diff options
| author | Richard Levitte <levitte@openssl.org> | 2024-02-02 08:20:06 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2024-08-29 19:13:06 +0200 |
| commit | 1751334f59816d675a1ea85e98434a8231a58efe (patch) | |
| tree | 5524b04bc50566db2a187d9542c812fe7464c5fd /doc/man7/EVP_SIGNATURE-ED25519.pod | |
| parent | Fix compile err when building VC-CLANG-WIN64-CLANGASM-ARM target (diff) | |
| download | openssl-1751334f59816d675a1ea85e98434a8231a58efe.tar.xz openssl-1751334f59816d675a1ea85e98434a8231a58efe.zip | |
Refactor OpenSSL 'EdDSA' EVP_SIGNATURE to allow use with EVP_PKEY functions
Add EVP_PKEY_{sign,verify}_message support for our Ed25519 and Ed448
implementations, including ph and ctx variants.
Tests are added with test_evp stanzas.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24975)
Diffstat (limited to 'doc/man7/EVP_SIGNATURE-ED25519.pod')
| -rw-r--r-- | doc/man7/EVP_SIGNATURE-ED25519.pod | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/doc/man7/EVP_SIGNATURE-ED25519.pod b/doc/man7/EVP_SIGNATURE-ED25519.pod index aba56f3182..977470e225 100644 --- a/doc/man7/EVP_SIGNATURE-ED25519.pod +++ b/doc/man7/EVP_SIGNATURE-ED25519.pod @@ -12,7 +12,7 @@ Ed448 The B<Ed25519> and B<Ed448> EVP_PKEY implementation supports key generation, one-shot digest-sign and digest-verify using the EdDSA -signature scheme described in RFC 8032. It has associated private and +signature schemes described in RFC 8032. It has associated private and public key formats compatible with RFC 8410. =head2 EdDSA Instances @@ -36,6 +36,15 @@ B<context-string> as input to sign and verify operations (and for Ed25519ctx, the context-string must be nonempty). For the Ed25519 instance, a nonempty context-string is not permitted. +These instances can be specified as signature parameters when using +L<EVP_DigestSignInit(3)> and L<EVP_DigestVerifyInit(3)>, see +L</ED25519 and ED448 Signature Parameters> below. + +These instances are also explicitly fetchable as algorithms using +L<EVP_SIGNATURE_fetch(3)>, which can be used with +L<EVP_PKEY_sign_init_ex2(3)>, L<EVP_PKEY_verify_init_ex2(3)>, +L<EVP_PKEY_sign_message_init(3)> and L<EVP_PKEY_verify_message_init(3)>. + =head2 ED25519 and ED448 Signature Parameters Two parameters can be set during signing or verification: the EdDSA @@ -60,15 +69,22 @@ A string of octets with length at most 255. Both of these parameters are optional. -If the instance name is not specified, then the default "Ed25519" or -"Ed448" is used. - -If a context-string is not specified, then an empty context-string is -used. +When using L<EVP_DigestSignInit(3)> or L<EVP_DigestVerifyInit(3)>, the +signature algorithm is derived from the key type name. The key type name +("Ed25519" or "Ed448") is also the default for the instance, but this can be +changed with the "instance" parameter. Note that a message digest name must B<NOT> be specified when signing or verifying. +When using L<EVP_PKEY_sign_init_ex2(3)>, L<EVP_PKEY_verify_init_ex2(3)>, +L<EVP_PKEY_sign_message_init(3)> or L<EVP_PKEY_verify_message_init(3)>, the +instance is the explicit signature algorithm name, and may not be changed +(trying to give one with the "instance" parameter is therefore an error). + +If a context-string is not specified, then an empty context-string is +used. + See L<EVP_PKEY-X25519(7)> for information related to B<X25519> and B<X448> keys. The following signature parameters can be retrieved using |