2
0

EVP_PKEY_fromdata.pod 8.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280
  1. =pod
  2. =head1 NAME
  3. EVP_PKEY_fromdata_init, EVP_PKEY_fromdata, EVP_PKEY_fromdata_settable
  4. - functions to create keys and key parameters from user data
  5. =head1 SYNOPSIS
  6. #include <openssl/evp.h>
  7. int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx);
  8. int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, int selection,
  9. OSSL_PARAM params[]);
  10. const OSSL_PARAM *EVP_PKEY_fromdata_settable(EVP_PKEY_CTX *ctx, int selection);
  11. =head1 DESCRIPTION
  12. The functions described here are used to create new keys from user
  13. provided key data, such as I<n>, I<e> and I<d> for a minimal RSA
  14. keypair.
  15. These functions use an B<EVP_PKEY_CTX> context, which should primarily
  16. be created with L<EVP_PKEY_CTX_new_from_name(3)> or
  17. L<EVP_PKEY_CTX_new_id(3)>.
  18. The exact key data that the user can pass depends on the key type.
  19. These are passed as an L<OSSL_PARAM(3)> array.
  20. EVP_PKEY_fromdata_init() initializes a public key algorithm context
  21. for creating a key or key parameters from user data.
  22. EVP_PKEY_fromdata() creates the structure to store a key or key parameters,
  23. given data from I<params>, I<selection> and a context that's been initialized
  24. with EVP_PKEY_fromdata_init(). The result is written to I<*ppkey>.
  25. I<selection> is described in L</Selections>.
  26. The parameters that can be used for various types of key are as described by the
  27. diverse "Common parameters" sections of the
  28. L<B<EVP_PKEY-RSA>(7)|EVP_PKEY-RSA(7)/Common RSA parameters>,
  29. L<B<EVP_PKEY-DSA>(7)|EVP_PKEY-DSA(7)/Common DSA & DH parameters>,
  30. L<B<EVP_PKEY-DH>(7)|EVP_PKEY-DH(7)/Common DH parameters>,
  31. L<B<EVP_PKEY-EC>(7)|EVP_PKEY-EC(7)/Common EC parameters>,
  32. L<B<EVP_PKEY-ED448>(7)|EVP_PKEY-ED448(7)/Common X25519, X448, ED25519 and ED448 parameters>,
  33. L<B<EVP_PKEY-X25519>(7)|EVP_PKEY-X25519(7)/Common X25519, X448, ED25519 and ED448 parameters>,
  34. L<B<EVP_PKEY-X448>(7)|EVP_PKEY-X448(7)/Common X25519, X448, ED25519 and ED448 parameters>,
  35. and L<B<EVP_PKEY-ED25519>(7)|EVP_PKEY-ED25519(7)/Common X25519, X448, ED25519 and ED448 parameters> pages.
  36. =for comment the awful list of links above is made this way so we get nice
  37. rendering as a man-page while still getting proper links in HTML
  38. EVP_PKEY_fromdata_settable() gets a constant L<OSSL_PARAM(3)> array that describes
  39. the settable parameters that can be used with EVP_PKEY_fromdata().
  40. I<selection> is described in L</Selections>.
  41. Parameters in the I<params> array that are not among the settable parameters
  42. for the given I<selection> are ignored.
  43. =head2 Selections
  44. The following constants can be used for I<selection>:
  45. =over 4
  46. =item B<EVP_PKEY_KEY_PARAMETERS>
  47. Only key parameters will be selected.
  48. =item B<EVP_PKEY_PUBLIC_KEY>
  49. Only public key components will be selected. This includes optional key
  50. parameters.
  51. =item B<EVP_PKEY_KEYPAIR>
  52. Any keypair components will be selected. This includes the private key,
  53. public key and key parameters.
  54. =back
  55. =head1 NOTES
  56. These functions only work with key management methods coming from a provider.
  57. This is the mirror function to L<EVP_PKEY_todata(3)>.
  58. =for comment We may choose to make this available for legacy methods too...
  59. =head1 RETURN VALUES
  60. EVP_PKEY_fromdata_init() and EVP_PKEY_fromdata() return 1 for success and 0 or
  61. a negative value for failure. In particular a return value of -2 indicates the
  62. operation is not supported by the public key algorithm.
  63. =head1 EXAMPLES
  64. These examples are very terse for the sake of staying on topic, which
  65. is the EVP_PKEY_fromdata() set of functions. In real applications,
  66. BIGNUMs would be handled and converted to byte arrays with
  67. BN_bn2nativepad(), but that's off topic here.
  68. =begin comment
  69. TODO Write a set of cookbook documents and link to them.
  70. =end comment
  71. =head2 Creating an RSA keypair using raw key data
  72. #include <openssl/evp.h>
  73. /*
  74. * These are extremely small to make this example simple. A real
  75. * and secure application will not use such small numbers. A real
  76. * and secure application is expected to use BIGNUMs, and to build
  77. * this array dynamically.
  78. */
  79. unsigned long rsa_n = 0xbc747fc5;
  80. unsigned long rsa_e = 0x10001;
  81. unsigned long rsa_d = 0x7b133399;
  82. OSSL_PARAM params[] = {
  83. OSSL_PARAM_ulong("n", &rsa_n),
  84. OSSL_PARAM_ulong("e", &rsa_e),
  85. OSSL_PARAM_ulong("d", &rsa_d),
  86. OSSL_PARAM_END
  87. };
  88. int main()
  89. {
  90. EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL);
  91. EVP_PKEY *pkey = NULL;
  92. if (ctx == NULL
  93. || EVP_PKEY_fromdata_init(ctx) <= 0
  94. || EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0)
  95. exit(1);
  96. /* Do what you want with |pkey| */
  97. }
  98. =head2 Creating an ECC keypair using raw key data
  99. #include <openssl/evp.h>
  100. #include <openssl/param_build.h>
  101. #include <openssl/ec.h>
  102. /*
  103. * Fixed data to represent the private and public key.
  104. */
  105. const unsigned char priv_data[] = {
  106. 0xb9, 0x2f, 0x3c, 0xe6, 0x2f, 0xfb, 0x45, 0x68,
  107. 0x39, 0x96, 0xf0, 0x2a, 0xaf, 0x6c, 0xda, 0xf2,
  108. 0x89, 0x8a, 0x27, 0xbf, 0x39, 0x9b, 0x7e, 0x54,
  109. 0x21, 0xc2, 0xa1, 0xe5, 0x36, 0x12, 0x48, 0x5d
  110. };
  111. /* UNCOMPRESSED FORMAT */
  112. const unsigned char pub_data[] = {
  113. POINT_CONVERSION_UNCOMPRESSED,
  114. 0xcf, 0x20, 0xfb, 0x9a, 0x1d, 0x11, 0x6c, 0x5e,
  115. 0x9f, 0xec, 0x38, 0x87, 0x6c, 0x1d, 0x2f, 0x58,
  116. 0x47, 0xab, 0xa3, 0x9b, 0x79, 0x23, 0xe6, 0xeb,
  117. 0x94, 0x6f, 0x97, 0xdb, 0xa3, 0x7d, 0xbd, 0xe5,
  118. 0x26, 0xca, 0x07, 0x17, 0x8d, 0x26, 0x75, 0xff,
  119. 0xcb, 0x8e, 0xb6, 0x84, 0xd0, 0x24, 0x02, 0x25,
  120. 0x8f, 0xb9, 0x33, 0x6e, 0xcf, 0x12, 0x16, 0x2f,
  121. 0x5c, 0xcd, 0x86, 0x71, 0xa8, 0xbf, 0x1a, 0x47
  122. };
  123. int main()
  124. {
  125. EVP_PKEY_CTX *ctx;
  126. EVP_PKEY *pkey = NULL;
  127. BIGNUM *priv;
  128. OSSL_PARAM_BLD *param_bld;
  129. OSSL_PARAM *params = NULL;
  130. int exitcode = 0;
  131. priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL);
  132. param_bld = OSSL_PARAM_BLD_new();
  133. if (priv != NULL && param_bld != NULL
  134. && OSSL_PARAM_BLD_push_utf8_string(param_bld, "group",
  135. "prime256v1", 0)
  136. && OSSL_PARAM_BLD_push_BN(param_bld, "priv", priv)
  137. && OSSL_PARAM_BLD_push_octet_string(param_bld, "pub",
  138. pub_data, sizeof(pub_data)))
  139. params = OSSL_PARAM_BLD_to_param(param_bld);
  140. ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL);
  141. if (ctx == NULL
  142. || params == NULL
  143. || EVP_PKEY_fromdata_init(ctx) <= 0
  144. || EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0) {
  145. exitcode = 1;
  146. } else {
  147. /* Do what you want with |pkey| */
  148. }
  149. EVP_PKEY_free(pkey);
  150. EVP_PKEY_CTX_free(ctx);
  151. OSSL_PARAM_free(params);
  152. OSSL_PARAM_BLD_free(param_bld);
  153. BN_free(priv);
  154. exit(exitcode);
  155. }
  156. =head2 Finding out params for an unknown key type
  157. #include <openssl/evp.h>
  158. #include <openssl/core.h>
  159. /* Program expects a key type as first argument */
  160. int main(int argc, char *argv[])
  161. {
  162. EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, argv[1], NULL);
  163. const OSSL_PARAM *settable_params = NULL;
  164. if (ctx == NULL)
  165. exit(1);
  166. settable_params = EVP_PKEY_fromdata_settable(ctx, EVP_PKEY_KEYPAIR);
  167. if (settable_params == NULL)
  168. exit(1);
  169. for (; settable_params->key != NULL; settable_params++) {
  170. const char *datatype = NULL;
  171. switch (settable_params->data_type) {
  172. case OSSL_PARAM_INTEGER:
  173. datatype = "integer";
  174. break;
  175. case OSSL_PARAM_UNSIGNED_INTEGER:
  176. datatype = "unsigned integer";
  177. break;
  178. case OSSL_PARAM_UTF8_STRING:
  179. datatype = "printable string (utf-8 encoding expected)";
  180. break;
  181. case OSSL_PARAM_UTF8_PTR:
  182. datatype = "printable string pointer (utf-8 encoding expected)";
  183. break;
  184. case OSSL_PARAM_OCTET_STRING:
  185. datatype = "octet string";
  186. break;
  187. case OSSL_PARAM_OCTET_PTR:
  188. datatype = "octet string pointer";
  189. break;
  190. }
  191. printf("%s : %s ", settable_params->key, datatype);
  192. if (settable_params->data_size == 0)
  193. printf("(unlimited size)\n");
  194. else
  195. printf("(maximum size %zu)\n", settable_params->data_size);
  196. }
  197. }
  198. The descriptor L<OSSL_PARAM(3)> returned by
  199. EVP_PKEY_fromdata_settable() may also be used programmatically, for
  200. example with L<OSSL_PARAM_allocate_from_text(3)>.
  201. =head1 SEE ALSO
  202. L<EVP_PKEY_CTX_new(3)>, L<provider(7)>, L<EVP_PKEY_gettable_params(3)>,
  203. L<OSSL_PARAM(3)>, L<EVP_PKEY_todata(3)>,
  204. L<EVP_PKEY-RSA(7)>, L<EVP_PKEY-DSA(7)>, L<EVP_PKEY-DH(7)>, L<EVP_PKEY-EC(7)>,
  205. L<EVP_PKEY-ED448(7)>, L<EVP_PKEY-X25519(7)>, L<EVP_PKEY-X448(7)>,
  206. L<EVP_PKEY-ED25519(7)>
  207. =head1 HISTORY
  208. These functions were added in OpenSSL 3.0.
  209. =head1 COPYRIGHT
  210. Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
  211. Licensed under the Apache License 2.0 (the "License"). You may not use
  212. this file except in compliance with the License. You can obtain a copy
  213. in the file LICENSE in the source distribution or at
  214. L<https://www.openssl.org/source/license.html>.
  215. =cut