1e1051a39Sopenharmony_ci=pod
2e1051a39Sopenharmony_ci
3e1051a39Sopenharmony_ci=head1 NAME
4e1051a39Sopenharmony_ci
5e1051a39Sopenharmony_ciprovider-object - A specification for a provider-native object abstraction
6e1051a39Sopenharmony_ci
7e1051a39Sopenharmony_ci=head1 SYNOPSIS
8e1051a39Sopenharmony_ci
9e1051a39Sopenharmony_ci=for openssl multiple includes
10e1051a39Sopenharmony_ci
11e1051a39Sopenharmony_ci #include <openssl/core_object.h>
12e1051a39Sopenharmony_ci #include <openssl/core_names.h>
13e1051a39Sopenharmony_ci
14e1051a39Sopenharmony_ci=head1 DESCRIPTION
15e1051a39Sopenharmony_ci
16e1051a39Sopenharmony_ciThe provider-native object abstraction is a set of L<OSSL_PARAM(3)> keys and
17e1051a39Sopenharmony_civalues that can be used to pass provider-native objects to OpenSSL library
18e1051a39Sopenharmony_cicode or between different provider operation implementations with the help
19e1051a39Sopenharmony_ciof OpenSSL library code.
20e1051a39Sopenharmony_ci
21e1051a39Sopenharmony_ciThe intention is that certain provider-native operations can pass any sort
22e1051a39Sopenharmony_ciof object that belong with other operations, or with OpenSSL library code.
23e1051a39Sopenharmony_ci
24e1051a39Sopenharmony_ciAn object may be passed in the following manners:
25e1051a39Sopenharmony_ci
26e1051a39Sopenharmony_ci=over 4
27e1051a39Sopenharmony_ci
28e1051a39Sopenharmony_ci=item 1.
29e1051a39Sopenharmony_ci
30e1051a39Sopenharmony_ciI<By value>
31e1051a39Sopenharmony_ci
32e1051a39Sopenharmony_ciThis means that the I<object data> is passed as an octet string or an UTF8
33e1051a39Sopenharmony_cistring, which can be handled in diverse ways by other provided implementations.
34e1051a39Sopenharmony_ciThe encoding of the object depends on the context it's used in; for example,
35e1051a39Sopenharmony_ciL<OSSL_DECODER(3)> allows multiple encodings, depending on existing decoders.
36e1051a39Sopenharmony_ciIf central OpenSSL library functionality is to handle the data directly, it
37e1051a39Sopenharmony_ciB<must> be encoded in DER for all object types except for B<OSSL_OBJECT_NAME>
38e1051a39Sopenharmony_ci(see L</Parameter reference> below), where it's assumed to a plain UTF8 string.
39e1051a39Sopenharmony_ci
40e1051a39Sopenharmony_ci=for comment A future extension might be to be able to specify encoding as a
41e1051a39Sopenharmony_ciseparate parameter.
42e1051a39Sopenharmony_ci
43e1051a39Sopenharmony_ci=item 2.
44e1051a39Sopenharmony_ci
45e1051a39Sopenharmony_ciI<By reference>
46e1051a39Sopenharmony_ci
47e1051a39Sopenharmony_ciThis means that the I<object data> isn't passed directly, an I<object
48e1051a39Sopenharmony_cireference> is passed instead.  It's an octet string that only the correct
49e1051a39Sopenharmony_ciprovider understands correctly.
50e1051a39Sopenharmony_ci
51e1051a39Sopenharmony_ci=back
52e1051a39Sopenharmony_ci
53e1051a39Sopenharmony_ciObjects I<by value> can be used by anything that handles DER encoded
54e1051a39Sopenharmony_ciobjects.
55e1051a39Sopenharmony_ci
56e1051a39Sopenharmony_ciObjects I<by reference> need a higher level of cooperation from the
57e1051a39Sopenharmony_ciimplementation where the object originated (let's call it X) and its target
58e1051a39Sopenharmony_ciimplementation (let's call it Y):
59e1051a39Sopenharmony_ci
60e1051a39Sopenharmony_ci=over 4
61e1051a39Sopenharmony_ci
62e1051a39Sopenharmony_ci=item 1.
63e1051a39Sopenharmony_ci
64e1051a39Sopenharmony_ciI<An object loading function in the target implementation>
65e1051a39Sopenharmony_ci
66e1051a39Sopenharmony_ciThe target implementation (Y) may have a function that can take an I<object
67e1051a39Sopenharmony_cireference>.  This can only be used if the target implementation is from the
68e1051a39Sopenharmony_cisame provider as the one originating the object abstraction in question (X).
69e1051a39Sopenharmony_ci
70e1051a39Sopenharmony_ciThe exact target implementation to use is determined from the I<object type>
71e1051a39Sopenharmony_ciand possibly the I<object data type>.
72e1051a39Sopenharmony_ciFor example, when the OpenSSL library receives an object abstraction with the
73e1051a39Sopenharmony_ciI<object type> B<OSSL_OBJECT_PKEY>, it will fetch a L<provider-keymgmt(7)>
74e1051a39Sopenharmony_ciusing the I<object data type> as its key type (the second argument in
75e1051a39Sopenharmony_ciL<EVP_KEYMGMT_fetch(3)>).
76e1051a39Sopenharmony_ci
77e1051a39Sopenharmony_ci=item 2.
78e1051a39Sopenharmony_ci
79e1051a39Sopenharmony_ciI<An object exporter in the originating implementation>
80e1051a39Sopenharmony_ci
81e1051a39Sopenharmony_ciThe originating implementation (X) may have an exporter function.  This
82e1051a39Sopenharmony_ciexporter function can be used to export the object in L<OSSL_PARAM(3)> form,
83e1051a39Sopenharmony_cithat can then be imported by the target implementation's imported function.
84e1051a39Sopenharmony_ci
85e1051a39Sopenharmony_ciThis can be used when it's not possible to fetch the target implementation
86e1051a39Sopenharmony_ci(Y) from the same provider.
87e1051a39Sopenharmony_ci
88e1051a39Sopenharmony_ci=back
89e1051a39Sopenharmony_ci
90e1051a39Sopenharmony_ci=head2 Parameter reference
91e1051a39Sopenharmony_ci
92e1051a39Sopenharmony_ciA provider-native object abstraction is an L<OSSL_PARAM(3)> with a selection
93e1051a39Sopenharmony_ciof the following parameters:
94e1051a39Sopenharmony_ci
95e1051a39Sopenharmony_ci=over 4
96e1051a39Sopenharmony_ci
97e1051a39Sopenharmony_ci=item "data" (B<OSSL_OBJECT_PARAM_DATA>) <octet string> or <UTF8 string>
98e1051a39Sopenharmony_ci
99e1051a39Sopenharmony_ciThe object data I<passed by value>.
100e1051a39Sopenharmony_ci
101e1051a39Sopenharmony_ci=item "reference" (B<OSSL_OBJECT_PARAM_REFERENCE>) <octet string>
102e1051a39Sopenharmony_ci
103e1051a39Sopenharmony_ciThe object data I<passed by reference>.
104e1051a39Sopenharmony_ci
105e1051a39Sopenharmony_ci=item "type" (B<OSSL_OBJECT_PARAM_TYPE>) <integer>
106e1051a39Sopenharmony_ci
107e1051a39Sopenharmony_ciThe I<object type>, a number that may have any of the following values (all
108e1051a39Sopenharmony_cidefined in F<< <openssl/core_object.h> >>):
109e1051a39Sopenharmony_ci
110e1051a39Sopenharmony_ci=over 4
111e1051a39Sopenharmony_ci
112e1051a39Sopenharmony_ci=item B<OSSL_OBJECT_NAME>
113e1051a39Sopenharmony_ci
114e1051a39Sopenharmony_ciThe object data may only be I<passed by value>, and should be a UTF8
115e1051a39Sopenharmony_cistring.
116e1051a39Sopenharmony_ci
117e1051a39Sopenharmony_ciThis is useful for L<provider-storemgmt(7)> when a URI load results in new
118e1051a39Sopenharmony_ciURIs.
119e1051a39Sopenharmony_ci
120e1051a39Sopenharmony_ci=item B<OSSL_OBJECT_PKEY>
121e1051a39Sopenharmony_ci
122e1051a39Sopenharmony_ciThe object data is suitable as provider-native B<EVP_PKEY> key data.  The
123e1051a39Sopenharmony_ciobject data may be I<passed by value> or I<passed by reference>.
124e1051a39Sopenharmony_ci
125e1051a39Sopenharmony_ci=item B<OSSL_OBJECT_CERT>
126e1051a39Sopenharmony_ci
127e1051a39Sopenharmony_ciThe object data is suitable as B<X509> data.  The object data for this
128e1051a39Sopenharmony_ciobject type can only be I<passed by value>, and should be an octet string.
129e1051a39Sopenharmony_ci
130e1051a39Sopenharmony_ciSince there's no provider-native X.509 object, OpenSSL libraries that
131e1051a39Sopenharmony_cireceive this object abstraction are expected to convert the data to a
132e1051a39Sopenharmony_ciB<X509> object with d2i_X509().
133e1051a39Sopenharmony_ci
134e1051a39Sopenharmony_ci=item B<OSSL_OBJECT_CRL>
135e1051a39Sopenharmony_ci
136e1051a39Sopenharmony_ciThe object data is suitable as B<X509_CRL> data.  The object data can
137e1051a39Sopenharmony_cionly be I<passed by value>, and should be an octet string.
138e1051a39Sopenharmony_ci
139e1051a39Sopenharmony_ciSince there's no provider-native X.509 CRL object, OpenSSL libraries that
140e1051a39Sopenharmony_cireceive this object abstraction are expected to convert the data to a
141e1051a39Sopenharmony_ciB<X509_CRL> object with d2i_X509_CRL().
142e1051a39Sopenharmony_ci
143e1051a39Sopenharmony_ci=back
144e1051a39Sopenharmony_ci
145e1051a39Sopenharmony_ci=item "data-type" (B<OSSL_OBJECT_PARAM_DATA_TYPE>) <UTF8 string>
146e1051a39Sopenharmony_ci
147e1051a39Sopenharmony_ciThe specific type of the object content.  Legitimate values depend on the
148e1051a39Sopenharmony_ciobject type; if it is B<OSSL_OBJECT_PKEY>, the data type is expected to be a
149e1051a39Sopenharmony_cikey type suitable for fetching a L<provider-keymgmt(7)> that can handle the
150e1051a39Sopenharmony_cidata.
151e1051a39Sopenharmony_ci
152e1051a39Sopenharmony_ci=for comment For objects with an unknown object type (OSSL_OBJECT_PARAM_TYPE
153e1051a39Sopenharmony_ciis either missing or has the value OSSL_OBJECT_UNKNOWN), libcrypto
154e1051a39Sopenharmony_ciinterprets the object data type as the input type for a decoder.
155e1051a39Sopenharmony_ci
156e1051a39Sopenharmony_ci=item "data-structure" (B<OSSL_OBJECT_PARAM_DATA_STRUCTURE>) <UTF8 string>
157e1051a39Sopenharmony_ci
158e1051a39Sopenharmony_ciThe outermost structure of the object content.  Legitimate values depend on
159e1051a39Sopenharmony_cithe object type.
160e1051a39Sopenharmony_ci
161e1051a39Sopenharmony_ci=item "desc" (B<OSSL_OBJECT_PARAM_DESC>) <UTF8 string>
162e1051a39Sopenharmony_ci
163e1051a39Sopenharmony_ciA human readable text that describes extra details on the object.
164e1051a39Sopenharmony_ci
165e1051a39Sopenharmony_ci=back
166e1051a39Sopenharmony_ci
167e1051a39Sopenharmony_ciWhen a provider-native object abtraction is used, it I<must> contain object
168e1051a39Sopenharmony_cidata in at least one form (object data I<passed by value>, i.e. the "data"
169e1051a39Sopenharmony_ciitem, or object data I<passed by reference>, i.e. the "reference" item).
170e1051a39Sopenharmony_ciBoth may be present at once, in which case the OpenSSL library code that
171e1051a39Sopenharmony_cireceives this will use the most optimal variant.
172e1051a39Sopenharmony_ci
173e1051a39Sopenharmony_ciFor objects with the object type B<OSSL_OBJECT_NAME>, that object type
174e1051a39Sopenharmony_ciI<must> be given.
175e1051a39Sopenharmony_ci
176e1051a39Sopenharmony_ci=head1 SEE ALSO
177e1051a39Sopenharmony_ci
178e1051a39Sopenharmony_ciL<provider(7)>, L<OSSL_DECODER(3)>
179e1051a39Sopenharmony_ci
180e1051a39Sopenharmony_ci=head1 HISTORY
181e1051a39Sopenharmony_ci
182e1051a39Sopenharmony_ciThe concept of providers and everything surrounding them was
183e1051a39Sopenharmony_ciintroduced in OpenSSL 3.0.
184e1051a39Sopenharmony_ci
185e1051a39Sopenharmony_ci=head1 COPYRIGHT
186e1051a39Sopenharmony_ci
187e1051a39Sopenharmony_ciCopyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
188e1051a39Sopenharmony_ci
189e1051a39Sopenharmony_ciLicensed under the Apache License 2.0 (the "License").  You may not use
190e1051a39Sopenharmony_cithis file except in compliance with the License.  You can obtain a copy
191e1051a39Sopenharmony_ciin the file LICENSE in the source distribution or at
192e1051a39Sopenharmony_ciL<https://www.openssl.org/source/license.html>.
193e1051a39Sopenharmony_ci
194e1051a39Sopenharmony_ci=cut
195