EVP_PKEY_new.pod 8.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173
  1. =pod
  2. =head1 NAME
  3. EVP_PKEY_new,
  4. EVP_PKEY_up_ref,
  5. EVP_PKEY_free,
  6. EVP_PKEY_new_raw_private_key_with_libctx,
  7. EVP_PKEY_new_raw_private_key,
  8. EVP_PKEY_new_raw_public_key_with_libctx,
  9. EVP_PKEY_new_raw_public_key,
  10. EVP_PKEY_new_CMAC_key,
  11. EVP_PKEY_new_mac_key,
  12. EVP_PKEY_get_raw_private_key,
  13. EVP_PKEY_get_raw_public_key
  14. - public/private key allocation and raw key handling functions
  15. =head1 SYNOPSIS
  16. #include <openssl/evp.h>
  17. EVP_PKEY *EVP_PKEY_new(void);
  18. int EVP_PKEY_up_ref(EVP_PKEY *key);
  19. void EVP_PKEY_free(EVP_PKEY *key);
  20. EVP_PKEY *EVP_PKEY_new_raw_private_key_with_libctx(OPENSSL_CTX *libctx,
  21. const char *keytype,
  22. const char *propq,
  23. const unsigned char *key,
  24. size_t keylen);
  25. EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *e,
  26. const unsigned char *key, size_t keylen);
  27. EVP_PKEY *EVP_PKEY_new_raw_public_key_with_libctx(OPENSSL_CTX *libctx,
  28. const char *keytype,
  29. const char *propq,
  30. const unsigned char *key,
  31. size_t keylen);
  32. EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *e,
  33. const unsigned char *key, size_t keylen);
  34. EVP_PKEY *EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv,
  35. size_t len, const EVP_CIPHER *cipher);
  36. EVP_PKEY *EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key,
  37. int keylen);
  38. int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, unsigned char *priv,
  39. size_t *len);
  40. int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, unsigned char *pub,
  41. size_t *len);
  42. =head1 DESCRIPTION
  43. The EVP_PKEY_new() function allocates an empty B<EVP_PKEY> structure which is
  44. used by OpenSSL to store public and private keys. The reference count is set to
  45. B<1>.
  46. EVP_PKEY_up_ref() increments the reference count of B<key>.
  47. EVP_PKEY_free() decrements the reference count of B<key> and, if the reference
  48. count is zero, frees it up. If B<key> is NULL, nothing is done.
  49. EVP_PKEY_new_raw_private_key_with_libctx() allocates a new B<EVP_PKEY>. Unless
  50. an engine should be used for the key type, a provider for the key is found using
  51. the library context I<libctx> and the property query string I<propq>. The
  52. I<keytype> argument indicates what kind of key this is. The value should be a
  53. string for a public key algorithm that supports raw private keys, i.e one of
  54. "POLY1305", "SIPHASH", "X25519", "ED25519", "X448" or "ED448". Note that you may
  55. also use "HMAC" which is not a public key algorithm but is treated as such by
  56. some OpenSSL APIs. You are encouraged to use the EVP_MAC APIs instead for HMAC
  57. (see L<EVP_MAC(3)>). I<key> points to the raw private key data for this
  58. B<EVP_PKEY> which should be of length I<keylen>. The length should be
  59. appropriate for the type of the key. The public key data will be automatically
  60. derived from the given private key data (if appropriate for the algorithm type).
  61. EVP_PKEY_new_raw_private_key() does the same as
  62. EVP_PKEY_new_raw_private_key_with_libctx() except that the default library
  63. context and default property query are used instead. If B<e> is non-NULL then
  64. the new B<EVP_PKEY> structure is associated with the engine B<e>. The B<type>
  65. argument indicates what kind of key this is. The value should be a NID for a
  66. public key algorithm that supports raw private keys, i.e. one of
  67. B<EVP_PKEY_POLY1305>, B<EVP_PKEY_SIPHASH>, B<EVP_PKEY_X25519>,
  68. B<EVP_PKEY_ED25519>, B<EVP_PKEY_X448> or B<EVP_PKEY_ED448>. As for
  69. EVP_PKEY_new_raw_private_key_with_libctx() you may also use B<EVP_PKEY_HMAC>.
  70. EVP_PKEY_new_raw_public_key_with_libctx() works in the same way as
  71. EVP_PKEY_new_raw_private_key_with_libctx() except that B<key> points to the raw
  72. public key data. The B<EVP_PKEY> structure will be initialised without any
  73. private key information. Algorithm types that support raw public keys are
  74. "X25519", "ED25519", "X448" or "ED448".
  75. EVP_PKEY_new_raw_public_key() works in the same way as
  76. EVP_PKEY_new_raw_private_key() except that B<key> points to the raw public key
  77. data. The B<EVP_PKEY> structure will be initialised without any private key
  78. information. Algorithm types that support raw public keys are
  79. B<EVP_PKEY_X25519>, B<EVP_PKEY_ED25519>, B<EVP_PKEY_X448> or B<EVP_PKEY_ED448>.
  80. EVP_PKEY_new_CMAC_key() works in the same way as EVP_PKEY_new_raw_private_key()
  81. except it is only for the B<EVP_PKEY_CMAC> algorithm type. In addition to the
  82. raw private key data, it also takes a cipher algorithm to be used during
  83. creation of a CMAC in the B<cipher> argument. The cipher should be a standard
  84. encryption only cipher. For example AEAD and XTS ciphers should not be used.
  85. EVP_PKEY_new_mac_key() works in the same way as EVP_PKEY_new_raw_private_key().
  86. New applications should use EVP_PKEY_new_raw_private_key() instead.
  87. EVP_PKEY_get_raw_private_key() fills the buffer provided by B<priv> with raw
  88. private key data. The size of the B<priv> buffer should be in B<*len> on entry
  89. to the function, and on exit B<*len> is updated with the number of bytes
  90. actually written. If the buffer B<priv> is NULL then B<*len> is populated with
  91. the number of bytes required to hold the key. The calling application is
  92. responsible for ensuring that the buffer is large enough to receive the private
  93. key data. This function only works for algorithms that support raw private keys.
  94. Currently this is: B<EVP_PKEY_HMAC>, B<EVP_PKEY_POLY1305>, B<EVP_PKEY_SIPHASH>,
  95. B<EVP_PKEY_X25519>, B<EVP_PKEY_ED25519>, B<EVP_PKEY_X448> or B<EVP_PKEY_ED448>.
  96. EVP_PKEY_get_raw_public_key() fills the buffer provided by B<pub> with raw
  97. public key data. The size of the B<pub> buffer should be in B<*len> on entry
  98. to the function, and on exit B<*len> is updated with the number of bytes
  99. actually written. If the buffer B<pub> is NULL then B<*len> is populated with
  100. the number of bytes required to hold the key. The calling application is
  101. responsible for ensuring that the buffer is large enough to receive the public
  102. key data. This function only works for algorithms that support raw public keys.
  103. Currently this is: B<EVP_PKEY_X25519>, B<EVP_PKEY_ED25519>, B<EVP_PKEY_X448> or
  104. B<EVP_PKEY_ED448>.
  105. =head1 NOTES
  106. The B<EVP_PKEY> structure is used by various OpenSSL functions which require a
  107. general private key without reference to any particular algorithm.
  108. The structure returned by EVP_PKEY_new() is empty. To add a private or public
  109. key to this empty structure use the appropriate functions described in
  110. L<EVP_PKEY_set1_RSA(3)>, L<EVP_PKEY_set1_DSA(3)>, L<EVP_PKEY_set1_DH(3)> or
  111. L<EVP_PKEY_set1_EC_KEY(3)>.
  112. =head1 RETURN VALUES
  113. EVP_PKEY_new(), EVP_PKEY_new_raw_private_key(), EVP_PKEY_new_raw_public_key(),
  114. EVP_PKEY_new_CMAC_key() and EVP_PKEY_new_mac_key() return either the newly
  115. allocated B<EVP_PKEY> structure or B<NULL> if an error occurred.
  116. EVP_PKEY_up_ref(), EVP_PKEY_get_raw_private_key() and
  117. EVP_PKEY_get_raw_public_key() return 1 for success and 0 for failure.
  118. =head1 SEE ALSO
  119. L<EVP_PKEY_set1_RSA(3)>, L<EVP_PKEY_set1_DSA(3)>, L<EVP_PKEY_set1_DH(3)> or
  120. L<EVP_PKEY_set1_EC_KEY(3)>
  121. =head1 HISTORY
  122. The
  123. EVP_PKEY_new() and EVP_PKEY_free() functions exist in all versions of OpenSSL.
  124. The EVP_PKEY_up_ref() function was added in OpenSSL 1.1.0.
  125. The
  126. EVP_PKEY_new_raw_private_key(), EVP_PKEY_new_raw_public_key(),
  127. EVP_PKEY_new_CMAC_key(), EVP_PKEY_new_raw_private_key() and
  128. EVP_PKEY_get_raw_public_key() functions were added in OpenSSL 1.1.1.
  129. The EVP_PKEY_new_raw_private_key_with_libctx and
  130. EVP_PKEY_new_raw_public_key_with_libctx functions were added in OpenSSL 3.0.
  131. =head1 COPYRIGHT
  132. Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
  133. Licensed under the Apache License 2.0 (the "License"). You may not use
  134. this file except in compliance with the License. You can obtain a copy
  135. in the file LICENSE in the source distribution or at
  136. L<https://www.openssl.org/source/license.html>.
  137. =cut