xref: /freebsd/crypto/openssl/doc/man3/EVP_PKEY_set1_encoded_public_key.pod (revision e7be843b4a162e68651d3911f0357ed464915629) 
1=pod
2
3=head1 NAME
4
5EVP_PKEY_set1_encoded_public_key, EVP_PKEY_get1_encoded_public_key,
6EVP_PKEY_set1_tls_encodedpoint, EVP_PKEY_get1_tls_encodedpoint
7- functions to set and get public key data within an EVP_PKEY
8
9=head1 SYNOPSIS
10
11 #include <openssl/evp.h>
12
13 int EVP_PKEY_set1_encoded_public_key(EVP_PKEY *pkey,
14                                      const unsigned char *pub, size_t publen);
15
16 size_t EVP_PKEY_get1_encoded_public_key(EVP_PKEY *pkey, unsigned char **ppub);
17
18The following functions have been deprecated since OpenSSL 3.0, and can be
19hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value,
20see L<openssl_user_macros(7)>:
21
22 int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey,
23                                    const unsigned char *pt, size_t ptlen);
24
25 size_t EVP_PKEY_get1_tls_encodedpoint(EVP_PKEY *pkey, unsigned char **ppt);
26
27=head1 DESCRIPTION
28
29EVP_PKEY_set1_encoded_public_key() can be used to set the public key value
30within an existing EVP_PKEY object, which does not yet have either a public or
31private key assigned.
32For the built-in OpenSSL algorithms this currently only works for those that
33support key exchange or key encapsulation.
34Parameters are not set as part of this operation, so typically an application
35will create an EVP_PKEY first, set the parameters on it, and then call this
36function.
37For example setting the parameters might be done using
38L<EVP_PKEY_copy_parameters(3)>.
39
40The format for the encoded public key will depend on the algorithm in use. For
41DH it should be encoded as a positive integer in big-endian form. For EC is
42should be a point conforming to Sec. 2.3.4 of the SECG SEC 1 ("Elliptic
43Curve Cryptography") standard. For B<X25519> and B<X448> it should be encoded
44in the format defined by RFC7748.
45For B<ML-KEM-512>, B<ML-KEM-768> and B<ML-KEM-1024>, this is the public key
46format defined in B<FIPS 203> (the 12-bit per-coefficient encoded public I<t>
47vector and 32-byte matrix seed I<rho>).
48
49The key to be updated is supplied in B<pkey>. The buffer containing the encoded
50key is pointed to be B<pub>. The length of the buffer is supplied in B<publen>.
51
52EVP_PKEY_get1_encoded_public_key() does the equivalent operation except that
53the encoded public key is returned to the application. The key containing the
54public key data is supplied in B<pkey>. A buffer containing the encoded key will
55be allocated and stored in B<*ppub>. The length of the encoded public key is
56returned by the function. The application is responsible for freeing the
57allocated buffer.
58
59The macro EVP_PKEY_set1_tls_encodedpoint() is deprecated and simply calls
60EVP_PKEY_set1_encoded_public_key() with all the same arguments. New applications
61should use EVP_PKEY_set1_encoded_public_key() instead.
62
63The macro EVP_PKEY_get1_tls_encodedpoint() is deprecated and simply calls
64EVP_PKEY_get1_encoded_public_key() with all the same arguments. New applications
65should use EVP_PKEY_get1_encoded_public_key() instead.
66
67
68=head1 RETURN VALUES
69
70EVP_PKEY_set1_encoded_public_key() returns 1 for success and 0 or a negative
71value for failure.
72
73EVP_PKEY_get1_encoded_public_key() returns the length of the encoded key or 0 for failure.
74
75=head1 EXAMPLES
76
77See L<EVP_PKEY_derive_init(3)> and L<EVP_PKEY_derive(3)> for information about
78performing a key exchange operation.
79
80=head2 Set up a peer's EVP_PKEY ready for a key exchange operation
81
82 #include <openssl/evp.h>
83
84 int exchange(EVP_PKEY *ourkey, unsigned char *peer_pub, size_t peer_pub_len)
85 {
86     EVP_PKEY *peerkey = EVP_PKEY_new();
87
88     if (peerkey == NULL || EVP_PKEY_copy_parameters(peerkey, ourkey) <= 0)
89         return 0;
90
91     if (EVP_PKEY_set1_encoded_public_key(peerkey, peer_pub,
92                                          peer_pub_len) <= 0)
93         return 0;
94
95     /* Do the key exchange here */
96
97     EVP_PKEY_free(peerkey);
98
99     return 1;
100 }
101
102=head2 Get an encoded public key to send to a peer
103
104 #include <openssl/evp.h>
105
106 int get_encoded_pub_key(EVP_PKEY *ourkey)
107 {
108     unsigned char *pubkey;
109     size_t pubkey_len;
110
111    pubkey_len = EVP_PKEY_get1_encoded_public_key(ourkey, &pubkey);
112    if (pubkey_len == 0)
113        return 0;
114
115    /*
116     * Send the encoded public key stored in the buffer at "pubkey" and of
117     * length pubkey_len, to the peer.
118     */
119
120    OPENSSL_free(pubkey);
121    return 1;
122 }
123
124=head1 SEE ALSO
125
126L<EVP_PKEY_new(3)>,
127L<EVP_PKEY_copy_parameters(3)>,
128L<EVP_PKEY_derive_init(3)>,
129L<EVP_PKEY_derive(3)>,
130L<EVP_PKEY-DH(7)>,
131L<EVP_PKEY-EC(7)>,
132L<EVP_PKEY-X25519(7)>,
133L<EVP_PKEY-X448(7)>,
134L<EVP_PKEY-ML-KEM-512(7)>,
135L<EVP_PKEY-ML-KEM-768(7)>,
136L<EVP_PKEY-ML-KEM-1024(7)>.
137
138=head1 HISTORY
139
140EVP_PKEY_set1_encoded_public_key() and EVP_PKEY_get1_encoded_public_key() were
141added in OpenSSL 3.0.
142
143EVP_PKEY_set1_tls_encodedpoint() and EVP_PKEY_get1_tls_encodedpoint() were
144deprecated in OpenSSL 3.0.
145
146Support for B<ML-KEM> was added in OpenSSL 3.5.
147
148=head1 COPYRIGHT
149
150Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
151
152Licensed under the Apache License 2.0 (the "License").  You may not use
153this file except in compliance with the License.  You can obtain a copy
154in the file LICENSE in the source distribution or at
155L<https://www.openssl.org/source/license.html>.
156
157=cut
158
159