| Updated: April 19, 2023 |
The libqcrypto_pluginS.a plugin library and qcrypto/qcrypto_plugin.h header file allow you to create a custom plugin to use with the qcrypto library.
For detailed information on the plugin API, see “qcrypto_plugin.h”.
For information about the plugins that ship with the qcrypto library, see “Certicom plugin”, “TomCrypt plugin”, and “OpenSSL plugin”.
In your makefile, use -Wl,--whole-archive to link to libqcrypto_pluginS.a.
When a plugin is loaded, its global initialization function is called, which allows the plugin to initialize its internals and support for the third-party cryptography library (or libraries) that it wraps.
When a plugin is unbound or unloaded, its global finalization function is called, which allows the plugin to release resources and perform the required cleanup.
During global plugin initialization (part of the plugin loading process), one of the plugin tasks is to register which algorithms it supports. This registration task allows the QNX cryptography library to query the plugin when a user requests a particular algorithm function.
When a user requests an algorithm, the qcrypto library calls the algorithm's initialization function, which causes the plugin to allocate resources, perform other initialization tasks related to providing support for the algorithm (for example, loading a shared object library or allocating memory), or both.
When the qcrypto library user no longer requires a specific algorithm, it calls a release function that in turn calls the algorithm's un-initialization function. This activity allows the plugin to release resources related to the algorithm, perform cleanup, or both.
Algorithm interfaces that support initialization, update, and finalization functions must be re-usable. This requirement means that initializing an algorithm that has already been used restores it to a clean state and it can be used to perform another operation. It minimizes resource shuffling and allows an algorithm context to be used as many times as possible.
Where possible, algorithm names should be in lowercase letters and follow the NID naming scheme for standard algorithm names. If the name to use is not clear, use the OpenSSL naming convention, which is the one that is most commonly used. Names need to be standardized across implementations to maximize the interoperability of the various plugins. See “OpenSSL plugin” to see which names are currently used and supported.
Key handling and formats are the cornerstone of the qcrypto library. To ensure interoperability among all the supported plugins, keys and their parameters need to be stored in a standard format internally so that a key generated by one plugin can be used in another plugin algorithm, in a process that is transparent to the user. Plugins should provide full support for generating, exporting, and importing keys to and from any of the standard formats.
The following table describes how plugins should internally store each type of key. When a key is passed to an algorithm's initialization function, the plugin can make a copy of the key. It can convert the copy into whatever internal format the algorithm requires.
| Key type | Import format | Export format | Internal key format |
|---|---|---|---|
| RSA | |||
| Private keys | PKCS#8 PEM/DER | PKCS#8 PEM/DER | PKCS#8 DER |
| Public keys | X.509 PEM/DER | X.509 PEM/DER | X.509 DER |
| Elliptic-curve cryptography | |||
| Private keys | PKCS#8 PEM/DER | PKCS#8 PEM/DER | PKCS#8 DER |
| Public key | X.509 PEM/DER | X.509 PEM/DER | X.509 DER |
| Digital Signature Algorithm | |||
| Private keys | PKCS#8 PEM/DER | PKCS#8 PEM/DER | PKCS#8 DER |
| Public key | X.509 PEM/DER | X.509 PEM/DER | X.509 DER |
| Diffie-Hellman | |||
| Private keys | PKCS#8 PEM/DER | PKCS#8 PEM/DER | PKCS#8 DER |
| Public key | X.509 PEM/DER | X.509 PEM/DER | X.509 DER |
| Symmetric keys | |||
| All keys | Raw byte sequence | ||