pub struct PkeyCtx<T>(_, _);
Expand description
A context object which can perform asymmetric cryptography operations.
Implementations§
source§impl<T> PkeyCtx<T>
impl<T> PkeyCtx<T>
sourcepub fn new(pkey: &PKeyRef<T>) -> Result<Self, ErrorStack>
pub fn new(pkey: &PKeyRef<T>) -> Result<Self, ErrorStack>
Creates a new pkey context using the provided key.
This corresponds to EVP_PKEY_CTX_new
.
source§impl PkeyCtx<()>
impl PkeyCtx<()>
sourcepub fn new_id(id: Id) -> Result<Self, ErrorStack>
pub fn new_id(id: Id) -> Result<Self, ErrorStack>
Creates a new pkey context for the specified algorithm ID.
This corresponds to EVP_PKEY_new_id
.
Methods from Deref<Target = PkeyCtxRef<T>>§
sourcepub fn encrypt_init(&mut self) -> Result<(), ErrorStack>
pub fn encrypt_init(&mut self) -> Result<(), ErrorStack>
Prepares the context for encryption using the public key.
This corresponds to EVP_PKEY_encrypt_init
.
sourcepub fn verify_init(&mut self) -> Result<(), ErrorStack>
pub fn verify_init(&mut self) -> Result<(), ErrorStack>
Prepares the context for signature verification using the public key.
This corresponds to EVP_PKEY_verify_init
.
sourcepub fn encrypt(
&mut self,
from: &[u8],
to: Option<&mut [u8]>
) -> Result<usize, ErrorStack>
pub fn encrypt( &mut self, from: &[u8], to: Option<&mut [u8]> ) -> Result<usize, ErrorStack>
Encrypts data using the public key.
If to
is set to None
, an upper bound on the number of bytes required for the output buffer will be
returned.
This corresponds to EVP_PKEY_encrypt
.
sourcepub fn encrypt_to_vec(
&mut self,
from: &[u8],
out: &mut Vec<u8>
) -> Result<usize, ErrorStack>
pub fn encrypt_to_vec( &mut self, from: &[u8], out: &mut Vec<u8> ) -> Result<usize, ErrorStack>
Like Self::encrypt
but appends ciphertext to a Vec
.
sourcepub fn verify(&mut self, data: &[u8], sig: &[u8]) -> Result<bool, ErrorStack>
pub fn verify(&mut self, data: &[u8], sig: &[u8]) -> Result<bool, ErrorStack>
Verifies the signature of data using the public key.
Returns Ok(true)
if the signature is valid, Ok(false)
if the signature is invalid, and Err
if an error
occurred.
Note
This verifies the signature of the raw data. It is more common to compute and verify the signature of the
cryptographic hash of an arbitrary amount of data. The MdCtx
type can be used to do
that.
This corresponds to EVP_PKEY_verify
.
sourcepub fn decrypt_init(&mut self) -> Result<(), ErrorStack>
pub fn decrypt_init(&mut self) -> Result<(), ErrorStack>
Prepares the context for decryption using the private key.
This corresponds to EVP_PKEY_decrypt_init
.
sourcepub fn sign_init(&mut self) -> Result<(), ErrorStack>
pub fn sign_init(&mut self) -> Result<(), ErrorStack>
Prepares the context for signing using the private key.
This corresponds to EVP_PKEY_sign_init
.
sourcepub fn derive_set_peer<U>(&mut self, key: &PKeyRef<U>) -> Result<(), ErrorStack>where
U: HasPublic,
pub fn derive_set_peer<U>(&mut self, key: &PKeyRef<U>) -> Result<(), ErrorStack>where U: HasPublic,
Sets the peer key used for secret derivation.
This corresponds to EVP_PKEY_derive_set_peer
.
sourcepub fn decrypt(
&mut self,
from: &[u8],
to: Option<&mut [u8]>
) -> Result<usize, ErrorStack>
pub fn decrypt( &mut self, from: &[u8], to: Option<&mut [u8]> ) -> Result<usize, ErrorStack>
Decrypts data using the private key.
If to
is set to None
, an upper bound on the number of bytes required for the output buffer will be
returned.
This corresponds to EVP_PKEY_decrypt
.
sourcepub fn decrypt_to_vec(
&mut self,
from: &[u8],
out: &mut Vec<u8>
) -> Result<usize, ErrorStack>
pub fn decrypt_to_vec( &mut self, from: &[u8], out: &mut Vec<u8> ) -> Result<usize, ErrorStack>
Like Self::decrypt
but appends plaintext to a Vec
.
sourcepub fn sign(
&mut self,
data: &[u8],
sig: Option<&mut [u8]>
) -> Result<usize, ErrorStack>
pub fn sign( &mut self, data: &[u8], sig: Option<&mut [u8]> ) -> Result<usize, ErrorStack>
Signs the contents of data
.
If sig
is set to None
, an upper bound on the number of bytes required for the output buffer will be
returned.
Note
This computes the signature of the raw bytes of data
. It is more common to sign the cryptographic hash of
an arbitrary amount of data. The MdCtx
type can be used to do that.
This corresponds to EVP_PKEY_sign
.
sourcepub fn sign_to_vec(
&mut self,
data: &[u8],
sig: &mut Vec<u8>
) -> Result<usize, ErrorStack>
pub fn sign_to_vec( &mut self, data: &[u8], sig: &mut Vec<u8> ) -> Result<usize, ErrorStack>
Like Self::sign
but appends the signature to a Vec
.
sourcepub fn derive_init(&mut self) -> Result<(), ErrorStack>
pub fn derive_init(&mut self) -> Result<(), ErrorStack>
Prepares the context for shared secret derivation.
This corresponds to EVP_PKEY_derive_init
.
sourcepub fn keygen_init(&mut self) -> Result<(), ErrorStack>
pub fn keygen_init(&mut self) -> Result<(), ErrorStack>
Prepares the context for key generation.
This corresponds to EVP_PKEY_keygen_init
.
sourcepub fn rsa_padding(&self) -> Result<Padding, ErrorStack>
pub fn rsa_padding(&self) -> Result<Padding, ErrorStack>
Returns the RSA padding mode in use.
This is only useful for RSA keys.
This corresponds to EVP_PKEY_CTX_get_rsa_padding
.
sourcepub fn set_rsa_padding(&mut self, padding: Padding) -> Result<(), ErrorStack>
pub fn set_rsa_padding(&mut self, padding: Padding) -> Result<(), ErrorStack>
Sets the RSA padding mode.
This is only useful for RSA keys.
This corresponds to EVP_PKEY_CTX_set_rsa_padding
.
sourcepub fn set_rsa_mgf1_md(&mut self, md: &MdRef) -> Result<(), ErrorStack>
pub fn set_rsa_mgf1_md(&mut self, md: &MdRef) -> Result<(), ErrorStack>
Sets the RSA MGF1 algorithm.
This is only useful for RSA keys.
This corresponds to EVP_PKEY_CTX_set_rsa_mgf1_md
.
sourcepub fn set_rsa_oaep_md(&mut self, md: &MdRef) -> Result<(), ErrorStack>
pub fn set_rsa_oaep_md(&mut self, md: &MdRef) -> Result<(), ErrorStack>
Sets the RSA OAEP algorithm.
This is only useful for RSA keys.
This corresponds to EVP_PKEY_CTX_set_rsa_oaep_md
.
sourcepub fn set_rsa_oaep_label(&mut self, label: &[u8]) -> Result<(), ErrorStack>
pub fn set_rsa_oaep_label(&mut self, label: &[u8]) -> Result<(), ErrorStack>
Sets the RSA OAEP label.
This is only useful for RSA keys.
This corresponds to EVP_PKEY_CTX_set0_rsa_oaep_label
.
sourcepub fn set_keygen_cipher(
&mut self,
cipher: &CipherRef
) -> Result<(), ErrorStack>
pub fn set_keygen_cipher( &mut self, cipher: &CipherRef ) -> Result<(), ErrorStack>
Sets the cipher used during key generation.
This corresponds to EVP_PKEY_CTX_ctrl
.
sourcepub fn set_keygen_mac_key(&mut self, key: &[u8]) -> Result<(), ErrorStack>
pub fn set_keygen_mac_key(&mut self, key: &[u8]) -> Result<(), ErrorStack>
Sets the key MAC key used during key generation.
This corresponds to EVP_PKEY_CTX_ctrl
.
sourcepub fn set_hkdf_md(&mut self, digest: &MdRef) -> Result<(), ErrorStack>
pub fn set_hkdf_md(&mut self, digest: &MdRef) -> Result<(), ErrorStack>
Sets the digest used for HKDF derivation.
Requires OpenSSL 1.1.0 or newer.
This corresponds to EVP_PKEY_CTX_set_hkdf_md
.
sourcepub fn set_hkdf_mode(&mut self, mode: HkdfMode) -> Result<(), ErrorStack>
pub fn set_hkdf_mode(&mut self, mode: HkdfMode) -> Result<(), ErrorStack>
Sets the HKDF mode of operation.
Defaults to HkdfMode::EXTRACT_THEN_EXPAND
.
WARNING: Although this API calls it a “mode”, HKDF-Extract and HKDF-Expand are distinct operations with distinct inputs and distinct kinds of keys. Callers should not pass input secrets for one operation into the other.
Requires OpenSSL 1.1.1 or newer.
This corresponds to EVP_PKEY_CTX_set_hkdf_mode
.
sourcepub fn set_hkdf_key(&mut self, key: &[u8]) -> Result<(), ErrorStack>
pub fn set_hkdf_key(&mut self, key: &[u8]) -> Result<(), ErrorStack>
Sets the input material for HKDF generation as the “key”.
Which input is the key depends on the “mode” (see set_hkdf_mode
).
If HkdfMode::EXTRACT_THEN_EXPAND
or HkdfMode::EXTRACT_ONLY
, this function specifies
the input keying material (IKM) for HKDF-Extract. If HkdfMode::EXPAND_ONLY
, it instead
specifies the pseudorandom key (PRK) for HKDF-Expand.
Requires OpenSSL 1.1.0 or newer.
This corresponds to EVP_PKEY_CTX_set1_hkdf_key
.
sourcepub fn set_hkdf_salt(&mut self, salt: &[u8]) -> Result<(), ErrorStack>
pub fn set_hkdf_salt(&mut self, salt: &[u8]) -> Result<(), ErrorStack>
Sets the salt value for HKDF generation.
If performing HKDF-Expand only, this parameter is ignored.
Requires OpenSSL 1.1.0 or newer.
This corresponds to EVP_PKEY_CTX_set1_hkdf_salt
.
sourcepub fn add_hkdf_info(&mut self, info: &[u8]) -> Result<(), ErrorStack>
pub fn add_hkdf_info(&mut self, info: &[u8]) -> Result<(), ErrorStack>
Appends info bytes for HKDF generation.
If performing HKDF-Extract only, this parameter is ignored.
Requires OpenSSL 1.1.0 or newer.
This corresponds to EVP_PKEY_CTX_add1_hkdf_info
.
sourcepub fn derive(&mut self, buf: Option<&mut [u8]>) -> Result<usize, ErrorStack>
pub fn derive(&mut self, buf: Option<&mut [u8]>) -> Result<usize, ErrorStack>
Derives a shared secret between two keys.
If buf
is set to None
, an upper bound on the number of bytes required for the buffer will be returned.
This corresponds to EVP_PKEY_derive
.
sourcepub fn derive_to_vec(&mut self, buf: &mut Vec<u8>) -> Result<usize, ErrorStack>
pub fn derive_to_vec(&mut self, buf: &mut Vec<u8>) -> Result<usize, ErrorStack>
Like Self::derive
but appends the secret to a Vec
.
sourcepub fn keygen(&mut self) -> Result<PKey<Private>, ErrorStack>
pub fn keygen(&mut self) -> Result<PKey<Private>, ErrorStack>
Generates a new public/private keypair.
This corresponds to EVP_PKEY_keygen
.