diff options
Diffstat (limited to 'src/include/openssl/evp.h')
-rw-r--r-- | src/include/openssl/evp.h | 74 |
1 files changed, 64 insertions, 10 deletions
diff --git a/src/include/openssl/evp.h b/src/include/openssl/evp.h index c4469841..999e19d8 100644 --- a/src/include/openssl/evp.h +++ b/src/include/openssl/evp.h @@ -170,22 +170,13 @@ OPENSSL_EXPORT int EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key); OPENSSL_EXPORT EC_KEY *EVP_PKEY_get0_EC_KEY(const EVP_PKEY *pkey); OPENSSL_EXPORT EC_KEY *EVP_PKEY_get1_EC_KEY(const EVP_PKEY *pkey); -// EVP_PKEY_new_ed25519_public returns a newly allocated |EVP_PKEY| wrapping an -// Ed25519 public key, or NULL on allocation error. -OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_new_ed25519_public( - const uint8_t public_key[32]); - -// EVP_PKEY_new_ed25519_private returns a newly allocated |EVP_PKEY| wrapping an -// Ed25519 private key, or NULL on allocation error. -OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_new_ed25519_private( - const uint8_t private_key[64]); - #define EVP_PKEY_NONE NID_undef #define EVP_PKEY_RSA NID_rsaEncryption #define EVP_PKEY_RSA_PSS NID_rsassaPss #define EVP_PKEY_DSA NID_dsa #define EVP_PKEY_EC NID_X9_62_id_ecPublicKey #define EVP_PKEY_ED25519 NID_ED25519 +#define EVP_PKEY_X25519 NID_X25519 // EVP_PKEY_assign sets the underlying key of |pkey| to |key|, which must be of // the given type. It returns one if successful or zero if the |type| argument @@ -241,6 +232,48 @@ OPENSSL_EXPORT EVP_PKEY *EVP_parse_private_key(CBS *cbs); OPENSSL_EXPORT int EVP_marshal_private_key(CBB *cbb, const EVP_PKEY *key); +// Raw keys +// +// Some keys types support a "raw" serialization. Currently the only supported +// raw format is Ed25519, where the public key and private key formats are those +// specified in RFC 8032. Note the RFC 8032 private key format is the 32-byte +// prefix of |ED25519_sign|'s 64-byte private key. + +// EVP_PKEY_new_raw_private_key returns a newly allocated |EVP_PKEY| wrapping a +// private key of the specified type. It returns one on success and zero on +// error. +OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_new_raw_private_key(int type, ENGINE *unused, + const uint8_t *in, + size_t len); + +// EVP_PKEY_new_raw_public_key returns a newly allocated |EVP_PKEY| wrapping a +// public key of the specified type. It returns one on success and zero on +// error. +OPENSSL_EXPORT EVP_PKEY *EVP_PKEY_new_raw_public_key(int type, ENGINE *unused, + const uint8_t *in, + size_t len); + +// EVP_PKEY_get_raw_private_key outputs the private key for |pkey| in raw form. +// If |out| is NULL, it sets |*out_len| to the size of the raw private key. +// Otherwise, it writes at most |*out_len| bytes to |out| and sets |*out_len| to +// the number of bytes written. +// +// It returns one on success and zero if |pkey| has no private key, the key +// type does not support a raw format, or the buffer is too small. +OPENSSL_EXPORT int EVP_PKEY_get_raw_private_key(const EVP_PKEY *pkey, + uint8_t *out, size_t *out_len); + +// EVP_PKEY_get_raw_public_key outputs the public key for |pkey| in raw form. +// If |out| is NULL, it sets |*out_len| to the size of the raw public key. +// Otherwise, it writes at most |*out_len| bytes to |out| and sets |*out_len| to +// the number of bytes written. +// +// It returns one on success and zero if |pkey| has no public key, the key +// type does not support a raw format, or the buffer is too small. +OPENSSL_EXPORT int EVP_PKEY_get_raw_public_key(const EVP_PKEY *pkey, + uint8_t *out, size_t *out_len); + + // Signing // EVP_DigestSignInit sets up |ctx| for a signing operation with |type| and @@ -874,6 +907,26 @@ OPENSSL_EXPORT DH *EVP_PKEY_get1_DH(const EVP_PKEY *pkey); OPENSSL_EXPORT int EVP_PKEY_CTX_set_ec_param_enc(EVP_PKEY_CTX *ctx, int encoding); +// EVP_PKEY_set1_tls_encodedpoint replaces |pkey| with a public key encoded by +// |in|. It returns one on success and zero on error. +// +// This function only works on X25519 keys. +OPENSSL_EXPORT int EVP_PKEY_set1_tls_encodedpoint(EVP_PKEY *pkey, + const uint8_t *in, + size_t len); + +// EVP_PKEY_get1_tls_encodedpoint sets |*out_ptr| to a newly-allocated buffer +// containing the raw encoded public key for |pkey|. The caller must call +// |OPENSSL_free| to release this buffer. The function returns the length of the +// buffer on success and zero on error. +// +// This function only works on X25519 keys. +OPENSSL_EXPORT size_t EVP_PKEY_get1_tls_encodedpoint(const EVP_PKEY *pkey, + uint8_t **out_ptr); + +// EVP_PKEY_base_id calls |EVP_PKEY_id|. +OPENSSL_EXPORT int EVP_PKEY_base_id(const EVP_PKEY *pkey); + // Preprocessor compatibility section (hidden). // @@ -962,5 +1015,6 @@ BSSL_NAMESPACE_END #define EVP_R_INVALID_SIGNATURE 131 #define EVP_R_MEMORY_LIMIT_EXCEEDED 132 #define EVP_R_INVALID_PARAMETERS 133 +#define EVP_R_INVALID_PEER_KEY 134 #endif // OPENSSL_HEADER_EVP_H |