1=pod 2 3=head1 NAME 4 5EVP_PKEY_Q_keygen, 6EVP_PKEY_keygen_init, EVP_PKEY_paramgen_init, EVP_PKEY_generate, 7EVP_PKEY_CTX_set_cb, EVP_PKEY_CTX_get_cb, 8EVP_PKEY_CTX_get_keygen_info, EVP_PKEY_CTX_set_app_data, 9EVP_PKEY_CTX_get_app_data, 10EVP_PKEY_gen_cb, 11EVP_PKEY_paramgen, EVP_PKEY_keygen 12- key and parameter generation and check functions 13 14=head1 SYNOPSIS 15 16 #include <openssl/evp.h> 17 18 EVP_PKEY *EVP_PKEY_Q_keygen(OSSL_LIB_CTX *libctx, const char *propq, 19 const char *type, ...); 20 21 int EVP_PKEY_keygen_init(EVP_PKEY_CTX *ctx); 22 int EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx); 23 int EVP_PKEY_generate(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); 24 int EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); 25 int EVP_PKEY_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey); 26 27 typedef int EVP_PKEY_gen_cb(EVP_PKEY_CTX *ctx); 28 29 void EVP_PKEY_CTX_set_cb(EVP_PKEY_CTX *ctx, EVP_PKEY_gen_cb *cb); 30 EVP_PKEY_gen_cb *EVP_PKEY_CTX_get_cb(EVP_PKEY_CTX *ctx); 31 32 int EVP_PKEY_CTX_get_keygen_info(EVP_PKEY_CTX *ctx, int idx); 33 34 void EVP_PKEY_CTX_set_app_data(EVP_PKEY_CTX *ctx, void *data); 35 void *EVP_PKEY_CTX_get_app_data(EVP_PKEY_CTX *ctx); 36 37=head1 DESCRIPTION 38 39Generating keys is sometimes straight forward, just generate the key's 40numbers and be done with it. However, there are certain key types that need 41key parameters, often called domain parameters but not necessarily limited 42to that, that also need to be generated. In addition to this, the caller 43may want to set user provided generation parameters that further affect key 44parameter or key generation, such as the desired key size. 45 46To flexibly allow all that's just been described, key parameter and key 47generation is divided into an initialization of a key algorithm context, 48functions to set user provided parameters, and finally the key parameter or 49key generation function itself. 50 51The key algorithm context must be created using L<EVP_PKEY_CTX_new(3)> or 52variants thereof, see that manual for details. 53 54EVP_PKEY_keygen_init() initializes a public key algorithm context I<ctx> 55for a key generation operation. 56 57EVP_PKEY_paramgen_init() is similar to EVP_PKEY_keygen_init() except key 58parameters are generated. 59 60After initialization, generation parameters may be provided with 61L<EVP_PKEY_CTX_ctrl(3)> or L<EVP_PKEY_CTX_set_params(3)>, or any other 62function described in those manuals. 63 64EVP_PKEY_generate() performs the generation operation, the resulting key 65parameters or key are written to I<*ppkey>. If I<*ppkey> is NULL when this 66function is called, it will be allocated, and should be freed by the caller 67when no longer useful, using L<EVP_PKEY_free(3)>. 68 69EVP_PKEY_paramgen() and EVP_PKEY_keygen() do exactly the same thing as 70EVP_PKEY_generate(), after checking that the corresponding EVP_PKEY_paramgen_init() 71or EVP_PKEY_keygen_init() was used to initialize I<ctx>. 72These are older functions that are kept for backward compatibility. 73It is safe to use EVP_PKEY_generate() instead. 74 75The function EVP_PKEY_set_cb() sets the key or parameter generation callback 76to I<cb>. The function EVP_PKEY_CTX_get_cb() returns the key or parameter 77generation callback. 78 79The function EVP_PKEY_CTX_get_keygen_info() returns parameters associated 80with the generation operation. If I<idx> is -1 the total number of 81parameters available is returned. Any non negative value returns the value of 82that parameter. EVP_PKEY_CTX_gen_keygen_info() with a nonnegative value for 83I<idx> should only be called within the generation callback. 84 85If the callback returns 0 then the key generation operation is aborted and an 86error occurs. This might occur during a time consuming operation where 87a user clicks on a "cancel" button. 88 89The functions EVP_PKEY_CTX_set_app_data() and EVP_PKEY_CTX_get_app_data() set 90and retrieve an opaque pointer. This can be used to set some application 91defined value which can be retrieved in the callback: for example a handle 92which is used to update a "progress dialog". 93 94EVP_PKEY_Q_keygen() abstracts from the explicit use of B<EVP_PKEY_CTX> while 95providing a 'quick' but limited way of generating a new asymmetric key pair. 96It provides shorthands for simple and common cases of key generation. 97As usual, the library context I<libctx> and property query I<propq> 98can be given for fetching algorithms from providers. 99If I<type> is C<RSA>, 100a B<size_t> parameter must be given to specify the size of the RSA key. 101If I<type> is C<EC>, 102a string parameter must be given to specify the name of the EC curve. 103If I<type> is C<X25519>, C<X448>, C<ED25519>, C<ED448>, or C<SM2> 104no further parameter is needed. 105 106=head1 RETURN VALUES 107 108EVP_PKEY_keygen_init(), EVP_PKEY_paramgen_init(), EVP_PKEY_keygen() and 109EVP_PKEY_paramgen() return 1 for success and 0 or a negative value for failure. 110In particular a return value of -2 indicates the operation is not supported by 111the public key algorithm. 112 113EVP_PKEY_Q_keygen() returns an B<EVP_PKEY>, or NULL on failure. 114 115=head1 NOTES 116 117After the call to EVP_PKEY_keygen_init() or EVP_PKEY_paramgen_init() algorithm 118specific control operations can be performed to set any appropriate parameters 119for the operation. 120 121The functions EVP_PKEY_keygen() and EVP_PKEY_paramgen() can be called more than 122once on the same context if several operations are performed using the same 123parameters. 124 125The meaning of the parameters passed to the callback will depend on the 126algorithm and the specific implementation of the algorithm. Some might not 127give any useful information at all during key or parameter generation. Others 128might not even call the callback. 129 130The operation performed by key or parameter generation depends on the algorithm 131used. In some cases (e.g. EC with a supplied named curve) the "generation" 132option merely sets the appropriate fields in an EVP_PKEY structure. 133 134In OpenSSL an EVP_PKEY structure containing a private key also contains the 135public key components and parameters (if any). An OpenSSL private key is 136equivalent to what some libraries call a "key pair". A private key can be used 137in functions which require the use of a public key or parameters. 138 139=head1 EXAMPLES 140 141Generate a 2048 bit RSA key: 142 143 #include <openssl/evp.h> 144 #include <openssl/rsa.h> 145 146 EVP_PKEY_CTX *ctx; 147 EVP_PKEY *pkey = NULL; 148 149 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); 150 if (!ctx) 151 /* Error occurred */ 152 if (EVP_PKEY_keygen_init(ctx) <= 0) 153 /* Error */ 154 if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0) 155 /* Error */ 156 157 /* Generate key */ 158 if (EVP_PKEY_keygen(ctx, &pkey) <= 0) 159 /* Error */ 160 161Generate a key from a set of parameters: 162 163 #include <openssl/evp.h> 164 #include <openssl/rsa.h> 165 166 EVP_PKEY_CTX *ctx; 167 ENGINE *eng; 168 EVP_PKEY *pkey = NULL, *param; 169 170 /* Assumed param, eng are set up already */ 171 ctx = EVP_PKEY_CTX_new(param, eng); 172 if (!ctx) 173 /* Error occurred */ 174 if (EVP_PKEY_keygen_init(ctx) <= 0) 175 /* Error */ 176 177 /* Generate key */ 178 if (EVP_PKEY_keygen(ctx, &pkey) <= 0) 179 /* Error */ 180 181Example of generation callback for OpenSSL public key implementations: 182 183 /* Application data is a BIO to output status to */ 184 185 EVP_PKEY_CTX_set_app_data(ctx, status_bio); 186 187 static int genpkey_cb(EVP_PKEY_CTX *ctx) 188 { 189 char c = '*'; 190 BIO *b = EVP_PKEY_CTX_get_app_data(ctx); 191 int p = EVP_PKEY_CTX_get_keygen_info(ctx, 0); 192 193 if (p == 0) 194 c = '.'; 195 if (p == 1) 196 c = '+'; 197 if (p == 2) 198 c = '*'; 199 if (p == 3) 200 c = '\n'; 201 BIO_write(b, &c, 1); 202 (void)BIO_flush(b); 203 return 1; 204 } 205 206=head1 SEE ALSO 207 208L<EVP_RSA_gen(3)>, L<EVP_EC_gen(3)>, 209L<EVP_PKEY_CTX_new(3)>, 210L<EVP_PKEY_encrypt(3)>, 211L<EVP_PKEY_decrypt(3)>, 212L<EVP_PKEY_sign(3)>, 213L<EVP_PKEY_verify(3)>, 214L<EVP_PKEY_verify_recover(3)>, 215L<EVP_PKEY_derive(3)> 216 217=head1 HISTORY 218 219EVP_PKEY_keygen_init(), int EVP_PKEY_paramgen_init(), EVP_PKEY_keygen(), 220EVP_PKEY_paramgen(), EVP_PKEY_gen_cb(), EVP_PKEY_CTX_set_cb(), 221EVP_PKEY_CTX_get_cb(), EVP_PKEY_CTX_get_keygen_info(), 222EVP_PKEY_CTX_set_app_data() and EVP_PKEY_CTX_get_app_data() were added in 223OpenSSL 1.0.0. 224 225EVP_PKEY_Q_keygen() and EVP_PKEY_generate() were added in OpenSSL 3.0. 226 227=head1 COPYRIGHT 228 229Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. 230 231Licensed under the Apache License 2.0 (the "License"). You may not use 232this file except in compliance with the License. You can obtain a copy 233in the file LICENSE in the source distribution or at 234L<https://www.openssl.org/source/license.html>. 235 236=cut 237