1/* 2 * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10#ifndef OSSL_CRYPTO_EVP_H 11# define OSSL_CRYPTO_EVP_H 12# pragma once 13 14# include <openssl/evp.h> 15# include <openssl/core_dispatch.h> 16# include "internal/refcount.h" 17# include "crypto/ecx.h" 18 19/* 20 * Don't free up md_ctx->pctx in EVP_MD_CTX_reset, use the reserved flag 21 * values in evp.h 22 */ 23#define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX 0x0400 24 25#define evp_pkey_ctx_is_legacy(ctx) \ 26 ((ctx)->keymgmt == NULL) 27#define evp_pkey_ctx_is_provided(ctx) \ 28 (!evp_pkey_ctx_is_legacy(ctx)) 29 30struct evp_pkey_ctx_st { 31 /* Actual operation */ 32 int operation; 33 34 /* 35 * Library context, property query, keytype and keymgmt associated with 36 * this context 37 */ 38 OSSL_LIB_CTX *libctx; 39 char *propquery; 40 const char *keytype; 41 /* If |pkey| below is set, this field is always a reference to its keymgmt */ 42 EVP_KEYMGMT *keymgmt; 43 44 union { 45 struct { 46 void *genctx; 47 } keymgmt; 48 49 struct { 50 EVP_KEYEXCH *exchange; 51 /* 52 * Opaque ctx returned from a providers exchange algorithm 53 * implementation OSSL_FUNC_keyexch_newctx() 54 */ 55 void *algctx; 56 } kex; 57 58 struct { 59 EVP_SIGNATURE *signature; 60 /* 61 * Opaque ctx returned from a providers signature algorithm 62 * implementation OSSL_FUNC_signature_newctx() 63 */ 64 void *algctx; 65 } sig; 66 67 struct { 68 EVP_ASYM_CIPHER *cipher; 69 /* 70 * Opaque ctx returned from a providers asymmetric cipher algorithm 71 * implementation OSSL_FUNC_asym_cipher_newctx() 72 */ 73 void *algctx; 74 } ciph; 75 struct { 76 EVP_KEM *kem; 77 /* 78 * Opaque ctx returned from a providers KEM algorithm 79 * implementation OSSL_FUNC_kem_newctx() 80 */ 81 void *algctx; 82 } encap; 83 } op; 84 85 /* 86 * Cached parameters. Inits of operations that depend on these should 87 * call evp_pkey_ctx_use_delayed_data() when the operation has been set 88 * up properly. 89 */ 90 struct { 91 /* Distinguishing Identifier, ISO/IEC 15946-3, FIPS 196 */ 92 char *dist_id_name; /* The name used with EVP_PKEY_CTX_ctrl_str() */ 93 void *dist_id; /* The distinguishing ID itself */ 94 size_t dist_id_len; /* The length of the distinguishing ID */ 95 96 /* Indicators of what has been set. Keep them together! */ 97 unsigned int dist_id_set : 1; 98 } cached_parameters; 99 100 /* Application specific data, usually used by the callback */ 101 void *app_data; 102 /* Keygen callback */ 103 EVP_PKEY_gen_cb *pkey_gencb; 104 /* implementation specific keygen data */ 105 int *keygen_info; 106 int keygen_info_count; 107 108 /* Legacy fields below */ 109 110 /* EVP_PKEY identity */ 111 int legacy_keytype; 112 /* Method associated with this operation */ 113 const EVP_PKEY_METHOD *pmeth; 114 /* Engine that implements this method or NULL if builtin */ 115 ENGINE *engine; 116 /* Key: may be NULL */ 117 EVP_PKEY *pkey; 118 /* Peer key for key agreement, may be NULL */ 119 EVP_PKEY *peerkey; 120 /* Algorithm specific data */ 121 void *data; 122 /* Indicator if digest_custom needs to be called */ 123 unsigned int flag_call_digest_custom:1; 124 /* 125 * Used to support taking custody of memory in the case of a provider being 126 * used with the deprecated EVP_PKEY_CTX_set_rsa_keygen_pubexp() API. This 127 * member should NOT be used for any other purpose and should be removed 128 * when said deprecated API is excised completely. 129 */ 130 BIGNUM *rsa_pubexp; 131} /* EVP_PKEY_CTX */ ; 132 133#define EVP_PKEY_FLAG_DYNAMIC 1 134 135struct evp_pkey_method_st { 136 int pkey_id; 137 int flags; 138 int (*init) (EVP_PKEY_CTX *ctx); 139 int (*copy) (EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src); 140 void (*cleanup) (EVP_PKEY_CTX *ctx); 141 int (*paramgen_init) (EVP_PKEY_CTX *ctx); 142 int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); 143 int (*keygen_init) (EVP_PKEY_CTX *ctx); 144 int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); 145 int (*sign_init) (EVP_PKEY_CTX *ctx); 146 int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, 147 const unsigned char *tbs, size_t tbslen); 148 int (*verify_init) (EVP_PKEY_CTX *ctx); 149 int (*verify) (EVP_PKEY_CTX *ctx, 150 const unsigned char *sig, size_t siglen, 151 const unsigned char *tbs, size_t tbslen); 152 int (*verify_recover_init) (EVP_PKEY_CTX *ctx); 153 int (*verify_recover) (EVP_PKEY_CTX *ctx, 154 unsigned char *rout, size_t *routlen, 155 const unsigned char *sig, size_t siglen); 156 int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); 157 int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, 158 EVP_MD_CTX *mctx); 159 int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); 160 int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, 161 EVP_MD_CTX *mctx); 162 int (*encrypt_init) (EVP_PKEY_CTX *ctx); 163 int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, 164 const unsigned char *in, size_t inlen); 165 int (*decrypt_init) (EVP_PKEY_CTX *ctx); 166 int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, 167 const unsigned char *in, size_t inlen); 168 int (*derive_init) (EVP_PKEY_CTX *ctx); 169 int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); 170 int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); 171 int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); 172 int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, 173 const unsigned char *tbs, size_t tbslen); 174 int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, 175 size_t siglen, const unsigned char *tbs, 176 size_t tbslen); 177 int (*check) (EVP_PKEY *pkey); 178 int (*public_check) (EVP_PKEY *pkey); 179 int (*param_check) (EVP_PKEY *pkey); 180 181 int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); 182} /* EVP_PKEY_METHOD */ ; 183 184DEFINE_STACK_OF_CONST(EVP_PKEY_METHOD) 185 186void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx); 187 188const EVP_PKEY_METHOD *ossl_dh_pkey_method(void); 189const EVP_PKEY_METHOD *ossl_dhx_pkey_method(void); 190const EVP_PKEY_METHOD *ossl_dsa_pkey_method(void); 191const EVP_PKEY_METHOD *ossl_ec_pkey_method(void); 192const EVP_PKEY_METHOD *ossl_ecx25519_pkey_method(void); 193const EVP_PKEY_METHOD *ossl_ecx448_pkey_method(void); 194const EVP_PKEY_METHOD *ossl_ed25519_pkey_method(void); 195const EVP_PKEY_METHOD *ossl_ed448_pkey_method(void); 196const EVP_PKEY_METHOD *ossl_rsa_pkey_method(void); 197const EVP_PKEY_METHOD *ossl_rsa_pss_pkey_method(void); 198 199struct evp_mac_st { 200 OSSL_PROVIDER *prov; 201 int name_id; 202 char *type_name; 203 const char *description; 204 205 CRYPTO_REF_COUNT refcnt; 206 CRYPTO_RWLOCK *lock; 207 208 OSSL_FUNC_mac_newctx_fn *newctx; 209 OSSL_FUNC_mac_dupctx_fn *dupctx; 210 OSSL_FUNC_mac_freectx_fn *freectx; 211 OSSL_FUNC_mac_init_fn *init; 212 OSSL_FUNC_mac_update_fn *update; 213 OSSL_FUNC_mac_final_fn *final; 214 OSSL_FUNC_mac_gettable_params_fn *gettable_params; 215 OSSL_FUNC_mac_gettable_ctx_params_fn *gettable_ctx_params; 216 OSSL_FUNC_mac_settable_ctx_params_fn *settable_ctx_params; 217 OSSL_FUNC_mac_get_params_fn *get_params; 218 OSSL_FUNC_mac_get_ctx_params_fn *get_ctx_params; 219 OSSL_FUNC_mac_set_ctx_params_fn *set_ctx_params; 220}; 221 222struct evp_kdf_st { 223 OSSL_PROVIDER *prov; 224 int name_id; 225 char *type_name; 226 const char *description; 227 CRYPTO_REF_COUNT refcnt; 228 CRYPTO_RWLOCK *lock; 229 230 OSSL_FUNC_kdf_newctx_fn *newctx; 231 OSSL_FUNC_kdf_dupctx_fn *dupctx; 232 OSSL_FUNC_kdf_freectx_fn *freectx; 233 OSSL_FUNC_kdf_reset_fn *reset; 234 OSSL_FUNC_kdf_derive_fn *derive; 235 OSSL_FUNC_kdf_gettable_params_fn *gettable_params; 236 OSSL_FUNC_kdf_gettable_ctx_params_fn *gettable_ctx_params; 237 OSSL_FUNC_kdf_settable_ctx_params_fn *settable_ctx_params; 238 OSSL_FUNC_kdf_get_params_fn *get_params; 239 OSSL_FUNC_kdf_get_ctx_params_fn *get_ctx_params; 240 OSSL_FUNC_kdf_set_ctx_params_fn *set_ctx_params; 241}; 242 243#define EVP_ORIG_DYNAMIC 0 244#define EVP_ORIG_GLOBAL 1 245#define EVP_ORIG_METH 2 246 247struct evp_md_st { 248 /* nid */ 249 int type; 250 251 /* Legacy structure members */ 252 int pkey_type; 253 int md_size; 254 unsigned long flags; 255 int origin; 256 int (*init) (EVP_MD_CTX *ctx); 257 int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); 258 int (*final) (EVP_MD_CTX *ctx, unsigned char *md); 259 int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from); 260 int (*cleanup) (EVP_MD_CTX *ctx); 261 int block_size; 262 int ctx_size; /* how big does the ctx->md_data need to be */ 263 /* control function */ 264 int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2); 265 266 /* New structure members */ 267 /* Above comment to be removed when legacy has gone */ 268 int name_id; 269 char *type_name; 270 const char *description; 271 OSSL_PROVIDER *prov; 272 CRYPTO_REF_COUNT refcnt; 273 CRYPTO_RWLOCK *lock; 274 OSSL_FUNC_digest_newctx_fn *newctx; 275 OSSL_FUNC_digest_init_fn *dinit; 276 OSSL_FUNC_digest_update_fn *dupdate; 277 OSSL_FUNC_digest_final_fn *dfinal; 278 OSSL_FUNC_digest_digest_fn *digest; 279 OSSL_FUNC_digest_freectx_fn *freectx; 280 OSSL_FUNC_digest_dupctx_fn *dupctx; 281 OSSL_FUNC_digest_get_params_fn *get_params; 282 OSSL_FUNC_digest_set_ctx_params_fn *set_ctx_params; 283 OSSL_FUNC_digest_get_ctx_params_fn *get_ctx_params; 284 OSSL_FUNC_digest_gettable_params_fn *gettable_params; 285 OSSL_FUNC_digest_settable_ctx_params_fn *settable_ctx_params; 286 OSSL_FUNC_digest_gettable_ctx_params_fn *gettable_ctx_params; 287 288} /* EVP_MD */ ; 289 290struct evp_cipher_st { 291 int nid; 292 293 int block_size; 294 /* Default value for variable length ciphers */ 295 int key_len; 296 int iv_len; 297 298 /* Legacy structure members */ 299 /* Various flags */ 300 unsigned long flags; 301 /* How the EVP_CIPHER was created. */ 302 int origin; 303 /* init key */ 304 int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key, 305 const unsigned char *iv, int enc); 306 /* encrypt/decrypt data */ 307 int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out, 308 const unsigned char *in, size_t inl); 309 /* cleanup ctx */ 310 int (*cleanup) (EVP_CIPHER_CTX *); 311 /* how big ctx->cipher_data needs to be */ 312 int ctx_size; 313 /* Populate a ASN1_TYPE with parameters */ 314 int (*set_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); 315 /* Get parameters from a ASN1_TYPE */ 316 int (*get_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); 317 /* Miscellaneous operations */ 318 int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr); 319 /* Application data */ 320 void *app_data; 321 322 /* New structure members */ 323 /* Above comment to be removed when legacy has gone */ 324 int name_id; 325 char *type_name; 326 const char *description; 327 OSSL_PROVIDER *prov; 328 CRYPTO_REF_COUNT refcnt; 329 CRYPTO_RWLOCK *lock; 330 OSSL_FUNC_cipher_newctx_fn *newctx; 331 OSSL_FUNC_cipher_encrypt_init_fn *einit; 332 OSSL_FUNC_cipher_decrypt_init_fn *dinit; 333 OSSL_FUNC_cipher_update_fn *cupdate; 334 OSSL_FUNC_cipher_final_fn *cfinal; 335 OSSL_FUNC_cipher_cipher_fn *ccipher; 336 OSSL_FUNC_cipher_freectx_fn *freectx; 337 OSSL_FUNC_cipher_dupctx_fn *dupctx; 338 OSSL_FUNC_cipher_get_params_fn *get_params; 339 OSSL_FUNC_cipher_get_ctx_params_fn *get_ctx_params; 340 OSSL_FUNC_cipher_set_ctx_params_fn *set_ctx_params; 341 OSSL_FUNC_cipher_gettable_params_fn *gettable_params; 342 OSSL_FUNC_cipher_gettable_ctx_params_fn *gettable_ctx_params; 343 OSSL_FUNC_cipher_settable_ctx_params_fn *settable_ctx_params; 344} /* EVP_CIPHER */ ; 345 346/* Macros to code block cipher wrappers */ 347 348/* Wrapper functions for each cipher mode */ 349 350#define EVP_C_DATA(kstruct, ctx) \ 351 ((kstruct *)EVP_CIPHER_CTX_get_cipher_data(ctx)) 352 353#define BLOCK_CIPHER_ecb_loop() \ 354 size_t i, bl; \ 355 bl = EVP_CIPHER_CTX_get0_cipher(ctx)->block_size; \ 356 if (inl < bl) return 1;\ 357 inl -= bl; \ 358 for (i=0; i <= inl; i+=bl) 359 360#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ 361static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ 362{\ 363 BLOCK_CIPHER_ecb_loop() \ 364 cprefix##_ecb_encrypt(in + i, out + i, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_is_encrypting(ctx)); \ 365 return 1;\ 366} 367 368#define EVP_MAXCHUNK ((size_t)1 << 30) 369 370#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \ 371 static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ 372{\ 373 while(inl>=EVP_MAXCHUNK) {\ 374 int num = EVP_CIPHER_CTX_get_num(ctx);\ 375 cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \ 376 EVP_CIPHER_CTX_set_num(ctx, num);\ 377 inl-=EVP_MAXCHUNK;\ 378 in +=EVP_MAXCHUNK;\ 379 out+=EVP_MAXCHUNK;\ 380 }\ 381 if (inl) {\ 382 int num = EVP_CIPHER_CTX_get_num(ctx);\ 383 cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \ 384 EVP_CIPHER_CTX_set_num(ctx, num);\ 385 }\ 386 return 1;\ 387} 388 389#define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ 390static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ 391{\ 392 while(inl>=EVP_MAXCHUNK) \ 393 {\ 394 cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx));\ 395 inl-=EVP_MAXCHUNK;\ 396 in +=EVP_MAXCHUNK;\ 397 out+=EVP_MAXCHUNK;\ 398 }\ 399 if (inl)\ 400 cprefix##_cbc_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx));\ 401 return 1;\ 402} 403 404#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ 405static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ 406{\ 407 size_t chunk = EVP_MAXCHUNK;\ 408 if (cbits == 1) chunk >>= 3;\ 409 if (inl < chunk) chunk = inl;\ 410 while (inl && inl >= chunk)\ 411 {\ 412 int num = EVP_CIPHER_CTX_get_num(ctx);\ 413 cprefix##_cfb##cbits##_encrypt(in, out, (long) \ 414 ((cbits == 1) \ 415 && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) \ 416 ? chunk*8 : chunk), \ 417 &EVP_C_DATA(kstruct, ctx)->ksched, ctx->iv,\ 418 &num, EVP_CIPHER_CTX_is_encrypting(ctx));\ 419 EVP_CIPHER_CTX_set_num(ctx, num);\ 420 inl -= chunk;\ 421 in += chunk;\ 422 out += chunk;\ 423 if (inl < chunk) chunk = inl;\ 424 }\ 425 return 1;\ 426} 427 428#define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ 429 BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ 430 BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ 431 BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ 432 BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) 433 434#define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \ 435 key_len, iv_len, flags, init_key, cleanup, \ 436 set_asn1, get_asn1, ctrl) \ 437static const EVP_CIPHER cname##_##mode = { \ 438 nid##_##nmode, block_size, key_len, iv_len, \ 439 flags | EVP_CIPH_##MODE##_MODE, \ 440 EVP_ORIG_GLOBAL, \ 441 init_key, \ 442 cname##_##mode##_cipher, \ 443 cleanup, \ 444 sizeof(kstruct), \ 445 set_asn1, get_asn1,\ 446 ctrl, \ 447 NULL \ 448}; \ 449const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; } 450 451#define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \ 452 iv_len, flags, init_key, cleanup, set_asn1, \ 453 get_asn1, ctrl) \ 454BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \ 455 iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) 456 457#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \ 458 iv_len, cbits, flags, init_key, cleanup, \ 459 set_asn1, get_asn1, ctrl) \ 460BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \ 461 key_len, iv_len, flags, init_key, cleanup, set_asn1, \ 462 get_asn1, ctrl) 463 464#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \ 465 iv_len, cbits, flags, init_key, cleanup, \ 466 set_asn1, get_asn1, ctrl) \ 467BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \ 468 key_len, iv_len, flags, init_key, cleanup, set_asn1, \ 469 get_asn1, ctrl) 470 471#define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \ 472 flags, init_key, cleanup, set_asn1, \ 473 get_asn1, ctrl) \ 474BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \ 475 0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) 476 477#define BLOCK_CIPHER_defs(cname, kstruct, \ 478 nid, block_size, key_len, iv_len, cbits, flags, \ 479 init_key, cleanup, set_asn1, get_asn1, ctrl) \ 480BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ 481 init_key, cleanup, set_asn1, get_asn1, ctrl) \ 482BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \ 483 flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ 484BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \ 485 flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ 486BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \ 487 init_key, cleanup, set_asn1, get_asn1, ctrl) 488 489/*- 490#define BLOCK_CIPHER_defs(cname, kstruct, \ 491 nid, block_size, key_len, iv_len, flags,\ 492 init_key, cleanup, set_asn1, get_asn1, ctrl)\ 493static const EVP_CIPHER cname##_cbc = {\ 494 nid##_cbc, block_size, key_len, iv_len, \ 495 flags | EVP_CIPH_CBC_MODE,\ 496 EVP_ORIG_GLOBAL,\ 497 init_key,\ 498 cname##_cbc_cipher,\ 499 cleanup,\ 500 sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ 501 sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ 502 set_asn1, get_asn1,\ 503 ctrl, \ 504 NULL \ 505};\ 506const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\ 507static const EVP_CIPHER cname##_cfb = {\ 508 nid##_cfb64, 1, key_len, iv_len, \ 509 flags | EVP_CIPH_CFB_MODE,\ 510 EVP_ORIG_GLOBAL,\ 511 init_key,\ 512 cname##_cfb_cipher,\ 513 cleanup,\ 514 sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ 515 sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ 516 set_asn1, get_asn1,\ 517 ctrl,\ 518 NULL \ 519};\ 520const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\ 521static const EVP_CIPHER cname##_ofb = {\ 522 nid##_ofb64, 1, key_len, iv_len, \ 523 flags | EVP_CIPH_OFB_MODE,\ 524 EVP_ORIG_GLOBAL,\ 525 init_key,\ 526 cname##_ofb_cipher,\ 527 cleanup,\ 528 sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ 529 sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ 530 set_asn1, get_asn1,\ 531 ctrl,\ 532 NULL \ 533};\ 534const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\ 535static const EVP_CIPHER cname##_ecb = {\ 536 nid##_ecb, block_size, key_len, iv_len, \ 537 flags | EVP_CIPH_ECB_MODE,\ 538 EVP_ORIG_GLOBAL,\ 539 init_key,\ 540 cname##_ecb_cipher,\ 541 cleanup,\ 542 sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ 543 sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ 544 set_asn1, get_asn1,\ 545 ctrl,\ 546 NULL \ 547};\ 548const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } 549*/ 550 551#define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \ 552 block_size, key_len, iv_len, cbits, \ 553 flags, init_key, \ 554 cleanup, set_asn1, get_asn1, ctrl) \ 555 BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ 556 BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \ 557 cbits, flags, init_key, cleanup, set_asn1, \ 558 get_asn1, ctrl) 559 560#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,fl) \ 561 BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ 562 BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ 563 NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ 564 (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \ 565 cipher##_init_key, NULL, NULL, NULL, NULL) 566 567typedef struct { 568 unsigned char iv[EVP_MAX_IV_LENGTH]; 569 unsigned int iv_len; 570 unsigned int tag_len; 571} evp_cipher_aead_asn1_params; 572 573int evp_cipher_param_to_asn1_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type, 574 evp_cipher_aead_asn1_params *params); 575 576int evp_cipher_asn1_to_param_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type, 577 evp_cipher_aead_asn1_params *params); 578 579/* 580 * To support transparent execution of operation in backends other 581 * than the "origin" key, we support transparent export/import to 582 * those providers, and maintain a cache of the imported keydata, 583 * so we don't need to redo the export/import every time we perform 584 * the same operation in that same provider. 585 * This requires that the "origin" backend (whether it's a legacy or a 586 * provider "origin") implements exports, and that the target provider 587 * has an EVP_KEYMGMT that implements import. 588 */ 589typedef struct { 590 EVP_KEYMGMT *keymgmt; 591 void *keydata; 592 int selection; 593} OP_CACHE_ELEM; 594 595DEFINE_STACK_OF(OP_CACHE_ELEM) 596 597/* 598 * An EVP_PKEY can have the following states: 599 * 600 * untyped & empty: 601 * 602 * type == EVP_PKEY_NONE && keymgmt == NULL 603 * 604 * typed & empty: 605 * 606 * (type != EVP_PKEY_NONE && pkey.ptr == NULL) ## legacy (libcrypto only) 607 * || (keymgmt != NULL && keydata == NULL) ## provider side 608 * 609 * fully assigned: 610 * 611 * (type != EVP_PKEY_NONE && pkey.ptr != NULL) ## legacy (libcrypto only) 612 * || (keymgmt != NULL && keydata != NULL) ## provider side 613 * 614 * The easiest way to detect a legacy key is: 615 * 616 * keymgmt == NULL && type != EVP_PKEY_NONE 617 * 618 * The easiest way to detect a provider side key is: 619 * 620 * keymgmt != NULL 621 */ 622#define evp_pkey_is_blank(pk) \ 623 ((pk)->type == EVP_PKEY_NONE && (pk)->keymgmt == NULL) 624#define evp_pkey_is_typed(pk) \ 625 ((pk)->type != EVP_PKEY_NONE || (pk)->keymgmt != NULL) 626#ifndef FIPS_MODULE 627# define evp_pkey_is_assigned(pk) \ 628 ((pk)->pkey.ptr != NULL || (pk)->keydata != NULL) 629#else 630# define evp_pkey_is_assigned(pk) \ 631 ((pk)->keydata != NULL) 632#endif 633#define evp_pkey_is_legacy(pk) \ 634 ((pk)->type != EVP_PKEY_NONE && (pk)->keymgmt == NULL) 635#define evp_pkey_is_provided(pk) \ 636 ((pk)->keymgmt != NULL) 637 638union legacy_pkey_st { 639 void *ptr; 640 struct rsa_st *rsa; /* RSA */ 641# ifndef OPENSSL_NO_DSA 642 struct dsa_st *dsa; /* DSA */ 643# endif 644# ifndef OPENSSL_NO_DH 645 struct dh_st *dh; /* DH */ 646# endif 647# ifndef OPENSSL_NO_EC 648 struct ec_key_st *ec; /* ECC */ 649 ECX_KEY *ecx; /* X25519, X448, Ed25519, Ed448 */ 650# endif 651}; 652 653struct evp_pkey_st { 654 /* == Legacy attributes == */ 655 int type; 656 int save_type; 657 658# ifndef FIPS_MODULE 659 /* 660 * Legacy key "origin" is composed of a pointer to an EVP_PKEY_ASN1_METHOD, 661 * a pointer to a low level key and possibly a pointer to an engine. 662 */ 663 const EVP_PKEY_ASN1_METHOD *ameth; 664 ENGINE *engine; 665 ENGINE *pmeth_engine; /* If not NULL public key ENGINE to use */ 666 667 /* Union to store the reference to an origin legacy key */ 668 union legacy_pkey_st pkey; 669 670 /* Union to store the reference to a non-origin legacy key */ 671 union legacy_pkey_st legacy_cache_pkey; 672# endif 673 674 /* == Common attributes == */ 675 CRYPTO_REF_COUNT references; 676 CRYPTO_RWLOCK *lock; 677#ifndef FIPS_MODULE 678 STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ 679 int save_parameters; 680 unsigned int foreign:1; /* the low-level key is using an engine or an app-method */ 681 CRYPTO_EX_DATA ex_data; 682#endif 683 684 /* == Provider attributes == */ 685 686 /* 687 * Provider keydata "origin" is composed of a pointer to an EVP_KEYMGMT 688 * and a pointer to the provider side key data. This is never used at 689 * the same time as the legacy key data above. 690 */ 691 EVP_KEYMGMT *keymgmt; 692 void *keydata; 693 /* 694 * If any libcrypto code does anything that may modify the keydata 695 * contents, this dirty counter must be incremented. 696 */ 697 size_t dirty_cnt; 698 699 /* 700 * To support transparent execution of operation in backends other 701 * than the "origin" key, we support transparent export/import to 702 * those providers, and maintain a cache of the imported keydata, 703 * so we don't need to redo the export/import every time we perform 704 * the same operation in that same provider. 705 */ 706 STACK_OF(OP_CACHE_ELEM) *operation_cache; 707 708 /* 709 * We keep a copy of that "origin"'s dirty count, so we know if the 710 * operation cache needs flushing. 711 */ 712 size_t dirty_cnt_copy; 713 714 /* Cache of key object information */ 715 struct { 716 int bits; 717 int security_bits; 718 int size; 719 } cache; 720} /* EVP_PKEY */ ; 721 722#define EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) \ 723 ((ctx)->operation == EVP_PKEY_OP_SIGN \ 724 || (ctx)->operation == EVP_PKEY_OP_SIGNCTX \ 725 || (ctx)->operation == EVP_PKEY_OP_VERIFY \ 726 || (ctx)->operation == EVP_PKEY_OP_VERIFYCTX \ 727 || (ctx)->operation == EVP_PKEY_OP_VERIFYRECOVER) 728 729#define EVP_PKEY_CTX_IS_DERIVE_OP(ctx) \ 730 ((ctx)->operation == EVP_PKEY_OP_DERIVE) 731 732#define EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) \ 733 ((ctx)->operation == EVP_PKEY_OP_ENCRYPT \ 734 || (ctx)->operation == EVP_PKEY_OP_DECRYPT) 735 736#define EVP_PKEY_CTX_IS_GEN_OP(ctx) \ 737 ((ctx)->operation == EVP_PKEY_OP_PARAMGEN \ 738 || (ctx)->operation == EVP_PKEY_OP_KEYGEN) 739 740#define EVP_PKEY_CTX_IS_FROMDATA_OP(ctx) \ 741 ((ctx)->operation == EVP_PKEY_OP_FROMDATA) 742 743#define EVP_PKEY_CTX_IS_KEM_OP(ctx) \ 744 ((ctx)->operation == EVP_PKEY_OP_ENCAPSULATE \ 745 || (ctx)->operation == EVP_PKEY_OP_DECAPSULATE) 746 747void openssl_add_all_ciphers_int(void); 748void openssl_add_all_digests_int(void); 749void evp_cleanup_int(void); 750void evp_app_cleanup_int(void); 751void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx, 752 EVP_KEYMGMT **keymgmt, 753 const char *propquery); 754#ifndef FIPS_MODULE 755int evp_pkey_copy_downgraded(EVP_PKEY **dest, const EVP_PKEY *src); 756void *evp_pkey_get_legacy(EVP_PKEY *pk); 757void evp_pkey_free_legacy(EVP_PKEY *x); 758EVP_PKEY *evp_pkcs82pkey_legacy(const PKCS8_PRIV_KEY_INFO *p8inf, 759 OSSL_LIB_CTX *libctx, const char *propq); 760#endif 761 762/* 763 * KEYMGMT utility functions 764 */ 765 766/* 767 * Key import structure and helper function, to be used as an export callback 768 */ 769struct evp_keymgmt_util_try_import_data_st { 770 EVP_KEYMGMT *keymgmt; 771 void *keydata; 772 773 int selection; 774}; 775int evp_keymgmt_util_try_import(const OSSL_PARAM params[], void *arg); 776int evp_keymgmt_util_assign_pkey(EVP_PKEY *pkey, EVP_KEYMGMT *keymgmt, 777 void *keydata); 778EVP_PKEY *evp_keymgmt_util_make_pkey(EVP_KEYMGMT *keymgmt, void *keydata); 779 780int evp_keymgmt_util_export(const EVP_PKEY *pk, int selection, 781 OSSL_CALLBACK *export_cb, void *export_cbarg); 782void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, 783 int selection); 784OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk, 785 EVP_KEYMGMT *keymgmt, 786 int selection); 787int evp_keymgmt_util_clear_operation_cache(EVP_PKEY *pk, int locking); 788int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, 789 void *keydata, int selection); 790void evp_keymgmt_util_cache_keyinfo(EVP_PKEY *pk); 791void *evp_keymgmt_util_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, 792 int selection, const OSSL_PARAM params[]); 793int evp_keymgmt_util_has(EVP_PKEY *pk, int selection); 794int evp_keymgmt_util_match(EVP_PKEY *pk1, EVP_PKEY *pk2, int selection); 795int evp_keymgmt_util_copy(EVP_PKEY *to, EVP_PKEY *from, int selection); 796void *evp_keymgmt_util_gen(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, 797 void *genctx, OSSL_CALLBACK *cb, void *cbarg); 798int evp_keymgmt_util_get_deflt_digest_name(EVP_KEYMGMT *keymgmt, 799 void *keydata, 800 char *mdname, size_t mdname_sz); 801const char *evp_keymgmt_util_query_operation_name(EVP_KEYMGMT *keymgmt, 802 int op_id); 803 804/* 805 * KEYMGMT provider interface functions 806 */ 807void *evp_keymgmt_newdata(const EVP_KEYMGMT *keymgmt); 808void evp_keymgmt_freedata(const EVP_KEYMGMT *keymgmt, void *keyddata); 809int evp_keymgmt_get_params(const EVP_KEYMGMT *keymgmt, 810 void *keydata, OSSL_PARAM params[]); 811int evp_keymgmt_set_params(const EVP_KEYMGMT *keymgmt, 812 void *keydata, const OSSL_PARAM params[]); 813void *evp_keymgmt_gen_init(const EVP_KEYMGMT *keymgmt, int selection, 814 const OSSL_PARAM params[]); 815int evp_keymgmt_gen_set_template(const EVP_KEYMGMT *keymgmt, void *genctx, 816 void *template); 817int evp_keymgmt_gen_set_params(const EVP_KEYMGMT *keymgmt, void *genctx, 818 const OSSL_PARAM params[]); 819void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx, 820 OSSL_CALLBACK *cb, void *cbarg); 821void evp_keymgmt_gen_cleanup(const EVP_KEYMGMT *keymgmt, void *genctx); 822 823int evp_keymgmt_has_load(const EVP_KEYMGMT *keymgmt); 824void *evp_keymgmt_load(const EVP_KEYMGMT *keymgmt, 825 const void *objref, size_t objref_sz); 826 827int evp_keymgmt_has(const EVP_KEYMGMT *keymgmt, void *keyddata, int selection); 828int evp_keymgmt_validate(const EVP_KEYMGMT *keymgmt, void *keydata, 829 int selection, int checktype); 830int evp_keymgmt_match(const EVP_KEYMGMT *keymgmt, 831 const void *keydata1, const void *keydata2, 832 int selection); 833 834int evp_keymgmt_import(const EVP_KEYMGMT *keymgmt, void *keydata, 835 int selection, const OSSL_PARAM params[]); 836const OSSL_PARAM *evp_keymgmt_import_types(const EVP_KEYMGMT *keymgmt, 837 int selection); 838int evp_keymgmt_export(const EVP_KEYMGMT *keymgmt, void *keydata, 839 int selection, OSSL_CALLBACK *param_cb, void *cbarg); 840const OSSL_PARAM *evp_keymgmt_export_types(const EVP_KEYMGMT *keymgmt, 841 int selection); 842void *evp_keymgmt_dup(const EVP_KEYMGMT *keymgmt, 843 const void *keydata_from, int selection); 844EVP_KEYMGMT *evp_keymgmt_fetch_from_prov(OSSL_PROVIDER *prov, 845 const char *name, 846 const char *properties); 847 848/* Pulling defines out of C source files */ 849 850# define EVP_RC4_KEY_SIZE 16 851# ifndef TLS1_1_VERSION 852# define TLS1_1_VERSION 0x0302 853# endif 854 855void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags); 856 857/* EVP_ENCODE_CTX flags */ 858/* Don't generate new lines when encoding */ 859#define EVP_ENCODE_CTX_NO_NEWLINES 1 860/* Use the SRP base64 alphabet instead of the standard one */ 861#define EVP_ENCODE_CTX_USE_SRP_ALPHABET 2 862 863const EVP_CIPHER *evp_get_cipherbyname_ex(OSSL_LIB_CTX *libctx, 864 const char *name); 865const EVP_MD *evp_get_digestbyname_ex(OSSL_LIB_CTX *libctx, 866 const char *name); 867 868int ossl_pkcs5_pbkdf2_hmac_ex(const char *pass, int passlen, 869 const unsigned char *salt, int saltlen, int iter, 870 const EVP_MD *digest, int keylen, 871 unsigned char *out, 872 OSSL_LIB_CTX *libctx, const char *propq); 873 874# ifndef FIPS_MODULE 875/* 876 * Internal helpers for stricter EVP_PKEY_CTX_{set,get}_params(). 877 * 878 * Return 1 on success, 0 or negative for errors. 879 * 880 * In particular they return -2 if any of the params is not supported. 881 * 882 * They are not available in FIPS_MODULE as they depend on 883 * - EVP_PKEY_CTX_{get,set}_params() 884 * - EVP_PKEY_CTX_{gettable,settable}_params() 885 * 886 */ 887int evp_pkey_ctx_set_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); 888int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); 889 890EVP_MD_CTX *evp_md_ctx_new_ex(EVP_PKEY *pkey, const ASN1_OCTET_STRING *id, 891 OSSL_LIB_CTX *libctx, const char *propq); 892int evp_pkey_name2type(const char *name); 893const char *evp_pkey_type2name(int type); 894 895int evp_pkey_ctx_set1_id_prov(EVP_PKEY_CTX *ctx, const void *id, int len); 896int evp_pkey_ctx_get1_id_prov(EVP_PKEY_CTX *ctx, void *id); 897int evp_pkey_ctx_get1_id_len_prov(EVP_PKEY_CTX *ctx, size_t *id_len); 898 899int evp_pkey_ctx_use_cached_data(EVP_PKEY_CTX *ctx); 900# endif /* !defined(FIPS_MODULE) */ 901 902int evp_method_store_cache_flush(OSSL_LIB_CTX *libctx); 903int evp_method_store_remove_all_provided(const OSSL_PROVIDER *prov); 904 905int evp_default_properties_enable_fips_int(OSSL_LIB_CTX *libctx, int enable, 906 int loadconfig); 907int evp_set_default_properties_int(OSSL_LIB_CTX *libctx, const char *propq, 908 int loadconfig, int mirrored); 909char *evp_get_global_properties_str(OSSL_LIB_CTX *libctx, int loadconfig); 910 911void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force, int keep_digest); 912 913/* Three possible states: */ 914# define EVP_PKEY_STATE_UNKNOWN 0 915# define EVP_PKEY_STATE_LEGACY 1 916# define EVP_PKEY_STATE_PROVIDER 2 917int evp_pkey_ctx_state(const EVP_PKEY_CTX *ctx); 918 919/* These two must ONLY be called for provider side operations */ 920int evp_pkey_ctx_ctrl_to_param(EVP_PKEY_CTX *ctx, 921 int keytype, int optype, 922 int cmd, int p1, void *p2); 923int evp_pkey_ctx_ctrl_str_to_param(EVP_PKEY_CTX *ctx, 924 const char *name, const char *value); 925 926/* These two must ONLY be called for legacy operations */ 927int evp_pkey_ctx_set_params_to_ctrl(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params); 928int evp_pkey_ctx_get_params_to_ctrl(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); 929 930/* This must ONLY be called for legacy EVP_PKEYs */ 931int evp_pkey_get_params_to_ctrl(const EVP_PKEY *pkey, OSSL_PARAM *params); 932 933/* Same as the public get0 functions but are not const */ 934# ifndef OPENSSL_NO_DEPRECATED_3_0 935DH *evp_pkey_get0_DH_int(const EVP_PKEY *pkey); 936EC_KEY *evp_pkey_get0_EC_KEY_int(const EVP_PKEY *pkey); 937RSA *evp_pkey_get0_RSA_int(const EVP_PKEY *pkey); 938# endif 939 940/* Get internal identification number routines */ 941int evp_asym_cipher_get_number(const EVP_ASYM_CIPHER *cipher); 942int evp_cipher_get_number(const EVP_CIPHER *cipher); 943int evp_kdf_get_number(const EVP_KDF *kdf); 944int evp_kem_get_number(const EVP_KEM *wrap); 945int evp_keyexch_get_number(const EVP_KEYEXCH *keyexch); 946int evp_keymgmt_get_number(const EVP_KEYMGMT *keymgmt); 947int evp_mac_get_number(const EVP_MAC *mac); 948int evp_md_get_number(const EVP_MD *md); 949int evp_rand_get_number(const EVP_RAND *rand); 950int evp_signature_get_number(const EVP_SIGNATURE *signature); 951 952#endif /* OSSL_CRYPTO_EVP_H */ 953