179 lines
5.3 KiB
Groff
179 lines
5.3 KiB
Groff
.\" $OpenBSD: EVP_PKEY_derive.3,v 1.8 2018/03/23 04:34:23 schwarze Exp $
|
|
.\" full merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100
|
|
.\"
|
|
.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
|
|
.\" Copyright (c) 2006, 2009, 2013, 2018 The OpenSSL Project.
|
|
.\" All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions
|
|
.\" are met:
|
|
.\"
|
|
.\" 1. Redistributions of source code must retain the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer.
|
|
.\"
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in
|
|
.\" the documentation and/or other materials provided with the
|
|
.\" distribution.
|
|
.\"
|
|
.\" 3. All advertising materials mentioning features or use of this
|
|
.\" software must display the following acknowledgment:
|
|
.\" "This product includes software developed by the OpenSSL Project
|
|
.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
|
|
.\"
|
|
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
|
|
.\" endorse or promote products derived from this software without
|
|
.\" prior written permission. For written permission, please contact
|
|
.\" openssl-core@openssl.org.
|
|
.\"
|
|
.\" 5. Products derived from this software may not be called "OpenSSL"
|
|
.\" nor may "OpenSSL" appear in their names without prior written
|
|
.\" permission of the OpenSSL Project.
|
|
.\"
|
|
.\" 6. Redistributions of any form whatsoever must retain the following
|
|
.\" acknowledgment:
|
|
.\" "This product includes software developed by the OpenSSL Project
|
|
.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
|
|
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
|
|
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
|
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
.\"
|
|
.Dd $Mdocdate: March 23 2018 $
|
|
.Dt EVP_PKEY_DERIVE 3
|
|
.Os
|
|
.Sh NAME
|
|
.Nm EVP_PKEY_derive_init ,
|
|
.Nm EVP_PKEY_derive_set_peer ,
|
|
.Nm EVP_PKEY_derive
|
|
.Nd derive public key algorithm shared secret
|
|
.Sh SYNOPSIS
|
|
.In openssl/evp.h
|
|
.Ft int
|
|
.Fo EVP_PKEY_derive_init
|
|
.Fa "EVP_PKEY_CTX *ctx"
|
|
.Fc
|
|
.Ft int
|
|
.Fo EVP_PKEY_derive_set_peer
|
|
.Fa "EVP_PKEY_CTX *ctx"
|
|
.Fa "EVP_PKEY *peer"
|
|
.Fc
|
|
.Ft int
|
|
.Fo EVP_PKEY_derive
|
|
.Fa "EVP_PKEY_CTX *ctx"
|
|
.Fa "unsigned char *key"
|
|
.Fa "size_t *keylen"
|
|
.Fc
|
|
.Sh DESCRIPTION
|
|
The
|
|
.Fn EVP_PKEY_derive_init
|
|
function initializes a public key algorithm context using key
|
|
.Fa ctx->pkey
|
|
for shared secret derivation.
|
|
.Pp
|
|
The
|
|
.Fn EVP_PKEY_derive_set_peer
|
|
function sets the peer key: this will normally be a public key.
|
|
.Pp
|
|
The
|
|
.Fn EVP_PKEY_derive
|
|
function derives a shared secret using
|
|
.Fa ctx .
|
|
If
|
|
.Fa key
|
|
is
|
|
.Dv NULL ,
|
|
then the maximum size of the output buffer is written to the
|
|
.Fa keylen
|
|
parameter.
|
|
If
|
|
.Fa key
|
|
is not
|
|
.Dv NULL
|
|
then before the call the
|
|
.Fa keylen
|
|
parameter should contain the length of the
|
|
.Fa key
|
|
buffer.
|
|
If the call is successful, the shared secret is written to
|
|
.Fa key
|
|
and the amount of data written to
|
|
.Fa keylen .
|
|
.Pp
|
|
After the call to
|
|
.Fn EVP_PKEY_derive_init ,
|
|
algorithm specific control operations can be performed to set any
|
|
appropriate parameters for the operation.
|
|
.Pp
|
|
The function
|
|
.Fn EVP_PKEY_derive
|
|
can be called more than once on the same context if several operations
|
|
are performed using the same parameters.
|
|
.Sh RETURN VALUES
|
|
.Fn EVP_PKEY_derive_init
|
|
and
|
|
.Fn EVP_PKEY_derive
|
|
return 1 for success and 0 or a negative value for failure.
|
|
In particular, a return value of -2 indicates the operation is not
|
|
supported by the public key algorithm.
|
|
.Sh EXAMPLES
|
|
Derive shared secret (for example DH or EC keys):
|
|
.Bd -literal -offset indent
|
|
#include <openssl/evp.h>
|
|
#include <openssl/rsa.h>
|
|
|
|
EVP_PKEY_CTX *ctx;
|
|
ENGINE *eng;
|
|
unsigned char *skey;
|
|
size_t skeylen;
|
|
EVP_PKEY *pkey, *peerkey;
|
|
|
|
/* Assumes that pkey, eng, and peerkey have already been set up. */
|
|
ctx = EVP_PKEY_CTX_new(pkey, eng);
|
|
if (!ctx)
|
|
/* Error occurred */
|
|
if (EVP_PKEY_derive_init(ctx) <= 0)
|
|
/* Error */
|
|
if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0)
|
|
/* Error */
|
|
|
|
/* Determine buffer length */
|
|
if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0)
|
|
/* Error */
|
|
|
|
skey = malloc(skeylen);
|
|
|
|
if (!skey)
|
|
/* malloc failure */
|
|
|
|
if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0)
|
|
/* Error */
|
|
|
|
/* Shared secret is skey bytes written to buffer skey */
|
|
.Ed
|
|
.Sh SEE ALSO
|
|
.Xr EVP_PKEY_CTX_new 3 ,
|
|
.Xr EVP_PKEY_decrypt 3 ,
|
|
.Xr EVP_PKEY_encrypt 3 ,
|
|
.Xr EVP_PKEY_meth_set_derive 3 ,
|
|
.Xr EVP_PKEY_sign 3 ,
|
|
.Xr EVP_PKEY_verify 3 ,
|
|
.Xr EVP_PKEY_verify_recover 3 ,
|
|
.Xr X25519 3
|
|
.Sh HISTORY
|
|
.Fn EVP_PKEY_derive_init ,
|
|
.Fn EVP_PKEY_derive_set_peer ,
|
|
and
|
|
.Fn EVP_PKEY_derive
|
|
first appeared in OpenSSL 1.0.0 and have been available since
|
|
.Ox 4.9 .
|