1*b077aed3SPierre Pronchery=pod 2*b077aed3SPierre Pronchery 3*b077aed3SPierre Pronchery=head1 NAME 4*b077aed3SPierre Pronchery 5*b077aed3SPierre ProncheryEVP_PKEY_fromdata_init, EVP_PKEY_fromdata, EVP_PKEY_fromdata_settable 6*b077aed3SPierre Pronchery- functions to create keys and key parameters from user data 7*b077aed3SPierre Pronchery 8*b077aed3SPierre Pronchery=head1 SYNOPSIS 9*b077aed3SPierre Pronchery 10*b077aed3SPierre Pronchery #include <openssl/evp.h> 11*b077aed3SPierre Pronchery 12*b077aed3SPierre Pronchery int EVP_PKEY_fromdata_init(EVP_PKEY_CTX *ctx); 13*b077aed3SPierre Pronchery int EVP_PKEY_fromdata(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey, int selection, 14*b077aed3SPierre Pronchery OSSL_PARAM params[]); 15*b077aed3SPierre Pronchery const OSSL_PARAM *EVP_PKEY_fromdata_settable(EVP_PKEY_CTX *ctx, int selection); 16*b077aed3SPierre Pronchery 17*b077aed3SPierre Pronchery=head1 DESCRIPTION 18*b077aed3SPierre Pronchery 19*b077aed3SPierre ProncheryThe functions described here are used to create new keys from user 20*b077aed3SPierre Proncheryprovided key data, such as I<n>, I<e> and I<d> for a minimal RSA 21*b077aed3SPierre Proncherykeypair. 22*b077aed3SPierre Pronchery 23*b077aed3SPierre ProncheryThese functions use an B<EVP_PKEY_CTX> context, which should primarily 24*b077aed3SPierre Proncherybe created with L<EVP_PKEY_CTX_new_from_name(3)> or 25*b077aed3SPierre ProncheryL<EVP_PKEY_CTX_new_id(3)>. 26*b077aed3SPierre Pronchery 27*b077aed3SPierre ProncheryThe exact key data that the user can pass depends on the key type. 28*b077aed3SPierre ProncheryThese are passed as an L<OSSL_PARAM(3)> array. 29*b077aed3SPierre Pronchery 30*b077aed3SPierre ProncheryEVP_PKEY_fromdata_init() initializes a public key algorithm context 31*b077aed3SPierre Proncheryfor creating a key or key parameters from user data. 32*b077aed3SPierre Pronchery 33*b077aed3SPierre ProncheryEVP_PKEY_fromdata() creates the structure to store a key or key parameters, 34*b077aed3SPierre Proncherygiven data from I<params>, I<selection> and a context that's been initialized 35*b077aed3SPierre Proncherywith EVP_PKEY_fromdata_init(). The result is written to I<*ppkey>. 36*b077aed3SPierre ProncheryI<selection> is described in L</Selections>. 37*b077aed3SPierre ProncheryThe parameters that can be used for various types of key are as described by the 38*b077aed3SPierre Proncherydiverse "Common parameters" sections of the 39*b077aed3SPierre ProncheryL<B<EVP_PKEY-RSA>(7)|EVP_PKEY-RSA(7)/Common RSA parameters>, 40*b077aed3SPierre ProncheryL<B<EVP_PKEY-DSA>(7)|EVP_PKEY-DSA(7)/Common DSA & DH parameters>, 41*b077aed3SPierre ProncheryL<B<EVP_PKEY-DH>(7)|EVP_PKEY-DH(7)/Common DH parameters>, 42*b077aed3SPierre ProncheryL<B<EVP_PKEY-EC>(7)|EVP_PKEY-EC(7)/Common EC parameters>, 43*b077aed3SPierre ProncheryL<B<EVP_PKEY-ED448>(7)|EVP_PKEY-ED448(7)/Common X25519, X448, ED25519 and ED448 parameters>, 44*b077aed3SPierre ProncheryL<B<EVP_PKEY-X25519>(7)|EVP_PKEY-X25519(7)/Common X25519, X448, ED25519 and ED448 parameters>, 45*b077aed3SPierre ProncheryL<B<EVP_PKEY-X448>(7)|EVP_PKEY-X448(7)/Common X25519, X448, ED25519 and ED448 parameters>, 46*b077aed3SPierre Proncheryand L<B<EVP_PKEY-ED25519>(7)|EVP_PKEY-ED25519(7)/Common X25519, X448, ED25519 and ED448 parameters> pages. 47*b077aed3SPierre Pronchery 48*b077aed3SPierre Pronchery=for comment the awful list of links above is made this way so we get nice 49*b077aed3SPierre Proncheryrendering as a man-page while still getting proper links in HTML 50*b077aed3SPierre Pronchery 51*b077aed3SPierre ProncheryEVP_PKEY_fromdata_settable() gets a constant L<OSSL_PARAM(3)> array that describes 52*b077aed3SPierre Proncherythe settable parameters that can be used with EVP_PKEY_fromdata(). 53*b077aed3SPierre ProncheryI<selection> is described in L</Selections>. 54*b077aed3SPierre Pronchery 55*b077aed3SPierre ProncheryParameters in the I<params> array that are not among the settable parameters 56*b077aed3SPierre Proncheryfor the given I<selection> are ignored. 57*b077aed3SPierre Pronchery 58*b077aed3SPierre Pronchery=head2 Selections 59*b077aed3SPierre Pronchery 60*b077aed3SPierre ProncheryThe following constants can be used for I<selection>: 61*b077aed3SPierre Pronchery 62*b077aed3SPierre Pronchery=over 4 63*b077aed3SPierre Pronchery 64*b077aed3SPierre Pronchery=item B<EVP_PKEY_KEY_PARAMETERS> 65*b077aed3SPierre Pronchery 66*b077aed3SPierre ProncheryOnly key parameters will be selected. 67*b077aed3SPierre Pronchery 68*b077aed3SPierre Pronchery=item B<EVP_PKEY_PUBLIC_KEY> 69*b077aed3SPierre Pronchery 70*b077aed3SPierre ProncheryOnly public key components will be selected. This includes optional key 71*b077aed3SPierre Proncheryparameters. 72*b077aed3SPierre Pronchery 73*b077aed3SPierre Pronchery=item B<EVP_PKEY_KEYPAIR> 74*b077aed3SPierre Pronchery 75*b077aed3SPierre ProncheryAny keypair components will be selected. This includes the private key, 76*b077aed3SPierre Proncherypublic key and key parameters. 77*b077aed3SPierre Pronchery 78*b077aed3SPierre Pronchery=back 79*b077aed3SPierre Pronchery 80*b077aed3SPierre Pronchery=head1 NOTES 81*b077aed3SPierre Pronchery 82*b077aed3SPierre ProncheryThese functions only work with key management methods coming from a provider. 83*b077aed3SPierre ProncheryThis is the mirror function to L<EVP_PKEY_todata(3)>. 84*b077aed3SPierre Pronchery 85*b077aed3SPierre Pronchery=for comment We may choose to make this available for legacy methods too... 86*b077aed3SPierre Pronchery 87*b077aed3SPierre Pronchery=head1 RETURN VALUES 88*b077aed3SPierre Pronchery 89*b077aed3SPierre ProncheryEVP_PKEY_fromdata_init() and EVP_PKEY_fromdata() return 1 for success and 0 or 90*b077aed3SPierre Proncherya negative value for failure. In particular a return value of -2 indicates the 91*b077aed3SPierre Proncheryoperation is not supported by the public key algorithm. 92*b077aed3SPierre Pronchery 93*b077aed3SPierre Pronchery=head1 EXAMPLES 94*b077aed3SPierre Pronchery 95*b077aed3SPierre ProncheryThese examples are very terse for the sake of staying on topic, which 96*b077aed3SPierre Proncheryis the EVP_PKEY_fromdata() set of functions. In real applications, 97*b077aed3SPierre ProncheryBIGNUMs would be handled and converted to byte arrays with 98*b077aed3SPierre ProncheryBN_bn2nativepad(), but that's off topic here. 99*b077aed3SPierre Pronchery 100*b077aed3SPierre Pronchery=begin comment 101*b077aed3SPierre Pronchery 102*b077aed3SPierre ProncheryTODO Write a set of cookbook documents and link to them. 103*b077aed3SPierre Pronchery 104*b077aed3SPierre Pronchery=end comment 105*b077aed3SPierre Pronchery 106*b077aed3SPierre Pronchery=head2 Creating an RSA keypair using raw key data 107*b077aed3SPierre Pronchery 108*b077aed3SPierre Pronchery #include <openssl/evp.h> 109*b077aed3SPierre Pronchery 110*b077aed3SPierre Pronchery /* 111*b077aed3SPierre Pronchery * These are extremely small to make this example simple. A real 112*b077aed3SPierre Pronchery * and secure application will not use such small numbers. A real 113*b077aed3SPierre Pronchery * and secure application is expected to use BIGNUMs, and to build 114*b077aed3SPierre Pronchery * this array dynamically. 115*b077aed3SPierre Pronchery */ 116*b077aed3SPierre Pronchery unsigned long rsa_n = 0xbc747fc5; 117*b077aed3SPierre Pronchery unsigned long rsa_e = 0x10001; 118*b077aed3SPierre Pronchery unsigned long rsa_d = 0x7b133399; 119*b077aed3SPierre Pronchery OSSL_PARAM params[] = { 120*b077aed3SPierre Pronchery OSSL_PARAM_ulong("n", &rsa_n), 121*b077aed3SPierre Pronchery OSSL_PARAM_ulong("e", &rsa_e), 122*b077aed3SPierre Pronchery OSSL_PARAM_ulong("d", &rsa_d), 123*b077aed3SPierre Pronchery OSSL_PARAM_END 124*b077aed3SPierre Pronchery }; 125*b077aed3SPierre Pronchery 126*b077aed3SPierre Pronchery int main() 127*b077aed3SPierre Pronchery { 128*b077aed3SPierre Pronchery EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL); 129*b077aed3SPierre Pronchery EVP_PKEY *pkey = NULL; 130*b077aed3SPierre Pronchery 131*b077aed3SPierre Pronchery if (ctx == NULL 132*b077aed3SPierre Pronchery || EVP_PKEY_fromdata_init(ctx) <= 0 133*b077aed3SPierre Pronchery || EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0) 134*b077aed3SPierre Pronchery exit(1); 135*b077aed3SPierre Pronchery 136*b077aed3SPierre Pronchery /* Do what you want with |pkey| */ 137*b077aed3SPierre Pronchery } 138*b077aed3SPierre Pronchery 139*b077aed3SPierre Pronchery=head2 Creating an ECC keypair using raw key data 140*b077aed3SPierre Pronchery 141*b077aed3SPierre Pronchery #include <openssl/evp.h> 142*b077aed3SPierre Pronchery #include <openssl/param_build.h> 143*b077aed3SPierre Pronchery #include <openssl/ec.h> 144*b077aed3SPierre Pronchery 145*b077aed3SPierre Pronchery /* 146*b077aed3SPierre Pronchery * Fixed data to represent the private and public key. 147*b077aed3SPierre Pronchery */ 148*b077aed3SPierre Pronchery const unsigned char priv_data[] = { 149*b077aed3SPierre Pronchery 0xb9, 0x2f, 0x3c, 0xe6, 0x2f, 0xfb, 0x45, 0x68, 150*b077aed3SPierre Pronchery 0x39, 0x96, 0xf0, 0x2a, 0xaf, 0x6c, 0xda, 0xf2, 151*b077aed3SPierre Pronchery 0x89, 0x8a, 0x27, 0xbf, 0x39, 0x9b, 0x7e, 0x54, 152*b077aed3SPierre Pronchery 0x21, 0xc2, 0xa1, 0xe5, 0x36, 0x12, 0x48, 0x5d 153*b077aed3SPierre Pronchery }; 154*b077aed3SPierre Pronchery /* UNCOMPRESSED FORMAT */ 155*b077aed3SPierre Pronchery const unsigned char pub_data[] = { 156*b077aed3SPierre Pronchery POINT_CONVERSION_UNCOMPRESSED, 157*b077aed3SPierre Pronchery 0xcf, 0x20, 0xfb, 0x9a, 0x1d, 0x11, 0x6c, 0x5e, 158*b077aed3SPierre Pronchery 0x9f, 0xec, 0x38, 0x87, 0x6c, 0x1d, 0x2f, 0x58, 159*b077aed3SPierre Pronchery 0x47, 0xab, 0xa3, 0x9b, 0x79, 0x23, 0xe6, 0xeb, 160*b077aed3SPierre Pronchery 0x94, 0x6f, 0x97, 0xdb, 0xa3, 0x7d, 0xbd, 0xe5, 161*b077aed3SPierre Pronchery 0x26, 0xca, 0x07, 0x17, 0x8d, 0x26, 0x75, 0xff, 162*b077aed3SPierre Pronchery 0xcb, 0x8e, 0xb6, 0x84, 0xd0, 0x24, 0x02, 0x25, 163*b077aed3SPierre Pronchery 0x8f, 0xb9, 0x33, 0x6e, 0xcf, 0x12, 0x16, 0x2f, 164*b077aed3SPierre Pronchery 0x5c, 0xcd, 0x86, 0x71, 0xa8, 0xbf, 0x1a, 0x47 165*b077aed3SPierre Pronchery }; 166*b077aed3SPierre Pronchery 167*b077aed3SPierre Pronchery int main() 168*b077aed3SPierre Pronchery { 169*b077aed3SPierre Pronchery EVP_PKEY_CTX *ctx; 170*b077aed3SPierre Pronchery EVP_PKEY *pkey = NULL; 171*b077aed3SPierre Pronchery BIGNUM *priv; 172*b077aed3SPierre Pronchery OSSL_PARAM_BLD *param_bld; 173*b077aed3SPierre Pronchery OSSL_PARAM *params = NULL; 174*b077aed3SPierre Pronchery int exitcode = 0; 175*b077aed3SPierre Pronchery 176*b077aed3SPierre Pronchery priv = BN_bin2bn(priv_data, sizeof(priv_data), NULL); 177*b077aed3SPierre Pronchery 178*b077aed3SPierre Pronchery param_bld = OSSL_PARAM_BLD_new(); 179*b077aed3SPierre Pronchery if (priv != NULL && param_bld != NULL 180*b077aed3SPierre Pronchery && OSSL_PARAM_BLD_push_utf8_string(param_bld, "group", 181*b077aed3SPierre Pronchery "prime256v1", 0) 182*b077aed3SPierre Pronchery && OSSL_PARAM_BLD_push_BN(param_bld, "priv", priv) 183*b077aed3SPierre Pronchery && OSSL_PARAM_BLD_push_octet_string(param_bld, "pub", 184*b077aed3SPierre Pronchery pub_data, sizeof(pub_data))) 185*b077aed3SPierre Pronchery params = OSSL_PARAM_BLD_to_param(param_bld); 186*b077aed3SPierre Pronchery 187*b077aed3SPierre Pronchery ctx = EVP_PKEY_CTX_new_from_name(NULL, "EC", NULL); 188*b077aed3SPierre Pronchery if (ctx == NULL 189*b077aed3SPierre Pronchery || params == NULL 190*b077aed3SPierre Pronchery || EVP_PKEY_fromdata_init(ctx) <= 0 191*b077aed3SPierre Pronchery || EVP_PKEY_fromdata(ctx, &pkey, EVP_PKEY_KEYPAIR, params) <= 0) { 192*b077aed3SPierre Pronchery exitcode = 1; 193*b077aed3SPierre Pronchery } else { 194*b077aed3SPierre Pronchery /* Do what you want with |pkey| */ 195*b077aed3SPierre Pronchery } 196*b077aed3SPierre Pronchery 197*b077aed3SPierre Pronchery EVP_PKEY_free(pkey); 198*b077aed3SPierre Pronchery EVP_PKEY_CTX_free(ctx); 199*b077aed3SPierre Pronchery OSSL_PARAM_free(params); 200*b077aed3SPierre Pronchery OSSL_PARAM_BLD_free(param_bld); 201*b077aed3SPierre Pronchery BN_free(priv); 202*b077aed3SPierre Pronchery 203*b077aed3SPierre Pronchery exit(exitcode); 204*b077aed3SPierre Pronchery } 205*b077aed3SPierre Pronchery 206*b077aed3SPierre Pronchery=head2 Finding out params for an unknown key type 207*b077aed3SPierre Pronchery 208*b077aed3SPierre Pronchery #include <openssl/evp.h> 209*b077aed3SPierre Pronchery #include <openssl/core.h> 210*b077aed3SPierre Pronchery 211*b077aed3SPierre Pronchery /* Program expects a key type as first argument */ 212*b077aed3SPierre Pronchery int main(int argc, char *argv[]) 213*b077aed3SPierre Pronchery { 214*b077aed3SPierre Pronchery EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_from_name(NULL, argv[1], NULL); 215*b077aed3SPierre Pronchery const OSSL_PARAM *settable_params = NULL; 216*b077aed3SPierre Pronchery 217*b077aed3SPierre Pronchery if (ctx == NULL) 218*b077aed3SPierre Pronchery exit(1); 219*b077aed3SPierre Pronchery settable_params = EVP_PKEY_fromdata_settable(ctx, EVP_PKEY_KEYPAIR); 220*b077aed3SPierre Pronchery if (settable_params == NULL) 221*b077aed3SPierre Pronchery exit(1); 222*b077aed3SPierre Pronchery 223*b077aed3SPierre Pronchery for (; settable_params->key != NULL; settable_params++) { 224*b077aed3SPierre Pronchery const char *datatype = NULL; 225*b077aed3SPierre Pronchery 226*b077aed3SPierre Pronchery switch (settable_params->data_type) { 227*b077aed3SPierre Pronchery case OSSL_PARAM_INTEGER: 228*b077aed3SPierre Pronchery datatype = "integer"; 229*b077aed3SPierre Pronchery break; 230*b077aed3SPierre Pronchery case OSSL_PARAM_UNSIGNED_INTEGER: 231*b077aed3SPierre Pronchery datatype = "unsigned integer"; 232*b077aed3SPierre Pronchery break; 233*b077aed3SPierre Pronchery case OSSL_PARAM_UTF8_STRING: 234*b077aed3SPierre Pronchery datatype = "printable string (utf-8 encoding expected)"; 235*b077aed3SPierre Pronchery break; 236*b077aed3SPierre Pronchery case OSSL_PARAM_UTF8_PTR: 237*b077aed3SPierre Pronchery datatype = "printable string pointer (utf-8 encoding expected)"; 238*b077aed3SPierre Pronchery break; 239*b077aed3SPierre Pronchery case OSSL_PARAM_OCTET_STRING: 240*b077aed3SPierre Pronchery datatype = "octet string"; 241*b077aed3SPierre Pronchery break; 242*b077aed3SPierre Pronchery case OSSL_PARAM_OCTET_PTR: 243*b077aed3SPierre Pronchery datatype = "octet string pointer"; 244*b077aed3SPierre Pronchery break; 245*b077aed3SPierre Pronchery } 246*b077aed3SPierre Pronchery printf("%s : %s ", settable_params->key, datatype); 247*b077aed3SPierre Pronchery if (settable_params->data_size == 0) 248*b077aed3SPierre Pronchery printf("(unlimited size)\n"); 249*b077aed3SPierre Pronchery else 250*b077aed3SPierre Pronchery printf("(maximum size %zu)\n", settable_params->data_size); 251*b077aed3SPierre Pronchery } 252*b077aed3SPierre Pronchery } 253*b077aed3SPierre Pronchery 254*b077aed3SPierre ProncheryThe descriptor L<OSSL_PARAM(3)> returned by 255*b077aed3SPierre ProncheryEVP_PKEY_fromdata_settable() may also be used programmatically, for 256*b077aed3SPierre Proncheryexample with L<OSSL_PARAM_allocate_from_text(3)>. 257*b077aed3SPierre Pronchery 258*b077aed3SPierre Pronchery=head1 SEE ALSO 259*b077aed3SPierre Pronchery 260*b077aed3SPierre ProncheryL<EVP_PKEY_CTX_new(3)>, L<provider(7)>, L<EVP_PKEY_gettable_params(3)>, 261*b077aed3SPierre ProncheryL<OSSL_PARAM(3)>, L<EVP_PKEY_todata(3)>, 262*b077aed3SPierre ProncheryL<EVP_PKEY-RSA(7)>, L<EVP_PKEY-DSA(7)>, L<EVP_PKEY-DH(7)>, L<EVP_PKEY-EC(7)>, 263*b077aed3SPierre ProncheryL<EVP_PKEY-ED448(7)>, L<EVP_PKEY-X25519(7)>, L<EVP_PKEY-X448(7)>, 264*b077aed3SPierre ProncheryL<EVP_PKEY-ED25519(7)> 265*b077aed3SPierre Pronchery 266*b077aed3SPierre Pronchery=head1 HISTORY 267*b077aed3SPierre Pronchery 268*b077aed3SPierre ProncheryThese functions were added in OpenSSL 3.0. 269*b077aed3SPierre Pronchery 270*b077aed3SPierre Pronchery=head1 COPYRIGHT 271*b077aed3SPierre Pronchery 272*b077aed3SPierre ProncheryCopyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. 273*b077aed3SPierre Pronchery 274*b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 275*b077aed3SPierre Proncherythis file except in compliance with the License. You can obtain a copy 276*b077aed3SPierre Proncheryin the file LICENSE in the source distribution or at 277*b077aed3SPierre ProncheryL<https://www.openssl.org/source/license.html>. 278*b077aed3SPierre Pronchery 279*b077aed3SPierre Pronchery=cut 280*b077aed3SPierre Pronchery 281