Struct openssl::pkey_ctx::PkeyCtx

source ·
pub struct PkeyCtx<T>(/* private fields */);
Expand description

A context object which can perform asymmetric cryptography operations.

Implementations§

source§

impl<T> PkeyCtx<T>

source

pub fn new(pkey: &PKeyRef<T>) -> Result<Self, ErrorStack>

Creates a new pkey context using the provided key.

This corresponds to EVP_PKEY_CTX_new.

source§

impl PkeyCtx<()>

source

pub fn new_id(id: Id) -> Result<Self, ErrorStack>

Creates a new pkey context for the specified algorithm ID.

This corresponds to EVP_PKEY_new_id.

Methods from Deref<Target = PkeyCtxRef<T>>§

source

pub fn encrypt_init(&mut self) -> Result<(), ErrorStack>

Prepares the context for encryption using the public key.

This corresponds to EVP_PKEY_encrypt_init.

source

pub fn verify_init(&mut self) -> Result<(), ErrorStack>

Prepares the context for signature verification using the public key.

This corresponds to EVP_PKEY_verify_init.

source

pub fn verify_recover_init(&mut self) -> Result<(), ErrorStack>

Prepares the context for signature recovery using the public key.

This corresponds to EVP_PKEY_verify_recover_init.

source

pub fn encrypt( &mut self, from: &[u8], to: Option<&mut [u8]>, ) -> Result<usize, ErrorStack>

Encrypts data using the public key.

If to is set to None, an upper bound on the number of bytes required for the output buffer will be returned.

This corresponds to EVP_PKEY_encrypt.

source

pub fn encrypt_to_vec( &mut self, from: &[u8], out: &mut Vec<u8>, ) -> Result<usize, ErrorStack>

Like Self::encrypt but appends ciphertext to a Vec.

source

pub fn verify(&mut self, data: &[u8], sig: &[u8]) -> Result<bool, ErrorStack>

Verifies the signature of data using the public key.

Returns Ok(true) if the signature is valid, Ok(false) if the signature is invalid, and Err if an error occurred.

§Note

This verifies the signature of the raw data. It is more common to compute and verify the signature of the cryptographic hash of an arbitrary amount of data. The MdCtx type can be used to do that.

This corresponds to EVP_PKEY_verify.

source

pub fn verify_recover( &mut self, sig: &[u8], to: Option<&mut [u8]>, ) -> Result<usize, ErrorStack>

Recovers the original data signed by the private key. You almost always want verify instead.

Returns the number of bytes written to to, or the number of bytes that would be written, if to is `None.

This corresponds to EVP_PKEY_verify_recover.

source

pub fn decrypt_init(&mut self) -> Result<(), ErrorStack>

Prepares the context for decryption using the private key.

This corresponds to EVP_PKEY_decrypt_init.

source

pub fn sign_init(&mut self) -> Result<(), ErrorStack>

Prepares the context for signing using the private key.

This corresponds to EVP_PKEY_sign_init.

source

pub fn derive_set_peer<U>(&mut self, key: &PKeyRef<U>) -> Result<(), ErrorStack>
where U: HasPublic,

Sets the peer key used for secret derivation.

This corresponds to EVP_PKEY_derive_set_peer.

source

pub fn decrypt( &mut self, from: &[u8], to: Option<&mut [u8]>, ) -> Result<usize, ErrorStack>

Decrypts data using the private key.

If to is set to None, an upper bound on the number of bytes required for the output buffer will be returned.

This corresponds to EVP_PKEY_decrypt.

source

pub fn decrypt_to_vec( &mut self, from: &[u8], out: &mut Vec<u8>, ) -> Result<usize, ErrorStack>

Like Self::decrypt but appends plaintext to a Vec.

source

pub fn sign( &mut self, data: &[u8], sig: Option<&mut [u8]>, ) -> Result<usize, ErrorStack>

Signs the contents of data.

If sig is set to None, an upper bound on the number of bytes required for the output buffer will be returned.

§Note

This computes the signature of the raw bytes of data. It is more common to sign the cryptographic hash of an arbitrary amount of data. The MdCtx type can be used to do that.

This corresponds to EVP_PKEY_sign.

source

pub fn sign_to_vec( &mut self, data: &[u8], sig: &mut Vec<u8>, ) -> Result<usize, ErrorStack>

Like Self::sign but appends the signature to a Vec.

source

pub fn derive_init(&mut self) -> Result<(), ErrorStack>

Prepares the context for shared secret derivation.

This corresponds to EVP_PKEY_derive_init.

source

pub fn keygen_init(&mut self) -> Result<(), ErrorStack>

Prepares the context for key generation.

This corresponds to EVP_PKEY_keygen_init.

source

pub fn set_signature_md(&self, md: &MdRef) -> Result<(), ErrorStack>

Sets which algorithm was used to compute the digest used in a signature. With RSA signatures this causes the signature to be wrapped in a DigestInfo structure. This is almost always what you want with RSA signatures.

This corresponds to EVP_PKEY_CTX_set_signature_md.

source

pub fn rsa_padding(&self) -> Result<Padding, ErrorStack>

Returns the RSA padding mode in use.

This is only useful for RSA keys.

This corresponds to EVP_PKEY_CTX_get_rsa_padding.

source

pub fn set_rsa_padding(&mut self, padding: Padding) -> Result<(), ErrorStack>

Sets the RSA padding mode.

This is only useful for RSA keys.

This corresponds to EVP_PKEY_CTX_set_rsa_padding.

source

pub fn set_rsa_pss_saltlen( &mut self, len: RsaPssSaltlen, ) -> Result<(), ErrorStack>

Sets the RSA PSS salt length.

This is only useful for RSA keys.

This corresponds to EVP_PKEY_CTX_set_rsa_pss_saltlen.

source

pub fn set_rsa_mgf1_md(&mut self, md: &MdRef) -> Result<(), ErrorStack>

Sets the RSA MGF1 algorithm.

This is only useful for RSA keys.

This corresponds to EVP_PKEY_CTX_set_rsa_mgf1_md.

source

pub fn set_rsa_oaep_md(&mut self, md: &MdRef) -> Result<(), ErrorStack>

Sets the RSA OAEP algorithm.

This is only useful for RSA keys.

This corresponds to EVP_PKEY_CTX_set_rsa_oaep_md.

source

pub fn set_rsa_oaep_label(&mut self, label: &[u8]) -> Result<(), ErrorStack>

Sets the RSA OAEP label.

This is only useful for RSA keys.

This corresponds to EVP_PKEY_CTX_set0_rsa_oaep_label.

source

pub fn set_keygen_cipher( &mut self, cipher: &CipherRef, ) -> Result<(), ErrorStack>

Sets the cipher used during key generation.

This corresponds to EVP_PKEY_CTX_ctrl.

source

pub fn set_keygen_mac_key(&mut self, key: &[u8]) -> Result<(), ErrorStack>

Sets the key MAC key used during key generation.

This corresponds to EVP_PKEY_CTX_ctrl.

source

pub fn set_hkdf_md(&mut self, digest: &MdRef) -> Result<(), ErrorStack>

Sets the digest used for HKDF derivation.

Requires OpenSSL 1.1.0 or newer.

This corresponds to EVP_PKEY_CTX_set_hkdf_md.

source

pub fn set_hkdf_mode(&mut self, mode: HkdfMode) -> Result<(), ErrorStack>

Sets the HKDF mode of operation.

Defaults to HkdfMode::EXTRACT_THEN_EXPAND.

WARNING: Although this API calls it a “mode”, HKDF-Extract and HKDF-Expand are distinct operations with distinct inputs and distinct kinds of keys. Callers should not pass input secrets for one operation into the other.

Requires OpenSSL 1.1.1 or newer.

This corresponds to EVP_PKEY_CTX_set_hkdf_mode.

source

pub fn set_hkdf_key(&mut self, key: &[u8]) -> Result<(), ErrorStack>

Sets the input material for HKDF generation as the “key”.

Which input is the key depends on the “mode” (see set_hkdf_mode). If HkdfMode::EXTRACT_THEN_EXPAND or HkdfMode::EXTRACT_ONLY, this function specifies the input keying material (IKM) for HKDF-Extract. If HkdfMode::EXPAND_ONLY, it instead specifies the pseudorandom key (PRK) for HKDF-Expand.

Requires OpenSSL 1.1.0 or newer.

This corresponds to EVP_PKEY_CTX_set1_hkdf_key.

source

pub fn set_hkdf_salt(&mut self, salt: &[u8]) -> Result<(), ErrorStack>

Sets the salt value for HKDF generation.

If performing HKDF-Expand only, this parameter is ignored.

Requires OpenSSL 1.1.0 or newer.

This corresponds to EVP_PKEY_CTX_set1_hkdf_salt.

source

pub fn add_hkdf_info(&mut self, info: &[u8]) -> Result<(), ErrorStack>

Appends info bytes for HKDF generation.

If performing HKDF-Extract only, this parameter is ignored.

Requires OpenSSL 1.1.0 or newer.

This corresponds to EVP_PKEY_CTX_add1_hkdf_info.

source

pub fn derive(&mut self, buf: Option<&mut [u8]>) -> Result<usize, ErrorStack>

Derives a shared secret between two keys.

If buf is set to None, an upper bound on the number of bytes required for the buffer will be returned.

This corresponds to EVP_PKEY_derive.

source

pub fn derive_to_vec(&mut self, buf: &mut Vec<u8>) -> Result<usize, ErrorStack>

Like Self::derive but appends the secret to a Vec.

source

pub fn keygen(&mut self) -> Result<PKey<Private>, ErrorStack>

Generates a new public/private keypair.

This corresponds to EVP_PKEY_keygen.

source

pub fn set_nonce_type( &mut self, nonce_type: NonceType, ) -> Result<(), ErrorStack>

Sets the nonce type for a private key context.

The nonce for DSA and ECDSA can be either random (the default) or deterministic (as defined by RFC 6979).

This is only useful for DSA and ECDSA. Requires OpenSSL 3.2.0 or newer.

This corresponds to EVP_PKEY_CTX_set_params.

source

pub fn nonce_type(&mut self) -> Result<NonceType, ErrorStack>

Gets the nonce type for a private key context.

The nonce for DSA and ECDSA can be either random (the default) or deterministic (as defined by RFC 6979).

This is only useful for DSA and ECDSA. Requires OpenSSL 3.2.0 or newer.

This corresponds to EVP_PKEY_CTX_get_params.

Trait Implementations§

source§

impl<T> AsRef<PkeyCtxRef<T>> for PkeyCtx<T>

source§

fn as_ref(&self) -> &PkeyCtxRef<T>

Converts this type into a shared reference of the (usually inferred) input type.
source§

impl<T> Borrow<PkeyCtxRef<T>> for PkeyCtx<T>

source§

fn borrow(&self) -> &PkeyCtxRef<T>

Immutably borrows from an owned value. Read more
source§

impl<T> Deref for PkeyCtx<T>

§

type Target = PkeyCtxRef<T>

The resulting type after dereferencing.
source§

fn deref(&self) -> &PkeyCtxRef<T>

Dereferences the value.
source§

impl<T> DerefMut for PkeyCtx<T>

source§

fn deref_mut(&mut self) -> &mut PkeyCtxRef<T>

Mutably dereferences the value.
source§

impl<T> Drop for PkeyCtx<T>

source§

fn drop(&mut self)

Executes the destructor for this type. Read more
source§

impl<T> ForeignType for PkeyCtx<T>

§

type CType = EVP_PKEY_CTX

The raw C type.
§

type Ref = PkeyCtxRef<T>

The type representing a reference to this type.
source§

unsafe fn from_ptr(ptr: *mut EVP_PKEY_CTX) -> PkeyCtx<T>

Constructs an instance of this type from its raw type.
source§

fn as_ptr(&self) -> *mut EVP_PKEY_CTX

Returns a raw pointer to the wrapped value.
source§

impl<T> Send for PkeyCtx<T>

source§

impl<T> Sync for PkeyCtx<T>

Auto Trait Implementations§

§

impl<T> Freeze for PkeyCtx<T>

§

impl<T> RefUnwindSafe for PkeyCtx<T>
where T: RefUnwindSafe,

§

impl<T> Unpin for PkeyCtx<T>
where T: Unpin,

§

impl<T> UnwindSafe for PkeyCtx<T>
where T: UnwindSafe,

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.