1 1.1 christos #! /usr/bin/env perl 2 1.1 christos # Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved. 3 1.1 christos # 4 1.1 christos # Licensed under the Apache License 2.0 (the "License"). You may not use 5 1.1 christos # this file except in compliance with the License. You can obtain a copy 6 1.1 christos # in the file LICENSE in the source distribution or at 7 1.1 christos # https://www.openssl.org/source/license.html 8 1.1 christos 9 1.1 christos package OpenSSL::paramnames; 10 1.1 christos 11 1.1 christos use strict; 12 1.1 christos use warnings; 13 1.1 christos 14 1.1 christos require Exporter; 15 1.1 christos our @ISA = qw(Exporter); 16 1.1 christos our @EXPORT_OK = qw(generate_public_macros 17 1.1 christos generate_internal_macros 18 1.1 christos produce_decoder); 19 1.1 christos 20 1.1 christos my $case_sensitive = 1; 21 1.1 christos 22 1.1 christos my %params = ( 23 1.1 christos # Well known parameter names that core passes to providers 24 1.1 christos 'PROV_PARAM_CORE_VERSION' => "openssl-version",# utf8_ptr 25 1.1 christos 'PROV_PARAM_CORE_PROV_NAME' => "provider-name", # utf8_ptr 26 1.1 christos 'PROV_PARAM_CORE_MODULE_FILENAME' => "module-filename",# utf8_ptr 27 1.1 christos 28 1.1 christos # Well known parameter names that Providers can define 29 1.1 christos 'PROV_PARAM_NAME' => "name", # utf8_ptr 30 1.1 christos 'PROV_PARAM_VERSION' => "version", # utf8_ptr 31 1.1 christos 'PROV_PARAM_BUILDINFO' => "buildinfo", # utf8_ptr 32 1.1 christos 'PROV_PARAM_STATUS' => "status", # uint 33 1.1 christos 'PROV_PARAM_SECURITY_CHECKS' => "security-checks", # uint 34 1.1 christos 'PROV_PARAM_HMAC_KEY_CHECK' => "hmac-key-check", # uint 35 1.1 christos 'PROV_PARAM_KMAC_KEY_CHECK' => "kmac-key-check", # uint 36 1.1 christos 'PROV_PARAM_TLS1_PRF_EMS_CHECK' => "tls1-prf-ems-check", # uint 37 1.1 christos 'PROV_PARAM_NO_SHORT_MAC' => "no-short-mac", # uint 38 1.1 christos 'PROV_PARAM_DRBG_TRUNC_DIGEST' => "drbg-no-trunc-md", # uint 39 1.1 christos 'PROV_PARAM_HKDF_DIGEST_CHECK' => "hkdf-digest-check", # uint 40 1.1 christos 'PROV_PARAM_TLS13_KDF_DIGEST_CHECK' => "tls13-kdf-digest-check", # uint 41 1.1 christos 'PROV_PARAM_TLS1_PRF_DIGEST_CHECK' => "tls1-prf-digest-check", # uint 42 1.1 christos 'PROV_PARAM_SSHKDF_DIGEST_CHECK' => "sshkdf-digest-check", # uint 43 1.1 christos 'PROV_PARAM_SSKDF_DIGEST_CHECK' => "sskdf-digest-check", # uint 44 1.1 christos 'PROV_PARAM_X963KDF_DIGEST_CHECK' => "x963kdf-digest-check", # uint 45 1.1 christos 'PROV_PARAM_DSA_SIGN_DISABLED' => "dsa-sign-disabled", # uint 46 1.1 christos 'PROV_PARAM_TDES_ENCRYPT_DISABLED' => "tdes-encrypt-disabled", # uint 47 1.1 christos 'PROV_PARAM_RSA_PSS_SALTLEN_CHECK' => "rsa-pss-saltlen-check", # uint 48 1.1 christos 'PROV_PARAM_RSA_SIGN_X931_PAD_DISABLED' => "rsa-sign-x931-pad-disabled", # uint 49 1.1 christos 'PROV_PARAM_RSA_PKCS15_PAD_DISABLED' => "rsa-pkcs15-pad-disabled", # uint 50 1.1 christos 'PROV_PARAM_HKDF_KEY_CHECK' => "hkdf-key-check", # uint 51 1.1 christos 'PROV_PARAM_KBKDF_KEY_CHECK' => "kbkdf-key-check", # uint 52 1.1 christos 'PROV_PARAM_TLS13_KDF_KEY_CHECK' => "tls13-kdf-key-check", # uint 53 1.1 christos 'PROV_PARAM_TLS1_PRF_KEY_CHECK' => "tls1-prf-key-check", # uint 54 1.1 christos 'PROV_PARAM_SSHKDF_KEY_CHECK' => "sshkdf-key-check", # uint 55 1.1 christos 'PROV_PARAM_SSKDF_KEY_CHECK' => "sskdf-key-check", # uint 56 1.1 christos 'PROV_PARAM_X963KDF_KEY_CHECK' => "x963kdf-key-check", # uint 57 1.1 christos 'PROV_PARAM_X942KDF_KEY_CHECK' => "x942kdf-key-check", # uint 58 1.1 christos 'PROV_PARAM_PBKDF2_LOWER_BOUND_CHECK' => "pbkdf2-lower-bound-check", # uint 59 1.1 christos 'PROV_PARAM_ECDH_COFACTOR_CHECK' => "ecdh-cofactor-check", # uint 60 1.1 christos 'PROV_PARAM_SIGNATURE_DIGEST_CHECK' => "signature-digest-check", # uint 61 1.1 christos 62 1.1 christos # Self test callback parameters 63 1.1 christos 'PROV_PARAM_SELF_TEST_PHASE' => "st-phase",# utf8_string 64 1.1 christos 'PROV_PARAM_SELF_TEST_TYPE' => "st-type", # utf8_string 65 1.1 christos 'PROV_PARAM_SELF_TEST_DESC' => "st-desc", # utf8_string 66 1.1 christos 67 1.1 christos # Provider-native object abstractions 68 1.1 christos # 69 1.1 christos # These are used when a provider wants to pass object data or an object 70 1.1 christos # reference back to libcrypto. This is only useful for provider functions 71 1.1 christos # that take a callback to which an PARAM array with these parameters 72 1.1 christos # can be passed. 73 1.1 christos # 74 1.1 christos # This set of parameter names is explained in detail in provider-object(7) 75 1.1 christos # (doc/man7/provider-object.pod) 76 1.1 christos 77 1.1 christos 'OBJECT_PARAM_TYPE' => "type", # INTEGER 78 1.1 christos 'OBJECT_PARAM_DATA_TYPE' => "data-type",# UTF8_STRING 79 1.1 christos 'OBJECT_PARAM_DATA_STRUCTURE' => "data-structure",# UTF8_STRING 80 1.1 christos 'OBJECT_PARAM_REFERENCE' => "reference",# OCTET_STRING 81 1.1 christos 'OBJECT_PARAM_DATA' => "data",# OCTET_STRING or UTF8_STRING 82 1.1 christos 'OBJECT_PARAM_DESC' => "desc", # UTF8_STRING 83 1.1 christos 'OBJECT_PARAM_INPUT_TYPE' => "input-type", # UTF8_STRING 84 1.1 christos 85 1.1 christos # Algorithm parameters 86 1.1 christos # If "engine",or "properties",are specified, they should always be paired 87 1.1 christos # with the algorithm type. 88 1.1 christos # Note these are common names that are shared by many types (such as kdf, mac, 89 1.1 christos # and pkey) e.g: see MAC_PARAM_DIGEST below. 90 1.1 christos 91 1.1 christos 'ALG_PARAM_DIGEST' => "digest", # utf8_string 92 1.1 christos 'ALG_PARAM_CIPHER' => "cipher", # utf8_string 93 1.1 christos 'ALG_PARAM_ENGINE' => "engine", # utf8_string 94 1.1 christos 'ALG_PARAM_MAC' => "mac", # utf8_string 95 1.1 christos 'ALG_PARAM_PROPERTIES' => "properties", # utf8_string 96 1.1 christos 'ALG_PARAM_FIPS_APPROVED_INDICATOR' => 'fips-indicator', # int, -1, 0 or 1 97 1.1 christos 98 1.1 christos # For any operation that deals with AlgorithmIdentifier, they should 99 1.1 christos # implement both of these. 100 1.1 christos # ALG_PARAM_ALGORITHM_ID is intended to be gettable, and is the 101 1.1 christos # implementation's idea of what its full AlgID should look like. 102 1.1 christos # ALG_PARAM_ALGORITHM_ID_PARAMS is intended to be both settable 103 1.1 christos # and gettable, to allow the calling application to pass or get 104 1.1 christos # AlgID parameters to and from the provided implementation. 105 1.1 christos 'ALG_PARAM_ALGORITHM_ID' => "algorithm-id", # octet_string (DER) 106 1.1 christos 'ALG_PARAM_ALGORITHM_ID_PARAMS' => "algorithm-id-params", # octet_string 107 1.1 christos 108 1.1 christos # cipher parameters 109 1.1 christos 'CIPHER_PARAM_PADDING' => "padding", # uint 110 1.1 christos 'CIPHER_PARAM_USE_BITS' => "use-bits", # uint 111 1.1 christos 'CIPHER_PARAM_TLS_VERSION' => "tls-version", # uint 112 1.1 christos 'CIPHER_PARAM_TLS_MAC' => "tls-mac", # octet_ptr 113 1.1 christos 'CIPHER_PARAM_TLS_MAC_SIZE' => "tls-mac-size",# size_t 114 1.1 christos 'CIPHER_PARAM_MODE' => "mode", # uint 115 1.1 christos 'CIPHER_PARAM_BLOCK_SIZE' => "blocksize", # size_t 116 1.1 christos 'CIPHER_PARAM_AEAD' => "aead", # int, 0 or 1 117 1.1 christos 'CIPHER_PARAM_CUSTOM_IV' => "custom-iv", # int, 0 or 1 118 1.1 christos 'CIPHER_PARAM_CTS' => "cts", # int, 0 or 1 119 1.1 christos 'CIPHER_PARAM_TLS1_MULTIBLOCK' => "tls-multi", # int, 0 or 1 120 1.1 christos 'CIPHER_PARAM_HAS_RAND_KEY' => "has-randkey", # int, 0 or 1 121 1.1 christos 'CIPHER_PARAM_KEYLEN' => "keylen", # size_t 122 1.1 christos 'CIPHER_PARAM_IVLEN' => "ivlen", # size_t 123 1.1 christos 'CIPHER_PARAM_IV' => "iv", # octet_string OR octet_ptr 124 1.1 christos 'CIPHER_PARAM_UPDATED_IV' => "updated-iv", # octet_string OR octet_ptr 125 1.1 christos 'CIPHER_PARAM_NUM' => "num", # uint 126 1.1 christos 'CIPHER_PARAM_ROUNDS' => "rounds", # uint 127 1.1 christos 'CIPHER_PARAM_AEAD_TAG' => "tag", # octet_string 128 1.1 christos 'CIPHER_PARAM_PIPELINE_AEAD_TAG' => "pipeline-tag",# octet_ptr 129 1.1 christos 'CIPHER_PARAM_AEAD_TLS1_AAD' => "tlsaad", # octet_string 130 1.1 christos 'CIPHER_PARAM_AEAD_TLS1_AAD_PAD' => "tlsaadpad", # size_t 131 1.1 christos 'CIPHER_PARAM_AEAD_TLS1_IV_FIXED' => "tlsivfixed", # octet_string 132 1.1 christos 'CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN' => "tlsivgen", # octet_string 133 1.1 christos 'CIPHER_PARAM_AEAD_TLS1_SET_IV_INV' => "tlsivinv", # octet_string 134 1.1 christos 'CIPHER_PARAM_AEAD_IVLEN' => '*CIPHER_PARAM_IVLEN', 135 1.1 christos 'CIPHER_PARAM_AEAD_IV_GENERATED' => "iv-generated", # uint 136 1.1 christos 'CIPHER_PARAM_AEAD_TAGLEN' => "taglen", # size_t 137 1.1 christos 'CIPHER_PARAM_AEAD_MAC_KEY' => "mackey", # octet_string 138 1.1 christos 'CIPHER_PARAM_RANDOM_KEY' => "randkey", # octet_string 139 1.1 christos 'CIPHER_PARAM_RC2_KEYBITS' => "keybits", # size_t 140 1.1 christos 'CIPHER_PARAM_SPEED' => "speed", # uint 141 1.1 christos 'CIPHER_PARAM_CTS_MODE' => "cts_mode", # utf8_string 142 1.1 christos 'CIPHER_PARAM_DECRYPT_ONLY' => "decrypt-only", # int, 0 or 1 143 1.1 christos 'CIPHER_PARAM_FIPS_ENCRYPT_CHECK' => "encrypt-check", # int 144 1.1 christos 'CIPHER_PARAM_FIPS_APPROVED_INDICATOR' => '*ALG_PARAM_FIPS_APPROVED_INDICATOR', 145 1.1 christos 'CIPHER_PARAM_ALGORITHM_ID' => '*ALG_PARAM_ALGORITHM_ID', 146 1.1 christos # Historically, CIPHER_PARAM_ALGORITHM_ID_PARAMS_OLD was used. For the 147 1.1 christos # time being, the old libcrypto functions will use both, so old providers 148 1.1 christos # continue to work. 149 1.1 christos # New providers are encouraged to use CIPHER_PARAM_ALGORITHM_ID_PARAMS. 150 1.1 christos 'CIPHER_PARAM_ALGORITHM_ID_PARAMS' => '*ALG_PARAM_ALGORITHM_ID_PARAMS', 151 1.1 christos 'CIPHER_PARAM_ALGORITHM_ID_PARAMS_OLD' => "alg_id_param", # octet_string 152 1.1 christos 'CIPHER_PARAM_XTS_STANDARD' => "xts_standard",# utf8_string 153 1.1 christos 154 1.1 christos 'CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_SEND_FRAGMENT' => "tls1multi_maxsndfrag",# uint 155 1.1 christos 'CIPHER_PARAM_TLS1_MULTIBLOCK_MAX_BUFSIZE' => "tls1multi_maxbufsz", # size_t 156 1.1 christos 'CIPHER_PARAM_TLS1_MULTIBLOCK_INTERLEAVE' => "tls1multi_interleave",# uint 157 1.1 christos 'CIPHER_PARAM_TLS1_MULTIBLOCK_AAD' => "tls1multi_aad", # octet_string 158 1.1 christos 'CIPHER_PARAM_TLS1_MULTIBLOCK_AAD_PACKLEN' => "tls1multi_aadpacklen",# uint 159 1.1 christos 'CIPHER_PARAM_TLS1_MULTIBLOCK_ENC' => "tls1multi_enc", # octet_string 160 1.1 christos 'CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_IN' => "tls1multi_encin", # octet_string 161 1.1 christos 'CIPHER_PARAM_TLS1_MULTIBLOCK_ENC_LEN' => "tls1multi_enclen", # size_t 162 1.1 christos 163 1.1 christos # digest parameters 164 1.1 christos 'DIGEST_PARAM_XOFLEN' => "xoflen", # size_t 165 1.1 christos 'DIGEST_PARAM_SSL3_MS' => "ssl3-ms", # octet string 166 1.1 christos 'DIGEST_PARAM_PAD_TYPE' => "pad-type", # uint 167 1.1 christos 'DIGEST_PARAM_MICALG' => "micalg", # utf8 string 168 1.1 christos 'DIGEST_PARAM_BLOCK_SIZE' => "blocksize", # size_t 169 1.1 christos 'DIGEST_PARAM_SIZE' => "size", # size_t 170 1.1 christos 'DIGEST_PARAM_XOF' => "xof", # int, 0 or 1 171 1.1 christos 'DIGEST_PARAM_ALGID_ABSENT' => "algid-absent", # int, 0 or 1 172 1.1 christos 173 1.1 christos # MAC parameters 174 1.1 christos 'MAC_PARAM_KEY' => "key", # octet string 175 1.1 christos 'MAC_PARAM_IV' => "iv", # octet string 176 1.1 christos 'MAC_PARAM_CUSTOM' => "custom", # utf8 string 177 1.1 christos 'MAC_PARAM_SALT' => "salt", # octet string 178 1.1 christos 'MAC_PARAM_XOF' => "xof", # int, 0 or 1 179 1.1 christos 'MAC_PARAM_DIGEST_NOINIT' => "digest-noinit", # int, 0 or 1 180 1.1 christos 'MAC_PARAM_DIGEST_ONESHOT' => "digest-oneshot",# int, 0 or 1 181 1.1 christos 'MAC_PARAM_C_ROUNDS' => "c-rounds", # unsigned int 182 1.1 christos 'MAC_PARAM_D_ROUNDS' => "d-rounds", # unsigned int 183 1.1 christos 184 1.1 christos # If "engine",or "properties",are specified, they should always be paired 185 1.1 christos # with "cipher",or "digest". 186 1.1 christos 187 1.1 christos 'MAC_PARAM_CIPHER' => '*ALG_PARAM_CIPHER', # utf8 string 188 1.1 christos 'MAC_PARAM_DIGEST' => '*ALG_PARAM_DIGEST', # utf8 string 189 1.1 christos 'MAC_PARAM_PROPERTIES' => '*ALG_PARAM_PROPERTIES', # utf8 string 190 1.1 christos 'MAC_PARAM_SIZE' => "size", # size_t 191 1.1 christos 'MAC_PARAM_BLOCK_SIZE' => "block-size", # size_t 192 1.1 christos 'MAC_PARAM_TLS_DATA_SIZE' => "tls-data-size", # size_t 193 1.1 christos 'MAC_PARAM_FIPS_NO_SHORT_MAC' =>'*PROV_PARAM_NO_SHORT_MAC', 194 1.1 christos 'MAC_PARAM_FIPS_KEY_CHECK' => '*PKEY_PARAM_FIPS_KEY_CHECK', 195 1.1 christos 'MAC_PARAM_FIPS_APPROVED_INDICATOR' => '*ALG_PARAM_FIPS_APPROVED_INDICATOR', 196 1.1 christos 'MAC_PARAM_FIPS_NO_SHORT_MAC' => '*PROV_PARAM_NO_SHORT_MAC', 197 1.1 christos 198 1.1 christos # KDF / PRF parameters 199 1.1 christos 'KDF_PARAM_SECRET' => "secret", # octet string 200 1.1 christos 'KDF_PARAM_KEY' => "key", # octet string 201 1.1 christos 'KDF_PARAM_SALT' => "salt", # octet string 202 1.1 christos 'KDF_PARAM_PASSWORD' => "pass", # octet string 203 1.1 christos 'KDF_PARAM_PREFIX' => "prefix", # octet string 204 1.1 christos 'KDF_PARAM_LABEL' => "label", # octet string 205 1.1 christos 'KDF_PARAM_DATA' => "data", # octet string 206 1.1 christos 'KDF_PARAM_DIGEST' => '*ALG_PARAM_DIGEST', # utf8 string 207 1.1 christos 'KDF_PARAM_CIPHER' => '*ALG_PARAM_CIPHER', # utf8 string 208 1.1 christos 'KDF_PARAM_MAC' => '*ALG_PARAM_MAC', # utf8 string 209 1.1 christos 'KDF_PARAM_MAC_SIZE' => "maclen", # size_t 210 1.1 christos 'KDF_PARAM_PROPERTIES' => '*ALG_PARAM_PROPERTIES', # utf8 string 211 1.1 christos 'KDF_PARAM_ITER' => "iter", # unsigned int 212 1.1 christos 'KDF_PARAM_MODE' => "mode", # utf8 string or int 213 1.1 christos 'KDF_PARAM_PKCS5' => "pkcs5", # int 214 1.1 christos 'KDF_PARAM_UKM' => "ukm", # octet string 215 1.1 christos 'KDF_PARAM_CEK_ALG' => "cekalg", # utf8 string 216 1.1 christos 'KDF_PARAM_SCRYPT_N' => "n", # uint64_t 217 1.1 christos 'KDF_PARAM_SCRYPT_R' => "r", # uint32_t 218 1.1 christos 'KDF_PARAM_SCRYPT_P' => "p", # uint32_t 219 1.1 christos 'KDF_PARAM_SCRYPT_MAXMEM' => "maxmem_bytes", # uint64_t 220 1.1 christos 'KDF_PARAM_INFO' => "info", # octet string 221 1.1 christos 'KDF_PARAM_SEED' => "seed", # octet string 222 1.1 christos 'KDF_PARAM_SSHKDF_XCGHASH' => "xcghash", # octet string 223 1.1 christos 'KDF_PARAM_SSHKDF_SESSION_ID' => "session_id", # octet string 224 1.1 christos 'KDF_PARAM_SSHKDF_TYPE' => "type", # int 225 1.1 christos 'KDF_PARAM_SIZE' => "size", # size_t 226 1.1 christos 'KDF_PARAM_CONSTANT' => "constant", # octet string 227 1.1 christos 'KDF_PARAM_PKCS12_ID' => "id", # int 228 1.1 christos 'KDF_PARAM_KBKDF_USE_L' => "use-l", # int 229 1.1 christos 'KDF_PARAM_KBKDF_USE_SEPARATOR' => "use-separator", # int 230 1.1 christos 'KDF_PARAM_KBKDF_R' => "r", # int 231 1.1 christos 'KDF_PARAM_X942_ACVPINFO' => "acvp-info", 232 1.1 christos 'KDF_PARAM_X942_PARTYUINFO' => "partyu-info", 233 1.1 christos 'KDF_PARAM_X942_PARTYVINFO' => "partyv-info", 234 1.1 christos 'KDF_PARAM_X942_SUPP_PUBINFO' => "supp-pubinfo", 235 1.1 christos 'KDF_PARAM_X942_SUPP_PRIVINFO' => "supp-privinfo", 236 1.1 christos 'KDF_PARAM_X942_USE_KEYBITS' => "use-keybits", 237 1.1 christos 'KDF_PARAM_HMACDRBG_ENTROPY' => "entropy", 238 1.1 christos 'KDF_PARAM_HMACDRBG_NONCE' => "nonce", 239 1.1 christos 'KDF_PARAM_THREADS' => "threads", # uint32_t 240 1.1 christos 'KDF_PARAM_EARLY_CLEAN' => "early_clean", # uint32_t 241 1.1 christos 'KDF_PARAM_ARGON2_AD' => "ad", # octet string 242 1.1 christos 'KDF_PARAM_ARGON2_LANES' => "lanes", # uint32_t 243 1.1 christos 'KDF_PARAM_ARGON2_MEMCOST' => "memcost", # uint32_t 244 1.1 christos 'KDF_PARAM_ARGON2_VERSION' => "version", # uint32_t 245 1.1 christos 'KDF_PARAM_FIPS_EMS_CHECK' => "ems_check", # int 246 1.1 christos 'KDF_PARAM_FIPS_DIGEST_CHECK' => '*PKEY_PARAM_FIPS_DIGEST_CHECK', 247 1.1 christos 'KDF_PARAM_FIPS_KEY_CHECK' => '*PKEY_PARAM_FIPS_KEY_CHECK', 248 1.1 christos 'KDF_PARAM_FIPS_APPROVED_INDICATOR' => '*ALG_PARAM_FIPS_APPROVED_INDICATOR', 249 1.1 christos 250 1.1 christos # Known RAND names 251 1.1 christos 'RAND_PARAM_STATE' => "state", 252 1.1 christos 'RAND_PARAM_STRENGTH' => "strength", 253 1.1 christos 'RAND_PARAM_MAX_REQUEST' => "max_request", 254 1.1 christos 'RAND_PARAM_TEST_ENTROPY' => "test_entropy", 255 1.1 christos 'RAND_PARAM_TEST_NONCE' => "test_nonce", 256 1.1 christos 'RAND_PARAM_GENERATE' => "generate", 257 1.1 christos 'RAND_PARAM_FIPS_APPROVED_INDICATOR' => '*ALG_PARAM_FIPS_APPROVED_INDICATOR', 258 1.1 christos 259 1.1 christos # RAND/DRBG names 260 1.1 christos 'DRBG_PARAM_RESEED_REQUESTS' => "reseed_requests", 261 1.1 christos 'DRBG_PARAM_RESEED_TIME_INTERVAL' => "reseed_time_interval", 262 1.1 christos 'DRBG_PARAM_MIN_ENTROPYLEN' => "min_entropylen", 263 1.1 christos 'DRBG_PARAM_MAX_ENTROPYLEN' => "max_entropylen", 264 1.1 christos 'DRBG_PARAM_MIN_NONCELEN' => "min_noncelen", 265 1.1 christos 'DRBG_PARAM_MAX_NONCELEN' => "max_noncelen", 266 1.1 christos 'DRBG_PARAM_MAX_PERSLEN' => "max_perslen", 267 1.1 christos 'DRBG_PARAM_MAX_ADINLEN' => "max_adinlen", 268 1.1 christos 'DRBG_PARAM_RESEED_COUNTER' => "reseed_counter", 269 1.1 christos 'DRBG_PARAM_RESEED_TIME' => "reseed_time", 270 1.1 christos 'DRBG_PARAM_PROPERTIES' => '*ALG_PARAM_PROPERTIES', 271 1.1 christos 'DRBG_PARAM_DIGEST' => '*ALG_PARAM_DIGEST', 272 1.1 christos 'DRBG_PARAM_CIPHER' => '*ALG_PARAM_CIPHER', 273 1.1 christos 'DRBG_PARAM_MAC' => '*ALG_PARAM_MAC', 274 1.1 christos 'DRBG_PARAM_USE_DF' => "use_derivation_function", 275 1.1 christos 'DRBG_PARAM_FIPS_DIGEST_CHECK' => '*PKEY_PARAM_FIPS_DIGEST_CHECK', 276 1.1 christos 'DRBG_PARAM_FIPS_APPROVED_INDICATOR' => '*ALG_PARAM_FIPS_APPROVED_INDICATOR', 277 1.1 christos 278 1.1 christos # DRBG call back parameters 279 1.1 christos 'DRBG_PARAM_ENTROPY_REQUIRED' => "entropy_required", 280 1.1 christos 'DRBG_PARAM_PREDICTION_RESISTANCE' => "prediction_resistance", 281 1.1 christos 'DRBG_PARAM_MIN_LENGTH' => "minium_length", 282 1.1 christos 'DRBG_PARAM_MAX_LENGTH' => "maxium_length", 283 1.1 christos 'DRBG_PARAM_RANDOM_DATA' => "random_data", 284 1.1 christos 'DRBG_PARAM_SIZE' => "size", 285 1.1 christos 286 1.1 christos # PKEY parameters 287 1.1 christos # Common PKEY parameters 288 1.1 christos 'PKEY_PARAM_BITS' => "bits",# integer 289 1.1 christos 'PKEY_PARAM_MAX_SIZE' => "max-size",# integer 290 1.1 christos 'PKEY_PARAM_SECURITY_BITS' => "security-bits",# integer 291 1.1 christos 'PKEY_PARAM_DIGEST' => '*ALG_PARAM_DIGEST', 292 1.1 christos 'PKEY_PARAM_CIPHER' => '*ALG_PARAM_CIPHER', # utf8 string 293 1.1 christos 'PKEY_PARAM_ENGINE' => '*ALG_PARAM_ENGINE', # utf8 string 294 1.1 christos 'PKEY_PARAM_PROPERTIES' => '*ALG_PARAM_PROPERTIES', 295 1.1 christos 'PKEY_PARAM_DEFAULT_DIGEST' => "default-digest",# utf8 string 296 1.1 christos 'PKEY_PARAM_MANDATORY_DIGEST' => "mandatory-digest",# utf8 string 297 1.1 christos 'PKEY_PARAM_PAD_MODE' => "pad-mode", 298 1.1 christos 'PKEY_PARAM_DIGEST_SIZE' => "digest-size", 299 1.1 christos 'PKEY_PARAM_MASKGENFUNC' => "mgf", 300 1.1 christos 'PKEY_PARAM_MGF1_DIGEST' => "mgf1-digest", 301 1.1 christos 'PKEY_PARAM_MGF1_PROPERTIES' => "mgf1-properties", 302 1.1 christos 'PKEY_PARAM_ENCODED_PUBLIC_KEY' => "encoded-pub-key", 303 1.1 christos 'PKEY_PARAM_GROUP_NAME' => "group", 304 1.1 christos 'PKEY_PARAM_DIST_ID' => "distid", 305 1.1 christos 'PKEY_PARAM_PUB_KEY' => "pub", 306 1.1 christos 'PKEY_PARAM_PRIV_KEY' => "priv", 307 1.1 christos # PKEY_PARAM_IMPLICIT_REJECTION isn't actually used, or meaningful. We keep 308 1.1 christos # it for API stability, but please use ASYM_CIPHER_PARAM_IMPLICIT_REJECTION 309 1.1 christos # instead. 310 1.1 christos 'PKEY_PARAM_IMPLICIT_REJECTION' => "implicit-rejection", 311 1.1 christos 'PKEY_PARAM_FIPS_DIGEST_CHECK' => "digest-check", 312 1.1 christos 'PKEY_PARAM_FIPS_KEY_CHECK' => "key-check", 313 1.1 christos 'PKEY_PARAM_ALGORITHM_ID' => '*ALG_PARAM_ALGORITHM_ID', 314 1.1 christos 'PKEY_PARAM_ALGORITHM_ID_PARAMS' => '*ALG_PARAM_ALGORITHM_ID_PARAMS', 315 1.1 christos 316 1.1 christos # Diffie-Hellman/DSA Parameters 317 1.1 christos 'PKEY_PARAM_FFC_P' => "p", 318 1.1 christos 'PKEY_PARAM_FFC_G' => "g", 319 1.1 christos 'PKEY_PARAM_FFC_Q' => "q", 320 1.1 christos 'PKEY_PARAM_FFC_GINDEX' => "gindex", 321 1.1 christos 'PKEY_PARAM_FFC_PCOUNTER' => "pcounter", 322 1.1 christos 'PKEY_PARAM_FFC_SEED' => "seed", 323 1.1 christos 'PKEY_PARAM_FFC_COFACTOR' => "j", 324 1.1 christos 'PKEY_PARAM_FFC_H' => "hindex", 325 1.1 christos 'PKEY_PARAM_FFC_VALIDATE_PQ' => "validate-pq", 326 1.1 christos 'PKEY_PARAM_FFC_VALIDATE_G' => "validate-g", 327 1.1 christos 'PKEY_PARAM_FFC_VALIDATE_LEGACY' => "validate-legacy", 328 1.1 christos 329 1.1 christos # Diffie-Hellman params 330 1.1 christos 'PKEY_PARAM_DH_GENERATOR' => "safeprime-generator", 331 1.1 christos 'PKEY_PARAM_DH_PRIV_LEN' => "priv_len", 332 1.1 christos 333 1.1 christos # Elliptic Curve Domain Parameters 334 1.1 christos 'PKEY_PARAM_EC_PUB_X' => "qx", 335 1.1 christos 'PKEY_PARAM_EC_PUB_Y' => "qy", 336 1.1 christos 337 1.1 christos # Elliptic Curve Explicit Domain Parameters 338 1.1 christos 'PKEY_PARAM_EC_FIELD_TYPE' => "field-type", 339 1.1 christos 'PKEY_PARAM_EC_P' => "p", 340 1.1 christos 'PKEY_PARAM_EC_A' => "a", 341 1.1 christos 'PKEY_PARAM_EC_B' => "b", 342 1.1 christos 'PKEY_PARAM_EC_GENERATOR' => "generator", 343 1.1 christos 'PKEY_PARAM_EC_ORDER' => "order", 344 1.1 christos 'PKEY_PARAM_EC_COFACTOR' => "cofactor", 345 1.1 christos 'PKEY_PARAM_EC_SEED' => "seed", 346 1.1 christos 'PKEY_PARAM_EC_CHAR2_M' => "m", 347 1.1 christos 'PKEY_PARAM_EC_CHAR2_TYPE' => "basis-type", 348 1.1 christos 'PKEY_PARAM_EC_CHAR2_TP_BASIS' => "tp", 349 1.1 christos 'PKEY_PARAM_EC_CHAR2_PP_K1' => "k1", 350 1.1 christos 'PKEY_PARAM_EC_CHAR2_PP_K2' => "k2", 351 1.1 christos 'PKEY_PARAM_EC_CHAR2_PP_K3' => "k3", 352 1.1 christos 'PKEY_PARAM_EC_DECODED_FROM_EXPLICIT_PARAMS' => "decoded-from-explicit", 353 1.1 christos 354 1.1 christos # Elliptic Curve Key Parameters 355 1.1 christos 'PKEY_PARAM_USE_COFACTOR_FLAG' => "use-cofactor-flag", 356 1.1 christos 'PKEY_PARAM_USE_COFACTOR_ECDH' => '*PKEY_PARAM_USE_COFACTOR_FLAG', 357 1.1 christos 358 1.1 christos # RSA Keys 359 1.1 christos # 360 1.1 christos # n, e, d are the usual public and private key components 361 1.1 christos # 362 1.1 christos # rsa-num is the number of factors, including p and q 363 1.1 christos # rsa-factor is used for each factor: p, q, r_i (i = 3, ...) 364 1.1 christos # rsa-exponent is used for each exponent: dP, dQ, d_i (i = 3, ...) 365 1.1 christos # rsa-coefficient is used for each coefficient: qInv, t_i (i = 3, ...) 366 1.1 christos # 367 1.1 christos # The number of rsa-factor items must be equal to the number of rsa-exponent 368 1.1 christos # items, and the number of rsa-coefficients must be one less. 369 1.1 christos # (the base i for the coefficients is 2, not 1, at least as implied by 370 1.1 christos # RFC 8017) 371 1.1 christos 372 1.1 christos 'PKEY_PARAM_RSA_N' => "n", 373 1.1 christos 'PKEY_PARAM_RSA_E' => "e", 374 1.1 christos 'PKEY_PARAM_RSA_D' => "d", 375 1.1 christos 'PKEY_PARAM_RSA_FACTOR' => "rsa-factor", 376 1.1 christos 'PKEY_PARAM_RSA_EXPONENT' => "rsa-exponent", 377 1.1 christos 'PKEY_PARAM_RSA_COEFFICIENT' => "rsa-coefficient", 378 1.1 christos 'PKEY_PARAM_RSA_FACTOR1' => "rsa-factor1", 379 1.1 christos 'PKEY_PARAM_RSA_FACTOR2' => "rsa-factor2", 380 1.1 christos 'PKEY_PARAM_RSA_FACTOR3' => "rsa-factor3", 381 1.1 christos 'PKEY_PARAM_RSA_FACTOR4' => "rsa-factor4", 382 1.1 christos 'PKEY_PARAM_RSA_FACTOR5' => "rsa-factor5", 383 1.1 christos 'PKEY_PARAM_RSA_FACTOR6' => "rsa-factor6", 384 1.1 christos 'PKEY_PARAM_RSA_FACTOR7' => "rsa-factor7", 385 1.1 christos 'PKEY_PARAM_RSA_FACTOR8' => "rsa-factor8", 386 1.1 christos 'PKEY_PARAM_RSA_FACTOR9' => "rsa-factor9", 387 1.1 christos 'PKEY_PARAM_RSA_FACTOR10' => "rsa-factor10", 388 1.1 christos 'PKEY_PARAM_RSA_EXPONENT1' => "rsa-exponent1", 389 1.1 christos 'PKEY_PARAM_RSA_EXPONENT2' => "rsa-exponent2", 390 1.1 christos 'PKEY_PARAM_RSA_EXPONENT3' => "rsa-exponent3", 391 1.1 christos 'PKEY_PARAM_RSA_EXPONENT4' => "rsa-exponent4", 392 1.1 christos 'PKEY_PARAM_RSA_EXPONENT5' => "rsa-exponent5", 393 1.1 christos 'PKEY_PARAM_RSA_EXPONENT6' => "rsa-exponent6", 394 1.1 christos 'PKEY_PARAM_RSA_EXPONENT7' => "rsa-exponent7", 395 1.1 christos 'PKEY_PARAM_RSA_EXPONENT8' => "rsa-exponent8", 396 1.1 christos 'PKEY_PARAM_RSA_EXPONENT9' => "rsa-exponent9", 397 1.1 christos 'PKEY_PARAM_RSA_EXPONENT10' => "rsa-exponent10", 398 1.1 christos 'PKEY_PARAM_RSA_COEFFICIENT1' => "rsa-coefficient1", 399 1.1 christos 'PKEY_PARAM_RSA_COEFFICIENT2' => "rsa-coefficient2", 400 1.1 christos 'PKEY_PARAM_RSA_COEFFICIENT3' => "rsa-coefficient3", 401 1.1 christos 'PKEY_PARAM_RSA_COEFFICIENT4' => "rsa-coefficient4", 402 1.1 christos 'PKEY_PARAM_RSA_COEFFICIENT5' => "rsa-coefficient5", 403 1.1 christos 'PKEY_PARAM_RSA_COEFFICIENT6' => "rsa-coefficient6", 404 1.1 christos 'PKEY_PARAM_RSA_COEFFICIENT7' => "rsa-coefficient7", 405 1.1 christos 'PKEY_PARAM_RSA_COEFFICIENT8' => "rsa-coefficient8", 406 1.1 christos 'PKEY_PARAM_RSA_COEFFICIENT9' => "rsa-coefficient9", 407 1.1 christos 408 1.1 christos # Key generation parameters 409 1.1 christos 'PKEY_PARAM_RSA_BITS' => '*PKEY_PARAM_BITS', 410 1.1 christos 'PKEY_PARAM_RSA_PRIMES' => "primes", 411 1.1 christos 'PKEY_PARAM_RSA_DIGEST' => '*PKEY_PARAM_DIGEST', 412 1.1 christos 'PKEY_PARAM_RSA_DIGEST_PROPS' => '*PKEY_PARAM_PROPERTIES', 413 1.1 christos 'PKEY_PARAM_RSA_MASKGENFUNC' => '*PKEY_PARAM_MASKGENFUNC', 414 1.1 christos 'PKEY_PARAM_RSA_MGF1_DIGEST' => '*PKEY_PARAM_MGF1_DIGEST', 415 1.1 christos 'PKEY_PARAM_RSA_PSS_SALTLEN' => "saltlen", 416 1.1 christos 'PKEY_PARAM_RSA_DERIVE_FROM_PQ' => "rsa-derive-from-pq", 417 1.1 christos 418 1.1 christos # EC, X25519 and X448 Key generation parameters 419 1.1 christos 'PKEY_PARAM_DHKEM_IKM' => "dhkem-ikm", 420 1.1 christos 421 1.1 christos # ML-KEM parameters 422 1.1 christos 'PKEY_PARAM_ML_KEM_SEED' => "seed", 423 1.1 christos 'PKEY_PARAM_ML_KEM_PREFER_SEED' => "ml-kem.prefer_seed", 424 1.1 christos 'PKEY_PARAM_ML_KEM_RETAIN_SEED' => "ml-kem.retain_seed", 425 1.1 christos 'PKEY_PARAM_ML_KEM_INPUT_FORMATS' => "ml-kem.input_formats", 426 1.1 christos 'PKEY_PARAM_ML_KEM_OUTPUT_FORMATS' => "ml-kem.output_formats", 427 1.1 christos 'PKEY_PARAM_ML_KEM_IMPORT_PCT_TYPE' => "ml-kem.import_pct_type", 428 1.1 christos 429 1.1 christos # Key generation parameters 430 1.1 christos 'PKEY_PARAM_FFC_TYPE' => "type", 431 1.1 christos 'PKEY_PARAM_FFC_PBITS' => "pbits", 432 1.1 christos 'PKEY_PARAM_FFC_QBITS' => "qbits", 433 1.1 christos 'PKEY_PARAM_FFC_DIGEST' => '*PKEY_PARAM_DIGEST', 434 1.1 christos 'PKEY_PARAM_FFC_DIGEST_PROPS' => '*PKEY_PARAM_PROPERTIES', 435 1.1 christos 436 1.1 christos 'PKEY_PARAM_EC_ENCODING' => "encoding",# utf8_string 437 1.1 christos 'PKEY_PARAM_EC_POINT_CONVERSION_FORMAT' => "point-format", 438 1.1 christos 'PKEY_PARAM_EC_GROUP_CHECK_TYPE' => "group-check", 439 1.1 christos 'PKEY_PARAM_EC_INCLUDE_PUBLIC' => "include-public", 440 1.1 christos 'PKEY_PARAM_FIPS_SIGN_CHECK' => "sign-check", 441 1.1 christos 'PKEY_PARAM_FIPS_APPROVED_INDICATOR' => '*ALG_PARAM_FIPS_APPROVED_INDICATOR', 442 1.1 christos 443 1.1 christos # ML_DSA Key generation parameter 444 1.1 christos 'PKEY_PARAM_ML_DSA_SEED' => "seed", 445 1.1 christos 'PKEY_PARAM_ML_DSA_RETAIN_SEED' => "ml-dsa.retain_seed", 446 1.1 christos 'PKEY_PARAM_ML_DSA_PREFER_SEED' => "ml-dsa.prefer_seed", 447 1.1 christos 'PKEY_PARAM_ML_DSA_INPUT_FORMATS' => "ml-dsa.input_formats", 448 1.1 christos 'PKEY_PARAM_ML_DSA_OUTPUT_FORMATS' => "ml-dsa.output_formats", 449 1.1 christos 450 1.1 christos # SLH_DSA Key generation parameters 451 1.1 christos 'PKEY_PARAM_SLH_DSA_SEED' => "seed", 452 1.1 christos 453 1.1 christos # Key Exchange parameters 454 1.1 christos 'EXCHANGE_PARAM_PAD' => "pad",# uint 455 1.1 christos 'EXCHANGE_PARAM_EC_ECDH_COFACTOR_MODE' => "ecdh-cofactor-mode",# int 456 1.1 christos 'EXCHANGE_PARAM_KDF_TYPE' => "kdf-type",# utf8_string 457 1.1 christos 'EXCHANGE_PARAM_KDF_DIGEST' => "kdf-digest",# utf8_string 458 1.1 christos 'EXCHANGE_PARAM_KDF_DIGEST_PROPS' => "kdf-digest-props",# utf8_string 459 1.1 christos 'EXCHANGE_PARAM_KDF_OUTLEN' => "kdf-outlen",# size_t 460 1.1 christos # The following parameter is an octet_string on set and an octet_ptr on get 461 1.1 christos 'EXCHANGE_PARAM_KDF_UKM' => "kdf-ukm", 462 1.1 christos 'EXCHANGE_PARAM_FIPS_DIGEST_CHECK' => '*PKEY_PARAM_FIPS_DIGEST_CHECK', 463 1.1 christos 'EXCHANGE_PARAM_FIPS_KEY_CHECK' => '*PKEY_PARAM_FIPS_KEY_CHECK', 464 1.1 christos 'EXCHANGE_PARAM_FIPS_ECDH_COFACTOR_CHECK' => '*PROV_PARAM_ECDH_COFACTOR_CHECK', 465 1.1 christos 'EXCHANGE_PARAM_FIPS_APPROVED_INDICATOR' => '*ALG_PARAM_FIPS_APPROVED_INDICATOR', 466 1.1 christos 467 1.1 christos # Signature parameters 468 1.1 christos 'SIGNATURE_PARAM_ALGORITHM_ID' => '*PKEY_PARAM_ALGORITHM_ID', 469 1.1 christos 'SIGNATURE_PARAM_ALGORITHM_ID_PARAMS' => '*PKEY_PARAM_ALGORITHM_ID_PARAMS', 470 1.1 christos 'SIGNATURE_PARAM_PAD_MODE' => '*PKEY_PARAM_PAD_MODE', 471 1.1 christos 'SIGNATURE_PARAM_DIGEST' => '*PKEY_PARAM_DIGEST', 472 1.1 christos 'SIGNATURE_PARAM_PROPERTIES' => '*PKEY_PARAM_PROPERTIES', 473 1.1 christos 'SIGNATURE_PARAM_PSS_SALTLEN' => "saltlen", 474 1.1 christos 'SIGNATURE_PARAM_MGF1_DIGEST' => '*PKEY_PARAM_MGF1_DIGEST', 475 1.1 christos 'SIGNATURE_PARAM_MGF1_PROPERTIES' => '*PKEY_PARAM_MGF1_PROPERTIES', 476 1.1 christos 'SIGNATURE_PARAM_DIGEST_SIZE' => '*PKEY_PARAM_DIGEST_SIZE', 477 1.1 christos 'SIGNATURE_PARAM_NONCE_TYPE' => "nonce-type", 478 1.1 christos 'SIGNATURE_PARAM_INSTANCE' => "instance", 479 1.1 christos 'SIGNATURE_PARAM_CONTEXT_STRING' => "context-string", 480 1.1 christos 'SIGNATURE_PARAM_FIPS_DIGEST_CHECK' => '*PKEY_PARAM_FIPS_DIGEST_CHECK', 481 1.1 christos 'SIGNATURE_PARAM_FIPS_VERIFY_MESSAGE' => 'verify-message', 482 1.1 christos 'SIGNATURE_PARAM_FIPS_KEY_CHECK' => '*PKEY_PARAM_FIPS_KEY_CHECK', 483 1.1 christos 'SIGNATURE_PARAM_FIPS_SIGN_CHECK' => '*PKEY_PARAM_FIPS_SIGN_CHECK', 484 1.1 christos 'SIGNATURE_PARAM_FIPS_RSA_PSS_SALTLEN_CHECK' => "rsa-pss-saltlen-check", 485 1.1 christos 'SIGNATURE_PARAM_FIPS_SIGN_X931_PAD_CHECK' => "sign-x931-pad-check", 486 1.1 christos 'SIGNATURE_PARAM_FIPS_APPROVED_INDICATOR' => '*ALG_PARAM_FIPS_APPROVED_INDICATOR', 487 1.1 christos 'SIGNATURE_PARAM_SIGNATURE' => "signature", 488 1.1 christos 'SIGNATURE_PARAM_MESSAGE_ENCODING' => "message-encoding", 489 1.1 christos 'SIGNATURE_PARAM_DETERMINISTIC' => "deterministic", 490 1.1 christos 'SIGNATURE_PARAM_MU' => "mu", # int 491 1.1 christos 'SIGNATURE_PARAM_TEST_ENTROPY' => "test-entropy", 492 1.1 christos 'SIGNATURE_PARAM_ADD_RANDOM' => "additional-random", 493 1.1 christos 494 1.1 christos # Asym cipher parameters 495 1.1 christos 'ASYM_CIPHER_PARAM_DIGEST' => '*PKEY_PARAM_DIGEST', 496 1.1 christos 'ASYM_CIPHER_PARAM_PROPERTIES' => '*PKEY_PARAM_PROPERTIES', 497 1.1 christos 'ASYM_CIPHER_PARAM_ENGINE' => '*PKEY_PARAM_ENGINE', 498 1.1 christos 'ASYM_CIPHER_PARAM_PAD_MODE' => '*PKEY_PARAM_PAD_MODE', 499 1.1 christos 'ASYM_CIPHER_PARAM_MGF1_DIGEST' => '*PKEY_PARAM_MGF1_DIGEST', 500 1.1 christos 'ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS' => '*PKEY_PARAM_MGF1_PROPERTIES', 501 1.1 christos 'ASYM_CIPHER_PARAM_OAEP_DIGEST' => '*ALG_PARAM_DIGEST', 502 1.1 christos 'ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS' => "digest-props", 503 1.1 christos # The following parameter is an octet_string on set and an octet_ptr on get 504 1.1 christos 'ASYM_CIPHER_PARAM_OAEP_LABEL' => "oaep-label", 505 1.1 christos 'ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION' => "tls-client-version", 506 1.1 christos 'ASYM_CIPHER_PARAM_TLS_NEGOTIATED_VERSION' => "tls-negotiated-version", 507 1.1 christos 'ASYM_CIPHER_PARAM_IMPLICIT_REJECTION' => "implicit-rejection", 508 1.1 christos 'ASYM_CIPHER_PARAM_FIPS_RSA_PKCS15_PAD_DISABLED' => '*PROV_PARAM_RSA_PKCS15_PAD_DISABLED', 509 1.1 christos 'ASYM_CIPHER_PARAM_FIPS_KEY_CHECK' => '*PKEY_PARAM_FIPS_KEY_CHECK', 510 1.1 christos 'ASYM_CIPHER_PARAM_FIPS_APPROVED_INDICATOR' => '*ALG_PARAM_FIPS_APPROVED_INDICATOR', 511 1.1 christos 512 1.1 christos # Encoder / decoder parameters 513 1.1 christos 514 1.1 christos 'ENCODER_PARAM_CIPHER' => '*ALG_PARAM_CIPHER', 515 1.1 christos 'ENCODER_PARAM_PROPERTIES' => '*ALG_PARAM_PROPERTIES', 516 1.1 christos # Currently PVK only, but reusable for others as needed 517 1.1 christos 'ENCODER_PARAM_ENCRYPT_LEVEL' => "encrypt-level", 518 1.1 christos 'ENCODER_PARAM_SAVE_PARAMETERS' => "save-parameters",# integer 519 1.1 christos 520 1.1 christos 'DECODER_PARAM_PROPERTIES' => '*ALG_PARAM_PROPERTIES', 521 1.1 christos 522 1.1 christos # Passphrase callback parameters 523 1.1 christos 'PASSPHRASE_PARAM_INFO' => "info", 524 1.1 christos 525 1.1 christos # Keygen callback parameters, from provider to libcrypto 526 1.1 christos 'GEN_PARAM_POTENTIAL' => "potential",# integer 527 1.1 christos 'GEN_PARAM_ITERATION' => "iteration",# integer 528 1.1 christos 529 1.1 christos # ACVP Test parameters : These should not be used normally 530 1.1 christos 'PKEY_PARAM_RSA_TEST_XP1' => "xp1", 531 1.1 christos 'PKEY_PARAM_RSA_TEST_XP2' => "xp2", 532 1.1 christos 'PKEY_PARAM_RSA_TEST_XP' => "xp", 533 1.1 christos 'PKEY_PARAM_RSA_TEST_XQ1' => "xq1", 534 1.1 christos 'PKEY_PARAM_RSA_TEST_XQ2' => "xq2", 535 1.1 christos 'PKEY_PARAM_RSA_TEST_XQ' => "xq", 536 1.1 christos 'PKEY_PARAM_RSA_TEST_P1' => "p1", 537 1.1 christos 'PKEY_PARAM_RSA_TEST_P2' => "p2", 538 1.1 christos 'PKEY_PARAM_RSA_TEST_Q1' => "q1", 539 1.1 christos 'PKEY_PARAM_RSA_TEST_Q2' => "q2", 540 1.1 christos 'SIGNATURE_PARAM_KAT' => "kat", 541 1.1 christos 542 1.1 christos # KEM parameters 543 1.1 christos 'KEM_PARAM_OPERATION' => "operation", 544 1.1 christos 'KEM_PARAM_IKME' => "ikme", 545 1.1 christos 'KEM_PARAM_FIPS_KEY_CHECK' => '*PKEY_PARAM_FIPS_KEY_CHECK', 546 1.1 christos 'KEM_PARAM_FIPS_APPROVED_INDICATOR' => '*ALG_PARAM_FIPS_APPROVED_INDICATOR', 547 1.1 christos 548 1.1 christos # Capabilities 549 1.1 christos 550 1.1 christos # TLS-GROUP Capability 551 1.1 christos 'CAPABILITY_TLS_GROUP_NAME' => "tls-group-name", 552 1.1 christos 'CAPABILITY_TLS_GROUP_NAME_INTERNAL' => "tls-group-name-internal", 553 1.1 christos 'CAPABILITY_TLS_GROUP_ID' => "tls-group-id", 554 1.1 christos 'CAPABILITY_TLS_GROUP_ALG' => "tls-group-alg", 555 1.1 christos 'CAPABILITY_TLS_GROUP_SECURITY_BITS' => "tls-group-sec-bits", 556 1.1 christos 'CAPABILITY_TLS_GROUP_IS_KEM' => "tls-group-is-kem", 557 1.1 christos 'CAPABILITY_TLS_GROUP_MIN_TLS' => "tls-min-tls", 558 1.1 christos 'CAPABILITY_TLS_GROUP_MAX_TLS' => "tls-max-tls", 559 1.1 christos 'CAPABILITY_TLS_GROUP_MIN_DTLS' => "tls-min-dtls", 560 1.1 christos 'CAPABILITY_TLS_GROUP_MAX_DTLS' => "tls-max-dtls", 561 1.1 christos 562 1.1 christos # TLS-SIGALG Capability 563 1.1 christos 'CAPABILITY_TLS_SIGALG_IANA_NAME' => "tls-sigalg-iana-name", 564 1.1 christos 'CAPABILITY_TLS_SIGALG_CODE_POINT' => "tls-sigalg-code-point", 565 1.1 christos 'CAPABILITY_TLS_SIGALG_NAME' => "tls-sigalg-name", 566 1.1 christos 'CAPABILITY_TLS_SIGALG_OID' => "tls-sigalg-oid", 567 1.1 christos 'CAPABILITY_TLS_SIGALG_SIG_NAME' => "tls-sigalg-sig-name", 568 1.1 christos 'CAPABILITY_TLS_SIGALG_SIG_OID' => "tls-sigalg-sig-oid", 569 1.1 christos 'CAPABILITY_TLS_SIGALG_HASH_NAME' => "tls-sigalg-hash-name", 570 1.1 christos 'CAPABILITY_TLS_SIGALG_HASH_OID' => "tls-sigalg-hash-oid", 571 1.1 christos 'CAPABILITY_TLS_SIGALG_KEYTYPE' => "tls-sigalg-keytype", 572 1.1 christos 'CAPABILITY_TLS_SIGALG_KEYTYPE_OID' => "tls-sigalg-keytype-oid", 573 1.1 christos 'CAPABILITY_TLS_SIGALG_SECURITY_BITS' => "tls-sigalg-sec-bits", 574 1.1 christos 'CAPABILITY_TLS_SIGALG_MIN_TLS' => "tls-min-tls", 575 1.1 christos 'CAPABILITY_TLS_SIGALG_MAX_TLS' => "tls-max-tls", 576 1.1 christos 'CAPABILITY_TLS_SIGALG_MIN_DTLS' => "tls-min-dtls", 577 1.1 christos 'CAPABILITY_TLS_SIGALG_MAX_DTLS' => "tls-max-dtls", 578 1.1 christos 579 1.1 christos # storemgmt parameters 580 1.1 christos 581 1.1 christos 582 1.1 christos # Used by storemgmt_ctx_set_params(): 583 1.1 christos # 584 1.1 christos # - STORE_PARAM_EXPECT is an INTEGER, and the value is any of the 585 1.1 christos # STORE_INFO numbers. This is used to set the expected type of 586 1.1 christos # object loaded. 587 1.1 christos # 588 1.1 christos # - STORE_PARAM_SUBJECT, STORE_PARAM_ISSUER, 589 1.1 christos # STORE_PARAM_SERIAL, STORE_PARAM_FINGERPRINT, 590 1.1 christos # STORE_PARAM_DIGEST, STORE_PARAM_ALIAS 591 1.1 christos # are used as search criteria. 592 1.1 christos # (STORE_PARAM_DIGEST is used with STORE_PARAM_FINGERPRINT) 593 1.1 christos 594 1.1 christos 'STORE_PARAM_EXPECT' => "expect", # INTEGER 595 1.1 christos 'STORE_PARAM_SUBJECT' => "subject", # DER blob => OCTET_STRING 596 1.1 christos 'STORE_PARAM_ISSUER' => "name", # DER blob => OCTET_STRING 597 1.1 christos 'STORE_PARAM_SERIAL' => "serial", # INTEGER 598 1.1 christos 'STORE_PARAM_DIGEST' => "digest", # UTF8_STRING 599 1.1 christos 'STORE_PARAM_FINGERPRINT' => "fingerprint", # OCTET_STRING 600 1.1 christos 'STORE_PARAM_ALIAS' => "alias", # UTF8_STRING 601 1.1 christos 602 1.1 christos # You may want to pass properties for the provider implementation to use 603 1.1 christos 'STORE_PARAM_PROPERTIES' => "properties", # utf8_string 604 1.1 christos # DECODER input type if a decoder is used by the store 605 1.1 christos 'STORE_PARAM_INPUT_TYPE' => "input-type", # UTF8_STRING 606 1.1 christos 607 1.1 christos 608 1.1 christos # Libssl record layer 609 1.1 christos 'LIBSSL_RECORD_LAYER_PARAM_OPTIONS' => "options", 610 1.1 christos 'LIBSSL_RECORD_LAYER_PARAM_MODE' => "mode", 611 1.1 christos 'LIBSSL_RECORD_LAYER_PARAM_READ_AHEAD' => "read_ahead", 612 1.1 christos 'LIBSSL_RECORD_LAYER_READ_BUFFER_LEN' => "read_buffer_len", 613 1.1 christos 'LIBSSL_RECORD_LAYER_PARAM_USE_ETM' => "use_etm", 614 1.1 christos 'LIBSSL_RECORD_LAYER_PARAM_STREAM_MAC' => "stream_mac", 615 1.1 christos 'LIBSSL_RECORD_LAYER_PARAM_TLSTREE' => "tlstree", 616 1.1 christos 'LIBSSL_RECORD_LAYER_PARAM_MAX_FRAG_LEN' => "max_frag_len", 617 1.1 christos 'LIBSSL_RECORD_LAYER_PARAM_MAX_EARLY_DATA' => "max_early_data", 618 1.1 christos 'LIBSSL_RECORD_LAYER_PARAM_BLOCK_PADDING' => "block_padding", 619 1.1 christos 'LIBSSL_RECORD_LAYER_PARAM_HS_PADDING' => "hs_padding", 620 1.1 christos 621 1.1.1.2 christos # Symmetric Key parameters 622 1.1 christos 'SKEY_PARAM_RAW_BYTES' => "raw-bytes", 623 1.1 christos 'SKEY_PARAM_KEY_LENGTH' => "key-length", 624 1.1 christos ); 625 1.1 christos 626 1.1 christos # Generate string based macros for public consumption 627 1.1 christos sub generate_public_macros { 628 1.1 christos my @macros = (); 629 1.1 christos 630 1.1 christos foreach my $name (keys %params) { 631 1.1 christos my $val = $params{$name}; 632 1.1 christos my $def = '# define OSSL_' . $name . ' '; 633 1.1 christos 634 1.1 christos if (substr($val, 0, 1) eq '*') { 635 1.1 christos $def .= 'OSSL_' . substr($val, 1); 636 1.1 christos } else { 637 1.1 christos $def .= '"' . $val . '"'; 638 1.1 christos } 639 1.1 christos push(@macros, $def) 640 1.1 christos } 641 1.1 christos return join("\n", sort @macros); 642 1.1 christos } 643 1.1 christos 644 1.1 christos # Generate number based macros for internal use 645 1.1 christos # The numbers are unique per string 646 1.1 christos sub generate_internal_macros { 647 1.1 christos my @macros = (); 648 1.1 christos my $count = 0; 649 1.1 christos my %reverse; 650 1.1 christos 651 1.1 christos # Determine the number for each unique string 652 1.1 christos # Sort the names to improve the chance of cache coherency 653 1.1 christos foreach my $name (sort keys %params) { 654 1.1 christos my $val = $params{$name}; 655 1.1 christos 656 1.1 christos if (substr($val, 0, 1) ne '*' and not defined $reverse{$val}) { 657 1.1 christos $reverse{$val} = $count++; 658 1.1 christos } 659 1.1 christos } 660 1.1 christos 661 1.1 christos # Output the defines 662 1.1 christos foreach my $name (keys %params) { 663 1.1 christos my $val = $params{$name}; 664 1.1 christos my $def = '#define PIDX_' . $name . ' '; 665 1.1 christos 666 1.1 christos if (substr($val, 0, 1) eq '*') { 667 1.1 christos $def .= 'PIDX_' . substr($val, 1); 668 1.1 christos } else { 669 1.1 christos $def .= $reverse{$val}; 670 1.1 christos } 671 1.1 christos push(@macros, $def) 672 1.1 christos } 673 1.1 christos return "#define NUM_PIDX $count\n\n" . join("\n", sort @macros); 674 1.1 christos } 675 1.1 christos 676 1.1 christos sub generate_trie { 677 1.1 christos my %trie; 678 1.1 christos my $nodes = 0; 679 1.1 christos my $chars = 0; 680 1.1 christos 681 1.1 christos foreach my $name (sort keys %params) { 682 1.1 christos my $val = $params{$name}; 683 1.1 christos if (substr($val, 0, 1) ne '*') { 684 1.1 christos my $cursor = \%trie; 685 1.1 christos 686 1.1 christos $chars += length($val); 687 1.1 christos for my $i (0 .. length($val) - 1) { 688 1.1 christos my $c = substr($val, $i, 1); 689 1.1 christos 690 1.1 christos if (not $case_sensitive) { 691 1.1 christos $c = '_' if $c eq '-'; 692 1.1 christos $c = lc $c; 693 1.1 christos } 694 1.1 christos 695 1.1 christos if (not defined $$cursor{$c}) { 696 1.1 christos $cursor->{$c} = {}; 697 1.1 christos $nodes++; 698 1.1 christos } 699 1.1 christos $cursor = $cursor->{$c}; 700 1.1 christos } 701 1.1 christos $cursor->{'val'} = $name; 702 1.1 christos } 703 1.1 christos } 704 1.1 christos #print "\n\n/* $nodes nodes for $chars letters*/\n\n"; 705 1.1 christos return %trie; 706 1.1 christos } 707 1.1 christos 708 1.1 christos sub generate_code_from_trie { 709 1.1 christos my $n = shift; 710 1.1 christos my $trieref = shift; 711 1.1 christos my $idt = " "; 712 1.1 christos my $indent0 = $idt x ($n + 1); 713 1.1 christos my $indent1 = $indent0 . $idt; 714 1.1 christos my $strcmp = $case_sensitive ? 'strcmp' : 'strcasecmp'; 715 1.1 christos 716 1.1 christos print "int ossl_param_find_pidx(const char *s)\n{\n" if $n == 0; 717 1.1 christos 718 1.1 christos if ($trieref->{'suffix'}) { 719 1.1 christos my $suf = $trieref->{'suffix'}; 720 1.1 christos 721 1.1 christos printf "%sif ($strcmp(\"$suf\", s + $n) == 0", $indent0; 722 1.1 christos if (not $case_sensitive) { 723 1.1 christos $suf =~ tr/_/-/; 724 1.1 christos print " || $strcmp(\"$suf\", s + $n) == 0" 725 1.1 christos if ($suf ne $trieref->{'suffix'}); 726 1.1 christos } 727 1.1 christos printf ")\n%sreturn PIDX_%s;\n", $indent1, $trieref->{'name'}; 728 1.1 christos #printf "%sbreak;\n", $indent0; 729 1.1 christos return; 730 1.1 christos } 731 1.1 christos 732 1.1 christos printf "%sswitch(s\[%d\]) {\n", $indent0, $n; 733 1.1 christos printf "%sdefault:\n", $indent0; 734 1.1 christos for my $l (sort keys %$trieref) { 735 1.1 christos if ($l eq 'val') { 736 1.1 christos printf "%sbreak;\n", $indent1; 737 1.1 christos printf "%scase '\\0':\n", $indent0; 738 1.1 christos printf "%sreturn PIDX_%s;\n", $indent1, $trieref->{'val'}; 739 1.1 christos } else { 740 1.1 christos printf "%sbreak;\n", $indent1; 741 1.1 christos printf "%scase '%s':", $indent0, $l; 742 1.1 christos if (not $case_sensitive) { 743 1.1 christos print " case '-':" if ($l eq '_'); 744 1.1 christos printf " case '%s':", uc $l if ($l =~ /[a-z]/); 745 1.1 christos } 746 1.1 christos print "\n"; 747 1.1 christos generate_code_from_trie($n + 1, $trieref->{$l}); 748 1.1 christos } 749 1.1 christos } 750 1.1 christos printf "%s}\n", $indent0; 751 1.1 christos print " return -1;\n}\n" if $n == 0; 752 1.1 christos return ""; 753 1.1 christos } 754 1.1 christos 755 1.1 christos # Find long endings and cache what they resolve to 756 1.1 christos sub locate_long_endings { 757 1.1 christos my $trieref = shift; 758 1.1 christos my @names = keys %$trieref; 759 1.1 christos my $num = @names; 760 1.1 christos 761 1.1 christos return (1, '', $trieref->{$names[0]}) if ($num == 1 and $names[0] eq 'val'); 762 1.1 christos 763 1.1 christos if ($num == 1) { 764 1.1 christos my ($res, $suffix, $name) = locate_long_endings($trieref->{$names[0]}); 765 1.1 christos my $e = $names[0] . $suffix; 766 1.1 christos if ($res) { 767 1.1 christos $trieref->{'suffix'} = $e; 768 1.1 christos $trieref->{'name'} = $name; 769 1.1 christos } 770 1.1 christos return $res, $e, $name; 771 1.1 christos } 772 1.1 christos 773 1.1 christos for my $l (@names) { 774 1.1 christos if ($l ne 'val') { 775 1.1 christos my ($res, $suffix, $name) = locate_long_endings($trieref->{$l}); 776 1.1 christos } 777 1.1 christos } 778 1.1 christos return 0, ''; 779 1.1 christos } 780 1.1 christos 781 1.1 christos sub produce_decoder { 782 1.1 christos my %t = generate_trie(); 783 1.1 christos my $s; 784 1.1 christos 785 1.1 christos locate_long_endings(\%t); 786 1.1 christos 787 1.1 christos open local *STDOUT, '>', \$s; 788 1.1 christos generate_code_from_trie(0, \%t); 789 1.1 christos return $s; 790 1.1 christos } 791
Indexes created Tue Mar 03 05:31:39 UTC 2026