1 /* 2 * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #ifndef OSSL_CRYPTO_EVP_H 11 # define OSSL_CRYPTO_EVP_H 12 # pragma once 13 14 # include <openssl/evp.h> 15 # include <openssl/core_dispatch.h> 16 # include "internal/refcount.h" 17 # include "crypto/ecx.h" 18 19 /* 20 * Don't free up md_ctx->pctx in EVP_MD_CTX_reset, use the reserved flag 21 * values in evp.h 22 */ 23 #define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX 0x0400 24 25 #define evp_pkey_ctx_is_legacy(ctx) \ 26 ((ctx)->keymgmt == NULL) 27 #define evp_pkey_ctx_is_provided(ctx) \ 28 (!evp_pkey_ctx_is_legacy(ctx)) 29 30 struct evp_pkey_ctx_st { 31 /* Actual operation */ 32 int operation; 33 34 /* 35 * Library context, property query, keytype and keymgmt associated with 36 * this context 37 */ 38 OSSL_LIB_CTX *libctx; 39 char *propquery; 40 const char *keytype; 41 /* If |pkey| below is set, this field is always a reference to its keymgmt */ 42 EVP_KEYMGMT *keymgmt; 43 44 union { 45 struct { 46 void *genctx; 47 } keymgmt; 48 49 struct { 50 EVP_KEYEXCH *exchange; 51 /* 52 * Opaque ctx returned from a providers exchange algorithm 53 * implementation OSSL_FUNC_keyexch_newctx() 54 */ 55 void *algctx; 56 } kex; 57 58 struct { 59 EVP_SIGNATURE *signature; 60 /* 61 * Opaque ctx returned from a providers signature algorithm 62 * implementation OSSL_FUNC_signature_newctx() 63 */ 64 void *algctx; 65 } sig; 66 67 struct { 68 EVP_ASYM_CIPHER *cipher; 69 /* 70 * Opaque ctx returned from a providers asymmetric cipher algorithm 71 * implementation OSSL_FUNC_asym_cipher_newctx() 72 */ 73 void *algctx; 74 } ciph; 75 struct { 76 EVP_KEM *kem; 77 /* 78 * Opaque ctx returned from a providers KEM algorithm 79 * implementation OSSL_FUNC_kem_newctx() 80 */ 81 void *algctx; 82 } encap; 83 } op; 84 85 /* 86 * Cached parameters. Inits of operations that depend on these should 87 * call evp_pkey_ctx_use_delayed_data() when the operation has been set 88 * up properly. 89 */ 90 struct { 91 /* Distinguishing Identifier, ISO/IEC 15946-3, FIPS 196 */ 92 char *dist_id_name; /* The name used with EVP_PKEY_CTX_ctrl_str() */ 93 void *dist_id; /* The distinguishing ID itself */ 94 size_t dist_id_len; /* The length of the distinguishing ID */ 95 96 /* Indicators of what has been set. Keep them together! */ 97 unsigned int dist_id_set : 1; 98 } cached_parameters; 99 100 /* Application specific data, usually used by the callback */ 101 void *app_data; 102 /* Keygen callback */ 103 EVP_PKEY_gen_cb *pkey_gencb; 104 /* implementation specific keygen data */ 105 int *keygen_info; 106 int keygen_info_count; 107 108 /* Legacy fields below */ 109 110 /* EVP_PKEY identity */ 111 int legacy_keytype; 112 /* Method associated with this operation */ 113 const EVP_PKEY_METHOD *pmeth; 114 /* Engine that implements this method or NULL if builtin */ 115 ENGINE *engine; 116 /* Key: may be NULL */ 117 EVP_PKEY *pkey; 118 /* Peer key for key agreement, may be NULL */ 119 EVP_PKEY *peerkey; 120 /* Algorithm specific data */ 121 void *data; 122 /* Indicator if digest_custom needs to be called */ 123 unsigned int flag_call_digest_custom:1; 124 /* 125 * Used to support taking custody of memory in the case of a provider being 126 * used with the deprecated EVP_PKEY_CTX_set_rsa_keygen_pubexp() API. This 127 * member should NOT be used for any other purpose and should be removed 128 * when said deprecated API is excised completely. 129 */ 130 BIGNUM *rsa_pubexp; 131 } /* EVP_PKEY_CTX */ ; 132 133 #define EVP_PKEY_FLAG_DYNAMIC 1 134 135 struct evp_pkey_method_st { 136 int pkey_id; 137 int flags; 138 int (*init) (EVP_PKEY_CTX *ctx); 139 int (*copy) (EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src); 140 void (*cleanup) (EVP_PKEY_CTX *ctx); 141 int (*paramgen_init) (EVP_PKEY_CTX *ctx); 142 int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); 143 int (*keygen_init) (EVP_PKEY_CTX *ctx); 144 int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); 145 int (*sign_init) (EVP_PKEY_CTX *ctx); 146 int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, 147 const unsigned char *tbs, size_t tbslen); 148 int (*verify_init) (EVP_PKEY_CTX *ctx); 149 int (*verify) (EVP_PKEY_CTX *ctx, 150 const unsigned char *sig, size_t siglen, 151 const unsigned char *tbs, size_t tbslen); 152 int (*verify_recover_init) (EVP_PKEY_CTX *ctx); 153 int (*verify_recover) (EVP_PKEY_CTX *ctx, 154 unsigned char *rout, size_t *routlen, 155 const unsigned char *sig, size_t siglen); 156 int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); 157 int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, 158 EVP_MD_CTX *mctx); 159 int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); 160 int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, 161 EVP_MD_CTX *mctx); 162 int (*encrypt_init) (EVP_PKEY_CTX *ctx); 163 int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, 164 const unsigned char *in, size_t inlen); 165 int (*decrypt_init) (EVP_PKEY_CTX *ctx); 166 int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, 167 const unsigned char *in, size_t inlen); 168 int (*derive_init) (EVP_PKEY_CTX *ctx); 169 int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); 170 int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); 171 int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); 172 int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, 173 const unsigned char *tbs, size_t tbslen); 174 int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, 175 size_t siglen, const unsigned char *tbs, 176 size_t tbslen); 177 int (*check) (EVP_PKEY *pkey); 178 int (*public_check) (EVP_PKEY *pkey); 179 int (*param_check) (EVP_PKEY *pkey); 180 181 int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); 182 } /* EVP_PKEY_METHOD */ ; 183 184 DEFINE_STACK_OF_CONST(EVP_PKEY_METHOD) 185 186 void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx); 187 188 const EVP_PKEY_METHOD *ossl_dh_pkey_method(void); 189 const EVP_PKEY_METHOD *ossl_dhx_pkey_method(void); 190 const EVP_PKEY_METHOD *ossl_dsa_pkey_method(void); 191 const EVP_PKEY_METHOD *ossl_ec_pkey_method(void); 192 const EVP_PKEY_METHOD *ossl_ecx25519_pkey_method(void); 193 const EVP_PKEY_METHOD *ossl_ecx448_pkey_method(void); 194 const EVP_PKEY_METHOD *ossl_ed25519_pkey_method(void); 195 const EVP_PKEY_METHOD *ossl_ed448_pkey_method(void); 196 const EVP_PKEY_METHOD *ossl_rsa_pkey_method(void); 197 const EVP_PKEY_METHOD *ossl_rsa_pss_pkey_method(void); 198 199 struct evp_mac_st { 200 OSSL_PROVIDER *prov; 201 int name_id; 202 char *type_name; 203 const char *description; 204 205 CRYPTO_REF_COUNT refcnt; 206 CRYPTO_RWLOCK *lock; 207 208 OSSL_FUNC_mac_newctx_fn *newctx; 209 OSSL_FUNC_mac_dupctx_fn *dupctx; 210 OSSL_FUNC_mac_freectx_fn *freectx; 211 OSSL_FUNC_mac_init_fn *init; 212 OSSL_FUNC_mac_update_fn *update; 213 OSSL_FUNC_mac_final_fn *final; 214 OSSL_FUNC_mac_gettable_params_fn *gettable_params; 215 OSSL_FUNC_mac_gettable_ctx_params_fn *gettable_ctx_params; 216 OSSL_FUNC_mac_settable_ctx_params_fn *settable_ctx_params; 217 OSSL_FUNC_mac_get_params_fn *get_params; 218 OSSL_FUNC_mac_get_ctx_params_fn *get_ctx_params; 219 OSSL_FUNC_mac_set_ctx_params_fn *set_ctx_params; 220 }; 221 222 struct evp_kdf_st { 223 OSSL_PROVIDER *prov; 224 int name_id; 225 char *type_name; 226 const char *description; 227 CRYPTO_REF_COUNT refcnt; 228 CRYPTO_RWLOCK *lock; 229 230 OSSL_FUNC_kdf_newctx_fn *newctx; 231 OSSL_FUNC_kdf_dupctx_fn *dupctx; 232 OSSL_FUNC_kdf_freectx_fn *freectx; 233 OSSL_FUNC_kdf_reset_fn *reset; 234 OSSL_FUNC_kdf_derive_fn *derive; 235 OSSL_FUNC_kdf_gettable_params_fn *gettable_params; 236 OSSL_FUNC_kdf_gettable_ctx_params_fn *gettable_ctx_params; 237 OSSL_FUNC_kdf_settable_ctx_params_fn *settable_ctx_params; 238 OSSL_FUNC_kdf_get_params_fn *get_params; 239 OSSL_FUNC_kdf_get_ctx_params_fn *get_ctx_params; 240 OSSL_FUNC_kdf_set_ctx_params_fn *set_ctx_params; 241 }; 242 243 #define EVP_ORIG_DYNAMIC 0 244 #define EVP_ORIG_GLOBAL 1 245 #define EVP_ORIG_METH 2 246 247 struct evp_md_st { 248 /* nid */ 249 int type; 250 251 /* Legacy structure members */ 252 int pkey_type; 253 int md_size; 254 unsigned long flags; 255 int origin; 256 int (*init) (EVP_MD_CTX *ctx); 257 int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count); 258 int (*final) (EVP_MD_CTX *ctx, unsigned char *md); 259 int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from); 260 int (*cleanup) (EVP_MD_CTX *ctx); 261 int block_size; 262 int ctx_size; /* how big does the ctx->md_data need to be */ 263 /* control function */ 264 int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2); 265 266 /* New structure members */ 267 /* Above comment to be removed when legacy has gone */ 268 int name_id; 269 char *type_name; 270 const char *description; 271 OSSL_PROVIDER *prov; 272 CRYPTO_REF_COUNT refcnt; 273 CRYPTO_RWLOCK *lock; 274 OSSL_FUNC_digest_newctx_fn *newctx; 275 OSSL_FUNC_digest_init_fn *dinit; 276 OSSL_FUNC_digest_update_fn *dupdate; 277 OSSL_FUNC_digest_final_fn *dfinal; 278 OSSL_FUNC_digest_digest_fn *digest; 279 OSSL_FUNC_digest_freectx_fn *freectx; 280 OSSL_FUNC_digest_dupctx_fn *dupctx; 281 OSSL_FUNC_digest_get_params_fn *get_params; 282 OSSL_FUNC_digest_set_ctx_params_fn *set_ctx_params; 283 OSSL_FUNC_digest_get_ctx_params_fn *get_ctx_params; 284 OSSL_FUNC_digest_gettable_params_fn *gettable_params; 285 OSSL_FUNC_digest_settable_ctx_params_fn *settable_ctx_params; 286 OSSL_FUNC_digest_gettable_ctx_params_fn *gettable_ctx_params; 287 288 } /* EVP_MD */ ; 289 290 struct evp_cipher_st { 291 int nid; 292 293 int block_size; 294 /* Default value for variable length ciphers */ 295 int key_len; 296 int iv_len; 297 298 /* Legacy structure members */ 299 /* Various flags */ 300 unsigned long flags; 301 /* How the EVP_CIPHER was created. */ 302 int origin; 303 /* init key */ 304 int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key, 305 const unsigned char *iv, int enc); 306 /* encrypt/decrypt data */ 307 int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out, 308 const unsigned char *in, size_t inl); 309 /* cleanup ctx */ 310 int (*cleanup) (EVP_CIPHER_CTX *); 311 /* how big ctx->cipher_data needs to be */ 312 int ctx_size; 313 /* Populate a ASN1_TYPE with parameters */ 314 int (*set_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); 315 /* Get parameters from a ASN1_TYPE */ 316 int (*get_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *); 317 /* Miscellaneous operations */ 318 int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr); 319 /* Application data */ 320 void *app_data; 321 322 /* New structure members */ 323 /* Above comment to be removed when legacy has gone */ 324 int name_id; 325 char *type_name; 326 const char *description; 327 OSSL_PROVIDER *prov; 328 CRYPTO_REF_COUNT refcnt; 329 CRYPTO_RWLOCK *lock; 330 OSSL_FUNC_cipher_newctx_fn *newctx; 331 OSSL_FUNC_cipher_encrypt_init_fn *einit; 332 OSSL_FUNC_cipher_decrypt_init_fn *dinit; 333 OSSL_FUNC_cipher_update_fn *cupdate; 334 OSSL_FUNC_cipher_final_fn *cfinal; 335 OSSL_FUNC_cipher_cipher_fn *ccipher; 336 OSSL_FUNC_cipher_freectx_fn *freectx; 337 OSSL_FUNC_cipher_dupctx_fn *dupctx; 338 OSSL_FUNC_cipher_get_params_fn *get_params; 339 OSSL_FUNC_cipher_get_ctx_params_fn *get_ctx_params; 340 OSSL_FUNC_cipher_set_ctx_params_fn *set_ctx_params; 341 OSSL_FUNC_cipher_gettable_params_fn *gettable_params; 342 OSSL_FUNC_cipher_gettable_ctx_params_fn *gettable_ctx_params; 343 OSSL_FUNC_cipher_settable_ctx_params_fn *settable_ctx_params; 344 } /* EVP_CIPHER */ ; 345 346 /* Macros to code block cipher wrappers */ 347 348 /* Wrapper functions for each cipher mode */ 349 350 #define EVP_C_DATA(kstruct, ctx) \ 351 ((kstruct *)EVP_CIPHER_CTX_get_cipher_data(ctx)) 352 353 #define BLOCK_CIPHER_ecb_loop() \ 354 size_t i, bl; \ 355 bl = EVP_CIPHER_CTX_get0_cipher(ctx)->block_size; \ 356 if (inl < bl) return 1;\ 357 inl -= bl; \ 358 for (i=0; i <= inl; i+=bl) 359 360 #define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ 361 static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ 362 {\ 363 BLOCK_CIPHER_ecb_loop() \ 364 cprefix##_ecb_encrypt(in + i, out + i, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_is_encrypting(ctx)); \ 365 return 1;\ 366 } 367 368 #define EVP_MAXCHUNK ((size_t)1 << 30) 369 370 #define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \ 371 static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ 372 {\ 373 while(inl>=EVP_MAXCHUNK) {\ 374 int num = EVP_CIPHER_CTX_get_num(ctx);\ 375 cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \ 376 EVP_CIPHER_CTX_set_num(ctx, num);\ 377 inl-=EVP_MAXCHUNK;\ 378 in +=EVP_MAXCHUNK;\ 379 out+=EVP_MAXCHUNK;\ 380 }\ 381 if (inl) {\ 382 int num = EVP_CIPHER_CTX_get_num(ctx);\ 383 cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \ 384 EVP_CIPHER_CTX_set_num(ctx, num);\ 385 }\ 386 return 1;\ 387 } 388 389 #define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ 390 static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ 391 {\ 392 while(inl>=EVP_MAXCHUNK) \ 393 {\ 394 cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx));\ 395 inl-=EVP_MAXCHUNK;\ 396 in +=EVP_MAXCHUNK;\ 397 out+=EVP_MAXCHUNK;\ 398 }\ 399 if (inl)\ 400 cprefix##_cbc_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx));\ 401 return 1;\ 402 } 403 404 #define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ 405 static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \ 406 {\ 407 size_t chunk = EVP_MAXCHUNK;\ 408 if (cbits == 1) chunk >>= 3;\ 409 if (inl < chunk) chunk = inl;\ 410 while (inl && inl >= chunk)\ 411 {\ 412 int num = EVP_CIPHER_CTX_get_num(ctx);\ 413 cprefix##_cfb##cbits##_encrypt(in, out, (long) \ 414 ((cbits == 1) \ 415 && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) \ 416 ? chunk*8 : chunk), \ 417 &EVP_C_DATA(kstruct, ctx)->ksched, ctx->iv,\ 418 &num, EVP_CIPHER_CTX_is_encrypting(ctx));\ 419 EVP_CIPHER_CTX_set_num(ctx, num);\ 420 inl -= chunk;\ 421 in += chunk;\ 422 out += chunk;\ 423 if (inl < chunk) chunk = inl;\ 424 }\ 425 return 1;\ 426 } 427 428 #define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ 429 BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ 430 BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ 431 BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ 432 BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) 433 434 #define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \ 435 key_len, iv_len, flags, init_key, cleanup, \ 436 set_asn1, get_asn1, ctrl) \ 437 static const EVP_CIPHER cname##_##mode = { \ 438 nid##_##nmode, block_size, key_len, iv_len, \ 439 flags | EVP_CIPH_##MODE##_MODE, \ 440 EVP_ORIG_GLOBAL, \ 441 init_key, \ 442 cname##_##mode##_cipher, \ 443 cleanup, \ 444 sizeof(kstruct), \ 445 set_asn1, get_asn1,\ 446 ctrl, \ 447 NULL \ 448 }; \ 449 const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; } 450 451 #define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \ 452 iv_len, flags, init_key, cleanup, set_asn1, \ 453 get_asn1, ctrl) \ 454 BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \ 455 iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) 456 457 #define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \ 458 iv_len, cbits, flags, init_key, cleanup, \ 459 set_asn1, get_asn1, ctrl) \ 460 BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \ 461 key_len, iv_len, flags, init_key, cleanup, set_asn1, \ 462 get_asn1, ctrl) 463 464 #define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \ 465 iv_len, cbits, flags, init_key, cleanup, \ 466 set_asn1, get_asn1, ctrl) \ 467 BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \ 468 key_len, iv_len, flags, init_key, cleanup, set_asn1, \ 469 get_asn1, ctrl) 470 471 #define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \ 472 flags, init_key, cleanup, set_asn1, \ 473 get_asn1, ctrl) \ 474 BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \ 475 0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) 476 477 #define BLOCK_CIPHER_defs(cname, kstruct, \ 478 nid, block_size, key_len, iv_len, cbits, flags, \ 479 init_key, cleanup, set_asn1, get_asn1, ctrl) \ 480 BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ 481 init_key, cleanup, set_asn1, get_asn1, ctrl) \ 482 BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \ 483 flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ 484 BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \ 485 flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ 486 BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \ 487 init_key, cleanup, set_asn1, get_asn1, ctrl) 488 489 /*- 490 #define BLOCK_CIPHER_defs(cname, kstruct, \ 491 nid, block_size, key_len, iv_len, flags,\ 492 init_key, cleanup, set_asn1, get_asn1, ctrl)\ 493 static const EVP_CIPHER cname##_cbc = {\ 494 nid##_cbc, block_size, key_len, iv_len, \ 495 flags | EVP_CIPH_CBC_MODE,\ 496 EVP_ORIG_GLOBAL,\ 497 init_key,\ 498 cname##_cbc_cipher,\ 499 cleanup,\ 500 sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ 501 sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ 502 set_asn1, get_asn1,\ 503 ctrl, \ 504 NULL \ 505 };\ 506 const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\ 507 static const EVP_CIPHER cname##_cfb = {\ 508 nid##_cfb64, 1, key_len, iv_len, \ 509 flags | EVP_CIPH_CFB_MODE,\ 510 EVP_ORIG_GLOBAL,\ 511 init_key,\ 512 cname##_cfb_cipher,\ 513 cleanup,\ 514 sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ 515 sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ 516 set_asn1, get_asn1,\ 517 ctrl,\ 518 NULL \ 519 };\ 520 const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\ 521 static const EVP_CIPHER cname##_ofb = {\ 522 nid##_ofb64, 1, key_len, iv_len, \ 523 flags | EVP_CIPH_OFB_MODE,\ 524 EVP_ORIG_GLOBAL,\ 525 init_key,\ 526 cname##_ofb_cipher,\ 527 cleanup,\ 528 sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ 529 sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ 530 set_asn1, get_asn1,\ 531 ctrl,\ 532 NULL \ 533 };\ 534 const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\ 535 static const EVP_CIPHER cname##_ecb = {\ 536 nid##_ecb, block_size, key_len, iv_len, \ 537 flags | EVP_CIPH_ECB_MODE,\ 538 EVP_ORIG_GLOBAL,\ 539 init_key,\ 540 cname##_ecb_cipher,\ 541 cleanup,\ 542 sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\ 543 sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\ 544 set_asn1, get_asn1,\ 545 ctrl,\ 546 NULL \ 547 };\ 548 const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } 549 */ 550 551 #define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \ 552 block_size, key_len, iv_len, cbits, \ 553 flags, init_key, \ 554 cleanup, set_asn1, get_asn1, ctrl) \ 555 BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ 556 BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \ 557 cbits, flags, init_key, cleanup, set_asn1, \ 558 get_asn1, ctrl) 559 560 #define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,fl) \ 561 BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \ 562 BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \ 563 NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \ 564 (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \ 565 cipher##_init_key, NULL, NULL, NULL, NULL) 566 567 typedef struct { 568 unsigned char iv[EVP_MAX_IV_LENGTH]; 569 unsigned int iv_len; 570 unsigned int tag_len; 571 } evp_cipher_aead_asn1_params; 572 573 int evp_cipher_param_to_asn1_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type, 574 evp_cipher_aead_asn1_params *params); 575 576 int evp_cipher_asn1_to_param_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type, 577 evp_cipher_aead_asn1_params *params); 578 579 /* 580 * To support transparent execution of operation in backends other 581 * than the "origin" key, we support transparent export/import to 582 * those providers, and maintain a cache of the imported keydata, 583 * so we don't need to redo the export/import every time we perform 584 * the same operation in that same provider. 585 * This requires that the "origin" backend (whether it's a legacy or a 586 * provider "origin") implements exports, and that the target provider 587 * has an EVP_KEYMGMT that implements import. 588 */ 589 typedef struct { 590 EVP_KEYMGMT *keymgmt; 591 void *keydata; 592 } OP_CACHE_ELEM; 593 594 DEFINE_STACK_OF(OP_CACHE_ELEM) 595 596 /* 597 * An EVP_PKEY can have the following states: 598 * 599 * untyped & empty: 600 * 601 * type == EVP_PKEY_NONE && keymgmt == NULL 602 * 603 * typed & empty: 604 * 605 * (type != EVP_PKEY_NONE && pkey.ptr == NULL) ## legacy (libcrypto only) 606 * || (keymgmt != NULL && keydata == NULL) ## provider side 607 * 608 * fully assigned: 609 * 610 * (type != EVP_PKEY_NONE && pkey.ptr != NULL) ## legacy (libcrypto only) 611 * || (keymgmt != NULL && keydata != NULL) ## provider side 612 * 613 * The easiest way to detect a legacy key is: 614 * 615 * keymgmt == NULL && type != EVP_PKEY_NONE 616 * 617 * The easiest way to detect a provider side key is: 618 * 619 * keymgmt != NULL 620 */ 621 #define evp_pkey_is_blank(pk) \ 622 ((pk)->type == EVP_PKEY_NONE && (pk)->keymgmt == NULL) 623 #define evp_pkey_is_typed(pk) \ 624 ((pk)->type != EVP_PKEY_NONE || (pk)->keymgmt != NULL) 625 #ifndef FIPS_MODULE 626 # define evp_pkey_is_assigned(pk) \ 627 ((pk)->pkey.ptr != NULL || (pk)->keydata != NULL) 628 #else 629 # define evp_pkey_is_assigned(pk) \ 630 ((pk)->keydata != NULL) 631 #endif 632 #define evp_pkey_is_legacy(pk) \ 633 ((pk)->type != EVP_PKEY_NONE && (pk)->keymgmt == NULL) 634 #define evp_pkey_is_provided(pk) \ 635 ((pk)->keymgmt != NULL) 636 637 union legacy_pkey_st { 638 void *ptr; 639 struct rsa_st *rsa; /* RSA */ 640 # ifndef OPENSSL_NO_DSA 641 struct dsa_st *dsa; /* DSA */ 642 # endif 643 # ifndef OPENSSL_NO_DH 644 struct dh_st *dh; /* DH */ 645 # endif 646 # ifndef OPENSSL_NO_EC 647 struct ec_key_st *ec; /* ECC */ 648 ECX_KEY *ecx; /* X25519, X448, Ed25519, Ed448 */ 649 # endif 650 }; 651 652 struct evp_pkey_st { 653 /* == Legacy attributes == */ 654 int type; 655 int save_type; 656 657 # ifndef FIPS_MODULE 658 /* 659 * Legacy key "origin" is composed of a pointer to an EVP_PKEY_ASN1_METHOD, 660 * a pointer to a low level key and possibly a pointer to an engine. 661 */ 662 const EVP_PKEY_ASN1_METHOD *ameth; 663 ENGINE *engine; 664 ENGINE *pmeth_engine; /* If not NULL public key ENGINE to use */ 665 666 /* Union to store the reference to an origin legacy key */ 667 union legacy_pkey_st pkey; 668 669 /* Union to store the reference to a non-origin legacy key */ 670 union legacy_pkey_st legacy_cache_pkey; 671 # endif 672 673 /* == Common attributes == */ 674 CRYPTO_REF_COUNT references; 675 CRYPTO_RWLOCK *lock; 676 #ifndef FIPS_MODULE 677 STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ 678 int save_parameters; 679 unsigned int foreign:1; /* the low-level key is using an engine or an app-method */ 680 CRYPTO_EX_DATA ex_data; 681 #endif 682 683 /* == Provider attributes == */ 684 685 /* 686 * Provider keydata "origin" is composed of a pointer to an EVP_KEYMGMT 687 * and a pointer to the provider side key data. This is never used at 688 * the same time as the legacy key data above. 689 */ 690 EVP_KEYMGMT *keymgmt; 691 void *keydata; 692 /* 693 * If any libcrypto code does anything that may modify the keydata 694 * contents, this dirty counter must be incremented. 695 */ 696 size_t dirty_cnt; 697 698 /* 699 * To support transparent execution of operation in backends other 700 * than the "origin" key, we support transparent export/import to 701 * those providers, and maintain a cache of the imported keydata, 702 * so we don't need to redo the export/import every time we perform 703 * the same operation in that same provider. 704 */ 705 STACK_OF(OP_CACHE_ELEM) *operation_cache; 706 707 /* 708 * We keep a copy of that "origin"'s dirty count, so we know if the 709 * operation cache needs flushing. 710 */ 711 size_t dirty_cnt_copy; 712 713 /* Cache of key object information */ 714 struct { 715 int bits; 716 int security_bits; 717 int size; 718 } cache; 719 } /* EVP_PKEY */ ; 720 721 #define EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) \ 722 ((ctx)->operation == EVP_PKEY_OP_SIGN \ 723 || (ctx)->operation == EVP_PKEY_OP_SIGNCTX \ 724 || (ctx)->operation == EVP_PKEY_OP_VERIFY \ 725 || (ctx)->operation == EVP_PKEY_OP_VERIFYCTX \ 726 || (ctx)->operation == EVP_PKEY_OP_VERIFYRECOVER) 727 728 #define EVP_PKEY_CTX_IS_DERIVE_OP(ctx) \ 729 ((ctx)->operation == EVP_PKEY_OP_DERIVE) 730 731 #define EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) \ 732 ((ctx)->operation == EVP_PKEY_OP_ENCRYPT \ 733 || (ctx)->operation == EVP_PKEY_OP_DECRYPT) 734 735 #define EVP_PKEY_CTX_IS_GEN_OP(ctx) \ 736 ((ctx)->operation == EVP_PKEY_OP_PARAMGEN \ 737 || (ctx)->operation == EVP_PKEY_OP_KEYGEN) 738 739 #define EVP_PKEY_CTX_IS_FROMDATA_OP(ctx) \ 740 ((ctx)->operation == EVP_PKEY_OP_FROMDATA) 741 742 #define EVP_PKEY_CTX_IS_KEM_OP(ctx) \ 743 ((ctx)->operation == EVP_PKEY_OP_ENCAPSULATE \ 744 || (ctx)->operation == EVP_PKEY_OP_DECAPSULATE) 745 746 void openssl_add_all_ciphers_int(void); 747 void openssl_add_all_digests_int(void); 748 void evp_cleanup_int(void); 749 void evp_app_cleanup_int(void); 750 void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx, 751 EVP_KEYMGMT **keymgmt, 752 const char *propquery); 753 #ifndef FIPS_MODULE 754 int evp_pkey_copy_downgraded(EVP_PKEY **dest, const EVP_PKEY *src); 755 void *evp_pkey_get_legacy(EVP_PKEY *pk); 756 void evp_pkey_free_legacy(EVP_PKEY *x); 757 EVP_PKEY *evp_pkcs82pkey_legacy(const PKCS8_PRIV_KEY_INFO *p8inf, 758 OSSL_LIB_CTX *libctx, const char *propq); 759 #endif 760 761 /* 762 * KEYMGMT utility functions 763 */ 764 765 /* 766 * Key import structure and helper function, to be used as an export callback 767 */ 768 struct evp_keymgmt_util_try_import_data_st { 769 EVP_KEYMGMT *keymgmt; 770 void *keydata; 771 772 int selection; 773 }; 774 int evp_keymgmt_util_try_import(const OSSL_PARAM params[], void *arg); 775 int evp_keymgmt_util_assign_pkey(EVP_PKEY *pkey, EVP_KEYMGMT *keymgmt, 776 void *keydata); 777 EVP_PKEY *evp_keymgmt_util_make_pkey(EVP_KEYMGMT *keymgmt, void *keydata); 778 779 int evp_keymgmt_util_export(const EVP_PKEY *pk, int selection, 780 OSSL_CALLBACK *export_cb, void *export_cbarg); 781 void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt); 782 OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk, 783 EVP_KEYMGMT *keymgmt); 784 int evp_keymgmt_util_clear_operation_cache(EVP_PKEY *pk, int locking); 785 int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk, 786 EVP_KEYMGMT *keymgmt, void *keydata); 787 void evp_keymgmt_util_cache_keyinfo(EVP_PKEY *pk); 788 void *evp_keymgmt_util_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, 789 int selection, const OSSL_PARAM params[]); 790 int evp_keymgmt_util_has(EVP_PKEY *pk, int selection); 791 int evp_keymgmt_util_match(EVP_PKEY *pk1, EVP_PKEY *pk2, int selection); 792 int evp_keymgmt_util_copy(EVP_PKEY *to, EVP_PKEY *from, int selection); 793 void *evp_keymgmt_util_gen(EVP_PKEY *target, EVP_KEYMGMT *keymgmt, 794 void *genctx, OSSL_CALLBACK *cb, void *cbarg); 795 int evp_keymgmt_util_get_deflt_digest_name(EVP_KEYMGMT *keymgmt, 796 void *keydata, 797 char *mdname, size_t mdname_sz); 798 const char *evp_keymgmt_util_query_operation_name(EVP_KEYMGMT *keymgmt, 799 int op_id); 800 801 /* 802 * KEYMGMT provider interface functions 803 */ 804 void *evp_keymgmt_newdata(const EVP_KEYMGMT *keymgmt); 805 void evp_keymgmt_freedata(const EVP_KEYMGMT *keymgmt, void *keyddata); 806 int evp_keymgmt_get_params(const EVP_KEYMGMT *keymgmt, 807 void *keydata, OSSL_PARAM params[]); 808 int evp_keymgmt_set_params(const EVP_KEYMGMT *keymgmt, 809 void *keydata, const OSSL_PARAM params[]); 810 void *evp_keymgmt_gen_init(const EVP_KEYMGMT *keymgmt, int selection, 811 const OSSL_PARAM params[]); 812 int evp_keymgmt_gen_set_template(const EVP_KEYMGMT *keymgmt, void *genctx, 813 void *template); 814 int evp_keymgmt_gen_set_params(const EVP_KEYMGMT *keymgmt, void *genctx, 815 const OSSL_PARAM params[]); 816 void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx, 817 OSSL_CALLBACK *cb, void *cbarg); 818 void evp_keymgmt_gen_cleanup(const EVP_KEYMGMT *keymgmt, void *genctx); 819 820 int evp_keymgmt_has_load(const EVP_KEYMGMT *keymgmt); 821 void *evp_keymgmt_load(const EVP_KEYMGMT *keymgmt, 822 const void *objref, size_t objref_sz); 823 824 int evp_keymgmt_has(const EVP_KEYMGMT *keymgmt, void *keyddata, int selection); 825 int evp_keymgmt_validate(const EVP_KEYMGMT *keymgmt, void *keydata, 826 int selection, int checktype); 827 int evp_keymgmt_match(const EVP_KEYMGMT *keymgmt, 828 const void *keydata1, const void *keydata2, 829 int selection); 830 831 int evp_keymgmt_import(const EVP_KEYMGMT *keymgmt, void *keydata, 832 int selection, const OSSL_PARAM params[]); 833 const OSSL_PARAM *evp_keymgmt_import_types(const EVP_KEYMGMT *keymgmt, 834 int selection); 835 int evp_keymgmt_export(const EVP_KEYMGMT *keymgmt, void *keydata, 836 int selection, OSSL_CALLBACK *param_cb, void *cbarg); 837 const OSSL_PARAM *evp_keymgmt_export_types(const EVP_KEYMGMT *keymgmt, 838 int selection); 839 void *evp_keymgmt_dup(const EVP_KEYMGMT *keymgmt, 840 const void *keydata_from, int selection); 841 EVP_KEYMGMT *evp_keymgmt_fetch_from_prov(OSSL_PROVIDER *prov, 842 const char *name, 843 const char *properties); 844 845 /* Pulling defines out of C source files */ 846 847 # define EVP_RC4_KEY_SIZE 16 848 # ifndef TLS1_1_VERSION 849 # define TLS1_1_VERSION 0x0302 850 # endif 851 852 void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags); 853 854 /* EVP_ENCODE_CTX flags */ 855 /* Don't generate new lines when encoding */ 856 #define EVP_ENCODE_CTX_NO_NEWLINES 1 857 /* Use the SRP base64 alphabet instead of the standard one */ 858 #define EVP_ENCODE_CTX_USE_SRP_ALPHABET 2 859 860 const EVP_CIPHER *evp_get_cipherbyname_ex(OSSL_LIB_CTX *libctx, 861 const char *name); 862 const EVP_MD *evp_get_digestbyname_ex(OSSL_LIB_CTX *libctx, 863 const char *name); 864 865 int ossl_pkcs5_pbkdf2_hmac_ex(const char *pass, int passlen, 866 const unsigned char *salt, int saltlen, int iter, 867 const EVP_MD *digest, int keylen, 868 unsigned char *out, 869 OSSL_LIB_CTX *libctx, const char *propq); 870 871 # ifndef FIPS_MODULE 872 /* 873 * Internal helpers for stricter EVP_PKEY_CTX_{set,get}_params(). 874 * 875 * Return 1 on success, 0 or negative for errors. 876 * 877 * In particular they return -2 if any of the params is not supported. 878 * 879 * They are not available in FIPS_MODULE as they depend on 880 * - EVP_PKEY_CTX_{get,set}_params() 881 * - EVP_PKEY_CTX_{gettable,settable}_params() 882 * 883 */ 884 int evp_pkey_ctx_set_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); 885 int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); 886 887 EVP_MD_CTX *evp_md_ctx_new_ex(EVP_PKEY *pkey, const ASN1_OCTET_STRING *id, 888 OSSL_LIB_CTX *libctx, const char *propq); 889 int evp_pkey_name2type(const char *name); 890 const char *evp_pkey_type2name(int type); 891 892 int evp_pkey_ctx_set1_id_prov(EVP_PKEY_CTX *ctx, const void *id, int len); 893 int evp_pkey_ctx_get1_id_prov(EVP_PKEY_CTX *ctx, void *id); 894 int evp_pkey_ctx_get1_id_len_prov(EVP_PKEY_CTX *ctx, size_t *id_len); 895 896 int evp_pkey_ctx_use_cached_data(EVP_PKEY_CTX *ctx); 897 # endif /* !defined(FIPS_MODULE) */ 898 899 int evp_method_store_cache_flush(OSSL_LIB_CTX *libctx); 900 int evp_method_store_remove_all_provided(const OSSL_PROVIDER *prov); 901 902 int evp_default_properties_enable_fips_int(OSSL_LIB_CTX *libctx, int enable, 903 int loadconfig); 904 int evp_set_default_properties_int(OSSL_LIB_CTX *libctx, const char *propq, 905 int loadconfig, int mirrored); 906 char *evp_get_global_properties_str(OSSL_LIB_CTX *libctx, int loadconfig); 907 908 void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force, int keep_digest); 909 910 /* Three possible states: */ 911 # define EVP_PKEY_STATE_UNKNOWN 0 912 # define EVP_PKEY_STATE_LEGACY 1 913 # define EVP_PKEY_STATE_PROVIDER 2 914 int evp_pkey_ctx_state(const EVP_PKEY_CTX *ctx); 915 916 /* These two must ONLY be called for provider side operations */ 917 int evp_pkey_ctx_ctrl_to_param(EVP_PKEY_CTX *ctx, 918 int keytype, int optype, 919 int cmd, int p1, void *p2); 920 int evp_pkey_ctx_ctrl_str_to_param(EVP_PKEY_CTX *ctx, 921 const char *name, const char *value); 922 923 /* These two must ONLY be called for legacy operations */ 924 int evp_pkey_ctx_set_params_to_ctrl(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params); 925 int evp_pkey_ctx_get_params_to_ctrl(EVP_PKEY_CTX *ctx, OSSL_PARAM *params); 926 927 /* This must ONLY be called for legacy EVP_PKEYs */ 928 int evp_pkey_get_params_to_ctrl(const EVP_PKEY *pkey, OSSL_PARAM *params); 929 930 /* Same as the public get0 functions but are not const */ 931 # ifndef OPENSSL_NO_DEPRECATED_3_0 932 DH *evp_pkey_get0_DH_int(const EVP_PKEY *pkey); 933 EC_KEY *evp_pkey_get0_EC_KEY_int(const EVP_PKEY *pkey); 934 RSA *evp_pkey_get0_RSA_int(const EVP_PKEY *pkey); 935 # endif 936 937 /* Get internal identification number routines */ 938 int evp_asym_cipher_get_number(const EVP_ASYM_CIPHER *cipher); 939 int evp_cipher_get_number(const EVP_CIPHER *cipher); 940 int evp_kdf_get_number(const EVP_KDF *kdf); 941 int evp_kem_get_number(const EVP_KEM *wrap); 942 int evp_keyexch_get_number(const EVP_KEYEXCH *keyexch); 943 int evp_keymgmt_get_number(const EVP_KEYMGMT *keymgmt); 944 int evp_mac_get_number(const EVP_MAC *mac); 945 int evp_md_get_number(const EVP_MD *md); 946 int evp_rand_get_number(const EVP_RAND *rand); 947 int evp_signature_get_number(const EVP_SIGNATURE *signature); 948 949 #endif /* OSSL_CRYPTO_EVP_H */ 950