1/* 2 * Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan 3 * (Royal Institute of Technology, Stockholm, Sweden). 4 * All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * 3. Neither the name of the Institute nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 */ 33 34#include <config.h> 35 36#define HC_DEPRECATED 37#define HC_DEPRECATED_CRYPTO 38 39#include <sys/types.h> 40#include <stdio.h> 41#include <stdlib.h> 42#include <string.h> 43#include <assert.h> 44 45#include <evp.h> 46#include <evp-hcrypto.h> 47#include <evp-cc.h> 48 49#include <CommonCrypto/CommonRandomSPI.h> 50 51#include <krb5-types.h> 52#include <roken.h> 53 54#ifndef HCRYPTO_DEF_PROVIDER 55#define HCRYPTO_DEF_PROVIDER cc 56#endif 57 58#define HC_CONCAT4(x,y,z,aa) x ## y ## z ## aa 59 60 61#define EVP_DEF_OP(_prov,_op) HC_CONCAT4(EVP_,_prov,_,_op)() 62 63/** 64 * @page page_evp EVP - generic crypto interface 65 * 66 * See the library functions here: @ref hcrypto_evp 67 * 68 * @section evp_cipher EVP Cipher 69 * 70 * The use of EVP_CipherInit_ex() and EVP_Cipher() is pretty easy to 71 * understand forward, then EVP_CipherUpdate() and 72 * EVP_CipherFinal_ex() really needs an example to explain @ref 73 * example_evp_cipher.c . 74 * 75 * @example example_evp_cipher.c 76 * 77 * This is an example how to use EVP_CipherInit_ex(), 78 * EVP_CipherUpdate() and EVP_CipherFinal_ex(). 79 */ 80 81struct hc_EVP_MD_CTX { 82 const EVP_MD *md; 83 ENGINE *engine; 84 void *ptr; 85}; 86 87 88/** 89 * Return the output size of the message digest function. 90 * 91 * @param md the evp message 92 * 93 * @return size output size of the message digest function. 94 * 95 * @ingroup hcrypto_evp 96 */ 97 98size_t 99EVP_MD_size(const EVP_MD *md) 100{ 101 return md->hash_size; 102} 103 104/** 105 * Return the blocksize of the message digest function. 106 * 107 * @param md the evp message 108 * 109 * @return size size of the message digest block size 110 * 111 * @ingroup hcrypto_evp 112 */ 113 114size_t 115EVP_MD_block_size(const EVP_MD *md) 116{ 117 return md->block_size; 118} 119 120/** 121 * Allocate a messsage digest context object. Free with 122 * EVP_MD_CTX_destroy(). 123 * 124 * @return a newly allocated message digest context object. 125 * 126 * @ingroup hcrypto_evp 127 */ 128 129EVP_MD_CTX * 130EVP_MD_CTX_create(void) 131{ 132 return calloc(1, sizeof(EVP_MD_CTX)); 133} 134 135/** 136 * Initiate a messsage digest context object. Deallocate with 137 * EVP_MD_CTX_cleanup(). Please use EVP_MD_CTX_create() instead. 138 * 139 * @param ctx variable to initiate. 140 * 141 * @ingroup hcrypto_evp 142 */ 143 144void 145EVP_MD_CTX_init(EVP_MD_CTX *ctx) HC_DEPRECATED 146{ 147 memset(ctx, 0, sizeof(*ctx)); 148} 149 150/** 151 * Free a messsage digest context object. 152 * 153 * @param ctx context to free. 154 * 155 * @ingroup hcrypto_evp 156 */ 157 158void 159EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) 160{ 161 EVP_MD_CTX_cleanup(ctx); 162 free(ctx); 163} 164 165/** 166 * Free the resources used by the EVP_MD context. 167 * 168 * @param ctx the context to free the resources from. 169 * 170 * @return 1 on success. 171 * 172 * @ingroup hcrypto_evp 173 */ 174 175int 176EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) HC_DEPRECATED 177{ 178 if (ctx->md && ctx->md->cleanup) 179 (ctx->md->cleanup)(ctx); 180 else if (ctx->md) 181 memset(ctx->ptr, 0, ctx->md->ctx_size); 182 ctx->md = NULL; 183 ctx->engine = NULL; 184 free(ctx->ptr); 185 memset(ctx, 0, sizeof(*ctx)); 186 return 1; 187} 188 189/** 190 * Get the EVP_MD use for a specified context. 191 * 192 * @param ctx the EVP_MD context to get the EVP_MD for. 193 * 194 * @return the EVP_MD used for the context. 195 * 196 * @ingroup hcrypto_evp 197 */ 198 199const EVP_MD * 200EVP_MD_CTX_md(EVP_MD_CTX *ctx) 201{ 202 return ctx->md; 203} 204 205/** 206 * Return the output size of the message digest function. 207 * 208 * @param ctx the evp message digest context 209 * 210 * @return size output size of the message digest function. 211 * 212 * @ingroup hcrypto_evp 213 */ 214 215size_t 216EVP_MD_CTX_size(EVP_MD_CTX *ctx) 217{ 218 return EVP_MD_size(ctx->md); 219} 220 221/** 222 * Return the blocksize of the message digest function. 223 * 224 * @param ctx the evp message digest context 225 * 226 * @return size size of the message digest block size 227 * 228 * @ingroup hcrypto_evp 229 */ 230 231size_t 232EVP_MD_CTX_block_size(EVP_MD_CTX *ctx) 233{ 234 return EVP_MD_block_size(ctx->md); 235} 236 237/** 238 * Init a EVP_MD_CTX for use a specific message digest and engine. 239 * 240 * @param ctx the message digest context to init. 241 * @param md the message digest to use. 242 * @param engine the engine to use, NULL to use the default engine. 243 * 244 * @return 1 on success. 245 * 246 * @ingroup hcrypto_evp 247 */ 248 249int 250EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *md, ENGINE *engine) 251{ 252 assert(md != NULL); 253 if (ctx->md != md || ctx->engine != engine) { 254 EVP_MD_CTX_cleanup(ctx); 255 ctx->md = md; 256 ctx->engine = engine; 257 258 ctx->ptr = calloc(1, md->ctx_size); 259 if (ctx->ptr == NULL) 260 return 0; 261 } 262 (ctx->md->init)(ctx->ptr); 263 return 1; 264} 265 266/** 267 * Update the digest with some data. 268 * 269 * @param ctx the context to update 270 * @param data the data to update the context with 271 * @param size length of data 272 * 273 * @return 1 on success. 274 * 275 * @ingroup hcrypto_evp 276 */ 277 278int 279EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t size) 280{ 281 (ctx->md->update)(ctx->ptr, data, size); 282 return 1; 283} 284 285/** 286 * Complete the message digest. 287 * 288 * @param ctx the context to complete. 289 * @param hash the output of the message digest function. At least 290 * EVP_MD_size(). 291 * @param size the output size of hash. 292 * 293 * @return 1 on success. 294 * 295 * @ingroup hcrypto_evp 296 */ 297 298int 299EVP_DigestFinal_ex(EVP_MD_CTX *ctx, void *hash, unsigned int *size) 300{ 301 (ctx->md->final)(hash, ctx->ptr); 302 if (size) 303 *size = ctx->md->hash_size; 304 return 1; 305} 306 307/** 308 * Do the whole EVP_MD_CTX_create(), EVP_DigestInit_ex(), 309 * EVP_DigestUpdate(), EVP_DigestFinal_ex(), EVP_MD_CTX_destroy() 310 * dance in one call. 311 * 312 * @param data the data to update the context with 313 * @param dsize length of data 314 * @param hash output data of at least EVP_MD_size() length. 315 * @param hsize output length of hash. 316 * @param md message digest to use 317 * @param engine engine to use, NULL for default engine. 318 * 319 * @return 1 on success. 320 * 321 * @ingroup hcrypto_evp 322 */ 323 324int 325EVP_Digest(const void *data, size_t dsize, void *hash, unsigned int *hsize, 326 const EVP_MD *md, ENGINE *engine) 327{ 328 EVP_MD_CTX *ctx; 329 int ret; 330 331 ctx = EVP_MD_CTX_create(); 332 if (ctx == NULL) 333 return 0; 334 ret = EVP_DigestInit_ex(ctx, md, engine); 335 if (ret != 1) { 336 EVP_MD_CTX_destroy(ctx); 337 return ret; 338 } 339 ret = EVP_DigestUpdate(ctx, data, dsize); 340 if (ret != 1) { 341 EVP_MD_CTX_destroy(ctx); 342 return ret; 343 } 344 ret = EVP_DigestFinal_ex(ctx, hash, hsize); 345 EVP_MD_CTX_destroy(ctx); 346 return ret; 347} 348 349/** 350 * The message digest SHA256 351 * 352 * @return the message digest type. 353 * 354 * @ingroup hcrypto_evp 355 */ 356 357const EVP_MD * 358EVP_sha256(void) 359{ 360 hcrypto_validate(); 361 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, sha256); 362} 363 364/** 365 * The message digest SHA384 366 * 367 * @return the message digest type. 368 * 369 * @ingroup hcrypto_evp 370 */ 371 372const EVP_MD * 373EVP_sha384(void) 374{ 375 hcrypto_validate(); 376 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, sha384); 377} 378 379/** 380 * The message digest SHA512 381 * 382 * @return the message digest type. 383 * 384 * @ingroup hcrypto_evp 385 */ 386 387const EVP_MD * 388EVP_sha512(void) 389{ 390 hcrypto_validate(); 391 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, sha512); 392} 393 394/** 395 * The message digest SHA1 396 * 397 * @return the message digest type. 398 * 399 * @ingroup hcrypto_evp 400 */ 401 402const EVP_MD * 403EVP_sha1(void) 404{ 405 hcrypto_validate(); 406 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, sha1); 407} 408 409/** 410 * The message digest SHA1 411 * 412 * @return the message digest type. 413 * 414 * @ingroup hcrypto_evp 415 */ 416 417const EVP_MD * 418EVP_sha(void) HC_DEPRECATED 419 420{ 421 hcrypto_validate(); 422 return EVP_sha1(); 423} 424 425/** 426 * The message digest MD5 427 * 428 * @return the message digest type. 429 * 430 * @ingroup hcrypto_evp 431 */ 432 433const EVP_MD * 434EVP_md5(void) HC_DEPRECATED_CRYPTO 435{ 436 hcrypto_validate(); 437 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, md5); 438} 439 440/** 441 * The message digest MD4 442 * 443 * @return the message digest type. 444 * 445 * @ingroup hcrypto_evp 446 */ 447 448const EVP_MD * 449EVP_md4(void) HC_DEPRECATED_CRYPTO 450{ 451 hcrypto_validate(); 452 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, md4); 453} 454 455/** 456 * The message digest MD2 457 * 458 * @return the message digest type. 459 * 460 * @ingroup hcrypto_evp 461 */ 462 463const EVP_MD * 464EVP_md2(void) HC_DEPRECATED_CRYPTO 465{ 466 hcrypto_validate(); 467 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, md2); 468} 469 470/* 471 * 472 */ 473 474static void 475null_Init (void *m) 476{ 477} 478static void 479null_Update (void *m, const void * data, size_t size) 480{ 481} 482static void 483null_Final(void *res, void *m) 484{ 485} 486 487/** 488 * The null message digest 489 * 490 * @return the message digest type. 491 * 492 * @ingroup hcrypto_evp 493 */ 494 495const EVP_MD * 496EVP_md_null(void) 497{ 498 static const struct hc_evp_md null = { 499 0, 500 0, 501 0, 502 (hc_evp_md_init)null_Init, 503 (hc_evp_md_update)null_Update, 504 (hc_evp_md_final)null_Final, 505 NULL 506 }; 507 return &null; 508} 509 510/** 511 * Return the block size of the cipher. 512 * 513 * @param c cipher to get the block size from. 514 * 515 * @return the block size of the cipher. 516 * 517 * @ingroup hcrypto_evp 518 */ 519 520size_t 521EVP_CIPHER_block_size(const EVP_CIPHER *c) 522{ 523 return c->block_size; 524} 525 526/** 527 * Return the key size of the cipher. 528 * 529 * @param c cipher to get the key size from. 530 * 531 * @return the key size of the cipher. 532 * 533 * @ingroup hcrypto_evp 534 */ 535 536size_t 537EVP_CIPHER_key_length(const EVP_CIPHER *c) 538{ 539 return c->key_len; 540} 541 542/** 543 * Return the IV size of the cipher. 544 * 545 * @param c cipher to get the IV size from. 546 * 547 * @return the IV size of the cipher. 548 * 549 * @ingroup hcrypto_evp 550 */ 551 552size_t 553EVP_CIPHER_iv_length(const EVP_CIPHER *c) 554{ 555 return c->iv_len; 556} 557 558/** 559 * Initiate a EVP_CIPHER_CTX context. Clean up with 560 * EVP_CIPHER_CTX_cleanup(). 561 * 562 * @param c the cipher initiate. 563 * 564 * @ingroup hcrypto_evp 565 */ 566 567void 568EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *c) 569{ 570 memset(c, 0, sizeof(*c)); 571} 572 573/** 574 * Clean up the EVP_CIPHER_CTX context. 575 * 576 * @param c the cipher to clean up. 577 * 578 * @return 1 on success. 579 * 580 * @ingroup hcrypto_evp 581 */ 582 583int 584EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) 585{ 586 if (c->cipher) { 587 size_t size = c->cipher->ctx_size; 588 void *cipher_data = c->cipher_data; 589 590 if (c->cipher->cleanup) 591 c->cipher->cleanup(c); 592 593 if (cipher_data) { 594 memset(cipher_data, 0, size); 595 free(cipher_data); 596 c->cipher_data = NULL; 597 } 598 EVP_CIPHER_CTX_init(c); 599 } 600 return 1; 601} 602 603/** 604 * If the cipher type supports it, change the key length 605 * 606 * @param c the cipher context to change the key length for 607 * @param length new key length 608 * 609 * @return 1 on success. 610 * 611 * @ingroup hcrypto_evp 612 */ 613 614int 615EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int length) 616{ 617 if ((c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH) && length > 0) { 618 c->key_len = length; 619 return 1; 620 } 621 return 0; 622} 623 624#if 0 625int 626EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad) 627{ 628 return 0; 629} 630#endif 631 632/** 633 * Return the EVP_CIPHER for a EVP_CIPHER_CTX context. 634 * 635 * @param ctx the context to get the cipher type from. 636 * 637 * @return the EVP_CIPHER pointer. 638 * 639 * @ingroup hcrypto_evp 640 */ 641 642const EVP_CIPHER * 643EVP_CIPHER_CTX_cipher(EVP_CIPHER_CTX *ctx) 644{ 645 return ctx->cipher; 646} 647 648/** 649 * Return the block size of the cipher context. 650 * 651 * @param ctx cipher context to get the block size from. 652 * 653 * @return the block size of the cipher context. 654 * 655 * @ingroup hcrypto_evp 656 */ 657 658size_t 659EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) 660{ 661 return EVP_CIPHER_block_size(ctx->cipher); 662} 663 664/** 665 * Return the key size of the cipher context. 666 * 667 * @param ctx cipher context to get the key size from. 668 * 669 * @return the key size of the cipher context. 670 * 671 * @ingroup hcrypto_evp 672 */ 673 674size_t 675EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) 676{ 677 return EVP_CIPHER_key_length(ctx->cipher); 678} 679 680/** 681 * Return the IV size of the cipher context. 682 * 683 * @param ctx cipher context to get the IV size from. 684 * 685 * @return the IV size of the cipher context. 686 * 687 * @ingroup hcrypto_evp 688 */ 689 690size_t 691EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) 692{ 693 return EVP_CIPHER_iv_length(ctx->cipher); 694} 695 696/** 697 * Get the flags for an EVP_CIPHER_CTX context. 698 * 699 * @param ctx the EVP_CIPHER_CTX to get the flags from 700 * 701 * @return the flags for an EVP_CIPHER_CTX. 702 * 703 * @ingroup hcrypto_evp 704 */ 705 706unsigned long 707EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx) 708{ 709 return ctx->cipher->flags; 710} 711 712/** 713 * Get the mode for an EVP_CIPHER_CTX context. 714 * 715 * @param ctx the EVP_CIPHER_CTX to get the mode from 716 * 717 * @return the mode for an EVP_CIPHER_CTX. 718 * 719 * @ingroup hcrypto_evp 720 */ 721 722int 723EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx) 724{ 725 return EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_MODE; 726} 727 728/** 729 * Get the app data for an EVP_CIPHER_CTX context. 730 * 731 * @param ctx the EVP_CIPHER_CTX to get the app data from 732 * 733 * @return the app data for an EVP_CIPHER_CTX. 734 * 735 * @ingroup hcrypto_evp 736 */ 737 738void * 739EVP_CIPHER_CTX_get_app_data(EVP_CIPHER_CTX *ctx) 740{ 741 return ctx->app_data; 742} 743 744/** 745 * Set the app data for an EVP_CIPHER_CTX context. 746 * 747 * @param ctx the EVP_CIPHER_CTX to set the app data for 748 * @param data the app data to set for an EVP_CIPHER_CTX. 749 * 750 * @ingroup hcrypto_evp 751 */ 752 753void 754EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data) 755{ 756 ctx->app_data = data; 757} 758 759/** 760 * Initiate the EVP_CIPHER_CTX context to encrypt or decrypt data. 761 * Clean up with EVP_CIPHER_CTX_cleanup(). 762 * 763 * @param ctx context to initiate 764 * @param c cipher to use. 765 * @param engine crypto engine to use, NULL to select default. 766 * @param key the crypto key to use, NULL will use the previous value. 767 * @param iv the IV to use, NULL will use the previous value. 768 * @param encp non zero will encrypt, -1 use the previous value. 769 * 770 * @return 1 on success. 771 * 772 * @ingroup hcrypto_evp 773 */ 774 775int 776EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *c, ENGINE *engine, 777 const void *key, const void *iv, int encp) 778{ 779 ctx->buf_len = 0; 780 781 if (encp == -1) 782 encp = ctx->encrypt; 783 else 784 ctx->encrypt = (encp ? 1 : 0); 785 786 if (c && (c != ctx->cipher)) { 787 EVP_CIPHER_CTX_cleanup(ctx); 788 ctx->cipher = c; 789 ctx->key_len = c->key_len; 790 791 ctx->cipher_data = calloc(1, c->ctx_size); 792 if (ctx->cipher_data == NULL && c->ctx_size != 0) 793 return 0; 794 795 /* assume block size is a multiple of 2 */ 796 ctx->block_mask = EVP_CIPHER_block_size(c) - 1; 797 798 } else if (ctx->cipher == NULL) { 799 /* reuse of cipher, but not any cipher ever set! */ 800 return 0; 801 } 802 803 switch (EVP_CIPHER_CTX_mode(ctx)) { 804 case EVP_CIPH_CBC_MODE: 805 806 assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof(ctx->iv)); 807 808 if (iv) 809 memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); 810 memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); 811 break; 812 813 case EVP_CIPH_STREAM_CIPHER: 814 case EVP_CIPH_CFB8_MODE: 815 if (iv) 816 memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx)); 817 break; 818 819 default: 820 return 0; 821 } 822 823 if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) 824 ctx->cipher->init(ctx, key, iv, encp); 825 826 return 1; 827} 828 829/** 830 * Encipher/decipher partial data 831 * 832 * @param ctx the cipher context. 833 * @param out output data from the operation. 834 * @param outlen output length 835 * @param in input data to the operation. 836 * @param inlen length of data. 837 * 838 * The output buffer length should at least be EVP_CIPHER_block_size() 839 * byte longer then the input length. 840 * 841 * See @ref evp_cipher for an example how to use this function. 842 * 843 * @return 1 on success. 844 * 845 * @ingroup hcrypto_evp 846 */ 847 848int 849EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, void *out, int *outlen, 850 void *in, size_t inlen) 851{ 852 size_t ret, left, blocksize; 853 854 *outlen = 0; 855 856 /** 857 * If there in no spare bytes in the left from last Update and the 858 * input length is on the block boundery, the EVP_CipherUpdate() 859 * function can take a shortcut (and preformance gain) and 860 * directly encrypt the data, otherwise we hav to fix it up and 861 * store extra it the EVP_CIPHER_CTX. 862 */ 863 if (ctx->buf_len == 0 && (inlen & ctx->block_mask) == 0) { 864 ret = (*ctx->cipher->do_cipher)(ctx, out, in, inlen); 865 if (ret == 1) 866 *outlen = inlen; 867 else 868 *outlen = 0; 869 return ret; 870 } 871 872 873 blocksize = EVP_CIPHER_CTX_block_size(ctx); 874 left = blocksize - ctx->buf_len; 875 assert(left > 0); 876 877 if (ctx->buf_len) { 878 879 /* if total buffer is smaller then input, store locally */ 880 if (inlen < left) { 881 memcpy(ctx->buf + ctx->buf_len, in, inlen); 882 ctx->buf_len += inlen; 883 return 1; 884 } 885 886 /* fill in local buffer and encrypt */ 887 memcpy(ctx->buf + ctx->buf_len, in, left); 888 ret = (*ctx->cipher->do_cipher)(ctx, out, ctx->buf, blocksize); 889 memset(ctx->buf, 0, blocksize); 890 if (ret != 1) 891 return ret; 892 893 *outlen += blocksize; 894 inlen -= left; 895 in = ((unsigned char *)in) + left; 896 out = ((unsigned char *)out) + blocksize; 897 ctx->buf_len = 0; 898 } 899 900 if (inlen) { 901 ctx->buf_len = (inlen & ctx->block_mask); 902 inlen &= ~ctx->block_mask; 903 904 ret = (*ctx->cipher->do_cipher)(ctx, out, in, inlen); 905 if (ret != 1) 906 return ret; 907 908 *outlen += inlen; 909 910 in = ((unsigned char *)in) + inlen; 911 memcpy(ctx->buf, in, ctx->buf_len); 912 } 913 914 return 1; 915} 916 917/** 918 * Encipher/decipher final data 919 * 920 * @param ctx the cipher context. 921 * @param out output data from the operation. 922 * @param outlen output length 923 * 924 * The input length needs to be at least EVP_CIPHER_block_size() bytes 925 * long. 926 * 927 * See @ref evp_cipher for an example how to use this function. 928 * 929 * @return 1 on success. 930 * 931 * @ingroup hcrypto_evp 932 */ 933 934int 935EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, void *out, int *outlen) 936{ 937 *outlen = 0; 938 939 if (ctx->buf_len) { 940 int ret, left, blocksize; 941 942 blocksize = EVP_CIPHER_CTX_block_size(ctx); 943 944 left = blocksize - ctx->buf_len; 945 assert(left > 0); 946 947 /* zero fill local buffer */ 948 memset(ctx->buf + ctx->buf_len, 0, left); 949 ret = (*ctx->cipher->do_cipher)(ctx, out, ctx->buf, blocksize); 950 memset(ctx->buf, 0, blocksize); 951 if (ret != 1) 952 return ret; 953 954 *outlen += blocksize; 955 } 956 957 return 1; 958} 959 960/** 961 * Encipher/decipher data 962 * 963 * @param ctx the cipher context. 964 * @param out out data from the operation. 965 * @param in in data to the operation. 966 * @param size length of data. 967 * 968 * @return 1 on success. 969 */ 970 971int 972EVP_Cipher(EVP_CIPHER_CTX *ctx, void *out, const void *in,size_t size) 973{ 974 return ctx->cipher->do_cipher(ctx, out, in, size); 975} 976 977/* 978 * 979 */ 980 981static int 982enc_null_init(EVP_CIPHER_CTX *ctx, 983 const unsigned char * key, 984 const unsigned char * iv, 985 int encp) 986{ 987 return 1; 988} 989 990static int 991enc_null_do_cipher(EVP_CIPHER_CTX *ctx, 992 unsigned char *out, 993 const unsigned char *in, 994 unsigned int size) 995{ 996 memmove(out, in, size); 997 return 1; 998} 999 1000static int 1001enc_null_cleanup(EVP_CIPHER_CTX *ctx) 1002{ 1003 return 1; 1004} 1005 1006/** 1007 * The NULL cipher type, does no encryption/decryption. 1008 * 1009 * @return the null EVP_CIPHER pointer. 1010 * 1011 * @ingroup hcrypto_evp 1012 */ 1013 1014const EVP_CIPHER * 1015EVP_enc_null(void) 1016{ 1017 static const EVP_CIPHER enc_null = { 1018 0, 1019 0, 1020 0, 1021 0, 1022 EVP_CIPH_CBC_MODE, 1023 enc_null_init, 1024 enc_null_do_cipher, 1025 enc_null_cleanup, 1026 0, 1027 NULL, 1028 NULL, 1029 NULL, 1030 NULL 1031 }; 1032 return &enc_null; 1033} 1034 1035/** 1036 * The RC2 cipher type 1037 * 1038 * @return the RC2 EVP_CIPHER pointer. 1039 * 1040 * @ingroup hcrypto_evp 1041 */ 1042 1043const EVP_CIPHER * 1044EVP_rc2_cbc(void) 1045{ 1046 hcrypto_validate(); 1047 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc2_cbc); 1048} 1049 1050/** 1051 * The RC2 cipher type 1052 * 1053 * @return the RC2 EVP_CIPHER pointer. 1054 * 1055 * @ingroup hcrypto_evp 1056 */ 1057 1058const EVP_CIPHER * 1059EVP_rc2_40_cbc(void) 1060{ 1061 hcrypto_validate(); 1062 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc2_40_cbc); 1063} 1064 1065/** 1066 * The RC2 cipher type 1067 * 1068 * @return the RC2 EVP_CIPHER pointer. 1069 * 1070 * @ingroup hcrypto_evp 1071 */ 1072 1073const EVP_CIPHER * 1074EVP_rc2_64_cbc(void) 1075{ 1076 hcrypto_validate(); 1077 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc2_64_cbc); 1078} 1079 1080/** 1081 * The RC4 cipher type 1082 * 1083 * @return the RC4 EVP_CIPHER pointer. 1084 * 1085 * @ingroup hcrypto_evp 1086 */ 1087 1088const EVP_CIPHER * 1089EVP_rc4(void) 1090{ 1091 hcrypto_validate(); 1092 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc4); 1093} 1094 1095/** 1096 * The RC4-40 cipher type 1097 * 1098 * @return the RC4-40 EVP_CIPHER pointer. 1099 * 1100 * @ingroup hcrypto_evp 1101 */ 1102 1103const EVP_CIPHER * 1104EVP_rc4_40(void) 1105{ 1106 hcrypto_validate(); 1107 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc4_40); 1108} 1109 1110/** 1111 * The DES cipher type 1112 * 1113 * @return the DES-CBC EVP_CIPHER pointer. 1114 * 1115 * @ingroup hcrypto_evp 1116 */ 1117 1118const EVP_CIPHER * 1119EVP_des_cbc(void) 1120{ 1121 hcrypto_validate(); 1122 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, des_cbc); 1123} 1124 1125/** 1126 * The tripple DES cipher type 1127 * 1128 * @return the DES-EDE3-CBC EVP_CIPHER pointer. 1129 * 1130 * @ingroup hcrypto_evp 1131 */ 1132 1133const EVP_CIPHER * 1134EVP_des_ede3_cbc(void) 1135{ 1136 hcrypto_validate(); 1137 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, des_ede3_cbc); 1138} 1139 1140/** 1141 * The AES-128 cipher type 1142 * 1143 * @return the AES-128 EVP_CIPHER pointer. 1144 * 1145 * @ingroup hcrypto_evp 1146 */ 1147 1148const EVP_CIPHER * 1149EVP_aes_128_cbc(void) 1150{ 1151 hcrypto_validate(); 1152 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_128_cbc); 1153} 1154 1155/** 1156 * The AES-192 cipher type 1157 * 1158 * @return the AES-192 EVP_CIPHER pointer. 1159 * 1160 * @ingroup hcrypto_evp 1161 */ 1162 1163const EVP_CIPHER * 1164EVP_aes_192_cbc(void) 1165{ 1166 hcrypto_validate(); 1167 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_192_cbc); 1168} 1169 1170/** 1171 * The AES-256 cipher type 1172 * 1173 * @return the AES-256 EVP_CIPHER pointer. 1174 * 1175 * @ingroup hcrypto_evp 1176 */ 1177 1178const EVP_CIPHER * 1179EVP_aes_256_cbc(void) 1180{ 1181 hcrypto_validate(); 1182 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_256_cbc); 1183} 1184 1185/** 1186 * The AES-128 CFB8 cipher type 1187 * 1188 * @return the AES-128 EVP_CIPHER pointer. 1189 * 1190 * @ingroup hcrypto_evp 1191 */ 1192 1193const EVP_CIPHER * 1194EVP_aes_128_cfb8(void) 1195{ 1196#ifndef __APPLE_TARGET_EMBEDDED__ 1197 hcrypto_validate(); 1198 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_128_cfb8); 1199#else 1200 return NULL; 1201#endif 1202} 1203 1204/** 1205 * The AES-192 CFB8 cipher type 1206 * 1207 * @return the AES-192 EVP_CIPHER pointer. 1208 * 1209 * @ingroup hcrypto_evp 1210 */ 1211 1212const EVP_CIPHER * 1213EVP_aes_192_cfb8(void) 1214{ 1215#ifndef __APPLE_TARGET_EMBEDDED__ 1216 hcrypto_validate(); 1217 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_192_cfb8); 1218#else 1219 return NULL; 1220#endif 1221} 1222 1223/** 1224 * The AES-256 CFB8 cipher type 1225 * 1226 * @return the AES-256 EVP_CIPHER pointer. 1227 * 1228 * @ingroup hcrypto_evp 1229 */ 1230 1231const EVP_CIPHER * 1232EVP_aes_256_cfb8(void) 1233{ 1234#ifndef __APPLE_TARGET_EMBEDDED__ 1235 hcrypto_validate(); 1236 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_256_cfb8); 1237#else 1238 return NULL; 1239#endif 1240} 1241 1242/** 1243 * The Camellia-128 cipher type 1244 * 1245 * @return the Camellia-128 EVP_CIPHER pointer. 1246 * 1247 * @ingroup hcrypto_evp 1248 */ 1249 1250const EVP_CIPHER * 1251EVP_camellia_128_cbc(void) 1252{ 1253 hcrypto_validate(); 1254 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, camellia_128_cbc); 1255} 1256 1257/** 1258 * The Camellia-198 cipher type 1259 * 1260 * @return the Camellia-198 EVP_CIPHER pointer. 1261 * 1262 * @ingroup hcrypto_evp 1263 */ 1264 1265const EVP_CIPHER * 1266EVP_camellia_192_cbc(void) 1267{ 1268 hcrypto_validate(); 1269 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, camellia_192_cbc); 1270} 1271 1272/** 1273 * The Camellia-256 cipher type 1274 * 1275 * @return the Camellia-256 EVP_CIPHER pointer. 1276 * 1277 * @ingroup hcrypto_evp 1278 */ 1279 1280const EVP_CIPHER * 1281EVP_camellia_256_cbc(void) 1282{ 1283 hcrypto_validate(); 1284 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, camellia_256_cbc); 1285} 1286 1287/* 1288 * 1289 */ 1290 1291static const struct cipher_name { 1292 const char *name; 1293 const EVP_CIPHER *(*func)(void); 1294} cipher_name[] = { 1295 { "des-ede3-cbc", EVP_des_ede3_cbc }, 1296 { "aes-128-cbc", EVP_aes_128_cbc }, 1297 { "aes-192-cbc", EVP_aes_192_cbc }, 1298 { "aes-256-cbc", EVP_aes_256_cbc }, 1299 { "aes-128-cfb8", EVP_aes_128_cfb8 }, 1300 { "aes-192-cfb8", EVP_aes_192_cfb8 }, 1301 { "aes-256-cfb8", EVP_aes_256_cfb8 }, 1302 { "camellia-128-cbc", EVP_camellia_128_cbc }, 1303 { "camellia-192-cbc", EVP_camellia_192_cbc }, 1304 { "camellia-256-cbc", EVP_camellia_256_cbc } 1305}; 1306 1307/** 1308 * Get the cipher type using their name. 1309 * 1310 * @param name the name of the cipher. 1311 * 1312 * @return the selected EVP_CIPHER pointer or NULL if not found. 1313 * 1314 * @ingroup hcrypto_evp 1315 */ 1316 1317const EVP_CIPHER * 1318EVP_get_cipherbyname(const char *name) 1319{ 1320 size_t i; 1321 for (i = 0; i < sizeof(cipher_name)/sizeof(cipher_name[0]); i++) { 1322 if (strcasecmp(cipher_name[i].name, name) == 0) 1323 return (*cipher_name[i].func)(); 1324 } 1325 return NULL; 1326} 1327 1328 1329/* 1330 * 1331 */ 1332 1333#ifndef min 1334#define min(a,b) (((a)>(b))?(b):(a)) 1335#endif 1336 1337/** 1338 * Provides a legancy string to key function, used in PEM files. 1339 * 1340 * New protocols should use new string to key functions like NIST 1341 * SP56-800A or PKCS#5 v2.0 (see PKCS5_PBKDF2_HMAC_SHA1()). 1342 * 1343 * @param type type of cipher to use 1344 * @param md message digest to use 1345 * @param salt salt salt string, should be an binary 8 byte buffer. 1346 * @param data the password/input key string. 1347 * @param datalen length of data parameter. 1348 * @param count iteration counter. 1349 * @param keydata output keydata, needs to of the size EVP_CIPHER_key_length(). 1350 * @param ivdata output ivdata, needs to of the size EVP_CIPHER_block_size(). 1351 * 1352 * @return the size of derived key. 1353 * 1354 * @ingroup hcrypto_evp 1355 */ 1356 1357int 1358EVP_BytesToKey(const EVP_CIPHER *type, 1359 const EVP_MD *md, 1360 const void *salt, 1361 const void *data, size_t datalen, 1362 unsigned int count, 1363 void *keydata, 1364 void *ivdata) 1365{ 1366 unsigned int ivlen, keylen; 1367 int first = 0; 1368 unsigned int mds = 0, i; 1369 unsigned char *key = keydata; 1370 unsigned char *iv = ivdata; 1371 unsigned char *buf; 1372 EVP_MD_CTX c; 1373 1374 keylen = EVP_CIPHER_key_length(type); 1375 ivlen = EVP_CIPHER_iv_length(type); 1376 1377 if (data == NULL) 1378 return keylen; 1379 1380 buf = malloc(EVP_MD_size(md)); 1381 if (buf == NULL) 1382 return -1; 1383 1384 EVP_MD_CTX_init(&c); 1385 1386 first = 1; 1387 while (1) { 1388 EVP_DigestInit_ex(&c, md, NULL); 1389 if (!first) 1390 EVP_DigestUpdate(&c, buf, mds); 1391 first = 0; 1392 EVP_DigestUpdate(&c,data,datalen); 1393 1394#define PKCS5_SALT_LEN 8 1395 1396 if (salt) 1397 EVP_DigestUpdate(&c, salt, PKCS5_SALT_LEN); 1398 1399 EVP_DigestFinal_ex(&c, buf, &mds); 1400 assert(mds == EVP_MD_size(md)); 1401 1402 for (i = 1; i < count; i++) { 1403 EVP_DigestInit_ex(&c, md, NULL); 1404 EVP_DigestUpdate(&c, buf, mds); 1405 EVP_DigestFinal_ex(&c, buf, &mds); 1406 assert(mds == EVP_MD_size(md)); 1407 } 1408 1409 i = 0; 1410 if (keylen) { 1411 size_t sz = min(keylen, mds); 1412 if (key) { 1413 memcpy(key, buf, sz); 1414 key += sz; 1415 } 1416 keylen -= sz; 1417 i += sz; 1418 } 1419 if (ivlen && mds > i) { 1420 size_t sz = min(ivlen, (mds - i)); 1421 if (iv) { 1422 memcpy(iv, &buf[i], sz); 1423 iv += sz; 1424 } 1425 ivlen -= sz; 1426 } 1427 if (keylen == 0 && ivlen == 0) 1428 break; 1429 } 1430 1431 EVP_MD_CTX_cleanup(&c); 1432 free(buf); 1433 1434 return EVP_CIPHER_key_length(type); 1435} 1436 1437/** 1438 * Generate a random key for the specificed EVP_CIPHER. 1439 * 1440 * @param ctx EVP_CIPHER_CTX type to build the key for. 1441 * @param key return key, must be at least EVP_CIPHER_key_length() byte long. 1442 * 1443 * @return 1 for success, 0 for failure. 1444 * 1445 * @ingroup hcrypto_core 1446 */ 1447 1448int 1449EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, void *key) 1450{ 1451 if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) 1452 return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key); 1453 if (CCRandomCopyBytes(kCCRandomDefault, key, ctx->key_len) != 0) 1454 return 0; 1455 return 1; 1456} 1457 1458/** 1459 * Perform a operation on a ctx 1460 * 1461 * @param ctx context to perform operation on. 1462 * @param type type of operation. 1463 * @param arg argument to operation. 1464 * @param data addition data to operation. 1465 1466 * @return 1 for success, 0 for failure. 1467 * 1468 * @ingroup hcrypto_core 1469 */ 1470 1471int 1472EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *data) 1473{ 1474 if (ctx->cipher == NULL || ctx->cipher->ctrl == NULL) 1475 return 0; 1476 return (*ctx->cipher->ctrl)(ctx, type, arg, data); 1477} 1478 1479/** 1480 * Add all algorithms to the crypto core. 1481 * 1482 * @ingroup hcrypto_core 1483 */ 1484 1485void 1486OpenSSL_add_all_algorithms(void) 1487{ 1488 return; 1489} 1490 1491/** 1492 * Add all algorithms to the crypto core using configuration file. 1493 * 1494 * @ingroup hcrypto_core 1495 */ 1496 1497void 1498OpenSSL_add_all_algorithms_conf(void) 1499{ 1500 return; 1501} 1502 1503/** 1504 * Add all algorithms to the crypto core, but don't use the 1505 * configuration file. 1506 * 1507 * @ingroup hcrypto_core 1508 */ 1509 1510void 1511OpenSSL_add_all_algorithms_noconf(void) 1512{ 1513 return; 1514} 1515