Struct openssl::pkey_ctx::PkeyCtx

source · [−]

pub struct PkeyCtx<T>(_, _);

Expand description

A context object which can perform asymmetric cryptography operations.

Implementations

impl<T> PkeyCtx<T>

pub fn new(pkey: &PKeyRef<T>) -> Result<Self, ErrorStack>

Creates a new pkey context using the provided key.

This corresponds to EVP_PKEY_CTX_new.

impl PkeyCtx<()>

pub fn new_id(id: Id) -> Result<Self, ErrorStack>

Creates a new pkey context for the specified algorithm ID.

This corresponds to EVP_PKEY_new_id.

Methods from Deref<Target = PkeyCtxRef<T>>

pub fn encrypt_init(&mut self) -> Result<(), ErrorStack>

Prepares the context for encryption using the public key.

This corresponds to EVP_PKEY_encrypt_init.

pub fn verify_init(&mut self) -> Result<(), ErrorStack>

Prepares the context for signature verification using the public key.

This corresponds to EVP_PKEY_verify_init.

pub fn encrypt(
    &mut self,
    from: &[u8],
    to: Option<&mut [u8]>
) -> Result<usize, ErrorStack>

Encrypts data using the public key.

If to is set to None, an upper bound on the number of bytes required for the output buffer will be returned.

This corresponds to EVP_PKEY_encrypt.

pub fn encrypt_to_vec(
    &mut self,
    from: &[u8],
    out: &mut Vec<u8>
) -> Result<usize, ErrorStack>

Like Self::encrypt but appends ciphertext to a Vec.

pub fn verify(&mut self, data: &[u8], sig: &[u8]) -> Result<bool, ErrorStack>

Verifies the signature of data using the public key.

Returns Ok(true) if the signature is valid, Ok(false) if the signature is invalid, and Err if an error occurred.

Note

This verifies the signature of the raw data. It is more common to compute and verify the signature of the cryptographic hash of an arbitrary amount of data. The MdCtx type can be used to do that.

This corresponds to EVP_PKEY_verify.

pub fn decrypt_init(&mut self) -> Result<(), ErrorStack>

Prepares the context for decryption using the private key.

This corresponds to EVP_PKEY_decrypt_init.

pub fn sign_init(&mut self) -> Result<(), ErrorStack>

Prepares the context for signing using the private key.

This corresponds to EVP_PKEY_sign_init.

pub fn derive_set_peer<U>(&mut self, key: &PKeyRef<U>) -> Result<(), ErrorStack>where
U: HasPublic,

Sets the peer key used for secret derivation.

This corresponds to EVP_PKEY_derive_set_peer.

pub fn decrypt(
    &mut self,
    from: &[u8],
    to: Option<&mut [u8]>
) -> Result<usize, ErrorStack>

Decrypts data using the private key.

If to is set to None, an upper bound on the number of bytes required for the output buffer will be returned.

This corresponds to EVP_PKEY_decrypt.

pub fn decrypt_to_vec(
    &mut self,
    from: &[u8],
    out: &mut Vec<u8>
) -> Result<usize, ErrorStack>

Like Self::decrypt but appends plaintext to a Vec.

pub fn sign(
    &mut self,
    data: &[u8],
    sig: Option<&mut [u8]>
) -> Result<usize, ErrorStack>

Signs the contents of data.

If sig is set to None, an upper bound on the number of bytes required for the output buffer will be returned.

Note

This computes the signature of the raw bytes of data. It is more common to sign the cryptographic hash of an arbitrary amount of data. The MdCtx type can be used to do that.

This corresponds to EVP_PKEY_sign.

pub fn sign_to_vec(
    &mut self,
    data: &[u8],
    sig: &mut Vec<u8>
) -> Result<usize, ErrorStack>

Like Self::sign but appends the signature to a Vec.

pub fn derive_init(&mut self) -> Result<(), ErrorStack>

Prepares the context for shared secret derivation.

This corresponds to EVP_PKEY_derive_init.

pub fn keygen_init(&mut self) -> Result<(), ErrorStack>

Prepares the context for key generation.

This corresponds to EVP_PKEY_keygen_init.

pub fn rsa_padding(&self) -> Result<Padding, ErrorStack>

Returns the RSA padding mode in use.

This is only useful for RSA keys.

This corresponds to EVP_PKEY_CTX_get_rsa_padding.

pub fn set_rsa_padding(&mut self, padding: Padding) -> Result<(), ErrorStack>

Sets the RSA padding mode.

This is only useful for RSA keys.

This corresponds to EVP_PKEY_CTX_set_rsa_padding.

pub fn set_rsa_mgf1_md(&mut self, md: &MdRef) -> Result<(), ErrorStack>

Sets the RSA MGF1 algorithm.

This is only useful for RSA keys.

This corresponds to EVP_PKEY_CTX_set_rsa_mgf1_md.

pub fn set_rsa_oaep_md(&mut self, md: &MdRef) -> Result<(), ErrorStack>

Sets the RSA OAEP algorithm.

This is only useful for RSA keys.

This corresponds to EVP_PKEY_CTX_set_rsa_oaep_md.

pub fn set_rsa_oaep_label(&mut self, label: &[u8]) -> Result<(), ErrorStack>

Sets the RSA OAEP label.

This is only useful for RSA keys.

This corresponds to EVP_PKEY_CTX_set0_rsa_oaep_label.

pub fn set_keygen_cipher(&mut self, cipher: &CipherRef) -> Result<(), ErrorStack>

Sets the cipher used during key generation.

This corresponds to EVP_PKEY_CTX_ctrl.

pub fn set_keygen_mac_key(&mut self, key: &[u8]) -> Result<(), ErrorStack>

Sets the key MAC key used during key generation.

This corresponds to EVP_PKEY_CTX_ctrl.

pub fn set_hkdf_md(&mut self, digest: &MdRef) -> Result<(), ErrorStack>

Sets the digest used for HKDF derivation.

Requires OpenSSL 1.1.0 or newer.

This corresponds to EVP_PKEY_CTX_set_hkdf_md.

pub fn set_hkdf_mode(&mut self, mode: HkdfMode) -> Result<(), ErrorStack>

Sets the HKDF mode of operation.

Defaults to HkdfMode::EXTRACT_THEN_EXPAND.

WARNING: Although this API calls it a “mode”, HKDF-Extract and HKDF-Expand are distinct operations with distinct inputs and distinct kinds of keys. Callers should not pass input secrets for one operation into the other.

Requires OpenSSL 1.1.1 or newer.

This corresponds to EVP_PKEY_CTX_set_hkdf_mode.

pub fn set_hkdf_key(&mut self, key: &[u8]) -> Result<(), ErrorStack>

Sets the input material for HKDF generation as the “key”.

Which input is the key depends on the “mode” (see set_hkdf_mode). If HkdfMode::EXTRACT_THEN_EXPAND or HkdfMode::EXTRACT_ONLY, this function specifies the input keying material (IKM) for HKDF-Extract. If HkdfMode::EXPAND_ONLY, it instead specifies the pseudorandom key (PRK) for HKDF-Expand.

Requires OpenSSL 1.1.0 or newer.

This corresponds to EVP_PKEY_CTX_set1_hkdf_key.

pub fn set_hkdf_salt(&mut self, salt: &[u8]) -> Result<(), ErrorStack>

Sets the salt value for HKDF generation.

If performing HKDF-Expand only, this parameter is ignored.

Requires OpenSSL 1.1.0 or newer.

This corresponds to EVP_PKEY_CTX_set1_hkdf_salt.

pub fn add_hkdf_info(&mut self, info: &[u8]) -> Result<(), ErrorStack>

Appends info bytes for HKDF generation.

If performing HKDF-Extract only, this parameter is ignored.

Requires OpenSSL 1.1.0 or newer.

This corresponds to EVP_PKEY_CTX_add1_hkdf_info.

pub fn derive(&mut self, buf: Option<&mut [u8]>) -> Result<usize, ErrorStack>

Derives a shared secret between two keys.

If buf is set to None, an upper bound on the number of bytes required for the buffer will be returned.

This corresponds to EVP_PKEY_derive.

pub fn derive_to_vec(&mut self, buf: &mut Vec<u8>) -> Result<usize, ErrorStack>

Like Self::derive but appends the secret to a Vec.

pub fn keygen(&mut self) -> Result<PKey<Private>, ErrorStack>

Generates a new public/private keypair.

This corresponds to EVP_PKEY_keygen.

Trait Implementations

impl<T> AsRef<PkeyCtxRef<T>> for PkeyCtx<T>

fn as_ref(&self) -> &PkeyCtxRef<T>

Converts this type into a shared reference of the (usually inferred) input type.

impl<T> Borrow<PkeyCtxRef<T>> for PkeyCtx<T>

fn borrow(&self) -> &PkeyCtxRef<T>

Immutably borrows from an owned value. Read more

impl<T> Deref for PkeyCtx<T>

type Target = PkeyCtxRef<T>

The resulting type after dereferencing.

fn deref(&self) -> &PkeyCtxRef<T>

Dereferences the value.

impl<T> DerefMut for PkeyCtx<T>

fn deref_mut(&mut self) -> &mut PkeyCtxRef<T>

Mutably dereferences the value.

impl<T> Drop for PkeyCtx<T>

fn drop(&mut self)

Executes the destructor for this type. Read more

impl<T> ForeignType for PkeyCtx<T>

type CType = EVP_PKEY_CTX

The raw C type.

type Ref = PkeyCtxRef<T>

The type representing a reference to this type.

unsafe fn from_ptr(ptr: *mut EVP_PKEY_CTX) -> PkeyCtx<T>

Constructs an instance of this type from its raw type.

fn as_ptr(&self) -> *mut EVP_PKEY_CTX

Returns a raw pointer to the wrapped value.

impl<T> Send for PkeyCtx<T>

impl<T> Sync for PkeyCtx<T>

Auto Trait Implementations

impl<T> RefUnwindSafe for PkeyCtx<T>where
T: RefUnwindSafe,

impl<T> Unpin for PkeyCtx<T>where
T: Unpin,

impl<T> UnwindSafe for PkeyCtx<T>where
T: UnwindSafe,

Blanket Implementations

impl<T> Any for Twhere
T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for Twhere
T: ?Sized,

const: unstable · source

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for Twhere
T: ?Sized,

const: unstable · source

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

const: unstable · source

fn from(t: T) -> T

Returns the argument unchanged.

impl<T, U> Into<U> for Twhere
U: From<T>,

const: unstable · source

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T, U> TryFrom<U> for Twhere
U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

const: unstable · source

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.

impl<T, U> TryInto<U> for Twhere
U: TryFrom<T>,

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

const: unstable · source

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.