1e71b7053SJung-uk Kim=pod 2e71b7053SJung-uk Kim 3e71b7053SJung-uk Kim=head1 NAME 4e71b7053SJung-uk Kim 5b077aed3SPierre ProncheryEVP_PKEY_derive_init, EVP_PKEY_derive_init_ex, 6b077aed3SPierre ProncheryEVP_PKEY_derive_set_peer_ex, EVP_PKEY_derive_set_peer, EVP_PKEY_derive 7b077aed3SPierre Pronchery- derive public key algorithm shared secret 8e71b7053SJung-uk Kim 9e71b7053SJung-uk Kim=head1 SYNOPSIS 10e71b7053SJung-uk Kim 11e71b7053SJung-uk Kim #include <openssl/evp.h> 12e71b7053SJung-uk Kim 13e71b7053SJung-uk Kim int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx); 14b077aed3SPierre Pronchery int EVP_PKEY_derive_init_ex(EVP_PKEY_CTX *ctx, const OSSL_PARAM params[]); 15b077aed3SPierre Pronchery int EVP_PKEY_derive_set_peer_ex(EVP_PKEY_CTX *ctx, EVP_PKEY *peer, 16b077aed3SPierre Pronchery int validate_peer); 17e71b7053SJung-uk Kim int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer); 18e71b7053SJung-uk Kim int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); 19e71b7053SJung-uk Kim 20e71b7053SJung-uk Kim=head1 DESCRIPTION 21e71b7053SJung-uk Kim 22b077aed3SPierre ProncheryEVP_PKEY_derive_init() initializes a public key algorithm context I<ctx> for 23b077aed3SPierre Proncheryshared secret derivation using the algorithm given when the context was created 24b077aed3SPierre Proncheryusing L<EVP_PKEY_CTX_new(3)> or variants thereof. The algorithm is used to 25b077aed3SPierre Proncheryfetch a B<EVP_KEYEXCH> method implicitly, see L<provider(7)/Implicit fetch> for 26b077aed3SPierre Proncherymore information about implicit fetches. 27e71b7053SJung-uk Kim 28b077aed3SPierre ProncheryEVP_PKEY_derive_init_ex() is the same as EVP_PKEY_derive_init() but additionally 29b077aed3SPierre Proncherysets the passed parameters I<params> on the context before returning. 30e71b7053SJung-uk Kim 31b077aed3SPierre ProncheryEVP_PKEY_derive_set_peer_ex() sets the peer key: this will normally 32b077aed3SPierre Proncherybe a public key. The I<validate_peer> will validate the public key if this value 33b077aed3SPierre Proncheryis non zero. 34b077aed3SPierre Pronchery 35*aa795734SPierre ProncheryEVP_PKEY_derive_set_peer() is similar to EVP_PKEY_derive_set_peer_ex() with 36b077aed3SPierre ProncheryI<validate_peer> set to 1. 37b077aed3SPierre Pronchery 38b077aed3SPierre ProncheryEVP_PKEY_derive() derives a shared secret using I<ctx>. 39b077aed3SPierre ProncheryIf I<key> is NULL then the maximum size of the output buffer is written to the 40b077aed3SPierre ProncheryI<keylen> parameter. If I<key> is not NULL then before the call the I<keylen> 41b077aed3SPierre Proncheryparameter should contain the length of the I<key> buffer, if the call is 42b077aed3SPierre Proncherysuccessful the shared secret is written to I<key> and the amount of data 43b077aed3SPierre Proncherywritten to I<keylen>. 44e71b7053SJung-uk Kim 45e71b7053SJung-uk Kim=head1 NOTES 46e71b7053SJung-uk Kim 47b077aed3SPierre ProncheryAfter the call to EVP_PKEY_derive_init(), algorithm 48b077aed3SPierre Proncheryspecific control operations can be performed to set any appropriate parameters 49b077aed3SPierre Proncheryfor the operation. 50e71b7053SJung-uk Kim 51e71b7053SJung-uk KimThe function EVP_PKEY_derive() can be called more than once on the same 52e71b7053SJung-uk Kimcontext if several operations are performed using the same parameters. 53e71b7053SJung-uk Kim 54e71b7053SJung-uk Kim=head1 RETURN VALUES 55e71b7053SJung-uk Kim 56b077aed3SPierre ProncheryEVP_PKEY_derive_init() and EVP_PKEY_derive() return 1 57b077aed3SPierre Proncheryfor success and 0 or a negative value for failure. 58b077aed3SPierre ProncheryIn particular a return value of -2 indicates the operation is not supported by 59b077aed3SPierre Proncherythe public key algorithm. 60e71b7053SJung-uk Kim 61da327cd2SJung-uk Kim=head1 EXAMPLES 62e71b7053SJung-uk Kim 63e71b7053SJung-uk KimDerive shared secret (for example DH or EC keys): 64e71b7053SJung-uk Kim 65e71b7053SJung-uk Kim #include <openssl/evp.h> 66e71b7053SJung-uk Kim #include <openssl/rsa.h> 67e71b7053SJung-uk Kim 68e71b7053SJung-uk Kim EVP_PKEY_CTX *ctx; 69e71b7053SJung-uk Kim ENGINE *eng; 70e71b7053SJung-uk Kim unsigned char *skey; 71e71b7053SJung-uk Kim size_t skeylen; 72e71b7053SJung-uk Kim EVP_PKEY *pkey, *peerkey; 73e71b7053SJung-uk Kim /* NB: assumes pkey, eng, peerkey have been already set up */ 74e71b7053SJung-uk Kim 75e71b7053SJung-uk Kim ctx = EVP_PKEY_CTX_new(pkey, eng); 76e71b7053SJung-uk Kim if (!ctx) 77e71b7053SJung-uk Kim /* Error occurred */ 78e71b7053SJung-uk Kim if (EVP_PKEY_derive_init(ctx) <= 0) 79e71b7053SJung-uk Kim /* Error */ 80e71b7053SJung-uk Kim if (EVP_PKEY_derive_set_peer(ctx, peerkey) <= 0) 81e71b7053SJung-uk Kim /* Error */ 82e71b7053SJung-uk Kim 83e71b7053SJung-uk Kim /* Determine buffer length */ 84e71b7053SJung-uk Kim if (EVP_PKEY_derive(ctx, NULL, &skeylen) <= 0) 85e71b7053SJung-uk Kim /* Error */ 86e71b7053SJung-uk Kim 87e71b7053SJung-uk Kim skey = OPENSSL_malloc(skeylen); 88e71b7053SJung-uk Kim 89e71b7053SJung-uk Kim if (!skey) 90e71b7053SJung-uk Kim /* malloc failure */ 91e71b7053SJung-uk Kim 92e71b7053SJung-uk Kim if (EVP_PKEY_derive(ctx, skey, &skeylen) <= 0) 93e71b7053SJung-uk Kim /* Error */ 94e71b7053SJung-uk Kim 95e71b7053SJung-uk Kim /* Shared secret is skey bytes written to buffer skey */ 96e71b7053SJung-uk Kim 97e71b7053SJung-uk Kim=head1 SEE ALSO 98e71b7053SJung-uk Kim 99e71b7053SJung-uk KimL<EVP_PKEY_CTX_new(3)>, 100e71b7053SJung-uk KimL<EVP_PKEY_encrypt(3)>, 101e71b7053SJung-uk KimL<EVP_PKEY_decrypt(3)>, 102e71b7053SJung-uk KimL<EVP_PKEY_sign(3)>, 103e71b7053SJung-uk KimL<EVP_PKEY_verify(3)>, 104e71b7053SJung-uk KimL<EVP_PKEY_verify_recover(3)>, 105b077aed3SPierre ProncheryL<EVP_KEYEXCH_fetch(3)> 106e71b7053SJung-uk Kim 107e71b7053SJung-uk Kim=head1 HISTORY 108e71b7053SJung-uk Kim 109b077aed3SPierre ProncheryThe EVP_PKEY_derive_init(), EVP_PKEY_derive_set_peer() and EVP_PKEY_derive() 110b077aed3SPierre Proncheryfunctions were originally added in OpenSSL 1.0.0. 111b077aed3SPierre Pronchery 112b077aed3SPierre ProncheryThe EVP_PKEY_derive_init_ex() and EVP_PKEY_derive_set_peer_ex() functions were 113b077aed3SPierre Proncheryadded in OpenSSL 3.0. 114e71b7053SJung-uk Kim 115e71b7053SJung-uk Kim=head1 COPYRIGHT 116e71b7053SJung-uk Kim 117*aa795734SPierre ProncheryCopyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved. 118e71b7053SJung-uk Kim 119b077aed3SPierre ProncheryLicensed under the Apache License 2.0 (the "License"). You may not use 120e71b7053SJung-uk Kimthis file except in compliance with the License. You can obtain a copy 121e71b7053SJung-uk Kimin the file LICENSE in the source distribution or at 122e71b7053SJung-uk KimL<https://www.openssl.org/source/license.html>. 123e71b7053SJung-uk Kim 124e71b7053SJung-uk Kim=cut 125