📒 Blog home page: Actor's blog
🎉 Welcome to pay attention 🔎 give the thumbs-up 👍 Collection ⭐ Leave a message 📝
❤️ Look forward to communicating together!
🙏 The author's level is very limited. If you find an error, please let me know. Thank you!
🌺 If you have any questions, you can communicate by private letter!!!
🌺 outline
#include <openssl/core_dispatch.h> #include <openssl/core_names.h> /* * None of these are actual functions, but are displayed like this for * the function signatures for functions that are offered as function * pointers in OSSL_DISPATCH arrays. */ /* Context management */ void *OSSL_FUNC_signature_newctx(void *provctx); void OSSL_FUNC_signature_freectx(void *ctx); void *OSSL_FUNC_signature_dupctx(void *ctx); /* Signing */ int OSSL_FUNC_signature_sign_init(void *ctx, void *provkey, const OSSL_PARAM params[]); int OSSL_FUNC_signature_sign(void *ctx, unsigned char *sig, size_t *siglen, size_t sigsize, const unsigned char *tbs, size_t tbslen); /* Verifying */ int OSSL_FUNC_signature_verify_init(void *ctx, void *provkey, const OSSL_PARAM params[]); int OSSL_FUNC_signature_verify(void *ctx, const unsigned char *sig, size_t siglen, const unsigned char *tbs, size_t tbslen); /* Verify Recover */ int OSSL_FUNC_signature_verify_recover_init(void *ctx, void *provkey, const OSSL_PARAM params[]); int OSSL_FUNC_signature_verify_recover(void *ctx, unsigned char *rout, size_t *routlen, size_t routsize, const unsigned char *sig, size_t siglen); /* Digest Sign */ int OSSL_FUNC_signature_digest_sign_init(void *ctx, const char *mdname, const char *props, void *provkey, const OSSL_PARAM params[]); int OSSL_FUNC_signature_digest_sign_update(void *ctx, const unsigned char *data, size_t datalen); int OSSL_FUNC_signature_digest_sign_final(void *ctx, unsigned char *sig, size_t *siglen, size_t sigsize); int OSSL_FUNC_signature_digest_sign(void *ctx, unsigned char *sigret, size_t *siglen, size_t sigsize, const unsigned char *tbs, size_t tbslen); /* Digest Verify */ int OSSL_FUNC_signature_digest_verify_init(void *ctx, const char *mdname, const char *props, void *provkey, const OSSL_PARAM params[]); int OSSL_FUNC_signature_digest_verify_update(void *ctx, const unsigned char *data, size_t datalen); int OSSL_FUNC_signature_digest_verify_final(void *ctx, const unsigned char *sig, size_t siglen); int OSSL_FUNC_signature_digest_verify(void *ctx, const unsigned char *sig, size_t siglen, const unsigned char *tbs, size_t tbslen); /* Signature parameters */ int OSSL_FUNC_signature_get_ctx_params(void *ctx, OSSL_PARAM params[]); const OSSL_PARAM *OSSL_FUNC_signature_gettable_ctx_params(void *ctx, void *provctx); int OSSL_FUNC_signature_set_ctx_params(void *ctx, const OSSL_PARAM params[]); const OSSL_PARAM *OSSL_FUNC_signature_settable_ctx_params(void *ctx, void *provctx); /* MD parameters */ int OSSL_FUNC_signature_get_ctx_md_params(void *ctx, OSSL_PARAM params[]); const OSSL_PARAM * OSSL_FUNC_signature_gettable_ctx_md_params(void *ctx); int OSSL_FUNC_signature_set_ctx_md_params(void *ctx, const OSSL_PARAM params[]); const OSSL_PARAM * OSSL_FUNC_signature_settable_ctx_md_params(void *ctx);
🌻 describe
This document is mainly for provider authors. For more information, see provider.
The signature (OSSL_OP_SIGNATURE) operation enables the provider to implement the signature algorithm and EVP through the API function_ PKEY_ sign,EVP_PKEY_verify and EVP_PKEY_verify_recover (and other related functions) provides it to the application.
All the "functions" mentioned here are used as function pointers in libcrypto and ossl_ Pass between providers in the dispatch array through the provider provided by the provider_ query_ Ossl returned by operation() function_ Algorithm array (see "provider functions" in provider base).
All of these "functions" have a name called OSSL_FUNC_{name}_fn, and a helper function, which is used to_ FUNC_ Ossl for {name}_ Retrieves a function pointer from the dispatch element. For example, "function" OSSL_FUNC_signature_newctx() has the following functions:
typedef void *(OSSL_FUNC_signature_newctx_fn)(void *provctx); static ossl_inline OSSL_FUNC_signature_newctx_fn OSSL_FUNC_signature_newctx(const OSSL_DISPATCH *opf);
OSSL_ The dispatch array is created by OpenSSL core_ dispatch. The numbers provided as macros in H are indexed as follows:
OSSL_FUNC_signature_newctx OSSL_FUNC_SIGNATURE_NEWCTX OSSL_FUNC_signature_freectx OSSL_FUNC_SIGNATURE_FREECTX OSSL_FUNC_signature_dupctx OSSL_FUNC_SIGNATURE_DUPCTX OSSL_FUNC_signature_sign_init OSSL_FUNC_SIGNATURE_SIGN_INIT OSSL_FUNC_signature_sign OSSL_FUNC_SIGNATURE_SIGN OSSL_FUNC_signature_verify_init OSSL_FUNC_SIGNATURE_VERIFY_INIT OSSL_FUNC_signature_verify OSSL_FUNC_SIGNATURE_VERIFY OSSL_FUNC_signature_verify_recover_init OSSL_FUNC_SIGNATURE_VERIFY_RECOVER_INIT OSSL_FUNC_signature_verify_recover OSSL_FUNC_SIGNATURE_VERIFY_RECOVER OSSL_FUNC_signature_digest_sign_init OSSL_FUNC_SIGNATURE_DIGEST_SIGN_INIT OSSL_FUNC_signature_digest_sign_update OSSL_FUNC_SIGNATURE_DIGEST_SIGN_UPDATE OSSL_FUNC_signature_digest_sign_final OSSL_FUNC_SIGNATURE_DIGEST_SIGN_FINAL OSSL_FUNC_signature_digest_sign OSSL_FUNC_SIGNATURE_DIGEST_SIGN OSSL_FUNC_signature_digest_verify_init OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_INIT OSSL_FUNC_signature_digest_verify_update OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_UPDATE OSSL_FUNC_signature_digest_verify_final OSSL_FUNC_SIGNATURE_DIGEST_VERIFY_FINAL OSSL_FUNC_signature_digest_verify OSSL_FUNC_SIGNATURE_DIGEST_VERIFY OSSL_FUNC_signature_get_ctx_params OSSL_FUNC_SIGNATURE_GET_CTX_PARAMS OSSL_FUNC_signature_gettable_ctx_params OSSL_FUNC_SIGNATURE_GETTABLE_CTX_PARAMS OSSL_FUNC_signature_set_ctx_params OSSL_FUNC_SIGNATURE_SET_CTX_PARAMS OSSL_FUNC_signature_settable_ctx_params OSSL_FUNC_SIGNATURE_SETTABLE_CTX_PARAMS OSSL_FUNC_signature_get_ctx_md_params OSSL_FUNC_SIGNATURE_GET_CTX_MD_PARAMS OSSL_FUNC_signature_gettable_ctx_md_params OSSL_FUNC_SIGNATURE_GETTABLE_CTX_MD_PARAMS OSSL_FUNC_signature_set_ctx_md_params OSSL_FUNC_SIGNATURE_SET_CTX_MD_PARAMS OSSL_FUNC_signature_settable_ctx_md_params OSSL_FUNC_SIGNATURE_SETTABLE_CTX_MD_PARAMS
The signature algorithm implementation may not be able to achieve all these functions. In order to be a consistent set of functions, we must have at least one set of context functions (OSSL_FUNC_signature_newctx and OSSL_FUNC_signature_freectx) and a set of "signature" functions, that is, at least one:
OSSL_FUNC_signature_sign_init and OSSL_FUNC_signature_sign OSSL_FUNC_signature_verify_init and OSSL_FUNC_signature_verify OSSL_FUNC_signature_verify_recover_init and OSSL_FUNC_signature_verify_init OSSL_FUNC_signature_digest_sign_init,OSSL_FUNC_signature_digest_sign_update and OSSL_FUNC_signature_digest_sign_final OSSL_FUNC_signature_digest_verify_init,OSSL_FUNC_signature_digest_verify_update and OSSL_FUNC_signature_digest_verify_final OSSL_FUNC_signature_digest_sign_init and OSSL_FUNC_signature_digest_sign OSSL_FUNC_signature_digest_verify_init and OSSL_FUNC_signature_digest_verify
OSSL_FUNC_signature_set_ctx_params and OSSL_FUNC_signature_settable_ctx_params is optional, but if one exists, the other must also exist. The same applies to OSSL_FUNC_signature_get_ctx_params and OSSL_FUNC_signature_gettable_ctx_params and "md_params" function. OSSL_ FUNC_ signature_ The dupctx function is optional.
The signature algorithm must also implement some mechanisms to generate, load or import keys through key management (OSSL_OP_KEYMGMT). For more information, see provider - keymgmt.
🌹 Context management function
OSSL_FUNC_signature_newctx () should create and return a pointer to the provider side structure to hold context information during the signing operation. A pointer to this context will be passed back in many other signature operation function calls. The parameter provctx is the provider context generated during provider initialization (see provider).
OSSL_FUNC_signature_freectx() passes a pointer to the provider side signature context in the ctx parameter. This function should free any resources associated with the context.
OSSL_FUNC_signature_dupctx() should copy the provider side signature context in the ctx parameter and return a duplicate copy.
🌷 Signature function
OSSL_FUNC_signature_sign_init() initializes the context for signing, the provider side signing context in the given CTX parameter, and the pointer to the provider key object in the provkey parameter. Parameter (if not NULL), it should be used in a similar way to using OSSL_FUNC_signature_set_ctx_params() is set in the context. The key object should have been generated, loaded or imported into the provider previously using the key management (OSSL_OP_KEYMGMT) operation (see provider keymgmt).
OSSL_FUNC_signature_sign() executes the actual signature itself. Pass the previously initialized signature context in the ctx parameter. The data to be signed is pointed to the tbs parameter, whose length is tbslen bytes. Unless sig is NULL, the signature should be written to the position pointed to by the sig parameter, and the length should not exceed sigsize bytes. The length of the signature should be written in * signen. If sig is NULL, the maximum length of the signature should be written to * siglen.
🌼 Verification function
OSSL_FUNC_signature_verify_init() initializes a context, which is used to verify the signature of the provider side signature context given in the CTX parameter, and initializes the pointer to the provider key object in the provkey parameter. Parameter (if not NULL), it should be used in a similar way to using ossl_ FUNC_ signature_ set_ ctx_ Set in the context of params (). The key object should have been generated, loaded or imported into the provider previously using the key management (OSSL_OP_KEYMGMT) operation (see provider keymgmt).
OSSL_FUNC_signature_verify() performs the actual verification itself. Pass the previously initialized signature context in the ctx parameter. The data covered by the signature points to the tbs parameter, whose length is tbslen bytes. The signature is pointed to by the sig parameter, whose length is siglen bytes.
🌸 Verify recovery function
OSSL_FUNC_signature_verify_recover_init() initializes the context of the provider side signature context given in the CTX parameter, and initializes the pointer to the provider key object in the provkey parameter to recover the signed data. Parameter (if not NULL), it should be used in a similar way to using OSSL_FUNC_signature_set_ctx_params() is set in the context. Key objects should have been generated, loaded, or imported into the provider previously using key management (OSSL_OP_KEYMGMT) operations (see provider keymgmt).
OSSL_FUNC_signature_verify_recover() performs the actual verification of the recovery itself. Pass the previously initialized signature context in the ctx parameter. The signature is pointed to by the sig parameter, whose length is siglen bytes. Unless the route is NULL, the recovered data shall be written to the position pointed to by the route, and the length of the position shall not exceed the size bytes of the route. The length of recovered data should be written to * routlen. If route is NULL, the maximum size of the output buffer is written to the route parameter.
💐 Summary signature function
OSSL_FUNC_signature_digeset_sign_init() initializes the context for signing, the provider side signing context in the given CTX parameter, and the pointer to the provider key object in the provkey parameter. The parameter (if not NULL) should be in a format similar to using OSSL_FUNC_signature_set_ctx_params() and OSSL_FUNC_signature_set_ctx_md_params() is set in the context. The key object should have been generated, loaded or imported into the provider previously using the key management (OSSL_OP_KEYMGMT) operation (see provider keymgmt). The name of the summary to use will be in the mdname parameter. Some properties may also be used when getting a summary in the props parameter, although the provider may ignore this.
OSSL_FUNC_signature_digest_sign_update () provides the data to be signed in the data parameter. The length of the parameter should be datalen. Pass the previously initialized signature context in the ctx parameter. This function can be called multiple times to add cumulative data to be signed.
OSSL_FUNC_signature_digest_sign_final() completed previously through OSSL_FUNC_signature_digest_sign_init() and ossl_ FUNC_ signature_ digest_ sign_ The signature operation started by the update() call. Once finalized, it will no longer pass OSSL_FUNC_signature_digest_sign_update() adds more data. Pass the previously initialized signature context in the ctx parameter. Unless sig is NULL, the signature should be written to the position pointed to by the sig parameter, and the length should not exceed sigsize bytes. The length of the signature should be written in * signen. If sig is NULL, the maximum length of the signature should be written to * siglen.
OSSL_FUNC_signature_digest_sign() implements the previous OSSL_FUNC_signature_digeset_sign_init() initiated "one time" summary symbol operation. Pass the previously initialized signature context in the ctx parameter. The data to be signed is in tb, and the length should be tbslen bytes. Unless sig is NULL, the signature should be written to the position pointed to by the sig parameter, and the length should not exceed sigsize bytes. The length of the signature should be written in * signen. If sig is NULL, the maximum length of the signature should be written to * siglen.
🍂 Summary validation function
OSSL_FUNC_signature_digeset_verify_init() initializes a context to validate the provider side validation context given in the CTX parameter and the pointer to the provider key object in the provkey parameter. The parameter (if not NULL) should be in a format similar to OSSL_FUNC_signature_set_ctx_params() and OSSL_FUNC_signature_set_ctx_md_params() is set in the context. Key objects should have been generated, loaded, or imported into the provider previously using key management (OSSL_OP_KEYMGMT) operations (see provider keymgmt). The name of the summary to use will be in the mdname parameter. Some properties may also be used when getting a summary in the props parameter, although the provider may ignore this.
OSSL_FUNC_signature_digest_verify_update () provides the data to be verified in the data parameter. The length of the parameter should be datalen. Pass the previously initialized authentication context in the ctx parameter. This function can be called multiple times to add data to be verified cumulatively.
OSSL_FUNC_signature_digest_verify_final() completed previously through OSSL_FUNC_signature_digest_verify_init() and ossl_ FUNC_ signature_ digest_ verify_ The update() call initiates the validation operation. Once finalized, it will no longer pass OSSL_FUNC_signature_digest_verify_update() adds more data. Pass the previously initialized authentication context in the ctx parameter. The signature to be verified is in sig format with a length of siglen bytes.
OSSL_FUNC_signature_digest_verify() implements the previously passed ossl_ FUNC_ signature_ digeset_ verify_ "One time" summary validation operation initiated by init(). Pass the previously initialized authentication context in the ctx parameter. The data to be verified is in tb, and the length should be tbslen bytes. The signature to be verified is in sig format with a length of siglen bytes.
🍁 Signature parameters
About OSSL_FUNC_signature_get_ctx_params() and ossl_ FUNC_ signature_ set_ ctx_ For more details on the parameter structure used by the params() function, see OSSL_PARAM.
OSSL_FUNC_signature_get_ctx_params() gets the signature parameters associated with the given provider side signature context CTX and stores them in params. Passing NULL for params should return true.
OSSL_FUNC_signature_set_ctx_params() sets the signature parameter associated with the given provider side signature context CTX to params. Any parameter setting is an additional setting to any previously set parameter setting. Passing NULL for params should return true.
The common parameters recognized by the built-in signature algorithm are as follows.
-
"digest" (OSSL_SIGNATURE_PARAM_DIGEST) < UTF8 string >
Gets or sets the name of the digest algorithm used to enter the signature function. This is required in order to calculate the "algorithm id". -
"properties" (OSSL_SIGNATURE_PARAM_PROPERTIES) < UTF8 string >
Sets the name of the attribute query associated with the summary algorithm. If this optional value is not set, NULL is used. -
"digest-size" (OSSL_SIGNATURE_PARAM_DIGEST_SIZE) < unsigned integer >
Gets or sets the output size of the digest algorithm used to input the signature function. The length of the size parameter should not exceed the size of the summary_ The length of T. -
"algorithm-id" (OSSL_SIGNATURE_PARAM_ALGORITHM_ID) < octet string >
Obtain the algorithm identifier of DER coding, which corresponds to the combination of signature algorithm and digest algorithm of signature operation. -
"kat" (OSSL_SIGNATURE_PARAM_KAT) < unsigned integer >
Set a flag to modify the signature operation to return an error if the initial calculated signature is invalid. In normal operation mode - select a new random value until the signature operation is successful. By default, it retries until the signature is calculated. Setting this value to 0 will cause the symbol operation to retry, otherwise the signing operation will only be attempted once and return whether it is successful or not. If you override the random generator to provide known values that pass or fail, you can perform a known answer test.
OSSL_FUNC_signature_gettable_ctx_params() and OSSL_FUNC_signature_settable_ctx_params() gets a constant OSSL_PARAM array, which describes the obtainable parameters and settable parameters, which can be compared with ossl respectively_ FUNC_ signature_ get_ ctx_ Params() and ossl_ FUNC_ signature_ set_ ctx_ Parameters used with params(). See OSSL_PARAM to use OSSL_PARAM as parameter descriptor.
🌾 MD parameters
About OSSL_FUNC_signature_get_md_ctx_params() and ossl_ FUNC_ signature_ set_ md_ ctx_ For more details on the parameter structure used by the params() function, see OSSL_PARAM.
OSSL_FUNC_signature_get_md_ctx_params () gets the digest parameters associated with the given provider side digest signature context CTX and stores them in the parameters. Passing NULL for parameter should return true.
OSSL_FUNC_signature_set_ms_ctx_params() sets the digest parameter associated with the given provider side digest signature context CTX as a parameter. Any parameter setting is an additional setting to any previously set parameter setting. Passing NULL for parameter should return true.
Currently, the parameters identified by the built-in signature algorithm are the same as those of the built-in digest algorithm. For more information, see summary parameters in provider digest.
OSSL_FUNC_signature_gettable_md_ctx_params() and OSSL_FUNC_signature_settable_md_ctx_params() gets a constant OSSL_PARAM array, which describes the gettable and settable summary parameters, that is, it can be associated with ossl respectively_ FUNC_ signature_ get_ md_ ctx_ Params() and ossl_ FUNC_ signature_ set_ md_ ctx_ Parameters used with params(). See OSSL_PARAM to use OSSL_PARAM as parameter descriptor.
🥀 Return value
OSSL_FUNC_signature_newctx() and OSSL_FUNC_signature_dupctx() should return the newly created provider side signature or NULL on failure.
OSSL_FUNC_signature_gettable_ctx_params(),OSSL_FUNC_signature_settable_ctx_params(),OSSL_FUNC_signature_gettable_md_ctx_params() and OSSL_FUNC_signature_settable_md_ctx_params(), return constant ossl_ Fetchable or settable parameters in param array.
All other functions should return 1 for success or 0 for errors.