pub struct PkeyCtx<T>(/* private fields */);Expand description
A context object which can perform asymmetric cryptography operations.
Implementations§
Source§impl<T> PkeyCtx<T>
 
impl<T> PkeyCtx<T>
Sourcepub fn new(pkey: &PKeyRef<T>) -> Result<Self, ErrorStack>
 
pub fn new(pkey: &PKeyRef<T>) -> Result<Self, ErrorStack>
Creates a new pkey context using the provided key.
This corresponds to EVP_PKEY_CTX_new.
Source§impl PkeyCtx<()>
 
impl PkeyCtx<()>
Sourcepub fn new_id(id: Id) -> Result<Self, ErrorStack>
 
pub fn new_id(id: Id) -> Result<Self, ErrorStack>
Creates a new pkey context for the specified algorithm ID.
This corresponds to EVP_PKEY_CTX_new_id.
Methods from Deref<Target = PkeyCtxRef<T>>§
Sourcepub fn encrypt_init(&mut self) -> Result<(), ErrorStack>
 
pub fn encrypt_init(&mut self) -> Result<(), ErrorStack>
Prepares the context for encryption using the public key.
This corresponds to EVP_PKEY_encrypt_init.
Sourcepub fn verify_init(&mut self) -> Result<(), ErrorStack>
 
pub fn verify_init(&mut self) -> Result<(), ErrorStack>
Prepares the context for signature verification using the public key.
This corresponds to EVP_PKEY_verify_init.
Sourcepub fn verify_recover_init(&mut self) -> Result<(), ErrorStack>
 
pub fn verify_recover_init(&mut self) -> Result<(), ErrorStack>
Prepares the context for signature recovery using the public key.
This corresponds to EVP_PKEY_verify_recover_init.
Sourcepub fn encrypt(
    &mut self,
    from: &[u8],
    to: Option<&mut [u8]>,
) -> Result<usize, ErrorStack>
 
pub fn encrypt( &mut self, from: &[u8], to: Option<&mut [u8]>, ) -> Result<usize, ErrorStack>
Encrypts data using the public key.
If to is set to None, an upper bound on the number of bytes required for the output buffer will be
returned.
This corresponds to EVP_PKEY_encrypt.
Sourcepub fn encrypt_to_vec(
    &mut self,
    from: &[u8],
    out: &mut Vec<u8>,
) -> Result<usize, ErrorStack>
 
pub fn encrypt_to_vec( &mut self, from: &[u8], out: &mut Vec<u8>, ) -> Result<usize, ErrorStack>
Like Self::encrypt but appends ciphertext to a Vec.
Sourcepub fn verify(&mut self, data: &[u8], sig: &[u8]) -> Result<bool, ErrorStack>
 
pub fn verify(&mut self, data: &[u8], sig: &[u8]) -> Result<bool, ErrorStack>
Verifies the signature of data using the public key.
Returns Ok(true) if the signature is valid, Ok(false) if the signature is invalid, and Err if an error
occurred.
§Note
This verifies the signature of the raw data. It is more common to compute and verify the signature of the
cryptographic hash of an arbitrary amount of data. The MdCtx type can be used to do
that.
This corresponds to EVP_PKEY_verify.
Sourcepub fn verify_recover(
    &mut self,
    sig: &[u8],
    to: Option<&mut [u8]>,
) -> Result<usize, ErrorStack>
 
pub fn verify_recover( &mut self, sig: &[u8], to: Option<&mut [u8]>, ) -> Result<usize, ErrorStack>
Recovers the original data signed by the private key. You almost
always want verify instead.
Returns the number of bytes written to to, or the number of bytes
that would be written, if to is `None.
This corresponds to EVP_PKEY_verify_recover.
Sourcepub fn decrypt_init(&mut self) -> Result<(), ErrorStack>
 
pub fn decrypt_init(&mut self) -> Result<(), ErrorStack>
Prepares the context for decryption using the private key.
This corresponds to EVP_PKEY_decrypt_init.
Sourcepub fn sign_init(&mut self) -> Result<(), ErrorStack>
 
pub fn sign_init(&mut self) -> Result<(), ErrorStack>
Prepares the context for signing using the private key.
This corresponds to EVP_PKEY_sign_init.
Sourcepub fn derive_set_peer<U>(&mut self, key: &PKeyRef<U>) -> Result<(), ErrorStack>where
    U: HasPublic,
 
pub fn derive_set_peer<U>(&mut self, key: &PKeyRef<U>) -> Result<(), ErrorStack>where
    U: HasPublic,
Sets the peer key used for secret derivation.
This corresponds to EVP_PKEY_derive_set_peer.
Sourcepub fn decrypt(
    &mut self,
    from: &[u8],
    to: Option<&mut [u8]>,
) -> Result<usize, ErrorStack>
 
pub fn decrypt( &mut self, from: &[u8], to: Option<&mut [u8]>, ) -> Result<usize, ErrorStack>
Decrypts data using the private key.
If to is set to None, an upper bound on the number of bytes required for the output buffer will be
returned.
This corresponds to EVP_PKEY_decrypt.
Sourcepub fn decrypt_to_vec(
    &mut self,
    from: &[u8],
    out: &mut Vec<u8>,
) -> Result<usize, ErrorStack>
 
pub fn decrypt_to_vec( &mut self, from: &[u8], out: &mut Vec<u8>, ) -> Result<usize, ErrorStack>
Like Self::decrypt but appends plaintext to a Vec.
Sourcepub fn sign(
    &mut self,
    data: &[u8],
    sig: Option<&mut [u8]>,
) -> Result<usize, ErrorStack>
 
pub fn sign( &mut self, data: &[u8], sig: Option<&mut [u8]>, ) -> Result<usize, ErrorStack>
Signs the contents of data.
If sig is set to None, an upper bound on the number of bytes required for the output buffer will be
returned.
§Note
This computes the signature of the raw bytes of data. It is more common to sign the cryptographic hash of
an arbitrary amount of data. The MdCtx type can be used to do that.
This corresponds to EVP_PKEY_sign.
Sourcepub fn sign_to_vec(
    &mut self,
    data: &[u8],
    sig: &mut Vec<u8>,
) -> Result<usize, ErrorStack>
 
pub fn sign_to_vec( &mut self, data: &[u8], sig: &mut Vec<u8>, ) -> Result<usize, ErrorStack>
Like Self::sign but appends the signature to a Vec.
Sourcepub fn derive_init(&mut self) -> Result<(), ErrorStack>
 
pub fn derive_init(&mut self) -> Result<(), ErrorStack>
Prepares the context for shared secret derivation.
This corresponds to EVP_PKEY_derive_init.
Sourcepub fn keygen_init(&mut self) -> Result<(), ErrorStack>
 
pub fn keygen_init(&mut self) -> Result<(), ErrorStack>
Prepares the context for key generation.
This corresponds to EVP_PKEY_keygen_init.
Sourcepub fn set_signature_md(&self, md: &MdRef) -> Result<(), ErrorStack>
 
pub fn set_signature_md(&self, md: &MdRef) -> Result<(), ErrorStack>
Sets which algorithm was used to compute the digest used in a
signature. With RSA signatures this causes the signature to be wrapped
in a DigestInfo structure. This is almost always what you want with
RSA signatures.
This corresponds to EVP_PKEY_CTX_set_signature_md.
Sourcepub fn rsa_padding(&self) -> Result<Padding, ErrorStack>
 
pub fn rsa_padding(&self) -> Result<Padding, ErrorStack>
Returns the RSA padding mode in use.
This is only useful for RSA keys.
This corresponds to EVP_PKEY_CTX_get_rsa_padding.
Sourcepub fn set_rsa_padding(&mut self, padding: Padding) -> Result<(), ErrorStack>
 
pub fn set_rsa_padding(&mut self, padding: Padding) -> Result<(), ErrorStack>
Sets the RSA padding mode.
This is only useful for RSA keys.
This corresponds to EVP_PKEY_CTX_set_rsa_padding.
Sourcepub fn set_rsa_pss_saltlen(
    &mut self,
    len: RsaPssSaltlen,
) -> Result<(), ErrorStack>
 
pub fn set_rsa_pss_saltlen( &mut self, len: RsaPssSaltlen, ) -> Result<(), ErrorStack>
Sets the RSA PSS salt length.
This is only useful for RSA keys.
This corresponds to EVP_PKEY_CTX_set_rsa_pss_saltlen.
Sourcepub fn set_rsa_mgf1_md(&mut self, md: &MdRef) -> Result<(), ErrorStack>
 
pub fn set_rsa_mgf1_md(&mut self, md: &MdRef) -> Result<(), ErrorStack>
Sets the RSA MGF1 algorithm.
This is only useful for RSA keys.
This corresponds to EVP_PKEY_CTX_set_rsa_mgf1_md.
Sourcepub fn set_rsa_oaep_md(&mut self, md: &MdRef) -> Result<(), ErrorStack>
 
pub fn set_rsa_oaep_md(&mut self, md: &MdRef) -> Result<(), ErrorStack>
Sets the RSA OAEP algorithm.
This is only useful for RSA keys.
This corresponds to EVP_PKEY_CTX_set_rsa_oaep_md.
Sourcepub fn set_rsa_oaep_label(&mut self, label: &[u8]) -> Result<(), ErrorStack>
 
pub fn set_rsa_oaep_label(&mut self, label: &[u8]) -> Result<(), ErrorStack>
Sets the RSA OAEP label.
This is only useful for RSA keys.
This corresponds to EVP_PKEY_CTX_set0_rsa_oaep_label.
Sourcepub fn set_keygen_cipher(
    &mut self,
    cipher: &CipherRef,
) -> Result<(), ErrorStack>
 
pub fn set_keygen_cipher( &mut self, cipher: &CipherRef, ) -> Result<(), ErrorStack>
Sets the cipher used during key generation.
This corresponds to EVP_PKEY_CTX_ctrl.
Sourcepub fn set_keygen_mac_key(&mut self, key: &[u8]) -> Result<(), ErrorStack>
 
pub fn set_keygen_mac_key(&mut self, key: &[u8]) -> Result<(), ErrorStack>
Sets the key MAC key used during key generation.
This corresponds to EVP_PKEY_CTX_ctrl.
Sourcepub fn set_hkdf_md(&mut self, digest: &MdRef) -> Result<(), ErrorStack>
 
pub fn set_hkdf_md(&mut self, digest: &MdRef) -> Result<(), ErrorStack>
Sets the digest used for HKDF derivation.
Requires OpenSSL 1.1.0 or newer.
This corresponds to EVP_PKEY_CTX_set_hkdf_md.
Sourcepub fn set_hkdf_mode(&mut self, mode: HkdfMode) -> Result<(), ErrorStack>
 
pub fn set_hkdf_mode(&mut self, mode: HkdfMode) -> Result<(), ErrorStack>
Sets the HKDF mode of operation.
Defaults to HkdfMode::EXTRACT_THEN_EXPAND.
WARNING: Although this API calls it a “mode”, HKDF-Extract and HKDF-Expand are distinct operations with distinct inputs and distinct kinds of keys. Callers should not pass input secrets for one operation into the other.
Requires OpenSSL 1.1.1 or newer.
This corresponds to EVP_PKEY_CTX_set_hkdf_mode.
Sourcepub fn set_hkdf_key(&mut self, key: &[u8]) -> Result<(), ErrorStack>
 
pub fn set_hkdf_key(&mut self, key: &[u8]) -> Result<(), ErrorStack>
Sets the input material for HKDF generation as the “key”.
Which input is the key depends on the “mode” (see set_hkdf_mode).
If HkdfMode::EXTRACT_THEN_EXPAND or HkdfMode::EXTRACT_ONLY, this function specifies
the input keying material (IKM) for HKDF-Extract. If HkdfMode::EXPAND_ONLY, it instead
specifies the pseudorandom key (PRK) for HKDF-Expand.
Requires OpenSSL 1.1.0 or newer.
This corresponds to EVP_PKEY_CTX_set1_hkdf_key.
Sourcepub fn set_hkdf_salt(&mut self, salt: &[u8]) -> Result<(), ErrorStack>
 
pub fn set_hkdf_salt(&mut self, salt: &[u8]) -> Result<(), ErrorStack>
Sets the salt value for HKDF generation.
If performing HKDF-Expand only, this parameter is ignored.
Requires OpenSSL 1.1.0 or newer.
This corresponds to EVP_PKEY_CTX_set1_hkdf_salt.
Sourcepub fn add_hkdf_info(&mut self, info: &[u8]) -> Result<(), ErrorStack>
 
pub fn add_hkdf_info(&mut self, info: &[u8]) -> Result<(), ErrorStack>
Appends info bytes for HKDF generation.
If performing HKDF-Extract only, this parameter is ignored.
Requires OpenSSL 1.1.0 or newer.
This corresponds to EVP_PKEY_CTX_add1_hkdf_info.
Sourcepub fn derive(&mut self, buf: Option<&mut [u8]>) -> Result<usize, ErrorStack>
 
pub fn derive(&mut self, buf: Option<&mut [u8]>) -> Result<usize, ErrorStack>
Derives a shared secret between two keys.
If buf is set to None, an upper bound on the number of bytes required for the buffer will be returned.
This corresponds to EVP_PKEY_derive.
Sourcepub fn derive_to_vec(&mut self, buf: &mut Vec<u8>) -> Result<usize, ErrorStack>
 
pub fn derive_to_vec(&mut self, buf: &mut Vec<u8>) -> Result<usize, ErrorStack>
Like Self::derive but appends the secret to a Vec.
Sourcepub fn keygen(&mut self) -> Result<PKey<Private>, ErrorStack>
 
pub fn keygen(&mut self) -> Result<PKey<Private>, ErrorStack>
Generates a new public/private keypair.
This corresponds to EVP_PKEY_keygen.
Sourcepub fn set_nonce_type(
    &mut self,
    nonce_type: NonceType,
) -> Result<(), ErrorStack>
 
pub fn set_nonce_type( &mut self, nonce_type: NonceType, ) -> Result<(), ErrorStack>
Sets the nonce type for a private key context.
The nonce for DSA and ECDSA can be either random (the default) or deterministic (as defined by RFC 6979).
This is only useful for DSA and ECDSA. Requires OpenSSL 3.2.0 or newer.
This corresponds to EVP_PKEY_CTX_set_params.
Sourcepub fn nonce_type(&mut self) -> Result<NonceType, ErrorStack>
 
pub fn nonce_type(&mut self) -> Result<NonceType, ErrorStack>
Gets the nonce type for a private key context.
The nonce for DSA and ECDSA can be either random (the default) or deterministic (as defined by RFC 6979).
This is only useful for DSA and ECDSA. Requires OpenSSL 3.2.0 or newer.
This corresponds to EVP_PKEY_CTX_get_params.