OSSL_DECODER_CTX_new_for_pkey.pod 6.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145
  1. =pod
  2. =head1 NAME
  3. OSSL_DECODER_CTX_new_for_pkey,
  4. OSSL_DECODER_CTX_set_passphrase,
  5. OSSL_DECODER_CTX_set_pem_password_cb,
  6. OSSL_DECODER_CTX_set_passphrase_ui,
  7. OSSL_DECODER_CTX_set_passphrase_cb
  8. - Decoder routines to decode EVP_PKEYs
  9. =head1 SYNOPSIS
  10. #include <openssl/decoder.h>
  11. OSSL_DECODER_CTX *
  12. OSSL_DECODER_CTX_new_for_pkey(EVP_PKEY **pkey,
  13. const char *input_type,
  14. const char *input_struct,
  15. const char *keytype, int selection,
  16. OSSL_LIB_CTX *libctx, const char *propquery);
  17. int OSSL_DECODER_CTX_set_passphrase(OSSL_DECODER_CTX *ctx,
  18. const unsigned char *kstr,
  19. size_t klen);
  20. int OSSL_DECODER_CTX_set_pem_password_cb(OSSL_DECODER_CTX *ctx,
  21. pem_password_cb *cb,
  22. void *cbarg);
  23. int OSSL_DECODER_CTX_set_passphrase_ui(OSSL_DECODER_CTX *ctx,
  24. const UI_METHOD *ui_method,
  25. void *ui_data);
  26. int OSSL_DECODER_CTX_set_passphrase_cb(OSSL_DECODER_CTX *ctx,
  27. OSSL_PASSPHRASE_CALLBACK *cb,
  28. void *cbarg);
  29. =head1 DESCRIPTION
  30. OSSL_DECODER_CTX_new_for_pkey() is a utility function that creates a
  31. B<OSSL_DECODER_CTX>, finds all applicable decoder implementations and sets
  32. them up, so all the caller has to do next is call functions like
  33. L<OSSL_DECODER_from_bio(3)>. The caller may use the optional I<input_type>,
  34. I<input_struct>, I<keytype> and I<selection> to specify what the input is
  35. expected to contain. The I<pkey> must reference an B<EVP_PKEY *> variable
  36. that will be set to the newly created B<EVP_PKEY> on successful decoding.
  37. The referenced variable must be initialized to NULL before calling the
  38. function.
  39. Internally OSSL_DECODER_CTX_new_for_pkey() searches for all available
  40. L<EVP_KEYMGMT(3)> implementations, and then builds a list of all potential
  41. decoder implementations that may be able to process the encoded input into
  42. data suitable for B<EVP_PKEY>s. All these implementations are implicitly
  43. fetched using I<libctx> and I<propquery>.
  44. The search of decoder implementations can be limited with I<input_type> and
  45. I<input_struct> which specifies a starting input type and input structure.
  46. NULL is valid for both of them and signifies that the decoder implementations
  47. will find out the input type on their own.
  48. They are set with L<OSSL_DECODER_CTX_set_input_type(3)> and
  49. L<OSSL_DECODER_CTX_set_input_structure(3)>.
  50. See L</Input Types> and L</Input Structures> below for further information.
  51. The search of decoder implementations can also be limited with I<keytype>
  52. and I<selection>, which specifies the expected resulting keytype and contents.
  53. NULL and zero are valid and signify that the decoder implementations will
  54. find out the keytype and key contents on their own from the input they get.
  55. If no suitable decoder implementation is found,
  56. OSSL_DECODER_CTX_new_for_pkey() still creates a B<OSSL_DECODER_CTX>, but
  57. with no associated decoder (L<OSSL_DECODER_CTX_get_num_decoders(3)> returns
  58. zero). This helps the caller to distinguish between an error when creating
  59. the B<OSSL_ENCODER_CTX> and missing encoder implementation, and allows it to
  60. act accordingly.
  61. OSSL_DECODER_CTX_set_passphrase() gives the implementation a pass phrase to
  62. use when decrypting the encoded private key. Alternatively, a pass phrase
  63. callback may be specified with the following functions.
  64. OSSL_DECODER_CTX_set_pem_password_cb(), OSSL_DECODER_CTX_set_passphrase_ui()
  65. and OSSL_DECODER_CTX_set_passphrase_cb() set up a callback method that the
  66. implementation can use to prompt for a pass phrase, giving the caller the
  67. choice of preferred pass phrase callback form. These are called indirectly,
  68. through an internal B<OSSL_PASSPHRASE_CALLBACK> function.
  69. The internal B<OSSL_PASSPHRASE_CALLBACK> function caches the pass phrase, to
  70. be re-used in all decodings that are performed in the same decoding run (for
  71. example, within one L<OSSL_DECODER_from_bio(3)> call).
  72. =head2 Input Types
  73. Available input types depend on the implementations that available providers
  74. offer, and provider documentation should have the details.
  75. Among the known input types that OpenSSL decoder implementations offer
  76. for B<EVP_PKEY>s are C<DER>, C<PEM>, C<MSBLOB> and C<PVK>.
  77. See L<openssl-glossary(7)> for further information on what these input
  78. types mean.
  79. =head2 Input Structures
  80. Available input structures depend on the implementations that available
  81. providers offer, and provider documentation should have the details.
  82. Among the known input structures that OpenSSL decoder implementations
  83. offer for B<EVP_PKEY>s are C<pkcs8> and C<SubjectPublicKeyInfo>.
  84. OpenSSL decoder implementations also support the input structure
  85. C<type-specific>. This is the structure used for keys encoded
  86. according to key type specific specifications. For example, RSA keys
  87. encoded according to PKCS#1.
  88. =head2 Selections
  89. I<selection> can be any one of the values described in
  90. L<EVP_PKEY_fromdata(3)/Selections>.
  91. Additionally I<selection> can also be set to B<0> to indicate that the code will
  92. auto detect the selection.
  93. =head1 RETURN VALUES
  94. OSSL_DECODER_CTX_new_for_pkey() returns a pointer to a
  95. B<OSSL_DECODER_CTX>, or NULL if it couldn't be created.
  96. OSSL_DECODER_CTX_set_passphrase(), OSSL_DECODER_CTX_set_pem_password_cb(),
  97. OSSL_DECODER_CTX_set_passphrase_ui() and
  98. OSSL_DECODER_CTX_set_passphrase_cb() all return 1 on success, or 0 on
  99. failure.
  100. =head1 SEE ALSO
  101. L<provider(7)>, L<OSSL_DECODER(3)>, L<OSSL_DECODER_CTX(3)>
  102. =head1 HISTORY
  103. The functions described here were added in OpenSSL 3.0.
  104. =head1 COPYRIGHT
  105. Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
  106. Licensed under the Apache License 2.0 (the "License"). You may not use
  107. this file except in compliance with the License. You can obtain a copy
  108. in the file LICENSE in the source distribution or at
  109. L<https://www.openssl.org/source/license.html>.
  110. =cut