2
0

EVP_PKEY_fromdata.pod 9.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281
  1. =pod
  2. =head1 NAME
  3. EVP_PKEY_fromdata_init, EVP_PKEY_fromdata, EVP_PKEY_fromdata_settable
  4. - functions to create keys and key parameters from user data
  5. =head1 SYNOPSIS
  6. #include <openssl/evp.h>
  7. int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
  8. int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, int selection,
  9. OSSL_PARAM params[]);
  10. const OSSL_PARAM *EVP_PKEY_fromdata_settable(EVP_PKEY_CTX *ctx, int selection);
  11. =head1 DESCRIPTION
  12. The functions described here are used to create new keys from user
  13. provided key data, such as I<n>, I<e> and I<d> for a minimal RSA
  14. keypair.
  15. These functions use an B<EVP_PKEY_CTX> context, which should primarily
  16. be created with L<EVP_PKEY_CTX_new_from_name(3)> or
  17. L<EVP_PKEY_CTX_new_id(3)>.
  18. The exact key data that the user can pass depends on the key type.
  19. These are passed as an L<OSSL_PARAM(3)> array.
  20. EVP_PKEY_fromdata_init() initializes a public key algorithm context
  21. for creating a key or key parameters from user data.
  22. EVP_PKEY_fromdata() creates the structure to store a key or key parameters,
  23. given data from I<params>, I<selection> and a context that's been initialized
  24. with EVP_PKEY_fromdata_init(). The result is written to I<*ppkey>.
  25. I<selection> is described in L</Selections>.
  26. The parameters that can be used for various types of key are as described by the
  27. diverse "Common parameters" sections of the
  28. L<B<EVP_PKEY-RSA>(7)|EVP_PKEY-RSA(7)/Common RSA parameters>,
  29. L<B<EVP_PKEY-DSA>(7)|EVP_PKEY-DSA(7)/Common DSA & DH parameters>,
  30. L<B<EVP_PKEY-DH>(7)|EVP_PKEY-DH(7)/Common DH parameters>,
  31. L<B<EVP_PKEY-EC>(7)|EVP_PKEY-EC(7)/Common EC parameters>,
  32. L<B<EVP_PKEY-ED448>(7)|EVP_PKEY-ED448(7)/Common X25519, X448, ED25519 and ED448 parameters>,
  33. L<B<EVP_PKEY-X25519>(7)|EVP_PKEY-X25519(7)/Common X25519, X448, ED25519 and ED448 parameters>,
  34. L<B<EVP_PKEY-X448>(7)|EVP_PKEY-X448(7)/Common X25519, X448, ED25519 and ED448 parameters>,
  35. and L<B<EVP_PKEY-ED25519>(7)|EVP_PKEY-ED25519(7)/Common X25519, X448, ED25519 and ED448 parameters> pages.
  36. =for comment the awful list of links above is made this way so we get nice
  37. rendering as a man-page while still getting proper links in HTML
  38. EVP_PKEY_fromdata_settable() gets a constant B<OSSL_PARAM> array that describes
  39. the settable parameters that can be used with EVP_PKEY_fromdata().
  40. I<selection> is described in L</Selections>.
  41. See L<OSSL_PARAM(3)> for the use of B<OSSL_PARAM> as parameter descriptor.
  42. Parameters in the I<params> array that are not among the settable parameters
  43. for the given I<selection> are ignored.
  44. =head2 Selections
  45. The following constants can be used for I<selection>:
  46. =over 4
  47. =item B<EVP_PKEY_KEY_PARAMETERS>
  48. Only key parameters will be selected.
  49. =item B<EVP_PKEY_PUBLIC_KEY>
  50. Only public key components will be selected. This includes optional key
  51. parameters.
  52. =item B<EVP_PKEY_KEYPAIR>
  53. Any keypair components will be selected. This includes the private key,
  54. public key and key parameters.
  55. =back
  56. =head1 NOTES
  57. These functions only work with key management methods coming from a provider.
  58. This is the mirror function to L<EVP_PKEY_todata(3)>.
  59. =for comment We may choose to make this available for legacy methods too...
  60. =head1 RETURN VALUES
  61. EVP_PKEY_fromdata_init() and EVP_PKEY_fromdata() return 1 for success and 0 or
  62. a negative value for failure. In particular a return value of -2 indicates the
  63. operation is not supported by the public key algorithm.
  64. =head1 EXAMPLES
  65. These examples are very terse for the sake of staying on topic, which
  66. is the EVP_PKEY_fromdata() set of functions. In real applications,
  67. BIGNUMs would be handled and converted to byte arrays with
  68. BN_bn2nativepad(), but that's off topic here.
  69. =begin comment
  70. TODO Write a set of cookbook documents and link to them.
  71. =end comment
  72. =head2 Creating an RSA keypair using raw key data
  73. #include <openssl/evp.h>
  74. /*
  75. * These are extremely small to make this example simple. A real
  76. * and secure application will not use such small numbers. A real
  77. * and secure application is expected to use BIGNUMs, and to build
  78. * this array dynamically.
  79. */
  80. unsigned long rsa_n = 0xbc747fc5;
  81. unsigned long rsa_e = 0x10001;
  82. unsigned long rsa_d = 0x7b133399;
  83. OSSL_PARAM params[] = {
  84. OSSL_PARAM_ulong("n", &rsa_n),
  85. OSSL_PARAM_ulong("e", &rsa_e),
  86. OSSL_PARAM_ulong("d", &rsa_d),
  87. OSSL_PARAM_END
  88. };
  89. int main()
  90. {
  91. EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
  92. EVP_PKEY *pkey = NULL;
  93. if (ctx == NULL
  94. || EVP_PKEY_fromdata_init(ctx) <= 0
  95. || EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
  96. exit(1);
  97. /* Do what you want with |pkey| */
  98. }
  99. =head2 Creating an ECC keypair using raw key data
  100. #include <openssl/evp.h>
  101. #include <openssl/param_build.h>
  102. #include <openssl/ec.h>
  103. /*
  104. * Fixed data to represent the private and public key.
  105. */
  106. const unsigned char priv_data[] = {
  107. 0xb9, 0x2f, 0x3c, 0xe6, 0x2f, 0xfb, 0x45, 0x68,
  108. 0x39, 0x96, 0xf0, 0x2a, 0xaf, 0x6c, 0xda, 0xf2,
  109. 0x89, 0x8a, 0x27, 0xbf, 0x39, 0x9b, 0x7e, 0x54,
  110. 0x21, 0xc2, 0xa1, 0xe5, 0x36, 0x12, 0x48, 0x5d
  111. };
  112. /* UNCOMPRESSED FORMAT */
  113. const unsigned char pub_data[] = {
  114. POINT_CONVERSION_UNCOMPRESSED,
  115. 0xcf, 0x20, 0xfb, 0x9a, 0x1d, 0x11, 0x6c, 0x5e,
  116. 0x9f, 0xec, 0x38, 0x87, 0x6c, 0x1d, 0x2f, 0x58,
  117. 0x47, 0xab, 0xa3, 0x9b, 0x79, 0x23, 0xe6, 0xeb,
  118. 0x94, 0x6f, 0x97, 0xdb, 0xa3, 0x7d, 0xbd, 0xe5,
  119. 0x26, 0xca, 0x07, 0x17, 0x8d, 0x26, 0x75, 0xff,
  120. 0xcb, 0x8e, 0xb6, 0x84, 0xd0, 0x24, 0x02, 0x25,
  121. 0x8f, 0xb9, 0x33, 0x6e, 0xcf, 0x12, 0x16, 0x2f,
  122. 0x5c, 0xcd, 0x86, 0x71, 0xa8, 0xbf, 0x1a, 0x47
  123. };
  124. int main()
  125. {
  126. EVP_PKEY_CTX *ctx;
  127. EVP_PKEY *pkey = NULL;
  128. BIGNUM *priv;
  129. OSSL_PARAM_BLD *param_bld;
  130. OSSL_PARAM *params = NULL;
  131. int exitcode = 0;
  132. priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL);
  133. param_bld = OSSL_PARAM_BLD_new();
  134. if (priv != NULL && param_bld != NULL
  135. && OSSL_PARAM_BLD_push_utf8_string(param_bld, "group",
  136. "prime256v1", 0)
  137. && OSSL_PARAM_BLD_push_BN(param_bld, "priv", priv)
  138. && OSSL_PARAM_BLD_push_octet_string(param_bld, "pub",
  139. pub_data, sizeof(pub_data)))
  140. params = OSSL_PARAM_BLD_to_param(param_bld);
  141. ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL);
  142. if (ctx == NULL
  143. || params == NULL
  144. || EVP_PKEY_fromdata_init(ctx) <= 0
  145. || EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0) {
  146. exitcode = 1;
  147. } else {
  148. /* Do what you want with |pkey| */
  149. }
  150. EVP_PKEY_free(pkey);
  151. EVP_PKEY_CTX_free(ctx);
  152. OSSL_PARAM_free(params);
  153. OSSL_PARAM_BLD_free(param_bld);
  154. BN_free(priv);
  155. exit(exitcode);
  156. }
  157. =head2 Finding out params for an unknown key type
  158. #include <openssl/evp.h>
  159. #include <openssl/core.h>
  160. /* Program expects a key type as first argument */
  161. int main(int argc, char *argv[])
  162. {
  163. EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, argv[1], NULL);
  164. const OSSL_PARAM *settable_params = NULL;
  165. if (ctx == NULL)
  166. exit(1);
  167. settable_params = EVP_PKEY_fromdata_settable(ctx, EVP_PKEY_KEYPAIR);
  168. if (settable_params == NULL)
  169. exit(1);
  170. for (; settable_params->key != NULL; settable_params++) {
  171. const char *datatype = NULL;
  172. switch (settable_params->data_type) {
  173. case OSSL_PARAM_INTEGER:
  174. datatype = "integer";
  175. break;
  176. case OSSL_PARAM_UNSIGNED_INTEGER:
  177. datatype = "unsigned integer";
  178. break;
  179. case OSSL_PARAM_UTF8_STRING:
  180. datatype = "printable string (utf-8 encoding expected)";
  181. break;
  182. case OSSL_PARAM_UTF8_PTR:
  183. datatype = "printable string pointer (utf-8 encoding expected)";
  184. break;
  185. case OSSL_PARAM_OCTET_STRING:
  186. datatype = "octet string";
  187. break;
  188. case OSSL_PARAM_OCTET_PTR:
  189. datatype = "octet string pointer";
  190. break;
  191. }
  192. printf("%s : %s ", settable_params->key, datatype);
  193. if (settable_params->data_size == 0)
  194. printf("(unlimited size)\n");
  195. else
  196. printf("(maximum size %zu)\n", settable_params->data_size);
  197. }
  198. }
  199. The descriptor L<OSSL_PARAM(3)> returned by
  200. EVP_PKEY_fromdata_settable() may also be used programmatically, for
  201. example with L<OSSL_PARAM_allocate_from_text(3)>.
  202. =head1 SEE ALSO
  203. L<EVP_PKEY_CTX_new(3)>, L<provider(7)>, L<EVP_PKEY_gettable_params(3)>,
  204. L<OSSL_PARAM(3)>, L<EVP_PKEY_todata(3)>,
  205. L<EVP_PKEY-RSA(7)>, L<EVP_PKEY-DSA(7)>, L<EVP_PKEY-DH(7)>, L<EVP_PKEY-EC(7)>,
  206. L<EVP_PKEY-ED448(7)>, L<EVP_PKEY-X25519(7)>, L<EVP_PKEY-X448(7)>,
  207. L<EVP_PKEY-ED25519(7)>
  208. =head1 HISTORY
  209. These functions were added in OpenSSL 3.0.
  210. =head1 COPYRIGHT
  211. Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
  212. Licensed under the Apache License 2.0 (the "License"). You may not use
  213. this file except in compliance with the License. You can obtain a copy
  214. in the file LICENSE in the source distribution or at
  215. L<https://www.openssl.org/source/license.html>.
  216. =cut