1/* 2 * Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34#ifdef HAVE_CONFIG_H 35#include <config.h> 36#endif 37 38#define HC_DEPRECATED 39#define HC_DEPRECATED_CRYPTO 40 41#include <sys/types.h> 42#include <stdio.h> 43#include <stdlib.h> 44#include <string.h> 45#include <assert.h> 46 47#include <evp.h> 48 49#include <krb5-types.h> 50 51#include "camellia.h" 52#include <des.h> 53#include <sha.h> 54#include <rc2.h> 55#include <rc4.h> 56#include <md2.h> 57#include <md4.h> 58#include <md5.h> 59 60/** 61 * @page page_evp EVP - generic crypto interface 62 * 63 * See the library functions here: @ref hcrypto_evp 64 * 65 * @section evp_cipher EVP Cipher 66 * 67 * The use of EVP_CipherInit_ex() and EVP_Cipher() is pretty easy to 68 * understand forward, then EVP_CipherUpdate() and 69 * EVP_CipherFinal_ex() really needs an example to explain @ref 70 * example_evp_cipher.c . 71 * 72 * @example example_evp_cipher.c 73 * 74 * This is an example how to use EVP_CipherInit_ex(), 75 * EVP_CipherUpdate() and EVP_CipherFinal_ex(). 76 */ 77 78struct hc_EVP_MD_CTX { 79 const EVP_MD *md; 80 ENGINE *engine; 81 void *ptr; 82}; 83 84 85/** 86 * Return the output size of the message digest function. 87 * 88 * @param md the evp message 89 * 90 * @return size output size of the message digest function. 91 * 92 * @ingroup hcrypto_evp 93 */ 94 95size_t 96EVP_MD_size(const EVP_MD *md) 97{ 98 return md->hash_size; 99} 100 101/** 102 * Return the blocksize of the message digest function. 103 * 104 * @param md the evp message 105 * 106 * @return size size of the message digest block size 107 * 108 * @ingroup hcrypto_evp 109 */ 110 111size_t 112EVP_MD_block_size(const EVP_MD *md) 113{ 114 return md->block_size; 115} 116 117/** 118 * Allocate a messsage digest context object. Free with 119 * EVP_MD_CTX_destroy(). 120 * 121 * @return a newly allocated message digest context object. 122 * 123 * @ingroup hcrypto_evp 124 */ 125 126EVP_MD_CTX * 127EVP_MD_CTX_create(void) 128{ 129 return calloc(1, sizeof(EVP_MD_CTX)); 130} 131 132/** 133 * Initiate a messsage digest context object. Deallocate with 134 * EVP_MD_CTX_cleanup(). Please use EVP_MD_CTX_create() instead. 135 * 136 * @param ctx variable to initiate. 137 * 138 * @ingroup hcrypto_evp 139 */ 140 141void HC_DEPRECATED 142EVP_MD_CTX_init(EVP_MD_CTX *ctx) 143{ 144 memset(ctx, 0, sizeof(*ctx)); 145} 146 147/** 148 * Free a messsage digest context object. 149 * 150 * @param ctx context to free. 151 * 152 * @ingroup hcrypto_evp 153 */ 154 155void 156EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) 157{ 158 EVP_MD_CTX_cleanup(ctx); 159 free(ctx); 160} 161 162/** 163 * Free the resources used by the EVP_MD context. 164 * 165 * @param ctx the context to free the resources from. 166 * 167 * @return 1 on success. 168 * 169 * @ingroup hcrypto_evp 170 */ 171 172int HC_DEPRECATED 173EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) 174{ 175 if (ctx->md && ctx->md->cleanup) 176 (ctx->md->cleanup)(ctx); 177 ctx->md = NULL; 178 ctx->engine = NULL; 179 free(ctx->ptr); 180 memset(ctx, 0, sizeof(*ctx)); 181 return 1; 182} 183 184/** 185 * Get the EVP_MD use for a specified context. 186 * 187 * @param ctx the EVP_MD context to get the EVP_MD for. 188 * 189 * @return the EVP_MD used for the context. 190 * 191 * @ingroup hcrypto_evp 192 */ 193 194const EVP_MD * 195EVP_MD_CTX_md(EVP_MD_CTX *ctx) 196{ 197 return ctx->md; 198} 199 200/** 201 * Return the output size of the message digest function. 202 * 203 * @param ctx the evp message digest context 204 * 205 * @return size output size of the message digest function. 206 * 207 * @ingroup hcrypto_evp 208 */ 209 210size_t 211EVP_MD_CTX_size(EVP_MD_CTX *ctx) 212{ 213 return EVP_MD_size(ctx->md); 214} 215 216/** 217 * Return the blocksize of the message digest function. 218 * 219 * @param ctx the evp message digest context 220 * 221 * @return size size of the message digest block size 222 * 223 * @ingroup hcrypto_evp 224 */ 225 226size_t 227EVP_MD_CTX_block_size(EVP_MD_CTX *ctx) 228{ 229 return EVP_MD_block_size(ctx->md); 230} 231 232/** 233 * Init a EVP_MD_CTX for use a specific message digest and engine. 234 * 235 * @param ctx the message digest context to init. 236 * @param md the message digest to use. 237 * @param engine the engine to use, NULL to use the default engine. 238 * 239 * @return 1 on success. 240 * 241 * @ingroup hcrypto_evp 242 */ 243 244int 245EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *md, ENGINE *engine) 246{ 247 if (ctx->md != md || ctx->engine != engine) { 248 EVP_MD_CTX_cleanup(ctx); 249 ctx->md = md; 250 ctx->engine = engine; 251 252 ctx->ptr = calloc(1, md->ctx_size); 253 if (ctx->ptr == NULL) 254 return 0; 255 } 256 (ctx->md->init)(ctx->ptr); 257 return 1; 258} 259 260/** 261 * Update the digest with some data. 262 * 263 * @param ctx the context to update 264 * @param data the data to update the context with 265 * @param size length of data 266 * 267 * @return 1 on success. 268 * 269 * @ingroup hcrypto_evp 270 */ 271 272int 273EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t size) 274{ 275 (ctx->md->update)(ctx->ptr, data, size); 276 return 1; 277} 278 279/** 280 * Complete the message digest. 281 * 282 * @param ctx the context to complete. 283 * @param hash the output of the message digest function. At least 284 * EVP_MD_size(). 285 * @param size the output size of hash. 286 * 287 * @return 1 on success. 288 * 289 * @ingroup hcrypto_evp 290 */ 291 292int 293EVP_DigestFinal_ex(EVP_MD_CTX *ctx, void *hash, unsigned int *size) 294{ 295 (ctx->md->final)(hash, ctx->ptr); 296 if (size) 297 *size = ctx->md->hash_size; 298 return 1; 299} 300 301/** 302 * Do the whole EVP_MD_CTX_create(), EVP_DigestInit_ex(), 303 * EVP_DigestUpdate(), EVP_DigestFinal_ex(), EVP_MD_CTX_destroy() 304 * dance in one call. 305 * 306 * @param data the data to update the context with 307 * @param dsize length of data 308 * @param hash output data of at least EVP_MD_size() length. 309 * @param hsize output length of hash. 310 * @param md message digest to use 311 * @param engine engine to use, NULL for default engine. 312 * 313 * @return 1 on success. 314 * 315 * @ingroup hcrypto_evp 316 */ 317 318int 319EVP_Digest(const void *data, size_t dsize, void *hash, unsigned int *hsize, 320 const EVP_MD *md, ENGINE *engine) 321{ 322 EVP_MD_CTX *ctx; 323 int ret; 324 325 ctx = EVP_MD_CTX_create(); 326 if (ctx == NULL) 327 return 0; 328 ret = EVP_DigestInit_ex(ctx, md, engine); 329 if (ret != 1) { 330 EVP_MD_CTX_destroy(ctx); 331 return ret; 332 } 333 ret = EVP_DigestUpdate(ctx, data, dsize); 334 if (ret != 1) { 335 EVP_MD_CTX_destroy(ctx); 336 return ret; 337 } 338 ret = EVP_DigestFinal_ex(ctx, hash, hsize); 339 EVP_MD_CTX_destroy(ctx); 340 return ret; 341} 342 343/** 344 * The message digest SHA256 345 * 346 * @return the message digest type. 347 * 348 * @ingroup hcrypto_evp 349 */ 350 351const EVP_MD * 352EVP_sha256(void) 353{ 354 static const struct hc_evp_md sha256 = { 355 32, 356 64, 357 sizeof(SHA256_CTX), 358 (hc_evp_md_init)SHA256_Init, 359 (hc_evp_md_update)SHA256_Update, 360 (hc_evp_md_final)SHA256_Final, 361 NULL 362 }; 363 return &sha256; 364} 365 366static const struct hc_evp_md sha1 = { 367 20, 368 64, 369 sizeof(SHA_CTX), 370 (hc_evp_md_init)SHA1_Init, 371 (hc_evp_md_update)SHA1_Update, 372 (hc_evp_md_final)SHA1_Final, 373 NULL 374}; 375 376/** 377 * The message digest SHA1 378 * 379 * @return the message digest type. 380 * 381 * @ingroup hcrypto_evp 382 */ 383 384const EVP_MD * 385EVP_sha1(void) 386{ 387 return &sha1; 388} 389 390/** 391 * The message digest SHA1 392 * 393 * @return the message digest type. 394 * 395 * @ingroup hcrypto_evp 396 */ 397 398const EVP_MD * 399EVP_sha(void) 400{ 401 return &sha1; 402} 403 404/** 405 * The message digest MD5 406 * 407 * @return the message digest type. 408 * 409 * @ingroup hcrypto_evp 410 */ 411 412const EVP_MD * 413EVP_md5(void) 414{ 415 static const struct hc_evp_md md5 = { 416 16, 417 64, 418 sizeof(MD5_CTX), 419 (hc_evp_md_init)MD5_Init, 420 (hc_evp_md_update)MD5_Update, 421 (hc_evp_md_final)MD5_Final, 422 NULL 423 }; 424 return &md5; 425} 426 427/** 428 * The message digest MD4 429 * 430 * @return the message digest type. 431 * 432 * @ingroup hcrypto_evp 433 */ 434 435const EVP_MD * 436EVP_md4(void) 437{ 438 static const struct hc_evp_md md4 = { 439 16, 440 64, 441 sizeof(MD4_CTX), 442 (hc_evp_md_init)MD4_Init, 443 (hc_evp_md_update)MD4_Update, 444 (hc_evp_md_final)MD4_Final, 445 NULL 446 }; 447 return &md4; 448} 449 450/** 451 * The message digest MD2 452 * 453 * @return the message digest type. 454 * 455 * @ingroup hcrypto_evp 456 */ 457 458const EVP_MD * 459EVP_md2(void) 460{ 461 static const struct hc_evp_md md2 = { 462 16, 463 16, 464 sizeof(MD2_CTX), 465 (hc_evp_md_init)MD2_Init, 466 (hc_evp_md_update)MD2_Update, 467 (hc_evp_md_final)MD2_Final, 468 NULL 469 }; 470 return &md2; 471} 472 473/* 474 * 475 */ 476 477static void 478null_Init (void *m) 479{ 480} 481static void 482null_Update (void *m, const void * data, size_t size) 483{ 484} 485static void 486null_Final(void *res, void *m) 487{ 488} 489 490/** 491 * The null message digest 492 * 493 * @return the message digest type. 494 * 495 * @ingroup hcrypto_evp 496 */ 497 498const EVP_MD * 499EVP_md_null(void) 500{ 501 static const struct hc_evp_md null = { 502 0, 503 0, 504 0, 505 (hc_evp_md_init)null_Init, 506 (hc_evp_md_update)null_Update, 507 (hc_evp_md_final)null_Final, 508 NULL 509 }; 510 return &null; 511} 512 513/** 514 * Return the block size of the cipher. 515 * 516 * @param c cipher to get the block size from. 517 * 518 * @return the block size of the cipher. 519 * 520 * @ingroup hcrypto_evp 521 */ 522 523size_t 524EVP_CIPHER_block_size(const EVP_CIPHER *c) 525{ 526 return c->block_size; 527} 528 529/** 530 * Return the key size of the cipher. 531 * 532 * @param c cipher to get the key size from. 533 * 534 * @return the key size of the cipher. 535 * 536 * @ingroup hcrypto_evp 537 */ 538 539size_t 540EVP_CIPHER_key_length(const EVP_CIPHER *c) 541{ 542 return c->key_len; 543} 544 545/** 546 * Return the IV size of the cipher. 547 * 548 * @param c cipher to get the IV size from. 549 * 550 * @return the IV size of the cipher. 551 * 552 * @ingroup hcrypto_evp 553 */ 554 555size_t 556EVP_CIPHER_iv_length(const EVP_CIPHER *c) 557{ 558 return c->iv_len; 559} 560 561/** 562 * Initiate a EVP_CIPHER_CTX context. Clean up with 563 * EVP_CIPHER_CTX_cleanup(). 564 * 565 * @param c the cipher initiate. 566 * 567 * @ingroup hcrypto_evp 568 */ 569 570void 571EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *c) 572{ 573 memset(c, 0, sizeof(*c)); 574} 575 576/** 577 * Clean up the EVP_CIPHER_CTX context. 578 * 579 * @param c the cipher to clean up. 580 * 581 * @return 1 on success. 582 * 583 * @ingroup hcrypto_evp 584 */ 585 586int 587EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) 588{ 589 if (c->cipher && c->cipher->cleanup) 590 c->cipher->cleanup(c); 591 if (c->cipher_data) { 592 free(c->cipher_data); 593 c->cipher_data = NULL; 594 } 595 return 1; 596} 597 598#if 0 599int 600EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int length) 601{ 602 return 0; 603} 604 605int 606EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad) 607{ 608 return 0; 609} 610#endif 611 612/** 613 * Return the EVP_CIPHER for a EVP_CIPHER_CTX context. 614 * 615 * @param ctx the context to get the cipher type from. 616 * 617 * @return the EVP_CIPHER pointer. 618 * 619 * @ingroup hcrypto_evp 620 */ 621 622const EVP_CIPHER * 623EVP_CIPHER_CTX_cipher(EVP_CIPHER_CTX *ctx) 624{ 625 return ctx->cipher; 626} 627 628/** 629 * Return the block size of the cipher context. 630 * 631 * @param ctx cipher context to get the block size from. 632 * 633 * @return the block size of the cipher context. 634 * 635 * @ingroup hcrypto_evp 636 */ 637 638size_t 639EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) 640{ 641 return EVP_CIPHER_block_size(ctx->cipher); 642} 643 644/** 645 * Return the key size of the cipher context. 646 * 647 * @param ctx cipher context to get the key size from. 648 * 649 * @return the key size of the cipher context. 650 * 651 * @ingroup hcrypto_evp 652 */ 653 654size_t 655EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) 656{ 657 return EVP_CIPHER_key_length(ctx->cipher); 658} 659 660/** 661 * Return the IV size of the cipher context. 662 * 663 * @param ctx cipher context to get the IV size from. 664 * 665 * @return the IV size of the cipher context. 666 * 667 * @ingroup hcrypto_evp 668 */ 669 670size_t 671EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) 672{ 673 return EVP_CIPHER_iv_length(ctx->cipher); 674} 675 676/** 677 * Get the flags for an EVP_CIPHER_CTX context. 678 * 679 * @param ctx the EVP_CIPHER_CTX to get the flags from 680 * 681 * @return the flags for an EVP_CIPHER_CTX. 682 * 683 * @ingroup hcrypto_evp 684 */ 685 686unsigned long 687EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx) 688{ 689 return ctx->cipher->flags; 690} 691 692/** 693 * Get the mode for an EVP_CIPHER_CTX context. 694 * 695 * @param ctx the EVP_CIPHER_CTX to get the mode from 696 * 697 * @return the mode for an EVP_CIPHER_CTX. 698 * 699 * @ingroup hcrypto_evp 700 */ 701 702int 703EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx) 704{ 705 return EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_MODE; 706} 707 708/** 709 * Get the app data for an EVP_CIPHER_CTX context. 710 * 711 * @param ctx the EVP_CIPHER_CTX to get the app data from 712 * 713 * @return the app data for an EVP_CIPHER_CTX. 714 * 715 * @ingroup hcrypto_evp 716 */ 717 718void * 719EVP_CIPHER_CTX_get_app_data(EVP_CIPHER_CTX *ctx) 720{ 721 return ctx->app_data; 722} 723 724/** 725 * Set the app data for an EVP_CIPHER_CTX context. 726 * 727 * @param ctx the EVP_CIPHER_CTX to set the app data for 728 * @param data the app data to set for an EVP_CIPHER_CTX. 729 * 730 * @ingroup hcrypto_evp 731 */ 732 733void 734EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data) 735{ 736 ctx->app_data = data; 737} 738 739/** 740 * Initiate the EVP_CIPHER_CTX context to encrypt or decrypt data. 741 * Clean up with EVP_CIPHER_CTX_cleanup(). 742 * 743 * @param ctx context to initiate 744 * @param c cipher to use. 745 * @param engine crypto engine to use, NULL to select default. 746 * @param key the crypto key to use, NULL will use the previous value. 747 * @param iv the IV to use, NULL will use the previous value. 748 * @param encp non zero will encrypt, -1 use the previous value. 749 * 750 * @return 1 on success. 751 * 752 * @ingroup hcrypto_evp 753 */ 754 755int 756EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *c, ENGINE *engine, 757 const void *key, const void *iv, int encp) 758{ 759 ctx->buf_len = 0; 760 761 if (encp == -1) 762 encp = ctx->encrypt; 763 else 764 ctx->encrypt = (encp ? 1 : 0); 765 766 if (c && (c != ctx->cipher)) { 767 EVP_CIPHER_CTX_cleanup(ctx); 768 ctx->cipher = c; 769 ctx->key_len = c->key_len; 770 771 ctx->cipher_data = malloc(c->ctx_size); 772 if (ctx->cipher_data == NULL && c->ctx_size != 0) 773 return 0; 774 775 /* assume block size is a multiple of 2 */ 776 ctx->block_mask = EVP_CIPHER_block_size(c) - 1; 777 778 } else if (ctx->cipher == NULL) { 779 /* reuse of cipher, but not any cipher ever set! */ 780 return 0; 781 } 782 783 switch (EVP_CIPHER_CTX_flags(ctx)) { 784 case EVP_CIPH_CBC_MODE: 785 786 assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof(ctx->iv)); 787 788 if (iv) 789 memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); 790 memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); 791 break; 792 default: 793 return 0; 794 } 795 796 if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) 797 ctx->cipher->init(ctx, key, iv, encp); 798 799 return 1; 800} 801 802/** 803 * Encipher/decipher partial data 804 * 805 * @param ctx the cipher context. 806 * @param out output data from the operation. 807 * @param outlen output length 808 * @param in input data to the operation. 809 * @param inlen length of data. 810 * 811 * The output buffer length should at least be EVP_CIPHER_block_size() 812 * byte longer then the input length. 813 * 814 * See @ref evp_cipher for an example how to use this function. 815 * 816 * @return 1 on success. 817 * 818 * @ingroup hcrypto_evp 819 */ 820 821int 822EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, void *out, int *outlen, 823 void *in, size_t inlen) 824{ 825 int ret, left, blocksize; 826 827 *outlen = 0; 828 829 /** 830 * If there in no spare bytes in the left from last Update and the 831 * input length is on the block boundery, the EVP_CipherUpdate() 832 * function can take a shortcut (and preformance gain) and 833 * directly encrypt the data, otherwise we hav to fix it up and 834 * store extra it the EVP_CIPHER_CTX. 835 */ 836 if (ctx->buf_len == 0 && (inlen & ctx->block_mask) == 0) { 837 ret = (*ctx->cipher->do_cipher)(ctx, out, in, inlen); 838 if (ret == 1) 839 *outlen = inlen; 840 else 841 *outlen = 0; 842 return ret; 843 } 844 845 846 blocksize = EVP_CIPHER_CTX_block_size(ctx); 847 left = blocksize - ctx->buf_len; 848 assert(left > 0); 849 850 if (ctx->buf_len) { 851 852 /* if total buffer is smaller then input, store locally */ 853 if (inlen < left) { 854 memcpy(ctx->buf + ctx->buf_len, in, inlen); 855 ctx->buf_len += inlen; 856 return 1; 857 } 858 859 /* fill in local buffer and encrypt */ 860 memcpy(ctx->buf + ctx->buf_len, in, left); 861 ret = (*ctx->cipher->do_cipher)(ctx, out, ctx->buf, blocksize); 862 memset(ctx->buf, 0, blocksize); 863 if (ret != 1) 864 return ret; 865 866 *outlen += blocksize; 867 inlen -= left; 868 in = ((unsigned char *)in) + left; 869 out = ((unsigned char *)out) + blocksize; 870 ctx->buf_len = 0; 871 } 872 873 if (inlen) { 874 ctx->buf_len = (inlen & ctx->block_mask); 875 inlen &= ~ctx->block_mask; 876 877 ret = (*ctx->cipher->do_cipher)(ctx, out, in, inlen); 878 if (ret != 1) 879 return ret; 880 881 *outlen += inlen; 882 883 in = ((unsigned char *)in) + inlen; 884 memcpy(ctx->buf, in, ctx->buf_len); 885 } 886 887 return 1; 888} 889 890/** 891 * Encipher/decipher final data 892 * 893 * @param ctx the cipher context. 894 * @param out output data from the operation. 895 * @param outlen output length 896 * 897 * The input length needs to be at least EVP_CIPHER_block_size() bytes 898 * long. 899 * 900 * See @ref evp_cipher for an example how to use this function. 901 * 902 * @return 1 on success. 903 * 904 * @ingroup hcrypto_evp 905 */ 906 907int 908EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, void *out, int *outlen) 909{ 910 *outlen = 0; 911 912 if (ctx->buf_len) { 913 int ret, left, blocksize; 914 915 blocksize = EVP_CIPHER_CTX_block_size(ctx); 916 917 left = blocksize - ctx->buf_len; 918 assert(left > 0); 919 920 /* zero fill local buffer */ 921 memset(ctx->buf + ctx->buf_len, 0, left); 922 ret = (*ctx->cipher->do_cipher)(ctx, out, ctx->buf, blocksize); 923 memset(ctx->buf, 0, blocksize); 924 if (ret != 1) 925 return ret; 926 927 *outlen += blocksize; 928 } 929 930 return 1; 931} 932 933/** 934 * Encipher/decipher data 935 * 936 * @param ctx the cipher context. 937 * @param out out data from the operation. 938 * @param in in data to the operation. 939 * @param size length of data. 940 * 941 * @return 1 on success. 942 */ 943 944int 945EVP_Cipher(EVP_CIPHER_CTX *ctx, void *out, const void *in,size_t size) 946{ 947 return ctx->cipher->do_cipher(ctx, out, in, size); 948} 949 950/* 951 * 952 */ 953 954static int 955enc_null_init(EVP_CIPHER_CTX *ctx, 956 const unsigned char * key, 957 const unsigned char * iv, 958 int encp) 959{ 960 return 1; 961} 962 963static int 964enc_null_do_cipher(EVP_CIPHER_CTX *ctx, 965 unsigned char *out, 966 const unsigned char *in, 967 unsigned int size) 968{ 969 memmove(out, in, size); 970 return 1; 971} 972 973static int 974enc_null_cleanup(EVP_CIPHER_CTX *ctx) 975{ 976 return 1; 977} 978 979/** 980 * The NULL cipher type, does no encryption/decryption. 981 * 982 * @return the null EVP_CIPHER pointer. 983 * 984 * @ingroup hcrypto_evp 985 */ 986 987const EVP_CIPHER * 988EVP_enc_null(void) 989{ 990 static const EVP_CIPHER enc_null = { 991 0, 992 0, 993 0, 994 0, 995 EVP_CIPH_CBC_MODE, 996 enc_null_init, 997 enc_null_do_cipher, 998 enc_null_cleanup, 999 0, 1000 NULL, 1001 NULL, 1002 NULL, 1003 NULL 1004 }; 1005 return &enc_null; 1006} 1007 1008/* 1009 * 1010 */ 1011 1012struct rc2_cbc { 1013 unsigned int maximum_effective_key; 1014 RC2_KEY key; 1015}; 1016 1017static int 1018rc2_init(EVP_CIPHER_CTX *ctx, 1019 const unsigned char * key, 1020 const unsigned char * iv, 1021 int encp) 1022{ 1023 struct rc2_cbc *k = ctx->cipher_data; 1024 k->maximum_effective_key = EVP_CIPHER_CTX_key_length(ctx) * 8; 1025 RC2_set_key(&k->key, 1026 EVP_CIPHER_CTX_key_length(ctx), 1027 key, 1028 k->maximum_effective_key); 1029 return 1; 1030} 1031 1032static int 1033rc2_do_cipher(EVP_CIPHER_CTX *ctx, 1034 unsigned char *out, 1035 const unsigned char *in, 1036 unsigned int size) 1037{ 1038 struct rc2_cbc *k = ctx->cipher_data; 1039 RC2_cbc_encrypt(in, out, size, &k->key, ctx->iv, ctx->encrypt); 1040 return 1; 1041} 1042 1043static int 1044rc2_cleanup(EVP_CIPHER_CTX *ctx) 1045{ 1046 memset(ctx->cipher_data, 0, sizeof(struct rc2_cbc)); 1047 return 1; 1048} 1049 1050/** 1051 * The RC2 cipher type 1052 * 1053 * @return the RC2 EVP_CIPHER pointer. 1054 * 1055 * @ingroup hcrypto_evp 1056 */ 1057 1058const EVP_CIPHER * 1059EVP_rc2_cbc(void) 1060{ 1061 static const EVP_CIPHER rc2_cbc = { 1062 0, 1063 RC2_BLOCK_SIZE, 1064 RC2_KEY_LENGTH, 1065 RC2_BLOCK_SIZE, 1066 EVP_CIPH_CBC_MODE, 1067 rc2_init, 1068 rc2_do_cipher, 1069 rc2_cleanup, 1070 sizeof(struct rc2_cbc), 1071 NULL, 1072 NULL, 1073 NULL, 1074 NULL 1075 }; 1076 return &rc2_cbc; 1077} 1078 1079/** 1080 * The RC2-40 cipher type 1081 * 1082 * @return the RC2-40 EVP_CIPHER pointer. 1083 * 1084 * @ingroup hcrypto_evp 1085 */ 1086 1087const EVP_CIPHER * 1088EVP_rc2_40_cbc(void) 1089{ 1090 static const EVP_CIPHER rc2_40_cbc = { 1091 0, 1092 RC2_BLOCK_SIZE, 1093 5, 1094 RC2_BLOCK_SIZE, 1095 EVP_CIPH_CBC_MODE, 1096 rc2_init, 1097 rc2_do_cipher, 1098 rc2_cleanup, 1099 sizeof(struct rc2_cbc), 1100 NULL, 1101 NULL, 1102 NULL, 1103 NULL 1104 }; 1105 return &rc2_40_cbc; 1106} 1107 1108/** 1109 * The RC2-64 cipher type 1110 * 1111 * @return the RC2-64 EVP_CIPHER pointer. 1112 * 1113 * @ingroup hcrypto_evp 1114 */ 1115 1116const EVP_CIPHER * 1117EVP_rc2_64_cbc(void) 1118{ 1119 static const EVP_CIPHER rc2_64_cbc = { 1120 0, 1121 RC2_BLOCK_SIZE, 1122 8, 1123 RC2_BLOCK_SIZE, 1124 EVP_CIPH_CBC_MODE, 1125 rc2_init, 1126 rc2_do_cipher, 1127 rc2_cleanup, 1128 sizeof(struct rc2_cbc), 1129 NULL, 1130 NULL, 1131 NULL, 1132 NULL 1133 }; 1134 return &rc2_64_cbc; 1135} 1136 1137/** 1138 * The RC4 cipher type 1139 * 1140 * @return the RC4 EVP_CIPHER pointer. 1141 * 1142 * @ingroup hcrypto_evp 1143 */ 1144 1145const EVP_CIPHER * 1146EVP_rc4(void) 1147{ 1148 printf("evp rc4\n"); 1149 abort(); 1150 return NULL; 1151} 1152 1153/** 1154 * The RC4-40 cipher type 1155 * 1156 * @return the RC4-40 EVP_CIPHER pointer. 1157 * 1158 * @ingroup hcrypto_evp 1159 */ 1160 1161const EVP_CIPHER * 1162EVP_rc4_40(void) 1163{ 1164 printf("evp rc4_40\n"); 1165 abort(); 1166 return NULL; 1167} 1168 1169/* 1170 * 1171 */ 1172 1173static int 1174des_cbc_init(EVP_CIPHER_CTX *ctx, 1175 const unsigned char * key, 1176 const unsigned char * iv, 1177 int encp) 1178{ 1179 DES_key_schedule *k = ctx->cipher_data; 1180 DES_cblock deskey; 1181 memcpy(&deskey, key, sizeof(deskey)); 1182 DES_set_key_unchecked(&deskey, k); 1183 return 1; 1184} 1185 1186static int 1187des_cbc_do_cipher(EVP_CIPHER_CTX *ctx, 1188 unsigned char *out, 1189 const unsigned char *in, 1190 unsigned int size) 1191{ 1192 DES_key_schedule *k = ctx->cipher_data; 1193 DES_cbc_encrypt(in, out, size, 1194 k, (DES_cblock *)ctx->iv, ctx->encrypt); 1195 return 1; 1196} 1197 1198static int 1199des_cbc_cleanup(EVP_CIPHER_CTX *ctx) 1200{ 1201 memset(ctx->cipher_data, 0, sizeof(struct DES_key_schedule)); 1202 return 1; 1203} 1204 1205/** 1206 * The DES cipher type 1207 * 1208 * @return the DES-CBC EVP_CIPHER pointer. 1209 * 1210 * @ingroup hcrypto_evp 1211 */ 1212 1213const EVP_CIPHER * 1214EVP_des_cbc(void) 1215{ 1216 static const EVP_CIPHER des_ede3_cbc = { 1217 0, 1218 8, 1219 8, 1220 8, 1221 EVP_CIPH_CBC_MODE, 1222 des_cbc_init, 1223 des_cbc_do_cipher, 1224 des_cbc_cleanup, 1225 sizeof(DES_key_schedule), 1226 NULL, 1227 NULL, 1228 NULL, 1229 NULL 1230 }; 1231 return &des_ede3_cbc; 1232} 1233 1234/* 1235 * 1236 */ 1237 1238struct des_ede3_cbc { 1239 DES_key_schedule ks[3]; 1240}; 1241 1242static int 1243des_ede3_cbc_init(EVP_CIPHER_CTX *ctx, 1244 const unsigned char * key, 1245 const unsigned char * iv, 1246 int encp) 1247{ 1248 struct des_ede3_cbc *k = ctx->cipher_data; 1249 DES_cblock deskey; 1250 1251 memcpy(&deskey, key, sizeof(deskey)); 1252 DES_set_odd_parity(&deskey); 1253 DES_set_key_unchecked(&deskey, &k->ks[0]); 1254 1255 memcpy(&deskey, key + 8, sizeof(deskey)); 1256 DES_set_odd_parity(&deskey); 1257 DES_set_key_unchecked(&deskey, &k->ks[1]); 1258 1259 memcpy(&deskey, key + 16, sizeof(deskey)); 1260 DES_set_odd_parity(&deskey); 1261 DES_set_key_unchecked(&deskey, &k->ks[2]); 1262 1263 return 1; 1264} 1265 1266static int 1267des_ede3_cbc_do_cipher(EVP_CIPHER_CTX *ctx, 1268 unsigned char *out, 1269 const unsigned char *in, 1270 unsigned int size) 1271{ 1272 struct des_ede3_cbc *k = ctx->cipher_data; 1273 DES_ede3_cbc_encrypt(in, out, size, 1274 &k->ks[0], &k->ks[1], &k->ks[2], 1275 (DES_cblock *)ctx->iv, ctx->encrypt); 1276 return 1; 1277} 1278 1279static int 1280des_ede3_cbc_cleanup(EVP_CIPHER_CTX *ctx) 1281{ 1282 memset(ctx->cipher_data, 0, sizeof(struct des_ede3_cbc)); 1283 return 1; 1284} 1285 1286/** 1287 * The tripple DES cipher type 1288 * 1289 * @return the DES-EDE3-CBC EVP_CIPHER pointer. 1290 * 1291 * @ingroup hcrypto_evp 1292 */ 1293 1294const EVP_CIPHER * 1295EVP_des_ede3_cbc(void) 1296{ 1297 static const EVP_CIPHER des_ede3_cbc = { 1298 0, 1299 8, 1300 24, 1301 8, 1302 EVP_CIPH_CBC_MODE, 1303 des_ede3_cbc_init, 1304 des_ede3_cbc_do_cipher, 1305 des_ede3_cbc_cleanup, 1306 sizeof(struct des_ede3_cbc), 1307 NULL, 1308 NULL, 1309 NULL, 1310 NULL 1311 }; 1312 return &des_ede3_cbc; 1313} 1314 1315/** 1316 * The AES-128 cipher type 1317 * 1318 * @return the AES-128 EVP_CIPHER pointer. 1319 * 1320 * @ingroup hcrypto_evp 1321 */ 1322 1323const EVP_CIPHER * 1324EVP_aes_128_cbc(void) 1325{ 1326 return EVP_hcrypto_aes_128_cbc(); 1327} 1328 1329/** 1330 * The AES-192 cipher type 1331 * 1332 * @return the AES-192 EVP_CIPHER pointer. 1333 * 1334 * @ingroup hcrypto_evp 1335 */ 1336 1337const EVP_CIPHER * 1338EVP_aes_192_cbc(void) 1339{ 1340 return EVP_hcrypto_aes_192_cbc(); 1341} 1342 1343/** 1344 * The AES-256 cipher type 1345 * 1346 * @return the AES-256 EVP_CIPHER pointer. 1347 * 1348 * @ingroup hcrypto_evp 1349 */ 1350 1351const EVP_CIPHER * 1352EVP_aes_256_cbc(void) 1353{ 1354 return EVP_hcrypto_aes_256_cbc(); 1355} 1356 1357static int 1358camellia_init(EVP_CIPHER_CTX *ctx, 1359 const unsigned char * key, 1360 const unsigned char * iv, 1361 int encp) 1362{ 1363 CAMELLIA_KEY *k = ctx->cipher_data; 1364 k->bits = ctx->cipher->key_len * 8; 1365 CAMELLIA_set_key(key, ctx->cipher->key_len * 8, k); 1366 return 1; 1367} 1368 1369static int 1370camellia_do_cipher(EVP_CIPHER_CTX *ctx, 1371 unsigned char *out, 1372 const unsigned char *in, 1373 unsigned int size) 1374{ 1375 CAMELLIA_KEY *k = ctx->cipher_data; 1376 CAMELLIA_cbc_encrypt(in, out, size, k, ctx->iv, ctx->encrypt); 1377 return 1; 1378} 1379 1380static int 1381camellia_cleanup(EVP_CIPHER_CTX *ctx) 1382{ 1383 memset(ctx->cipher_data, 0, sizeof(CAMELLIA_KEY)); 1384 return 1; 1385} 1386 1387/** 1388 * The Camellia-128 cipher type 1389 * 1390 * @return the Camellia-128 EVP_CIPHER pointer. 1391 * 1392 * @ingroup hcrypto_evp 1393 */ 1394 1395const EVP_CIPHER * 1396EVP_camellia_128_cbc(void) 1397{ 1398 static const EVP_CIPHER cipher = { 1399 0, 1400 16, 1401 16, 1402 16, 1403 EVP_CIPH_CBC_MODE, 1404 camellia_init, 1405 camellia_do_cipher, 1406 camellia_cleanup, 1407 sizeof(CAMELLIA_KEY), 1408 NULL, 1409 NULL, 1410 NULL, 1411 NULL 1412 }; 1413 return &cipher; 1414} 1415 1416/** 1417 * The Camellia-198 cipher type 1418 * 1419 * @return the Camellia-198 EVP_CIPHER pointer. 1420 * 1421 * @ingroup hcrypto_evp 1422 */ 1423 1424const EVP_CIPHER * 1425EVP_camellia_192_cbc(void) 1426{ 1427 static const EVP_CIPHER cipher = { 1428 0, 1429 16, 1430 24, 1431 16, 1432 EVP_CIPH_CBC_MODE, 1433 camellia_init, 1434 camellia_do_cipher, 1435 camellia_cleanup, 1436 sizeof(CAMELLIA_KEY), 1437 NULL, 1438 NULL, 1439 NULL, 1440 NULL 1441 }; 1442 return &cipher; 1443} 1444 1445/** 1446 * The Camellia-256 cipher type 1447 * 1448 * @return the Camellia-256 EVP_CIPHER pointer. 1449 * 1450 * @ingroup hcrypto_evp 1451 */ 1452 1453const EVP_CIPHER * 1454EVP_camellia_256_cbc(void) 1455{ 1456 static const EVP_CIPHER cipher = { 1457 0, 1458 16, 1459 32, 1460 16, 1461 EVP_CIPH_CBC_MODE, 1462 camellia_init, 1463 camellia_do_cipher, 1464 camellia_cleanup, 1465 sizeof(CAMELLIA_KEY), 1466 NULL, 1467 NULL, 1468 NULL, 1469 NULL 1470 }; 1471 return &cipher; 1472} 1473 1474/* 1475 * 1476 */ 1477 1478static const struct cipher_name { 1479 const char *name; 1480 const EVP_CIPHER *(*func)(void); 1481} cipher_name[] = { 1482 { "des-ede3-cbc", EVP_des_ede3_cbc }, 1483 { "aes-128-cbc", EVP_aes_128_cbc }, 1484 { "aes-192-cbc", EVP_aes_192_cbc }, 1485 { "aes-256-cbc", EVP_aes_256_cbc }, 1486 { "camellia-128-cbc", EVP_camellia_128_cbc }, 1487 { "camellia-192-cbc", EVP_camellia_192_cbc }, 1488 { "camellia-256-cbc", EVP_camellia_256_cbc } 1489}; 1490 1491/** 1492 * Get the cipher type using their name. 1493 * 1494 * @param name the name of the cipher. 1495 * 1496 * @return the selected EVP_CIPHER pointer or NULL if not found. 1497 * 1498 * @ingroup hcrypto_evp 1499 */ 1500 1501const EVP_CIPHER * 1502EVP_get_cipherbyname(const char *name) 1503{ 1504 int i; 1505 for (i = 0; i < sizeof(cipher_name)/sizeof(cipher_name[0]); i++) { 1506 if (strcasecmp(cipher_name[i].name, name) == 0) 1507 return (*cipher_name[i].func)(); 1508 } 1509 return NULL; 1510} 1511 1512 1513/* 1514 * 1515 */ 1516 1517#ifndef min 1518#define min(a,b) (((a)>(b))?(b):(a)) 1519#endif 1520 1521/** 1522 * Provides a legancy string to key function, used in PEM files. 1523 * 1524 * New protocols should use new string to key functions like NIST 1525 * SP56-800A or PKCS#5 v2.0 (see PKCS5_PBKDF2_HMAC_SHA1()). 1526 * 1527 * @param type type of cipher to use 1528 * @param md message digest to use 1529 * @param salt salt salt string, should be an binary 8 byte buffer. 1530 * @param data the password/input key string. 1531 * @param datalen length of data parameter. 1532 * @param count iteration counter. 1533 * @param keydata output keydata, needs to of the size EVP_CIPHER_key_length(). 1534 * @param ivdata output ivdata, needs to of the size EVP_CIPHER_block_size(). 1535 * 1536 * @return the size of derived key. 1537 * 1538 * @ingroup hcrypto_evp 1539 */ 1540 1541int 1542EVP_BytesToKey(const EVP_CIPHER *type, 1543 const EVP_MD *md, 1544 const void *salt, 1545 const void *data, size_t datalen, 1546 unsigned int count, 1547 void *keydata, 1548 void *ivdata) 1549{ 1550 int ivlen, keylen, first = 0; 1551 unsigned int mds = 0, i; 1552 unsigned char *key = keydata; 1553 unsigned char *iv = ivdata; 1554 unsigned char *buf; 1555 EVP_MD_CTX c; 1556 1557 keylen = EVP_CIPHER_key_length(type); 1558 ivlen = EVP_CIPHER_iv_length(type); 1559 1560 if (data == NULL) 1561 return keylen; 1562 1563 buf = malloc(EVP_MD_size(md)); 1564 if (buf == NULL) 1565 return -1; 1566 1567 EVP_MD_CTX_init(&c); 1568 1569 first = 1; 1570 while (1) { 1571 EVP_DigestInit_ex(&c, md, NULL); 1572 if (!first) 1573 EVP_DigestUpdate(&c, buf, mds); 1574 first = 0; 1575 EVP_DigestUpdate(&c,data,datalen); 1576 1577#define PKCS5_SALT_LEN 8 1578 1579 if (salt) 1580 EVP_DigestUpdate(&c, salt, PKCS5_SALT_LEN); 1581 1582 EVP_DigestFinal_ex(&c, buf, &mds); 1583 assert(mds == EVP_MD_size(md)); 1584 1585 for (i = 1; i < count; i++) { 1586 EVP_DigestInit_ex(&c, md, NULL); 1587 EVP_DigestUpdate(&c, buf, mds); 1588 EVP_DigestFinal_ex(&c, buf, &mds); 1589 assert(mds == EVP_MD_size(md)); 1590 } 1591 1592 i = 0; 1593 if (keylen) { 1594 size_t sz = min(keylen, mds); 1595 if (key) { 1596 memcpy(key, buf, sz); 1597 key += sz; 1598 } 1599 keylen -= sz; 1600 i += sz; 1601 } 1602 if (ivlen && mds > i) { 1603 size_t sz = min(ivlen, (mds - i)); 1604 if (iv) { 1605 memcpy(iv, &buf[i], sz); 1606 iv += sz; 1607 } 1608 ivlen -= sz; 1609 } 1610 if (keylen == 0 && ivlen == 0) 1611 break; 1612 } 1613 1614 EVP_MD_CTX_cleanup(&c); 1615 free(buf); 1616 1617 return EVP_CIPHER_key_length(type); 1618} 1619 1620/** 1621 * Generate a random key for the specificed EVP_CIPHER. 1622 * 1623 * @param ctx EVP_CIPHER_CTX type to build the key for. 1624 * @param key return key, must be at least EVP_CIPHER_key_length() byte long. 1625 * 1626 * @return 1 for success, 0 for failure. 1627 * 1628 * @ingroup hcrypto_core 1629 */ 1630 1631int 1632EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, void *key) 1633{ 1634 if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) 1635 return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key); 1636 if (RAND_bytes(key, ctx->key_len) != 1) 1637 return 0; 1638 return 1; 1639} 1640 1641/** 1642 * Perform a operation on a ctx 1643 * 1644 * @param ctx context to perform operation on. 1645 * @param type type of operation. 1646 * @param arg argument to operation. 1647 * @param data addition data to operation. 1648 1649 * @return 1 for success, 0 for failure. 1650 * 1651 * @ingroup hcrypto_core 1652 */ 1653 1654int 1655EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *data) 1656{ 1657 if (ctx->cipher == NULL || ctx->cipher->ctrl == NULL) 1658 return 0; 1659 return (*ctx->cipher->ctrl)(ctx, type, arg, data); 1660} 1661 1662/** 1663 * Add all algorithms to the crypto core. 1664 * 1665 * @ingroup hcrypto_core 1666 */ 1667 1668void 1669OpenSSL_add_all_algorithms(void) 1670{ 1671 return; 1672} 1673 1674/** 1675 * Add all algorithms to the crypto core using configuration file. 1676 * 1677 * @ingroup hcrypto_core 1678 */ 1679 1680void 1681OpenSSL_add_all_algorithms_conf(void) 1682{ 1683 return; 1684} 1685 1686/** 1687 * Add all algorithms to the crypto core, but don't use the 1688 * configuration file. 1689 * 1690 * @ingroup hcrypto_core 1691 */ 1692 1693void 1694OpenSSL_add_all_algorithms_noconf(void) 1695{ 1696 return; 1697} 1698