
||
|
|
=over 4
|
||
|
|
|
||
|
|
=item "pub" (B<OSSL_PKEY_PARAM_PUB_KEY>) <octet string>
|
||
|
|
|
||
|
|
The public key value.
|
||
|
|
|
||
|
|
This parameter is used when importing or exporting the public key value with the
|
||
|
|
EVP_PKEY_fromdata() and EVP_PKEY_todata() functions.
|
||
|
|
|
||
|
|
=item "priv" (B<OSSL_PKEY_PARAM_PRIV_KEY>) <octet string>
|
||
|
|
|
||
|
|
The private key value.
|
||
|
|
|
||
|
|
This parameter is used when importing or exporting the public key value with the
|
||
|
|
EVP_PKEY_fromdata() and EVP_PKEY_todata() functions.
|
||
|
|
|
||
|
|
=item "encoded-pub-key" (B<OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY>) <octet string>
|
||
|
|
|
||
|
|
Used for getting and setting the encoding of a public key. Public keys are
|
||
|
|
expected be encoded in a format as defined by FIPS 203.
|
||
|
|
|
||
|
|
This parameter is gettable and settable.
|
||
|
|
|
||
|
|
=back
|
||
|
|
|
||
|
|
=head1 CONFORMING TO
|
||
|
|
|
||
|
|
=over 4
|
||
|
|
|
||
|
|
=item FIPS 203
|
||
|
|
|
||
|
|
=back
|
||
|
|
|
||
|
|
=head1 EXAMPLES
|
||
|
|
|
||
|
|
An B<EVP_PKEY> context can be obtained by calling:
|
||
|
|
|
||
|
|
EVP_PKEY_CTX *pctx =
|
||
|
|
EVP_PKEY_CTX_new_from_name(NULL, "ML-KEM-768", NULL);
|
||
|
|
|
||
|
|
An B<ML-KEM-768> key can be generated like this:
|
||
|
|
|
||
|
|
pkey = EVP_PKEY_Q_keygen(NULL, NULL, "ML-KEM-768");
|
||
|
|
|
||
|
|
Equivalent calls are possible for B<ML-KEM-512> and B<ML-KEM-1024>.
|
||
|
|
|
||
|
|
=head1 SEE ALSO
|
||
|
|
|
||
|
|
L<EVP_KEYMGMT(3)>, L<EVP_PKEY(3)>, L<provider-keymgmt(7)>,
|
||
|
|
L<EVP_KEM-ML-KEM(7)>
|
||
|
|
|
||
|
|
=head1 HISTORY
|
||
|
|
|
||
|
|
This functionality was added in OpenSSL 3.5.
|
||
|
|
|
||
|
|
=head1 COPYRIGHT
|
||
|
|
|
||
|
|
Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.
|
||
|
|
|
||
|
|
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||
|
|
this file except in compliance with the License. You can obtain a copy
|
||
|
|
in the file LICENSE in the source distribution or at
|
||
|
|
L<https://www.openssl.org/source/license.html>.
|
||
|
|
|
||
|
|
=cut
|