Add KDF support to pkeyutl. Update documentation.

#include <openssl/pem.h>

#include <openssl/evp.h>

#define KEY_NONE        0

#define KEY_PRIVKEY     1

#define KEY_PUBKEY      2

#define KEY_CERT        3

static EVP_PKEY_CTX *init_ctx(int *pkeysize,

static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,

                              const char *keyfile, int keyform, int key_type,

                              char *passinarg, int pkey_op, ENGINE *e,

                              const int impl);

    OPT_PUBIN, OPT_CERTIN, OPT_ASN1PARSE, OPT_HEXDUMP, OPT_SIGN,

    OPT_VERIFY, OPT_VERIFYRECOVER, OPT_REV, OPT_ENCRYPT, OPT_DECRYPT,

    OPT_DERIVE, OPT_SIGFILE, OPT_INKEY, OPT_PEERKEY, OPT_PASSIN,

    OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT

    OPT_PEERFORM, OPT_KEYFORM, OPT_PKEYOPT, OPT_KDF, OPT_KDFLEN

} OPTION_CHOICE;

OPTIONS pkeyutl_options[] = {

    {"encrypt", OPT_ENCRYPT, '-', "Encrypt input data with public key"},

    {"decrypt", OPT_DECRYPT, '-', "Decrypt input data with private key"},

    {"derive", OPT_DERIVE, '-', "Derive shared secret"},

    {"kdf", OPT_KDF, 's', "Use KDF algorithm"},

    {"kdflen", OPT_KDFLEN, 'p', "KDF algorithm output length"},

    {"sigfile", OPT_SIGFILE, '<', "Signature file (verify operation only)"},

    {"inkey", OPT_INKEY, 's', "Input private key file"},

    {"peerkey", OPT_PEERKEY, 's', "Peer key file used in key derivation"},

    size_t buf_outlen;

    const char *inkey = NULL;

    const char *peerkey = NULL;

    const char *kdfalg = NULL;

    int kdflen = 0;

    STACK_OF(OPENSSL_STRING) *pkeyopts = NULL;

    prog = opt_init(argc, argv, pkeyutl_options);

        case OPT_DERIVE:

            pkey_op = EVP_PKEY_OP_DERIVE;

            break;

        case OPT_KDF:

            pkey_op = EVP_PKEY_OP_DERIVE;

            key_type = KEY_NONE;

            kdfalg = opt_arg();

            break;

        case OPT_KDFLEN:

            kdflen = atoi(opt_arg());

            break;

        case OPT_REV:

            rev = 1;

            break;

    if (argc != 0)

        goto opthelp;

    if (inkey == NULL ||

        (peerkey != NULL && pkey_op != EVP_PKEY_OP_DERIVE))

    if (kdfalg != NULL) {

        if (kdflen == 0)

            goto opthelp;

    ctx = init_ctx(&keysize, inkey, keyform, key_type,

    } else if ((inkey == NULL)

            || (peerkey != NULL && pkey_op != EVP_PKEY_OP_DERIVE)) {

        goto opthelp;

    }

    ctx = init_ctx(kdfalg, &keysize, inkey, keyform, key_type,

                   passinarg, pkey_op, e, engine_impl);

    if (ctx == NULL) {

        BIO_printf(bio_err, "%s: Error initializing context\n", prog);

            BIO_puts(out, "Signature Verification Failure\n");

        goto end;

    }

    if (kdflen != 0) {

        buf_outlen = kdflen;

        rv = 1;

    } else {

        rv = do_keyop(ctx, pkey_op, NULL, (size_t *)&buf_outlen,

                      buf_in, (size_t)buf_inlen);

    }

    if (rv > 0 && buf_outlen != 0) {

        buf_out = app_malloc(buf_outlen, "buffer output");

        rv = do_keyop(ctx, pkey_op,

    return ret;

}

static EVP_PKEY_CTX *init_ctx(int *pkeysize,

static EVP_PKEY_CTX *init_ctx(const char *kdfalg, int *pkeysize,

                              const char *keyfile, int keyform, int key_type,

                              char *passinarg, int pkey_op, ENGINE *e,

                              const int engine_impl)

    X509 *x;

    if (((pkey_op == EVP_PKEY_OP_SIGN) || (pkey_op == EVP_PKEY_OP_DECRYPT)

         || (pkey_op == EVP_PKEY_OP_DERIVE))

        && (key_type != KEY_PRIVKEY)) {

        && (key_type != KEY_PRIVKEY && kdfalg == NULL)) {

        BIO_printf(bio_err, "A private key is needed for this operation\n");

        goto end;

    }

        }

        break;

    }

    *pkeysize = EVP_PKEY_size(pkey);

    case KEY_NONE:

        break;

    if (!pkey)

        goto end;

    }

#ifndef OPENSSL_NO_ENGINE

    if (engine_impl)

        impl = e;

#endif

    if (kdfalg) {

        int kdfnid = OBJ_sn2nid(kdfalg);

        if (kdfnid == NID_undef)

            goto end;

        ctx = EVP_PKEY_CTX_new_id(kdfnid, impl);

    } else {

        if (pkey == NULL)

            goto end;

        *pkeysize = EVP_PKEY_size(pkey);

        ctx = EVP_PKEY_CTX_new(pkey, impl);

        EVP_PKEY_free(pkey);

    }

    if (ctx == NULL)

        goto end;

[B<-encrypt>]

[B<-decrypt>]

[B<-derive>]

[B<-kdf algorithm>]

[B<-kdflen length>]

[B<-pkeyopt opt:value>]

[B<-hexdump>]

[B<-asn1parse>]

derive a shared secret using the peer key.

=item B<-kdf algorithm>

Use key derivation function B<algorithm>. Note: additional paramers

will normally have to be set and the KDF output length for this to work.

=item B<-kdflen length>

Set the ouput length for KDF.

=item B<-pkeyopt opt:value>

Public key options specified as opt:value. See NOTES below for more details.

 openssl pkeyutl -derive -inkey key.pem -peerkey pubkey.pem -out secret

Hexdump 48 bytes of TLS1 PRF using digest B<SHA256> and shared secret and

seed consisting of the single byte 0xFF.

 openssl pkeyutl -kdf TLS1-PRF -kdflen 48 -pkeyopt md:SHA256 \

    -pkeyopt hexsecret:ff -pkeyopt hexseed:ff -hexdump

=head1 SEE ALSO

L<genpkey(1)>, L<pkey(1)>, L<rsautl(1)>