|
Packit Service |
084de1 |
=pod
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
=head1 NAME
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init,
|
|
Packit Service |
084de1 |
EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb,
|
|
Packit Service |
084de1 |
EVP_PKEY_CTX_get_keygen_info, EVP_PKEY_CTX_set_app_data,
|
|
Packit Service |
084de1 |
EVP_PKEY_CTX_get_app_data,
|
|
Packit Service |
084de1 |
EVP_PKEY_gen_cb, EVP_PKEY_check, EVP_PKEY_public_check,
|
|
Packit Service |
084de1 |
EVP_PKEY_param_check
|
|
Packit Service |
084de1 |
- key and parameter generation and check functions
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
=head1 SYNOPSIS
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
#include <openssl/evp.h>
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
|
|
Packit Service |
084de1 |
int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
|
|
Packit Service |
084de1 |
int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
|
|
Packit Service |
084de1 |
int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx);
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
|
|
Packit Service |
084de1 |
EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx);
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data);
|
|
Packit Service |
084de1 |
void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
int EVP_PKEY_check(EVP_PKEY_CTX *ctx);
|
|
Packit Service |
084de1 |
int EVP_PKEY_public_check(EVP_PKEY_CTX *ctx);
|
|
Packit Service |
084de1 |
int EVP_PKEY_param_check(EVP_PKEY_CTX *ctx);
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
=head1 DESCRIPTION
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
The EVP_PKEY_keygen_init() function initializes a public key algorithm
|
|
Packit Service |
084de1 |
context using key B<pkey> for a key generation operation.
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
The EVP_PKEY_keygen() function performs a key generation operation, the
|
|
Packit Service |
084de1 |
generated key is written to B<ppkey>.
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
The functions EVP_PKEY_paramgen_init() and EVP_PKEY_paramgen() are similar
|
|
Packit Service |
084de1 |
except parameters are generated.
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
The function EVP_PKEY_set_cb() sets the key or parameter generation callback
|
|
Packit Service |
084de1 |
to B<cb>. The function EVP_PKEY_CTX_get_cb() returns the key or parameter
|
|
Packit Service |
084de1 |
generation callback.
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
The function EVP_PKEY_CTX_get_keygen_info() returns parameters associated
|
|
Packit Service |
084de1 |
with the generation operation. If B<idx> is -1 the total number of
|
|
Packit Service |
084de1 |
parameters available is returned. Any non negative value returns the value of
|
|
Packit Service |
084de1 |
that parameter. EVP_PKEY_CTX_gen_keygen_info() with a non-negative value for
|
|
Packit Service |
084de1 |
B<idx> should only be called within the generation callback.
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
If the callback returns 0 then the key generation operation is aborted and an
|
|
Packit Service |
084de1 |
error occurs. This might occur during a time consuming operation where
|
|
Packit Service |
084de1 |
a user clicks on a "cancel" button.
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
The functions EVP_PKEY_CTX_set_app_data() and EVP_PKEY_CTX_get_app_data() set
|
|
Packit Service |
084de1 |
and retrieve an opaque pointer. This can be used to set some application
|
|
Packit Service |
084de1 |
defined value which can be retrieved in the callback: for example a handle
|
|
Packit Service |
084de1 |
which is used to update a "progress dialog".
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
EVP_PKEY_check() validates the key-pair given by B<ctx>. This function first tries
|
|
Packit Service |
084de1 |
to use customized key check method in B<EVP_PKEY_METHOD> if it's present; otherwise
|
|
Packit Service |
084de1 |
it calls a default one defined in B<EVP_PKEY_ASN1_METHOD>.
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
EVP_PKEY_public_check() validates the public component of the key-pair given by B<ctx>.
|
|
Packit Service |
084de1 |
This function first tries to use customized key check method in B<EVP_PKEY_METHOD>
|
|
Packit Service |
084de1 |
if it's present; otherwise it calls a default one defined in B<EVP_PKEY_ASN1_METHOD>.
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
EVP_PKEY_param_check() validates the algorithm parameters of the key-pair given by B<ctx>.
|
|
Packit Service |
084de1 |
This function first tries to use customized key check method in B<EVP_PKEY_METHOD>
|
|
Packit Service |
084de1 |
if it's present; otherwise it calls a default one defined in B<EVP_PKEY_ASN1_METHOD>.
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
=head1 NOTES
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
After the call to EVP_PKEY_keygen_init() or EVP_PKEY_paramgen_init() algorithm
|
|
Packit Service |
084de1 |
specific control operations can be performed to set any appropriate parameters
|
|
Packit Service |
084de1 |
for the operation.
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
The functions EVP_PKEY_keygen() and EVP_PKEY_paramgen() can be called more than
|
|
Packit Service |
084de1 |
once on the same context if several operations are performed using the same
|
|
Packit Service |
084de1 |
parameters.
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
The meaning of the parameters passed to the callback will depend on the
|
|
Packit Service |
084de1 |
algorithm and the specific implementation of the algorithm. Some might not
|
|
Packit Service |
084de1 |
give any useful information at all during key or parameter generation. Others
|
|
Packit Service |
084de1 |
might not even call the callback.
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
The operation performed by key or parameter generation depends on the algorithm
|
|
Packit Service |
084de1 |
used. In some cases (e.g. EC with a supplied named curve) the "generation"
|
|
Packit Service |
084de1 |
option merely sets the appropriate fields in an EVP_PKEY structure.
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
In OpenSSL an EVP_PKEY structure containing a private key also contains the
|
|
Packit Service |
084de1 |
public key components and parameters (if any). An OpenSSL private key is
|
|
Packit Service |
084de1 |
equivalent to what some libraries call a "key pair". A private key can be used
|
|
Packit Service |
084de1 |
in functions which require the use of a public key or parameters.
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
=head1 RETURN VALUES
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
EVP_PKEY_keygen_init(), EVP_PKEY_paramgen_init(), EVP_PKEY_keygen() and
|
|
Packit Service |
084de1 |
EVP_PKEY_paramgen() return 1 for success and 0 or a negative value for failure.
|
|
Packit Service |
084de1 |
In particular a return value of -2 indicates the operation is not supported by
|
|
Packit Service |
084de1 |
the public key algorithm.
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
EVP_PKEY_check(), EVP_PKEY_public_check() and EVP_PKEY_param_check() return 1
|
|
Packit Service |
084de1 |
for success or others for failure. They return -2 if the operation is not supported
|
|
Packit Service |
084de1 |
for the specific algorithm.
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
=head1 EXAMPLES
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
Generate a 2048 bit RSA key:
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
#include <openssl/evp.h>
|
|
Packit Service |
084de1 |
#include <openssl/rsa.h>
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
EVP_PKEY_CTX *ctx;
|
|
Packit Service |
084de1 |
EVP_PKEY *pkey = NULL;
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
|
|
Packit Service |
084de1 |
if (!ctx)
|
|
Packit Service |
084de1 |
/* Error occurred */
|
|
Packit Service |
084de1 |
if (EVP_PKEY_keygen_init(ctx) <= 0)
|
|
Packit Service |
084de1 |
/* Error */
|
|
Packit Service |
084de1 |
if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0)
|
|
Packit Service |
084de1 |
/* Error */
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
/* Generate key */
|
|
Packit Service |
084de1 |
if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
|
|
Packit Service |
084de1 |
/* Error */
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
Generate a key from a set of parameters:
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
#include <openssl/evp.h>
|
|
Packit Service |
084de1 |
#include <openssl/rsa.h>
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
EVP_PKEY_CTX *ctx;
|
|
Packit Service |
084de1 |
ENGINE *eng;
|
|
Packit Service |
084de1 |
EVP_PKEY *pkey = NULL, *param;
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
/* Assumed param, eng are set up already */
|
|
Packit Service |
084de1 |
ctx = EVP_PKEY_CTX_new(param, eng);
|
|
Packit Service |
084de1 |
if (!ctx)
|
|
Packit Service |
084de1 |
/* Error occurred */
|
|
Packit Service |
084de1 |
if (EVP_PKEY_keygen_init(ctx) <= 0)
|
|
Packit Service |
084de1 |
/* Error */
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
/* Generate key */
|
|
Packit Service |
084de1 |
if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
|
|
Packit Service |
084de1 |
/* Error */
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
Example of generation callback for OpenSSL public key implementations:
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
/* Application data is a BIO to output status to */
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
EVP_PKEY_CTX_set_app_data(ctx, status_bio);
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
static int genpkey_cb(EVP_PKEY_CTX *ctx)
|
|
Packit Service |
084de1 |
{
|
|
Packit Service |
084de1 |
char c = '*';
|
|
Packit Service |
084de1 |
BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
|
|
Packit Service |
084de1 |
int p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
if (p == 0)
|
|
Packit Service |
084de1 |
c = '.';
|
|
Packit Service |
084de1 |
if (p == 1)
|
|
Packit Service |
084de1 |
c = '+';
|
|
Packit Service |
084de1 |
if (p == 2)
|
|
Packit Service |
084de1 |
c = '*';
|
|
Packit Service |
084de1 |
if (p == 3)
|
|
Packit Service |
084de1 |
c = '\n';
|
|
Packit Service |
084de1 |
BIO_write(b, &c, 1);
|
|
Packit Service |
084de1 |
(void)BIO_flush(b);
|
|
Packit Service |
084de1 |
return 1;
|
|
Packit Service |
084de1 |
}
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
=head1 SEE ALSO
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
L<EVP_PKEY_CTX_new(3)>,
|
|
Packit Service |
084de1 |
L<EVP_PKEY_encrypt(3)>,
|
|
Packit Service |
084de1 |
L<EVP_PKEY_decrypt(3)>,
|
|
Packit Service |
084de1 |
L<EVP_PKEY_sign(3)>,
|
|
Packit Service |
084de1 |
L<EVP_PKEY_verify(3)>,
|
|
Packit Service |
084de1 |
L<EVP_PKEY_verify_recover(3)>,
|
|
Packit Service |
084de1 |
L<EVP_PKEY_derive(3)>
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
=head1 HISTORY
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
These functions were added in OpenSSL 1.0.0.
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
EVP_PKEY_check(), EVP_PKEY_public_check() and EVP_PKEY_param_check() were added
|
|
Packit Service |
084de1 |
in OpenSSL 1.1.1.
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
=head1 COPYRIGHT
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved.
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
Licensed under the OpenSSL license (the "License"). You may not use
|
|
Packit Service |
084de1 |
this file except in compliance with the License. You can obtain a copy
|
|
Packit Service |
084de1 |
in the file LICENSE in the source distribution or at
|
|
Packit Service |
084de1 |
L<https://www.openssl.org/source/license.html>.
|
|
Packit Service |
084de1 |
|
|
Packit Service |
084de1 |
=cut
|