1.\" $OpenBSD: EVP_PKEY_derive.3,v 1.8 2018/03/23 04:34:23 schwarze Exp $ 2.\" full merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100 3.\" 4.\" This file was written by Dr. Stephen Henson <steve@openssl.org>. 5.\" Copyright (c) 2006, 2009, 2013, 2018 The OpenSSL Project. 6.\" All rights reserved. 7.\" 8.\" Redistribution and use in source and binary forms, with or without 9.\" modification, are permitted provided that the following conditions 10.\" are met: 11.\" 12.\" 1. Redistributions of source code must retain the above copyright 13.\" notice, this list of conditions and the following disclaimer. 14.\" 15.\" 2. Redistributions in binary form must reproduce the above copyright 16.\" notice, this list of conditions and the following disclaimer in 17.\" the documentation and/or other materials provided with the 18.\" distribution. 19.\" 20.\" 3. All advertising materials mentioning features or use of this 21.\" software must display the following acknowledgment: 22.\" "This product includes software developed by the OpenSSL Project 23.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 24.\" 25.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26.\" endorse or promote products derived from this software without 27.\" prior written permission. For written permission, please contact 28.\" openssl-core@openssl.org. 29.\" 30.\" 5. Products derived from this software may not be called "OpenSSL" 31.\" nor may "OpenSSL" appear in their names without prior written 32.\" permission of the OpenSSL Project. 33.\" 34.\" 6. Redistributions of any form whatsoever must retain the following 35.\" acknowledgment: 36.\" "This product includes software developed by the OpenSSL Project 37.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)" 38.\" 39.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50.\" OF THE POSSIBILITY OF SUCH DAMAGE. 51.\" 52.Dd $Mdocdate: March 23 2018 $ 53.Dt EVP_PKEY_DERIVE 3 54.Os 55.Sh NAME 56.Nm EVP_PKEY_derive_init , 57.Nm EVP_PKEY_derive_set_peer , 58.Nm EVP_PKEY_derive 59.Nd derive public key algorithm shared secret 60.Sh SYNOPSIS 61.In openssl/evp.h 62.Ft int 63.Fo EVP_PKEY_derive_init 64.Fa "EVP_PKEY_CTX *ctx" 65.Fc 66.Ft int 67.Fo EVP_PKEY_derive_set_peer 68.Fa "EVP_PKEY_CTX *ctx" 69.Fa "EVP_PKEY *peer" 70.Fc 71.Ft int 72.Fo EVP_PKEY_derive 73.Fa "EVP_PKEY_CTX *ctx" 74.Fa "unsigned char *key" 75.Fa "size_t *keylen" 76.Fc 77.Sh DESCRIPTION 78The 79.Fn EVP_PKEY_derive_init 80function initializes a public key algorithm context using key 81.Fa ctx->pkey 82for shared secret derivation. 83.Pp 84The 85.Fn EVP_PKEY_derive_set_peer 86function sets the peer key: this will normally be a public key. 87.Pp 88The 89.Fn EVP_PKEY_derive 90function derives a shared secret using 91.Fa ctx . 92If 93.Fa key 94is 95.Dv NULL , 96then the maximum size of the output buffer is written to the 97.Fa keylen 98parameter. 99If 100.Fa key 101is not 102.Dv NULL 103then before the call the 104.Fa keylen 105parameter should contain the length of the 106.Fa key 107buffer. 108If the call is successful, the shared secret is written to 109.Fa key 110and the amount of data written to 111.Fa keylen . 112.Pp 113After the call to 114.Fn EVP_PKEY_derive_init , 115algorithm specific control operations can be performed to set any 116appropriate parameters for the operation. 117.Pp 118The function 119.Fn EVP_PKEY_derive 120can be called more than once on the same context if several operations 121are performed using the same parameters. 122.Sh RETURN VALUES 123.Fn EVP_PKEY_derive_init 124and 125.Fn EVP_PKEY_derive 126return 1 for success and 0 or a negative value for failure. 127In particular, a return value of -2 indicates the operation is not 128supported by the public key algorithm. 129.Sh EXAMPLES 130Derive shared secret (for example DH or EC keys): 131.Bd -literal -offset indent 132#include <openssl/evp.h> 133#include <openssl/rsa.h> 134 135EVP_PKEY_CTX *ctx; 136ENGINE *eng; 137unsigned char *skey; 138size_t skeylen; 139EVP_PKEY *pkey, *peerkey; 140 141/* Assumes that pkey, eng, and peerkey have already been set up. */ 142ctx = EVP_PKEY_CTX_new(pkey, eng); 143if (!ctx) 144 /* Error occurred */ 145if (EVP_PKEY_derive_init(ctx) <= 0) 146 /* Error */ 147if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0) 148 /* Error */ 149 150/* Determine buffer length */ 151if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0) 152 /* Error */ 153 154skey = malloc(skeylen); 155 156if (!skey) 157 /* malloc failure */ 158 159if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0) 160 /* Error */ 161 162/* Shared secret is skey bytes written to buffer skey */ 163.Ed 164.Sh SEE ALSO 165.Xr EVP_PKEY_CTX_new 3 , 166.Xr EVP_PKEY_decrypt 3 , 167.Xr EVP_PKEY_encrypt 3 , 168.Xr EVP_PKEY_meth_set_derive 3 , 169.Xr EVP_PKEY_sign 3 , 170.Xr EVP_PKEY_verify 3 , 171.Xr EVP_PKEY_verify_recover 3 , 172.Xr X25519 3 173.Sh HISTORY 174.Fn EVP_PKEY_derive_init , 175.Fn EVP_PKEY_derive_set_peer , 176and 177.Fn EVP_PKEY_derive 178first appeared in OpenSSL 1.0.0 and have been available since 179.Ox 4.9 . 180