mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-03 05:41:46 +08:00
Code Issues Packages Projects Releases Wiki Activity
04cb5ec0b7
openssl/doc/man3/EVP_PKEY_set1_RSA.pod
Richard Levitte 7c664b1f1b DESERIALIZER: Add deserializers for the rest of our asymmetric key types 
To be able to implement this, there was a need for the standard
EVP_PKEY_set1_, EVP_PKEY_get0_ and EVP_PKEY_get1_ functions for
ED25519, ED448, X25519 and X448, as well as the corresponding
EVP_PKEY_assign_ macros.  There was also a need to extend the list of
hard coded names that EVP_PKEY_is_a() recognise.

Along with this, OSSL_FUNC_keymgmt_load() are implemented for all
those key types.

The deserializers for these key types are all implemented generically,
in providers/implementations/serializers/deserializer_der2key.c.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12544)
2020-08-01 11:51:19 +10:00

207 lines
8.5 KiB
Plaintext
Raw Blame History

=pod
=head1 NAME
EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY,
EVP_PKEY_set1_ED25519, EVP_PKEY_set1_ED448,
EVP_PKEY_set1_X25519, EVP_PKEY_set1_X448,
EVP_PKEY_get1_RSA, EVP_PKEY_get1_DSA, EVP_PKEY_get1_DH, EVP_PKEY_get1_EC_KEY,
EVP_PKEY_get1_ED25519, EVP_PKEY_get1_ED448,
EVP_PKEY_get1_X25519, EVP_PKEY_get1_X448,
EVP_PKEY_get0_RSA, EVP_PKEY_get0_DSA, EVP_PKEY_get0_DH, EVP_PKEY_get0_EC_KEY,
EVP_PKEY_get0_ED25519, EVP_PKEY_get0_ED448,
EVP_PKEY_get0_X25519, EVP_PKEY_get0_X448,
EVP_PKEY_assign_RSA, EVP_PKEY_assign_DSA, EVP_PKEY_assign_DH,
EVP_PKEY_assign_EC_KEY, EVP_PKEY_assign_POLY1305, EVP_PKEY_assign_SIPHASH,
EVP_PKEY_assign_ED25519, EVP_PKEY_assign_ED448,
EVP_PKEY_assign_X25519, EVP_PKEY_assign_X448,
EVP_PKEY_get0_hmac, EVP_PKEY_get0_poly1305, EVP_PKEY_get0_siphash,
EVP_PKEY_type, EVP_PKEY_id, EVP_PKEY_base_id, EVP_PKEY_set_alias_type,
EVP_PKEY_set1_engine, EVP_PKEY_get0_engine - EVP_PKEY assignment functions
=head1 SYNOPSIS
#include <openssl/evp.h>
int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key);
int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key);
int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key);
int EVP_PKEY_set1_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
int EVP_PKEY_set1_ED25519(EVP_PKEY *pkey, ECX_KEY *key);
int EVP_PKEY_set1_ED448(EVP_PKEY *pkey, ECX_KEY *key);
int EVP_PKEY_set1_X25519(EVP_PKEY *pkey, ECX_KEY *key);
int EVP_PKEY_set1_X448(EVP_PKEY *pkey, ECX_KEY *key);
RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey);
DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey);
DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey);
EC_KEY *EVP_PKEY_get1_EC_KEY(EVP_PKEY *pkey);
ECX_KEY *EVP_PKEY_get1_ED25519(EVP_PKEY *pkey);
ECX_KEY *EVP_PKEY_get1_ED448(EVP_PKEY *pkey);
ECX_KEY *EVP_PKEY_get1_X25519(EVP_PKEY *pkey);
ECX_KEY *EVP_PKEY_get1_X448(EVP_PKEY *pkey);
const unsigned char *EVP_PKEY_get0_hmac(const EVP_PKEY *pkey, size_t *len);
const unsigned char *EVP_PKEY_get0_poly1305(const EVP_PKEY *pkey, size_t *len);
const unsigned char *EVP_PKEY_get0_siphash(const EVP_PKEY *pkey, size_t *len);
RSA *EVP_PKEY_get0_RSA(const EVP_PKEY *pkey);
DSA *EVP_PKEY_get0_DSA(const EVP_PKEY *pkey);
DH *EVP_PKEY_get0_DH(const EVP_PKEY *pkey);
EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey);
ECX_KEY *EVP_PKEY_get0_ED25519(EVP_PKEY *pkey);
ECX_KEY *EVP_PKEY_get0_ED448(EVP_PKEY *pkey);
ECX_KEY *EVP_PKEY_get0_X25519(EVP_PKEY *pkey);
ECX_KEY *EVP_PKEY_get0_X448(EVP_PKEY *pkey);
int EVP_PKEY_assign_RSA(EVP_PKEY *pkey, RSA *key);
int EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key);
int EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key);
int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
int EVP_PKEY_assign_ED25519(EVP_PKEY *pkey, ECX_KEY *key);
int EVP_PKEY_assign_ED448(EVP_PKEY *pkey, ECX_KEY *key);
int EVP_PKEY_assign_X25519(EVP_PKEY *pkey, ECX_KEY *key);
int EVP_PKEY_assign_X448(EVP_PKEY *pkey, ECX_KEY *key);
int EVP_PKEY_assign_POLY1305(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
int EVP_PKEY_assign_SIPHASH(EVP_PKEY *pkey, ASN1_OCTET_STRING *key);
int EVP_PKEY_id(const EVP_PKEY *pkey);
int EVP_PKEY_base_id(const EVP_PKEY *pkey);
int EVP_PKEY_type(int type);
int EVP_PKEY_set_alias_type(EVP_PKEY *pkey, int type);
ENGINE *EVP_PKEY_get0_engine(const EVP_PKEY *pkey);
int EVP_PKEY_set1_engine(EVP_PKEY *pkey, ENGINE *engine);
=head1 DESCRIPTION
EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH(),
EVP_PKEY_set1_EC_KEY(), EVP_PKEY_set1_ED25519(), EVP_PKEY_set1_ED448(),
EVP_PKEY_set1_X25519() and EVP_PKEY_set1_X448() set the key referenced by
I<pkey> to I<key>.
EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
EVP_PKEY_get1_EC_KEY(), EVP_PKEY_get1_ED25519(), EVP_PKEY_get1_ED448(),
EVP_PKEY_get1_X25519() and EVP_PKEY_get1_X448() return the referenced key in
I<pkey> or NULL if the key is not of the correct type. The returned key must
be freed after use.
EVP_PKEY_get0_hmac(), EVP_PKEY_get0_poly1305(), EVP_PKEY_get0_siphash(),
EVP_PKEY_get0_RSA(), EVP_PKEY_get0_DSA(), EVP_PKEY_get0_DH(),
EVP_PKEY_get0_EC_KEY(), EVP_PKEY_get0_ED25519(), EVP_PKEY_get0_ED448(),
EVP_PKEY_get0_X25519() and EVP_PKEY_get0_X448() return the referenced
key in I<pkey> or NULL if the key is not of the correct type but the
reference count of the returned key is B<not> incremented and so must not be
freed after use.
EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(),
EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_ED25519(), EVP_PKEY_assign_ED448(),
EVP_PKEY_assign_X25519(), EVP_PKEY_assign_X448(), EVP_PKEY_assign_POLY1305() and
EVP_PKEY_assign_SIPHASH() set the referenced key to I<key> however these use
the supplied I<key> internally and so I<key> will be freed when the parent
I<pkey> is freed.
EVP_PKEY_base_id() returns the type of I<pkey>. For example
an RSA key will return B<EVP_PKEY_RSA>.
EVP_PKEY_id() returns the actual OID associated with I<pkey>. Historically keys
using the same algorithm could use different OIDs. For example an RSA key could
use the OIDs corresponding to the NIDs B<NID_rsaEncryption> (equivalent to
B<EVP_PKEY_RSA>) or B<NID_rsa> (equivalent to B<EVP_PKEY_RSA2>). The use of
alternative non-standard OIDs is now rare so B<EVP_PKEY_RSA2> et al are not
often seen in practice.
EVP_PKEY_type() returns the underlying type of the NID I<type>. For example
EVP_PKEY_type(EVP_PKEY_RSA2) will return B<EVP_PKEY_RSA>.
EVP_PKEY_get0_engine() returns a reference to the ENGINE handling I<pkey>.
EVP_PKEY_set1_engine() sets the ENGINE handling I<pkey> to I<engine>. It
must be called after the key algorithm and components are set up.
If I<engine> does not include an B<EVP_PKEY_METHOD> for I<pkey> an
error occurs.
EVP_PKEY_set_alias_type() allows modifying a EVP_PKEY to use a
different set of algorithms than the default.
=head1 WARNINGS
The following functions are only reliable with B<EVP_PKEY>s that have
been assigned an internal key with EVP_PKEY_assign_*():
EVP_PKEY_id(), EVP_PKEY_base_id(), EVP_PKEY_type(), EVP_PKEY_set_alias_type()
For EVP_PKEY key type checking purposes, L<EVP_PKEY_is_a(3)> is more generic.
=head1 NOTES
In accordance with the OpenSSL naming convention the key obtained
from or assigned to the I<pkey> using the B<1> functions must be
freed as well as I<pkey>.
EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(),
EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305()
and EVP_PKEY_assign_SIPHASH() are implemented as macros.
EVP_PKEY_assign_EC_KEY() looks at the curve name id to determine if
the passed B<EC_KEY> is an L<SM2(7)> key, and will set the B<EVP_PKEY>
type to B<EVP_PKEY_SM2> in that case, instead of B<EVP_PKEY_EC>.
It's possible to switch back and forth between the types B<EVP_PKEY_EC>
and B<EVP_PKEY_SM2> with a call to EVP_PKEY_set_alias_type() on keys
assigned with this macro if it's desirable to do a normal EC
computations with the SM2 curve instead of the special SM2
computations, and vice versa.
Most applications wishing to know a key type will simply call
EVP_PKEY_base_id() and will not care about the actual type:
which will be identical in almost all cases.
Previous versions of this document suggested using EVP_PKEY_type(pkey->type)
to determine the type of a key. Since B<EVP_PKEY> is now opaque this
is no longer possible: the equivalent is EVP_PKEY_base_id(pkey).
EVP_PKEY_set1_engine() is typically used by an ENGINE returning an HSM
key as part of its routine to load a private key.
=head1 RETURN VALUES
EVP_PKEY_set1_RSA(), EVP_PKEY_set1_DSA(), EVP_PKEY_set1_DH() and
EVP_PKEY_set1_EC_KEY() return 1 for success or 0 for failure.
EVP_PKEY_get1_RSA(), EVP_PKEY_get1_DSA(), EVP_PKEY_get1_DH() and
EVP_PKEY_get1_EC_KEY() return the referenced key or NULL if
an error occurred.
EVP_PKEY_assign_RSA(), EVP_PKEY_assign_DSA(), EVP_PKEY_assign_DH(),
EVP_PKEY_assign_EC_KEY(), EVP_PKEY_assign_POLY1305()
and EVP_PKEY_assign_SIPHASH() return 1 for success and 0 for failure.
EVP_PKEY_base_id(), EVP_PKEY_id() and EVP_PKEY_type() return a key
type or B<NID_undef> (equivalently B<EVP_PKEY_NONE>) on error.
EVP_PKEY_set1_engine() returns 1 for success and 0 for failure.
EVP_PKEY_set_alias_type() returns 1 for success and 0 for error.
=head1 EXAMPLES
After loading an ECC key, it is possible to convert it to using SM2
algorithms with EVP_PKEY_set_alias_type:
EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2);
=head1 SEE ALSO
L<EVP_PKEY_new(3)>, L<SM2(7)>
=head1 COPYRIGHT
Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
L<https://www.openssl.org/source/license.html>.
=cut
Reference in New Issue View Git Blame Copy Permalink