Provided by: openssl_3.5.0-2ubuntu1_amd64 bug

NAME
       EVP_KEM-X25519, EVP_KEM-X448 - EVP_KEM X25519 and EVP_KEM X448 keytype and algorithm support


DESCRIPTION
       The X25519 and <X448> keytype and its parameters are described in EVP_PKEY-X25519(7).  See
       EVP_PKEY_encapsulate(3) and EVP_PKEY_decapsulate(3) for more info.

   X25519 and X448 KEM parameters
       "operation" (OSSL_KEM_PARAM_OPERATION)<UTF8 string>
           The OpenSSL X25519 and X448 Key Encapsulation Mechanisms only support the following default operation
           (operating mode):

           "DHKEM" (OSSL_KEM_PARAM_OPERATION_DHKEM)
               The  encapsulate  function  generates  an  ephemeral keypair. It produces keymaterial by doing an
               X25519 or X448 key exchange using the ephemeral private key and a supplied recipient public  key.
               A  HKDF  operation  using  the  keymaterial  and a kem context then produces a shared secret. The
               shared secret and the ephemeral public key are  returned.   The  decapsulate  function  uses  the
               recipient  private  key  and  the ephemeral public key to produce the same keymaterial, which can
               then      be      used      to      produce      the      same      shared      secret.       See
               <https://www.rfc-editor.org/rfc/rfc9180.html#name-dh-based-kem-dhkem>

           This can be set using either EVP_PKEY_CTX_set_kem_op() or EVP_PKEY_CTX_set_params().

       "ikme" (OSSL_KEM_PARAM_IKME) <octet string>
           Used  to specify the key material used for generation of the ephemeral key.  This value should not be
           reused for other purposes.  It should have a length of at least 32 for X25519, and 56 for  X448.   If
           this value is not set, then a random ikm is used.


CONFORMING TO
       RFC9180


SEE ALSO
       EVP_PKEY_CTX_set_kem_op(3), EVP_PKEY_encapsulate(3), EVP_PKEY_decapsulate(3) EVP_KEYMGMT(3), EVP_PKEY(3),
       provider-keymgmt(7)


HISTORY
       This functionality was added in OpenSSL 3.2.

       The  "operation"  (operating  mode)  was  a  required parameter prior to OpenSSL 3.5.  As of OpenSSL 3.5,
       "DHKEM" is the default operating mode, and no explicit value need be specified.


COPYRIGHT
       Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.

       Licensed under the Apache License 2.0 (the "License").  You may not use this file  except  in  compliance
       with  the  License.   You  can  obtain  a  copy  in  the  file  LICENSE  in the source distribution or at
       <https://www.openssl.org/source/license.html>.

3.5.0                                              2025-06-04                               EVP_KEM-X25519(7SSL)