EVP_PKEY_fromdata.pod 8.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263
  1. =pod
  2. =head1 NAME
  3. EVP_PKEY_param_fromdata_init, EVP_PKEY_key_fromdata_init, EVP_PKEY_fromdata,
  4. EVP_PKEY_param_fromdata_settable, EVP_PKEY_key_fromdata_settable
  5. - functions to create key parameters and keys from user data
  6. =head1 SYNOPSIS
  7. #include <openssl/evp.h>
  8. int EVP_PKEY_param_fromdata_init(EVP_PKEY_CTX *ctx);
  9. int EVP_PKEY_key_fromdata_init(EVP_PKEY_CTX *ctx);
  10. int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, OSSL_PARAM params[]);
  11. const OSSL_PARAM *EVP_PKEY_param_fromdata_settable(EVP_PKEY_CTX *ctx);
  12. const OSSL_PARAM *EVP_PKEY_key_fromdata_settable(EVP_PKEY_CTX *ctx);
  13. =head1 DESCRIPTION
  14. The functions described here are used to create new keys from user
  15. provided key data, such as I<n>, I<e> and I<d> for a minimal RSA
  16. keypair.
  17. These functions use an B<EVP_PKEY_CTX> context, which should primarily
  18. be created with L<EVP_PKEY_CTX_new_from_name(3)> or
  19. L<EVP_PKEY_CTX_new_id(3)>.
  20. The exact key data that the user can pass depends on the key type.
  21. These are passed as an L<OSSL_PARAM(3)> array.
  22. EVP_PKEY_param_fromdata_init() initializes a public key algorithm context
  23. for creating key parameters from user data.
  24. EVP_PKEY_key_fromdata_init() initializes a public key algorithm context for
  25. creating a key from user data.
  26. EVP_PKEY_fromdata() creates the structure to store key parameters or a
  27. key, given data from I<params> and a context that's been initialized with
  28. EVP_PKEY_param_fromdata_init() or EVP_PKEY_key_fromdata_init(). The result is
  29. written to I<*ppkey>. The parameters that can be used for various types of key
  30. are as described by the diverse "Common parameters" sections of the
  31. L<B<EVP_PKEY-RSA>(7)|EVP_PKEY-RSA(7)/Common RSA parameters>,
  32. L<B<EVP_PKEY-DSA>(7)|EVP_PKEY-DSA(7)/Common DSA & DH parameters>,
  33. L<B<EVP_PKEY-DH>(7)|EVP_PKEY-DH(7)/Common DH parameters>,
  34. L<B<EVP_PKEY-EC>(7)|EVP_PKEY-EC(7)/Common EC parameters>,
  35. L<B<EVP_PKEY-ED448>(7)|EVP_PKEY-ED448(7)/Common X25519, X448, ED25519 and ED448 parameters>,
  36. L<B<EVP_PKEY-X25519>(7)|EVP_PKEY-X25519(7)/Common X25519, X448, ED25519 and ED448 parameters>,
  37. L<B<EVP_PKEY-X448>(7)|EVP_PKEY-X448(7)/Common X25519, X448, ED25519 and ED448 parameters>,
  38. and L<B<EVP_PKEY-ED25519>(7)|EVP_PKEY-ED25519(7)/Common X25519, X448, ED25519 and ED448 parameters> pages.
  39. =for comment the awful list of links above is made this way so we get nice
  40. rendering as a man-page while still getting proper links in HTML
  41. EVP_PKEY_param_fromdata_settable() and EVP_PKEY_key_fromdata_settable()
  42. get a constant B<OSSL_PARAM> array that describes the settable parameters
  43. that can be used with EVP_PKEY_fromdata().
  44. See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as parameter descriptor.
  45. =head1 NOTES
  46. These functions only work with key management methods coming from a
  47. provider.
  48. =for comment We may choose to make this available for legacy methods too...
  49. =head1 RETURN VALUES
  50. EVP_PKEY_key_fromdata_init(), EVP_PKEY_param_fromdata_init() and
  51. EVP_PKEY_fromdata() return 1 for success and 0 or a negative value for
  52. failure. In particular a return value of -2 indicates the operation is
  53. not supported by the public key algorithm.
  54. =head1 EXAMPLES
  55. These examples are very terse for the sake of staying on topic, which
  56. is the EVP_PKEY_fromdata() set of functions. In real applications,
  57. BIGNUMs would be handled and converted to byte arrays with
  58. BN_bn2nativepad(), but that's off topic here.
  59. =begin comment
  60. TODO Write a set of cookbook documents and link to them.
  61. =end comment
  62. =head2 Creating an RSA keypair using raw key data
  63. #include <openssl/evp.h>
  64. /*
  65. * These are extremely small to make this example simple. A real
  66. * and secure application will not use such small numbers. A real
  67. * and secure application is expected to use BIGNUMs, and to build
  68. * this array dynamically.
  69. */
  70. unsigned long rsa_n = 0xbc747fc5;
  71. unsigned long rsa_e = 0x10001;
  72. unsigned long rsa_d = 0x7b133399;
  73. OSSL_PARAM params[] = {
  74. OSSL_PARAM_ulong("n", &rsa_n),
  75. OSSL_PARAM_ulong("e", &rsa_e),
  76. OSSL_PARAM_ulong("d", &rsa_d),
  77. OSSL_PARAM_END
  78. };
  79. int main()
  80. {
  81. EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
  82. EVP_PKEY *pkey = NULL;
  83. if (ctx == NULL
  84. || EVP_PKEY_key_fromdata_init(ctx) <= 0
  85. || EVP_PKEY_fromdata(ctx, &pkey, params) <= 0)
  86. exit(1);
  87. /* Do what you want with |pkey| */
  88. }
  89. =head2 Creating an ECC keypair using raw key data
  90. #include <openssl/evp.h>
  91. #include <openssl/param_build.h>
  92. /*
  93. * Fixed data to represent the private and public key.
  94. */
  95. const unsigned char priv_data[] = {
  96. 0xb9, 0x2f, 0x3c, 0xe6, 0x2f, 0xfb, 0x45, 0x68,
  97. 0x39, 0x96, 0xf0, 0x2a, 0xaf, 0x6c, 0xda, 0xf2,
  98. 0x89, 0x8a, 0x27, 0xbf, 0x39, 0x9b, 0x7e, 0x54,
  99. 0x21, 0xc2, 0xa1, 0xe5, 0x36, 0x12, 0x48, 0x5d
  100. };
  101. /* UNCOMPRESSED FORMAT */
  102. const unsigned char pub_data[] = {
  103. POINT_CONVERSION_UNCOMPRESSED,
  104. 0xcf, 0x20, 0xfb, 0x9a, 0x1d, 0x11, 0x6c, 0x5e,
  105. 0x9f, 0xec, 0x38, 0x87, 0x6c, 0x1d, 0x2f, 0x58,
  106. 0x47, 0xab, 0xa3, 0x9b, 0x79, 0x23, 0xe6, 0xeb,
  107. 0x94, 0x6f, 0x97, 0xdb, 0xa3, 0x7d, 0xbd, 0xe5,
  108. 0x26, 0xca, 0x07, 0x17, 0x8d, 0x26, 0x75, 0xff,
  109. 0xcb, 0x8e, 0xb6, 0x84, 0xd0, 0x24, 0x02, 0x25,
  110. 0x8f, 0xb9, 0x33, 0x6e, 0xcf, 0x12, 0x16, 0x2f,
  111. 0x5c, 0xcd, 0x86, 0x71, 0xa8, 0xbf, 0x1a, 0x47
  112. };
  113. const OSSL_PARAM params[] = {
  114. OSSL_PARAM_utf8_string("group", "prime256v1"),
  115. OSSL_PARAM_BN("priv", priv, sizeof(priv)),
  116. OSSL_PARAM_BN("pub", pub, sizeof(pub)),
  117. OSSL_PARAM_END
  118. };
  119. int main()
  120. {
  121. EVP_PKEY_CTX *ctx;
  122. EVP_PKEY *pkey = NULL;
  123. BIGNUM *priv;
  124. OSSL_PARAM_BLD *param_bld;
  125. OSSL_PARAM *params = NULL;
  126. int exitcode = 0;
  127. priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL);
  128. param_bld = OSSL_PARAM_BLD_new();
  129. if (priv != NULL && param_bld != NULL
  130. && OSSL_PARAM_BLD_push_utf8_string(param_bld, "group",
  131. "prime256v1", 0);
  132. && OSSL_PARAM_BLD_push_BN(param_bld, "priv", priv);
  133. && OSSL_PARAM_BLD_push_octet_string(param_bld, "pub",
  134. pub_data, sizeof(pub_data)))
  135. params = OSSL_PARAM_BLD_to_param(param_bld);
  136. ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL);
  137. if (ctx == NULL
  138. || params != NULL
  139. || EVP_PKEY_key_fromdata_init(ctx) <= 0
  140. || EVP_PKEY_fromdata(ctx, &pkey, params) <= 0) {
  141. exitcode = 1;
  142. } else {
  143. /* Do what you want with |pkey| */
  144. }
  145. EVP_PKEY_free(pkey);
  146. EVP_PKEY_CTX_free(ctx);
  147. OSSL_PARAM_BLD_free_params(params);
  148. OSSL_PARAM_BLD_free(param_bld);
  149. BN_free(priv);
  150. exit(exitcode);
  151. }
  152. =head2 Finding out params for an unknown key type
  153. #include <openssl/evp.h>
  154. /* Program expects a key type as first argument */
  155. int main(int argc, char *argv[])
  156. {
  157. EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, argv[1], NULL);
  158. const *OSSL_PARAM *settable_params = NULL;
  159. if (ctx == NULL
  160. || (settable_params = EVP_PKEY_key_fromdata_settable(ctx)) == NULL)
  161. exit(1);
  162. for (; settable_params->key != NULL; settable_params++) {
  163. const char *datatype = NULL;
  164. switch (settable_params->data_type) {
  165. case OSSL_PARAM_INTEGER:
  166. datatype = "integer";
  167. break;
  168. case OSSL_PARAM_UNSIGNED_INTEGER:
  169. datatype = "unsigned integer";
  170. break;
  171. case OSSL_PARAM_UTF8_STRING:
  172. datatype = "printable string (utf-8 encoding expected)";
  173. break;
  174. case OSSL_PARAM_UTF8_PTR:
  175. datatype = "printable string pointer (utf-8 encoding expected)";
  176. break;
  177. case OSSL_PARAM_OCTET_STRING:
  178. datatype = "octet string";
  179. break;
  180. case OSSL_PARAM_OCTET_PTR:
  181. datatype = "octet string pointer";
  182. break;
  183. }
  184. printf("%s : %s ", settable_params->key, datatype);
  185. if (settable_params->data_size == 0)
  186. printf("(unlimited size)");
  187. else
  188. printf("(maximum size %zu)", settable_params->data_size);
  189. }
  190. }
  191. The descriptor L<OSSL_PARAM(3)> returned by
  192. EVP_PKEY_key_fromdata_settable() may also be used programmatically, for
  193. example with L<OSSL_PARAM_allocate_from_text(3)>.
  194. =head1 SEE ALSO
  195. L<EVP_PKEY_CTX_new(3)>, L<provider(7)>, L<EVP_PKEY_gettable_params(3)>,
  196. L<OSSL_PARAM(3)>,
  197. L<EVP_PKEY-RSA(7)>, L<EVP_PKEY-DSA(7)>, L<EVP_PKEY-DH(7)>, L<EVP_PKEY-EC(7)>,
  198. L<EVP_PKEY-ED448(7)>, L<EVP_PKEY-X25519(7)>, L<EVP_PKEY-X448(7)>,
  199. L<EVP_PKEY-ED25519(7)>
  200. =head1 HISTORY
  201. These functions were added in OpenSSL 3.0.
  202. =head1 COPYRIGHT
  203. Copyright 2019-2020 The OpenSSL Project Authors. All Rights Reserved.
  204. Licensed under the Apache License 2.0 (the "License"). You may not use
  205. this file except in compliance with the License. You can obtain a copy
  206. in the file LICENSE in the source distribution or at
  207. L<https://www.openssl.org/source/license.html>.
  208. =cut