EVP_PKEY_meth_new.pod 21 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407
  1. =pod
  2. =head1 NAME
  3. EVP_PKEY_meth_new, EVP_PKEY_meth_free, EVP_PKEY_meth_copy, EVP_PKEY_meth_find,
  4. EVP_PKEY_meth_add0, EVP_PKEY_METHOD,
  5. EVP_PKEY_meth_set_init, EVP_PKEY_meth_set_copy, EVP_PKEY_meth_set_cleanup,
  6. EVP_PKEY_meth_set_paramgen, EVP_PKEY_meth_set_keygen, EVP_PKEY_meth_set_sign,
  7. EVP_PKEY_meth_set_verify, EVP_PKEY_meth_set_verify_recover, EVP_PKEY_meth_set_signctx,
  8. EVP_PKEY_meth_set_verifyctx, EVP_PKEY_meth_set_encrypt, EVP_PKEY_meth_set_decrypt,
  9. EVP_PKEY_meth_set_derive, EVP_PKEY_meth_set_ctrl, EVP_PKEY_meth_set_check,
  10. EVP_PKEY_meth_set_public_check, EVP_PKEY_meth_set_param_check,
  11. EVP_PKEY_meth_get_init, EVP_PKEY_meth_get_copy, EVP_PKEY_meth_get_cleanup,
  12. EVP_PKEY_meth_get_paramgen, EVP_PKEY_meth_get_keygen, EVP_PKEY_meth_get_sign,
  13. EVP_PKEY_meth_get_verify, EVP_PKEY_meth_get_verify_recover, EVP_PKEY_meth_get_signctx,
  14. EVP_PKEY_meth_get_verifyctx, EVP_PKEY_meth_get_encrypt, EVP_PKEY_meth_get_decrypt,
  15. EVP_PKEY_meth_get_derive, EVP_PKEY_meth_get_ctrl, EVP_PKEY_meth_get_check,
  16. EVP_PKEY_meth_get_public_check, EVP_PKEY_meth_get_param_check,
  17. EVP_PKEY_meth_remove
  18. - manipulating EVP_PKEY_METHOD structure
  19. =head1 SYNOPSIS
  20. #include <openssl/evp.h>
  21. typedef struct evp_pkey_method_st EVP_PKEY_METHOD;
  22. EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags);
  23. void EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth);
  24. void EVP_PKEY_meth_copy(EVP_PKEY_METHOD *dst, const EVP_PKEY_METHOD *src);
  25. const EVP_PKEY_METHOD *EVP_PKEY_meth_find(int type);
  26. int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth);
  27. int EVP_PKEY_meth_remove(const EVP_PKEY_METHOD *pmeth);
  28. void EVP_PKEY_meth_set_init(EVP_PKEY_METHOD *pmeth,
  29. int (*init) (EVP_PKEY_CTX *ctx));
  30. void EVP_PKEY_meth_set_copy(EVP_PKEY_METHOD *pmeth,
  31. int (*copy) (EVP_PKEY_CTX *dst,
  32. EVP_PKEY_CTX *src));
  33. void EVP_PKEY_meth_set_cleanup(EVP_PKEY_METHOD *pmeth,
  34. void (*cleanup) (EVP_PKEY_CTX *ctx));
  35. void EVP_PKEY_meth_set_paramgen(EVP_PKEY_METHOD *pmeth,
  36. int (*paramgen_init) (EVP_PKEY_CTX *ctx),
  37. int (*paramgen) (EVP_PKEY_CTX *ctx,
  38. EVP_PKEY *pkey));
  39. void EVP_PKEY_meth_set_keygen(EVP_PKEY_METHOD *pmeth,
  40. int (*keygen_init) (EVP_PKEY_CTX *ctx),
  41. int (*keygen) (EVP_PKEY_CTX *ctx,
  42. EVP_PKEY *pkey));
  43. void EVP_PKEY_meth_set_sign(EVP_PKEY_METHOD *pmeth,
  44. int (*sign_init) (EVP_PKEY_CTX *ctx),
  45. int (*sign) (EVP_PKEY_CTX *ctx,
  46. unsigned char *sig, size_t *siglen,
  47. const unsigned char *tbs,
  48. size_t tbslen));
  49. void EVP_PKEY_meth_set_verify(EVP_PKEY_METHOD *pmeth,
  50. int (*verify_init) (EVP_PKEY_CTX *ctx),
  51. int (*verify) (EVP_PKEY_CTX *ctx,
  52. const unsigned char *sig,
  53. size_t siglen,
  54. const unsigned char *tbs,
  55. size_t tbslen));
  56. void EVP_PKEY_meth_set_verify_recover(EVP_PKEY_METHOD *pmeth,
  57. int (*verify_recover_init) (EVP_PKEY_CTX
  58. *ctx),
  59. int (*verify_recover) (EVP_PKEY_CTX
  60. *ctx,
  61. unsigned char
  62. *sig,
  63. size_t *siglen,
  64. const unsigned
  65. char *tbs,
  66. size_t tbslen));
  67. void EVP_PKEY_meth_set_signctx(EVP_PKEY_METHOD *pmeth,
  68. int (*signctx_init) (EVP_PKEY_CTX *ctx,
  69. EVP_MD_CTX *mctx),
  70. int (*signctx) (EVP_PKEY_CTX *ctx,
  71. unsigned char *sig,
  72. size_t *siglen,
  73. EVP_MD_CTX *mctx));
  74. void EVP_PKEY_meth_set_verifyctx(EVP_PKEY_METHOD *pmeth,
  75. int (*verifyctx_init) (EVP_PKEY_CTX *ctx,
  76. EVP_MD_CTX *mctx),
  77. int (*verifyctx) (EVP_PKEY_CTX *ctx,
  78. const unsigned char *sig,
  79. int siglen,
  80. EVP_MD_CTX *mctx));
  81. void EVP_PKEY_meth_set_encrypt(EVP_PKEY_METHOD *pmeth,
  82. int (*encrypt_init) (EVP_PKEY_CTX *ctx),
  83. int (*encryptfn) (EVP_PKEY_CTX *ctx,
  84. unsigned char *out,
  85. size_t *outlen,
  86. const unsigned char *in,
  87. size_t inlen));
  88. void EVP_PKEY_meth_set_decrypt(EVP_PKEY_METHOD *pmeth,
  89. int (*decrypt_init) (EVP_PKEY_CTX *ctx),
  90. int (*decrypt) (EVP_PKEY_CTX *ctx,
  91. unsigned char *out,
  92. size_t *outlen,
  93. const unsigned char *in,
  94. size_t inlen));
  95. void EVP_PKEY_meth_set_derive(EVP_PKEY_METHOD *pmeth,
  96. int (*derive_init) (EVP_PKEY_CTX *ctx),
  97. int (*derive) (EVP_PKEY_CTX *ctx,
  98. unsigned char *key,
  99. size_t *keylen));
  100. void EVP_PKEY_meth_set_ctrl(EVP_PKEY_METHOD *pmeth,
  101. int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
  102. void *p2),
  103. int (*ctrl_str) (EVP_PKEY_CTX *ctx,
  104. const char *type,
  105. const char *value));
  106. void EVP_PKEY_meth_set_check(EVP_PKEY_METHOD *pmeth,
  107. int (*check) (EVP_PKEY *pkey));
  108. void EVP_PKEY_meth_set_public_check(EVP_PKEY_METHOD *pmeth,
  109. int (*check) (EVP_PKEY *pkey));
  110. void EVP_PKEY_meth_set_param_check(EVP_PKEY_METHOD *pmeth,
  111. int (*check) (EVP_PKEY *pkey));
  112. void EVP_PKEY_meth_get_init(const EVP_PKEY_METHOD *pmeth,
  113. int (**pinit) (EVP_PKEY_CTX *ctx));
  114. void EVP_PKEY_meth_get_copy(const EVP_PKEY_METHOD *pmeth,
  115. int (**pcopy) (EVP_PKEY_CTX *dst,
  116. EVP_PKEY_CTX *src));
  117. void EVP_PKEY_meth_get_cleanup(const EVP_PKEY_METHOD *pmeth,
  118. void (**pcleanup) (EVP_PKEY_CTX *ctx));
  119. void EVP_PKEY_meth_get_paramgen(const EVP_PKEY_METHOD *pmeth,
  120. int (**pparamgen_init) (EVP_PKEY_CTX *ctx),
  121. int (**pparamgen) (EVP_PKEY_CTX *ctx,
  122. EVP_PKEY *pkey));
  123. void EVP_PKEY_meth_get_keygen(const EVP_PKEY_METHOD *pmeth,
  124. int (**pkeygen_init) (EVP_PKEY_CTX *ctx),
  125. int (**pkeygen) (EVP_PKEY_CTX *ctx,
  126. EVP_PKEY *pkey));
  127. void EVP_PKEY_meth_get_sign(const EVP_PKEY_METHOD *pmeth,
  128. int (**psign_init) (EVP_PKEY_CTX *ctx),
  129. int (**psign) (EVP_PKEY_CTX *ctx,
  130. unsigned char *sig, size_t *siglen,
  131. const unsigned char *tbs,
  132. size_t tbslen));
  133. void EVP_PKEY_meth_get_verify(const EVP_PKEY_METHOD *pmeth,
  134. int (**pverify_init) (EVP_PKEY_CTX *ctx),
  135. int (**pverify) (EVP_PKEY_CTX *ctx,
  136. const unsigned char *sig,
  137. size_t siglen,
  138. const unsigned char *tbs,
  139. size_t tbslen));
  140. void EVP_PKEY_meth_get_verify_recover(const EVP_PKEY_METHOD *pmeth,
  141. int (**pverify_recover_init) (EVP_PKEY_CTX
  142. *ctx),
  143. int (**pverify_recover) (EVP_PKEY_CTX
  144. *ctx,
  145. unsigned char
  146. *sig,
  147. size_t *siglen,
  148. const unsigned
  149. char *tbs,
  150. size_t tbslen));
  151. void EVP_PKEY_meth_get_signctx(const EVP_PKEY_METHOD *pmeth,
  152. int (**psignctx_init) (EVP_PKEY_CTX *ctx,
  153. EVP_MD_CTX *mctx),
  154. int (**psignctx) (EVP_PKEY_CTX *ctx,
  155. unsigned char *sig,
  156. size_t *siglen,
  157. EVP_MD_CTX *mctx));
  158. void EVP_PKEY_meth_get_verifyctx(const EVP_PKEY_METHOD *pmeth,
  159. int (**pverifyctx_init) (EVP_PKEY_CTX *ctx,
  160. EVP_MD_CTX *mctx),
  161. int (**pverifyctx) (EVP_PKEY_CTX *ctx,
  162. const unsigned char *sig,
  163. int siglen,
  164. EVP_MD_CTX *mctx));
  165. void EVP_PKEY_meth_get_encrypt(const EVP_PKEY_METHOD *pmeth,
  166. int (**pencrypt_init) (EVP_PKEY_CTX *ctx),
  167. int (**pencryptfn) (EVP_PKEY_CTX *ctx,
  168. unsigned char *out,
  169. size_t *outlen,
  170. const unsigned char *in,
  171. size_t inlen));
  172. void EVP_PKEY_meth_get_decrypt(const EVP_PKEY_METHOD *pmeth,
  173. int (**pdecrypt_init) (EVP_PKEY_CTX *ctx),
  174. int (**pdecrypt) (EVP_PKEY_CTX *ctx,
  175. unsigned char *out,
  176. size_t *outlen,
  177. const unsigned char *in,
  178. size_t inlen));
  179. void EVP_PKEY_meth_get_derive(const EVP_PKEY_METHOD *pmeth,
  180. int (**pderive_init) (EVP_PKEY_CTX *ctx),
  181. int (**pderive) (EVP_PKEY_CTX *ctx,
  182. unsigned char *key,
  183. size_t *keylen));
  184. void EVP_PKEY_meth_get_ctrl(const EVP_PKEY_METHOD *pmeth,
  185. int (**pctrl) (EVP_PKEY_CTX *ctx, int type, int p1,
  186. void *p2),
  187. int (**pctrl_str) (EVP_PKEY_CTX *ctx,
  188. const char *type,
  189. const char *value));
  190. void EVP_PKEY_meth_get_check(const EVP_PKEY_METHOD *pmeth,
  191. int (**pcheck) (EVP_PKEY *pkey));
  192. void EVP_PKEY_meth_get_public_check(const EVP_PKEY_METHOD *pmeth,
  193. int (**pcheck) (EVP_PKEY *pkey));
  194. void EVP_PKEY_meth_get_param_check(const EVP_PKEY_METHOD *pmeth,
  195. int (**pcheck) (EVP_PKEY *pkey));
  196. =head1 DESCRIPTION
  197. B<EVP_PKEY_METHOD> is a structure which holds a set of methods for a
  198. specific public key cryptographic algorithm. Those methods are usually
  199. used to perform different jobs, such as generating a key, signing or
  200. verifying, encrypting or decrypting, etc.
  201. There are two places where the B<EVP_PKEY_METHOD> objects are stored: one
  202. is a built-in static array representing the standard methods for different
  203. algorithms, and the other one is a stack of user-defined application-specific
  204. methods, which can be manipulated by using L<EVP_PKEY_meth_add0(3)>.
  205. The B<EVP_PKEY_METHOD> objects are usually referenced by B<EVP_PKEY_CTX>
  206. objects.
  207. =head2 Methods
  208. The methods are the underlying implementations of a particular public key
  209. algorithm present by the B<EVP_PKEY_CTX> object.
  210. int (*init) (EVP_PKEY_CTX *ctx);
  211. int (*copy) (EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src);
  212. void (*cleanup) (EVP_PKEY_CTX *ctx);
  213. The init() method is called to initialize algorithm-specific data when a new
  214. B<EVP_PKEY_CTX> is created. As opposed to init(), the cleanup() method is called
  215. when an B<EVP_PKEY_CTX> is freed. The copy() method is called when an B<EVP_PKEY_CTX>
  216. is being duplicated. Refer to L<EVP_PKEY_CTX_new(3)>, L<EVP_PKEY_CTX_new_id(3)>,
  217. L<EVP_PKEY_CTX_free(3)> and L<EVP_PKEY_CTX_dup(3)>.
  218. int (*paramgen_init) (EVP_PKEY_CTX *ctx);
  219. int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
  220. The paramgen_init() and paramgen() methods deal with key parameter generation.
  221. They are called by L<EVP_PKEY_paramgen_init(3)> and L<EVP_PKEY_paramgen(3)> to
  222. handle the parameter generation process.
  223. int (*keygen_init) (EVP_PKEY_CTX *ctx);
  224. int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
  225. The keygen_init() and keygen() methods are used to generate the actual key for
  226. the specified algorithm. They are called by L<EVP_PKEY_keygen_init(3)> and
  227. L<EVP_PKEY_keygen(3)>.
  228. int (*sign_init) (EVP_PKEY_CTX *ctx);
  229. int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
  230. const unsigned char *tbs, size_t tbslen);
  231. The sign_init() and sign() methods are used to generate the signature of a
  232. piece of data using a private key. They are called by L<EVP_PKEY_sign_init(3)>
  233. and L<EVP_PKEY_sign(3)>.
  234. int (*verify_init) (EVP_PKEY_CTX *ctx);
  235. int (*verify) (EVP_PKEY_CTX *ctx,
  236. const unsigned char *sig, size_t siglen,
  237. const unsigned char *tbs, size_t tbslen);
  238. The verify_init() and verify() methods are used to verify whether a signature is
  239. valid. They are called by L<EVP_PKEY_verify_init(3)> and L<EVP_PKEY_verify(3)>.
  240. int (*verify_recover_init) (EVP_PKEY_CTX *ctx);
  241. int (*verify_recover) (EVP_PKEY_CTX *ctx,
  242. unsigned char *rout, size_t *routlen,
  243. const unsigned char *sig, size_t siglen);
  244. The verify_recover_init() and verify_recover() methods are used to verify a
  245. signature and then recover the digest from the signature (for instance, a
  246. signature that was generated by RSA signing algorithm). They are called by
  247. L<EVP_PKEY_verify_recover_init(3)> and L<EVP_PKEY_verify_recover(3)>.
  248. int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
  249. int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
  250. EVP_MD_CTX *mctx);
  251. The signctx_init() and signctx() methods are used to sign a digest present by
  252. a B<EVP_MD_CTX> object. They are called by the EVP_DigestSign functions. See
  253. L<EVP_DigestSignInit(3)> for detail.
  254. int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
  255. int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen,
  256. EVP_MD_CTX *mctx);
  257. The verifyctx_init() and verifyctx() methods are used to verify a signature
  258. against the data in a B<EVP_MD_CTX> object. They are called by the various
  259. EVP_DigestVerify functions. See L<EVP_DigestVerifyInit(3)> for detail.
  260. int (*encrypt_init) (EVP_PKEY_CTX *ctx);
  261. int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
  262. const unsigned char *in, size_t inlen);
  263. The encrypt_init() and encrypt() methods are used to encrypt a piece of data.
  264. They are called by L<EVP_PKEY_encrypt_init(3)> and L<EVP_PKEY_encrypt(3)>.
  265. int (*decrypt_init) (EVP_PKEY_CTX *ctx);
  266. int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
  267. const unsigned char *in, size_t inlen);
  268. The decrypt_init() and decrypt() methods are used to decrypt a piece of data.
  269. They are called by L<EVP_PKEY_decrypt_init(3)> and L<EVP_PKEY_decrypt(3)>.
  270. int (*derive_init) (EVP_PKEY_CTX *ctx);
  271. int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
  272. The derive_init() and derive() methods are used to derive the shared secret
  273. from a public key algorithm (for instance, the DH algorithm). They are called by
  274. L<EVP_PKEY_derive_init(3)> and L<EVP_PKEY_derive(3)>.
  275. int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
  276. int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value);
  277. The ctrl() and ctrl_str() methods are used to adjust algorithm-specific
  278. settings. See L<EVP_PKEY_CTX_ctrl(3)> and related functions for detail.
  279. int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
  280. const unsigned char *tbs, size_t tbslen);
  281. int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig,
  282. size_t siglen, const unsigned char *tbs,
  283. size_t tbslen);
  284. The digestsign() and digestverify() methods are used to generate or verify
  285. a signature in a one-shot mode. They could be called by L<EVP_DigetSign(3)>
  286. and L<EVP_DigestVerify(3)>.
  287. int (*check) (EVP_PKEY *pkey);
  288. int (*public_check) (EVP_PKEY *pkey);
  289. int (*param_check) (EVP_PKEY *pkey);
  290. The check(), public_check() and param_check() methods are used to validate a
  291. key-pair, the public component and parameters respectively for a given B<pkey>.
  292. They could be called by L<EVP_PKEY_check(3)>, L<EVP_PKEY_public_check(3)> and
  293. L<EVP_PKEY_param_check(3)> respectively.
  294. =head2 Functions
  295. EVP_PKEY_meth_new() creates and returns a new B<EVP_PKEY_METHOD> object,
  296. and associates the given B<id> and B<flags>. The following flags are
  297. supported:
  298. EVP_PKEY_FLAG_AUTOARGLEN
  299. EVP_PKEY_FLAG_SIGCTX_CUSTOM
  300. If an B<EVP_PKEY_METHOD> is set with the B<EVP_PKEY_FLAG_AUTOARGLEN> flag, the
  301. maximum size of the output buffer will be automatically calculated or checked
  302. in corresponding EVP methods by the EVP framework. Thus the implementations of
  303. these methods don't need to care about handling the case of returning output
  304. buffer size by themselves. For details on the output buffer size, refer to
  305. L<EVP_PKEY_sign(3)>.
  306. The B<EVP_PKEY_FLAG_SIGCTX_CUSTOM> is used to indicate the signctx() method
  307. of an B<EVP_PKEY_METHOD> is always called by the EVP framework while doing a
  308. digest signing operation by calling L<EVP_DigestSignFinal(3)>.
  309. EVP_PKEY_meth_free() frees an existing B<EVP_PKEY_METHOD> pointed by
  310. B<pmeth>.
  311. EVP_PKEY_meth_copy() copies an B<EVP_PKEY_METHOD> object from B<src>
  312. to B<dst>.
  313. EVP_PKEY_meth_find() finds an B<EVP_PKEY_METHOD> object with the B<id>.
  314. This function first searches through the user-defined method objects and
  315. then the built-in objects.
  316. EVP_PKEY_meth_add0() adds B<pmeth> to the user defined stack of methods.
  317. EVP_PKEY_meth_remove() removes an B<EVP_PKEY_METHOD> object added by
  318. EVP_PKEY_meth_add0().
  319. The EVP_PKEY_meth_set functions set the corresponding fields of
  320. B<EVP_PKEY_METHOD> structure with the arguments passed.
  321. The EVP_PKEY_meth_get functions get the corresponding fields of
  322. B<EVP_PKEY_METHOD> structure to the arguments provided.
  323. =head1 RETURN VALUES
  324. EVP_PKEY_meth_new() returns a pointer to a new B<EVP_PKEY_METHOD>
  325. object or returns NULL on error.
  326. EVP_PKEY_meth_free() and EVP_PKEY_meth_copy() do not return values.
  327. EVP_PKEY_meth_find() returns a pointer to the found B<EVP_PKEY_METHOD>
  328. object or returns NULL if not found.
  329. EVP_PKEY_meth_add0() returns 1 if method is added successfully or 0
  330. if an error occurred.
  331. EVP_PKEY_meth_remove() returns 1 if method is removed successfully or
  332. 0 if an error occurred.
  333. All EVP_PKEY_meth_set and EVP_PKEY_meth_get functions have no return
  334. values. For the 'get' functions, function pointers are returned by
  335. arguments.
  336. =head1 COPYRIGHT
  337. Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
  338. Licensed under the OpenSSL license (the "License"). You may not use
  339. this file except in compliance with the License. You can obtain a copy
  340. in the file LICENSE in the source distribution or at
  341. L<https://www.openssl.org/source/license.html>.
  342. =cut