5 EVP_PKEY_encapsulate_init, EVP_PKEY_encapsulate
6 - Key encapsulation using a public key algorithm
10 #include <openssl/evp.h>
12 int EVP_PKEY_encapsulate_init(EVP_PKEY_CTX *ctx);
13 int EVP_PKEY_encapsulate(EVP_PKEY_CTX *ctx,
14 unsigned char *out, size_t *outlen,
15 unsigned char *genkey, size_t *genkeylen);
19 The EVP_PKEY_encapsulate_init() function initializes a public key algorithm
20 context I<ctx> for an encapsulation operation.
22 The EVP_PKEY_encapsulate() function performs a public key encapsulation
23 operation using I<ctx> with the name I<name>.
24 If I<out> is B<NULL> then the maximum size of the output buffer is written to the
25 I<*outlen> parameter and the maximum size of the generated key buffer is written
26 to I<*genkeylen>. If I<out> is not B<NULL> and the call is successful then the
27 internally generated key is written to I<genkey> and its size is written to
28 I<*genkeylen>. The encapsulated version of the generated key is written to
29 I<out> and its size is written to I<*outlen>.
33 After the call to EVP_PKEY_encapsulate_init() algorithm specific parameters
34 for the operation may be set using L<EVP_PKEY_CTX_set_params(3)>.
38 EVP_PKEY_encapsulate_init() and EVP_PKEY_encapsulate() return 1 for
39 success and 0 or a negative value for failure. In particular a return value of -2
40 indicates the operation is not supported by the public key algorithm.
44 Encapsulate an RSASVE key (for RSA keys).
46 #include <openssl/evp.h>
49 * NB: assumes rsa_pub_key is an public key of another party.
52 EVP_PKEY_CTX *ctx = NULL;
53 size_t secretlen = 0, outlen = 0;
54 unsigned char *out = NULL, *secret = NULL;
56 ctx = EVP_PKEY_CTX_new_from_pkey(libctx, rsa_pub_key, NULL);
59 if (EVP_PKEY_encapsulate_init(ctx) <= 0)
62 /* Set the mode - only 'RSASVE' is currently supported */
63 if (EVP_PKEY_CTX_set_kem_op(ctx, "RSASVE") <= 0)
65 /* Determine buffer length */
66 if (EVP_PKEY_encapsulate(ctx, NULL, &outlen, NULL, &secretlen) <= 0)
69 out = OPENSSL_malloc(outlen);
70 secret = OPENSSL_malloc(secretlen);
71 if (out == NULL || secret == NULL)
75 * The generated 'secret' can be used as key material.
76 * The encapsulated 'out' can be sent to another party who can
77 * decapsulate it using their private key to retrieve the 'secret'.
79 if (EVP_PKEY_encapsulate(ctx, out, &outlen, secret, &secretlen) <= 0)
84 L<EVP_PKEY_CTX_new(3)>,
85 L<EVP_PKEY_decapsulate(3)>,
90 These functions were added in OpenSSL 3.0.
94 Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
96 Licensed under the Apache License 2.0 (the "License"). You may not use
97 this file except in compliance with the License. You can obtain a copy
98 in the file LICENSE in the source distribution or at
99 L<https://www.openssl.org/source/license.html>.