From ac1bdb07c1b847692d1232e2b525f353b119e6b2 Mon Sep 17 00:00:00 2001 From: schwarze Date: Tue, 12 Sep 2023 15:29:03 +0000 Subject: [PATCH] document sizes for ED25519 and X25519, including the constants ED25519_KEYLEN and X25519_KEYLEN --- lib/libcrypto/man/EVP_PKEY_size.3 | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/lib/libcrypto/man/EVP_PKEY_size.3 b/lib/libcrypto/man/EVP_PKEY_size.3 index 3070aee0179..b45cda7f91f 100644 --- a/lib/libcrypto/man/EVP_PKEY_size.3 +++ b/lib/libcrypto/man/EVP_PKEY_size.3 @@ -1,10 +1,10 @@ -.\" $OpenBSD: EVP_PKEY_size.3,v 1.1 2022/07/13 19:10:40 schwarze Exp $ +.\" $OpenBSD: EVP_PKEY_size.3,v 1.2 2023/09/12 15:29:03 schwarze Exp $ .\" full merge up to: OpenSSL eed9d03b Jan 8 11:04:15 2020 +0100 .\" .\" This file is a derived work. .\" The changes are covered by the following Copyright and license: .\" -.\" Copyright (c) 2022 Ingo Schwarze +.\" Copyright (c) 2022, 2023 Ingo Schwarze .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -65,7 +65,7 @@ .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED .\" OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: July 13 2022 $ +.Dd $Mdocdate: September 12 2023 $ .Dt EVP_PKEY_SIZE 3 .Os .Sh NAME @@ -137,17 +137,26 @@ where it's desirable to know the upper limit in advance. By default, .Fn EVP_PKEY_size is supported for the following algorithms: -.Bl -column GOST01 "EVP_MAX_BLOCK_LENGTH = 32" +.Bl -column ED25519 "EVP_MAX_BLOCK_LENGTH = 32" .It Ta same result as from: .It CMAC Ta Dv EVP_MAX_BLOCK_LENGTH No = 32 .It DH Ta Xr DH_size 3 .It DSA Ta Xr DSA_size 3 .It EC Ta Xr ECDSA_size 3 +.It ED25519 Ta 64, but see below .It GOST01 Ta 64 or 128 .It HMAC Ta Dv EVP_MAX_MD_SIZE No = 64 .It RSA Ta Xr RSA_size 3 +.It X25519 Ta Dv X25519_KEYLEN No = 32 .El .Pp +For +.Dv EVP_PKEY_ED25519 , +the situation is special: while the key size is +.Dv ED25519_KEYLEN No = 32 bytes , +.Fn EVP_PKEY_size +returns 64 because the signature is longer than the keys. +.Pp The application program can support additional algorithms by calling .Xr EVP_PKEY_asn1_set_public 3 . .Pp @@ -157,14 +166,16 @@ returns the cryptographic length of the cryptosystem to which the key in belongs, in bits. The definition of cryptographic length is specific to the key cryptosystem. By default, the following algorithms are supported: -.Bl -column GOST01 "the public domain parameter p" DSA_bits(3) +.Bl -column ED25519 "the public domain parameter p" DSA_bits(3) .It Ta cryptographic length = Ta same result as from: .It Ta significant bits in ... Ta .It DH Ta the public domain parameter Fa p Ta Xr DH_bits 3 .It DSA Ta the public domain parameter Fa p Ta Xr DSA_bits 3 .It EC Ta the order of the group Ta Xr EC_GROUP_order_bits 3 +.It ED25519 Ta 253 Ta \(em .It GOST01 Ta 256 or 512 Ta \(em .It RSA Ta the public modulus Ta Xr RSA_bits 3 +.It X25519 Ta 253 Ta \(em .El .Pp The application program can support additional algorithms by calling @@ -175,13 +186,15 @@ returns the security strength measured in bits of the given .Fa pkey as defined in NIST SP800-57. By default, the following algorithms are supported: -.Bl -column GOST01 DSA_security_bits(3) +.Bl -column ED25519 DSA_security_bits(3) .It Ta same result as from: .It DH Ta Xr DH_security_bits 3 .It DSA Ta Xr DSA_security_bits 3 .It EC Ta Xr EC_GROUP_order_bits 3 divided by 2 +.It ED25519 Ta 128 .It GOST01 Ta not supported, return value is \-2 .It RSA Ta Xr RSA_security_bits 3 +.It X25519 Ta 128 .El .Pp For EC keys, if the result is greater than 80, it is rounded down -- 2.20.1