e9b7724687
I tried hard to keep the lines at 80 characters or less, but in a few cases I had to punt and just indented the subsequent lines by 4 spaces. A few well-placed typedefs for callback functions would really help, but these would be part of the API, so that's probably for later. I also took the liberty of inserting empty lines in overlong blocks to provide some visual space. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1956)
181 lines
5.5 KiB
Text
181 lines
5.5 KiB
Text
=pod
|
|
|
|
=head1 NAME
|
|
|
|
EVP_PKEY_keygen_init, EVP_PKEY_keygen, EVP_PKEY_paramgen_init,
|
|
EVP_PKEY_paramgen, EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb,
|
|
EVP_PKEY_CTX_get_keygen_info, EVP_PKEY_CTX_set_app_data,
|
|
EVP_PKEY_CTX_get_app_data,
|
|
EVP_PKEY_gen_cb
|
|
- key and parameter generation functions
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
#include <openssl/evp.h>
|
|
|
|
int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx);
|
|
int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
|
|
int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
|
|
int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
|
|
|
|
typedef int (*EVP_PKEY_gen_cb)(EVP_PKEY_CTX *ctx);
|
|
|
|
void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb);
|
|
EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx);
|
|
|
|
int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx);
|
|
|
|
void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data);
|
|
void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx);
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
The EVP_PKEY_keygen_init() function initializes a public key algorithm
|
|
context using key B<pkey> for a key generation operation.
|
|
|
|
The EVP_PKEY_keygen() function performs a key generation operation, the
|
|
generated key is written to B<ppkey>.
|
|
|
|
The functions EVP_PKEY_paramgen_init() and EVP_PKEY_paramgen() are similar
|
|
except parameters are generated.
|
|
|
|
The function EVP_PKEY_set_cb() sets the key or parameter generation callback
|
|
to B<cb>. The function EVP_PKEY_CTX_get_cb() returns the key or parameter
|
|
generation callback.
|
|
|
|
The function EVP_PKEY_CTX_get_keygen_info() returns parameters associated
|
|
with the generation operation. If B<idx> is -1 the total number of
|
|
parameters available is returned. Any non negative value returns the value of
|
|
that parameter. EVP_PKEY_CTX_gen_keygen_info() with a non-negative value for
|
|
B<idx> should only be called within the generation callback.
|
|
|
|
If the callback returns 0 then the key generation operation is aborted and an
|
|
error occurs. This might occur during a time consuming operation where
|
|
a user clicks on a "cancel" button.
|
|
|
|
The functions EVP_PKEY_CTX_set_app_data() and EVP_PKEY_CTX_get_app_data() set
|
|
and retrieve an opaque pointer. This can be used to set some application
|
|
defined value which can be retrieved in the callback: for example a handle
|
|
which is used to update a "progress dialog".
|
|
|
|
=head1 NOTES
|
|
|
|
After the call to EVP_PKEY_keygen_init() or EVP_PKEY_paramgen_init() algorithm
|
|
specific control operations can be performed to set any appropriate parameters
|
|
for the operation.
|
|
|
|
The functions EVP_PKEY_keygen() and EVP_PKEY_paramgen() can be called more than
|
|
once on the same context if several operations are performed using the same
|
|
parameters.
|
|
|
|
The meaning of the parameters passed to the callback will depend on the
|
|
algorithm and the specific implementation of the algorithm. Some might not
|
|
give any useful information at all during key or parameter generation. Others
|
|
might not even call the callback.
|
|
|
|
The operation performed by key or parameter generation depends on the algorithm
|
|
used. In some cases (e.g. EC with a supplied named curve) the "generation"
|
|
option merely sets the appropriate fields in an EVP_PKEY structure.
|
|
|
|
In OpenSSL an EVP_PKEY structure containing a private key also contains the
|
|
public key components and parameters (if any). An OpenSSL private key is
|
|
equivalent to what some libraries call a "key pair". A private key can be used
|
|
in functions which require the use of a public key or parameters.
|
|
|
|
=head1 RETURN VALUES
|
|
|
|
EVP_PKEY_keygen_init(), EVP_PKEY_paramgen_init(), EVP_PKEY_keygen() and
|
|
EVP_PKEY_paramgen() return 1 for success and 0 or a negative value for failure.
|
|
In particular a return value of -2 indicates the operation is not supported by
|
|
the public key algorithm.
|
|
|
|
=head1 EXAMPLES
|
|
|
|
Generate a 2048 bit RSA key:
|
|
|
|
#include <openssl/evp.h>
|
|
#include <openssl/rsa.h>
|
|
|
|
EVP_PKEY_CTX *ctx;
|
|
EVP_PKEY *pkey = NULL;
|
|
|
|
ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
|
|
if (!ctx)
|
|
/* Error occurred */
|
|
if (EVP_PKEY_keygen_init(ctx) <= 0)
|
|
/* Error */
|
|
if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0)
|
|
/* Error */
|
|
|
|
/* Generate key */
|
|
if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
|
|
/* Error */
|
|
|
|
Generate a key from a set of parameters:
|
|
|
|
#include <openssl/evp.h>
|
|
#include <openssl/rsa.h>
|
|
|
|
EVP_PKEY_CTX *ctx;
|
|
EVP_PKEY *pkey = NULL, *param;
|
|
|
|
/* Assumed param is set up already */
|
|
ctx = EVP_PKEY_CTX_new(param);
|
|
if (!ctx)
|
|
/* Error occurred */
|
|
if (EVP_PKEY_keygen_init(ctx) <= 0)
|
|
/* Error */
|
|
|
|
/* Generate key */
|
|
if (EVP_PKEY_keygen(ctx, &pkey) <= 0)
|
|
/* Error */
|
|
|
|
Example of generation callback for OpenSSL public key implementations:
|
|
|
|
/* Application data is a BIO to output status to */
|
|
|
|
EVP_PKEY_CTX_set_app_data(ctx, status_bio);
|
|
|
|
static int genpkey_cb(EVP_PKEY_CTX *ctx)
|
|
{
|
|
char c = '*';
|
|
BIO *b = EVP_PKEY_CTX_get_app_data(ctx);
|
|
int p = EVP_PKEY_CTX_get_keygen_info(ctx, 0);
|
|
|
|
if (p == 0)
|
|
c = '.';
|
|
if (p == 1)
|
|
c = '+';
|
|
if (p == 2)
|
|
c = '*';
|
|
if (p == 3)
|
|
c = '\n';
|
|
BIO_write(b, &c, 1);
|
|
(void)BIO_flush(b);
|
|
return 1;
|
|
}
|
|
|
|
=head1 SEE ALSO
|
|
|
|
L<EVP_PKEY_CTX_new(3)>,
|
|
L<EVP_PKEY_encrypt(3)>,
|
|
L<EVP_PKEY_decrypt(3)>,
|
|
L<EVP_PKEY_sign(3)>,
|
|
L<EVP_PKEY_verify(3)>,
|
|
L<EVP_PKEY_verify_recover(3)>,
|
|
L<EVP_PKEY_derive(3)>
|
|
|
|
=head1 HISTORY
|
|
|
|
These functions were first added to OpenSSL 1.0.0.
|
|
|
|
=head1 COPYRIGHT
|
|
|
|
Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
|
|
|
|
Licensed under the OpenSSL license (the "License"). You may not use
|
|
this file except in compliance with the License. You can obtain a copy
|
|
in the file LICENSE in the source distribution or at
|
|
L<https://www.openssl.org/source/license.html>.
|
|
|
|
=cut
|