• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #ifndef OSSL_CRYPTO_EVP_H
11 # define OSSL_CRYPTO_EVP_H
12 # pragma once
13 
14 # include <openssl/evp.h>
15 # include <openssl/core_dispatch.h>
16 # include "internal/refcount.h"
17 # include "crypto/ecx.h"
18 
19 /*
20  * Don't free up md_ctx->pctx in EVP_MD_CTX_reset, use the reserved flag
21  * values in evp.h
22  */
23 #define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX   0x0400
24 
25 #define evp_pkey_ctx_is_legacy(ctx)                             \
26     ((ctx)->keymgmt == NULL)
27 #define evp_pkey_ctx_is_provided(ctx)                           \
28     (!evp_pkey_ctx_is_legacy(ctx))
29 
30 struct evp_pkey_ctx_st {
31     /* Actual operation */
32     int operation;
33 
34     /*
35      * Library context, property query, keytype and keymgmt associated with
36      * this context
37      */
38     OSSL_LIB_CTX *libctx;
39     char *propquery;
40     const char *keytype;
41     /* If |pkey| below is set, this field is always a reference to its keymgmt */
42     EVP_KEYMGMT *keymgmt;
43 
44     union {
45         struct {
46             void *genctx;
47         } keymgmt;
48 
49         struct {
50             EVP_KEYEXCH *exchange;
51             /*
52              * Opaque ctx returned from a providers exchange algorithm
53              * implementation OSSL_FUNC_keyexch_newctx()
54              */
55             void *algctx;
56         } kex;
57 
58         struct {
59             EVP_SIGNATURE *signature;
60             /*
61              * Opaque ctx returned from a providers signature algorithm
62              * implementation OSSL_FUNC_signature_newctx()
63              */
64             void *algctx;
65         } sig;
66 
67         struct {
68             EVP_ASYM_CIPHER *cipher;
69             /*
70              * Opaque ctx returned from a providers asymmetric cipher algorithm
71              * implementation OSSL_FUNC_asym_cipher_newctx()
72              */
73             void *algctx;
74         } ciph;
75         struct {
76             EVP_KEM *kem;
77             /*
78              * Opaque ctx returned from a providers KEM algorithm
79              * implementation OSSL_FUNC_kem_newctx()
80              */
81             void *algctx;
82         } encap;
83     } op;
84 
85     /*
86      * Cached parameters.  Inits of operations that depend on these should
87      * call evp_pkey_ctx_use_delayed_data() when the operation has been set
88      * up properly.
89      */
90     struct {
91         /* Distinguishing Identifier, ISO/IEC 15946-3, FIPS 196 */
92         char *dist_id_name; /* The name used with EVP_PKEY_CTX_ctrl_str() */
93         void *dist_id;      /* The distinguishing ID itself */
94         size_t dist_id_len; /* The length of the distinguishing ID */
95 
96         /* Indicators of what has been set.  Keep them together! */
97         unsigned int dist_id_set : 1;
98     } cached_parameters;
99 
100     /* Application specific data, usually used by the callback */
101     void *app_data;
102     /* Keygen callback */
103     EVP_PKEY_gen_cb *pkey_gencb;
104     /* implementation specific keygen data */
105     int *keygen_info;
106     int keygen_info_count;
107 
108     /* Legacy fields below */
109 
110     /* EVP_PKEY identity */
111     int legacy_keytype;
112     /* Method associated with this operation */
113     const EVP_PKEY_METHOD *pmeth;
114     /* Engine that implements this method or NULL if builtin */
115     ENGINE *engine;
116     /* Key: may be NULL */
117     EVP_PKEY *pkey;
118     /* Peer key for key agreement, may be NULL */
119     EVP_PKEY *peerkey;
120     /* Algorithm specific data */
121     void *data;
122     /* Indicator if digest_custom needs to be called */
123     unsigned int flag_call_digest_custom:1;
124     /*
125      * Used to support taking custody of memory in the case of a provider being
126      * used with the deprecated EVP_PKEY_CTX_set_rsa_keygen_pubexp() API. This
127      * member should NOT be used for any other purpose and should be removed
128      * when said deprecated API is excised completely.
129      */
130     BIGNUM *rsa_pubexp;
131 } /* EVP_PKEY_CTX */ ;
132 
133 #define EVP_PKEY_FLAG_DYNAMIC   1
134 
135 struct evp_pkey_method_st {
136     int pkey_id;
137     int flags;
138     int (*init) (EVP_PKEY_CTX *ctx);
139     int (*copy) (EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
140     void (*cleanup) (EVP_PKEY_CTX *ctx);
141     int (*paramgen_init) (EVP_PKEY_CTX *ctx);
142     int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
143     int (*keygen_init) (EVP_PKEY_CTX *ctx);
144     int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey);
145     int (*sign_init) (EVP_PKEY_CTX *ctx);
146     int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
147                  const unsigned char *tbs, size_t tbslen);
148     int (*verify_init) (EVP_PKEY_CTX *ctx);
149     int (*verify) (EVP_PKEY_CTX *ctx,
150                    const unsigned char *sig, size_t siglen,
151                    const unsigned char *tbs, size_t tbslen);
152     int (*verify_recover_init) (EVP_PKEY_CTX *ctx);
153     int (*verify_recover) (EVP_PKEY_CTX *ctx,
154                            unsigned char *rout, size_t *routlen,
155                            const unsigned char *sig, size_t siglen);
156     int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
157     int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
158                     EVP_MD_CTX *mctx);
159     int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
160     int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen,
161                       EVP_MD_CTX *mctx);
162     int (*encrypt_init) (EVP_PKEY_CTX *ctx);
163     int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
164                     const unsigned char *in, size_t inlen);
165     int (*decrypt_init) (EVP_PKEY_CTX *ctx);
166     int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen,
167                     const unsigned char *in, size_t inlen);
168     int (*derive_init) (EVP_PKEY_CTX *ctx);
169     int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
170     int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
171     int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value);
172     int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
173                        const unsigned char *tbs, size_t tbslen);
174     int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig,
175                          size_t siglen, const unsigned char *tbs,
176                          size_t tbslen);
177     int (*check) (EVP_PKEY *pkey);
178     int (*public_check) (EVP_PKEY *pkey);
179     int (*param_check) (EVP_PKEY *pkey);
180 
181     int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx);
182 } /* EVP_PKEY_METHOD */ ;
183 
184 DEFINE_STACK_OF_CONST(EVP_PKEY_METHOD)
185 
186 void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx);
187 
188 const EVP_PKEY_METHOD *ossl_dh_pkey_method(void);
189 const EVP_PKEY_METHOD *ossl_dhx_pkey_method(void);
190 const EVP_PKEY_METHOD *ossl_dsa_pkey_method(void);
191 const EVP_PKEY_METHOD *ossl_ec_pkey_method(void);
192 const EVP_PKEY_METHOD *ossl_ecx25519_pkey_method(void);
193 const EVP_PKEY_METHOD *ossl_ecx448_pkey_method(void);
194 const EVP_PKEY_METHOD *ossl_ed25519_pkey_method(void);
195 const EVP_PKEY_METHOD *ossl_ed448_pkey_method(void);
196 const EVP_PKEY_METHOD *ossl_rsa_pkey_method(void);
197 const EVP_PKEY_METHOD *ossl_rsa_pss_pkey_method(void);
198 
199 struct evp_mac_st {
200     OSSL_PROVIDER *prov;
201     int name_id;
202     char *type_name;
203     const char *description;
204 
205     CRYPTO_REF_COUNT refcnt;
206     CRYPTO_RWLOCK *lock;
207 
208     OSSL_FUNC_mac_newctx_fn *newctx;
209     OSSL_FUNC_mac_dupctx_fn *dupctx;
210     OSSL_FUNC_mac_freectx_fn *freectx;
211     OSSL_FUNC_mac_init_fn *init;
212     OSSL_FUNC_mac_update_fn *update;
213     OSSL_FUNC_mac_final_fn *final;
214     OSSL_FUNC_mac_gettable_params_fn *gettable_params;
215     OSSL_FUNC_mac_gettable_ctx_params_fn *gettable_ctx_params;
216     OSSL_FUNC_mac_settable_ctx_params_fn *settable_ctx_params;
217     OSSL_FUNC_mac_get_params_fn *get_params;
218     OSSL_FUNC_mac_get_ctx_params_fn *get_ctx_params;
219     OSSL_FUNC_mac_set_ctx_params_fn *set_ctx_params;
220 };
221 
222 struct evp_kdf_st {
223     OSSL_PROVIDER *prov;
224     int name_id;
225     char *type_name;
226     const char *description;
227     CRYPTO_REF_COUNT refcnt;
228     CRYPTO_RWLOCK *lock;
229 
230     OSSL_FUNC_kdf_newctx_fn *newctx;
231     OSSL_FUNC_kdf_dupctx_fn *dupctx;
232     OSSL_FUNC_kdf_freectx_fn *freectx;
233     OSSL_FUNC_kdf_reset_fn *reset;
234     OSSL_FUNC_kdf_derive_fn *derive;
235     OSSL_FUNC_kdf_gettable_params_fn *gettable_params;
236     OSSL_FUNC_kdf_gettable_ctx_params_fn *gettable_ctx_params;
237     OSSL_FUNC_kdf_settable_ctx_params_fn *settable_ctx_params;
238     OSSL_FUNC_kdf_get_params_fn *get_params;
239     OSSL_FUNC_kdf_get_ctx_params_fn *get_ctx_params;
240     OSSL_FUNC_kdf_set_ctx_params_fn *set_ctx_params;
241 };
242 
243 #define EVP_ORIG_DYNAMIC    0
244 #define EVP_ORIG_GLOBAL     1
245 #define EVP_ORIG_METH       2
246 
247 struct evp_md_st {
248     /* nid */
249     int type;
250 
251     /* Legacy structure members */
252     int pkey_type;
253     int md_size;
254     unsigned long flags;
255     int origin;
256     int (*init) (EVP_MD_CTX *ctx);
257     int (*update) (EVP_MD_CTX *ctx, const void *data, size_t count);
258     int (*final) (EVP_MD_CTX *ctx, unsigned char *md);
259     int (*copy) (EVP_MD_CTX *to, const EVP_MD_CTX *from);
260     int (*cleanup) (EVP_MD_CTX *ctx);
261     int block_size;
262     int ctx_size;               /* how big does the ctx->md_data need to be */
263     /* control function */
264     int (*md_ctrl) (EVP_MD_CTX *ctx, int cmd, int p1, void *p2);
265 
266     /* New structure members */
267     /* Above comment to be removed when legacy has gone */
268     int name_id;
269     char *type_name;
270     const char *description;
271     OSSL_PROVIDER *prov;
272     CRYPTO_REF_COUNT refcnt;
273     CRYPTO_RWLOCK *lock;
274     OSSL_FUNC_digest_newctx_fn *newctx;
275     OSSL_FUNC_digest_init_fn *dinit;
276     OSSL_FUNC_digest_update_fn *dupdate;
277     OSSL_FUNC_digest_final_fn *dfinal;
278     OSSL_FUNC_digest_digest_fn *digest;
279     OSSL_FUNC_digest_freectx_fn *freectx;
280     OSSL_FUNC_digest_dupctx_fn *dupctx;
281     OSSL_FUNC_digest_get_params_fn *get_params;
282     OSSL_FUNC_digest_set_ctx_params_fn *set_ctx_params;
283     OSSL_FUNC_digest_get_ctx_params_fn *get_ctx_params;
284     OSSL_FUNC_digest_gettable_params_fn *gettable_params;
285     OSSL_FUNC_digest_settable_ctx_params_fn *settable_ctx_params;
286     OSSL_FUNC_digest_gettable_ctx_params_fn *gettable_ctx_params;
287 
288 } /* EVP_MD */ ;
289 
290 struct evp_cipher_st {
291     int nid;
292 
293     int block_size;
294     /* Default value for variable length ciphers */
295     int key_len;
296     int iv_len;
297 
298     /* Legacy structure members */
299     /* Various flags */
300     unsigned long flags;
301     /* How the EVP_CIPHER was created. */
302     int origin;
303     /* init key */
304     int (*init) (EVP_CIPHER_CTX *ctx, const unsigned char *key,
305                  const unsigned char *iv, int enc);
306     /* encrypt/decrypt data */
307     int (*do_cipher) (EVP_CIPHER_CTX *ctx, unsigned char *out,
308                       const unsigned char *in, size_t inl);
309     /* cleanup ctx */
310     int (*cleanup) (EVP_CIPHER_CTX *);
311     /* how big ctx->cipher_data needs to be */
312     int ctx_size;
313     /* Populate a ASN1_TYPE with parameters */
314     int (*set_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *);
315     /* Get parameters from a ASN1_TYPE */
316     int (*get_asn1_parameters) (EVP_CIPHER_CTX *, ASN1_TYPE *);
317     /* Miscellaneous operations */
318     int (*ctrl) (EVP_CIPHER_CTX *, int type, int arg, void *ptr);
319     /* Application data */
320     void *app_data;
321 
322     /* New structure members */
323     /* Above comment to be removed when legacy has gone */
324     int name_id;
325     char *type_name;
326     const char *description;
327     OSSL_PROVIDER *prov;
328     CRYPTO_REF_COUNT refcnt;
329     CRYPTO_RWLOCK *lock;
330     OSSL_FUNC_cipher_newctx_fn *newctx;
331     OSSL_FUNC_cipher_encrypt_init_fn *einit;
332     OSSL_FUNC_cipher_decrypt_init_fn *dinit;
333     OSSL_FUNC_cipher_update_fn *cupdate;
334     OSSL_FUNC_cipher_final_fn *cfinal;
335     OSSL_FUNC_cipher_cipher_fn *ccipher;
336     OSSL_FUNC_cipher_freectx_fn *freectx;
337     OSSL_FUNC_cipher_dupctx_fn *dupctx;
338     OSSL_FUNC_cipher_get_params_fn *get_params;
339     OSSL_FUNC_cipher_get_ctx_params_fn *get_ctx_params;
340     OSSL_FUNC_cipher_set_ctx_params_fn *set_ctx_params;
341     OSSL_FUNC_cipher_gettable_params_fn *gettable_params;
342     OSSL_FUNC_cipher_gettable_ctx_params_fn *gettable_ctx_params;
343     OSSL_FUNC_cipher_settable_ctx_params_fn *settable_ctx_params;
344 } /* EVP_CIPHER */ ;
345 
346 /* Macros to code block cipher wrappers */
347 
348 /* Wrapper functions for each cipher mode */
349 
350 #define EVP_C_DATA(kstruct, ctx) \
351         ((kstruct *)EVP_CIPHER_CTX_get_cipher_data(ctx))
352 
353 #define BLOCK_CIPHER_ecb_loop() \
354         size_t i, bl; \
355         bl = EVP_CIPHER_CTX_get0_cipher(ctx)->block_size;    \
356         if (inl < bl) return 1;\
357         inl -= bl; \
358         for (i=0; i <= inl; i+=bl)
359 
360 #define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
361 static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
362 {\
363         BLOCK_CIPHER_ecb_loop() \
364             cprefix##_ecb_encrypt(in + i, out + i, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_is_encrypting(ctx)); \
365         return 1;\
366 }
367 
368 #define EVP_MAXCHUNK ((size_t)1 << 30)
369 
370 #define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \
371     static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
372 {\
373         while(inl>=EVP_MAXCHUNK) {\
374             int num = EVP_CIPHER_CTX_get_num(ctx);\
375             cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \
376             EVP_CIPHER_CTX_set_num(ctx, num);\
377             inl-=EVP_MAXCHUNK;\
378             in +=EVP_MAXCHUNK;\
379             out+=EVP_MAXCHUNK;\
380         }\
381         if (inl) {\
382             int num = EVP_CIPHER_CTX_get_num(ctx);\
383             cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \
384             EVP_CIPHER_CTX_set_num(ctx, num);\
385         }\
386         return 1;\
387 }
388 
389 #define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
390 static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
391 {\
392         while(inl>=EVP_MAXCHUNK) \
393             {\
394             cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx));\
395             inl-=EVP_MAXCHUNK;\
396             in +=EVP_MAXCHUNK;\
397             out+=EVP_MAXCHUNK;\
398             }\
399         if (inl)\
400             cprefix##_cbc_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx));\
401         return 1;\
402 }
403 
404 #define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched)  \
405 static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, size_t inl) \
406 {\
407     size_t chunk = EVP_MAXCHUNK;\
408     if (cbits == 1)  chunk >>= 3;\
409     if (inl < chunk) chunk = inl;\
410     while (inl && inl >= chunk)\
411     {\
412         int num = EVP_CIPHER_CTX_get_num(ctx);\
413         cprefix##_cfb##cbits##_encrypt(in, out, (long) \
414             ((cbits == 1) \
415                 && !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) \
416                 ? chunk*8 : chunk), \
417             &EVP_C_DATA(kstruct, ctx)->ksched, ctx->iv,\
418             &num, EVP_CIPHER_CTX_is_encrypting(ctx));\
419         EVP_CIPHER_CTX_set_num(ctx, num);\
420         inl -= chunk;\
421         in += chunk;\
422         out += chunk;\
423         if (inl < chunk) chunk = inl;\
424     }\
425     return 1;\
426 }
427 
428 #define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
429         BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
430         BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
431         BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
432         BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched)
433 
434 #define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \
435                           key_len, iv_len, flags, init_key, cleanup, \
436                           set_asn1, get_asn1, ctrl) \
437 static const EVP_CIPHER cname##_##mode = { \
438         nid##_##nmode, block_size, key_len, iv_len, \
439         flags | EVP_CIPH_##MODE##_MODE, \
440         EVP_ORIG_GLOBAL, \
441         init_key, \
442         cname##_##mode##_cipher, \
443         cleanup, \
444         sizeof(kstruct), \
445         set_asn1, get_asn1,\
446         ctrl, \
447         NULL \
448 }; \
449 const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; }
450 
451 #define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \
452                              iv_len, flags, init_key, cleanup, set_asn1, \
453                              get_asn1, ctrl) \
454 BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \
455                   iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
456 
457 #define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \
458                              iv_len, cbits, flags, init_key, cleanup, \
459                              set_asn1, get_asn1, ctrl) \
460 BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \
461                   key_len, iv_len, flags, init_key, cleanup, set_asn1, \
462                   get_asn1, ctrl)
463 
464 #define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \
465                              iv_len, cbits, flags, init_key, cleanup, \
466                              set_asn1, get_asn1, ctrl) \
467 BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \
468                   key_len, iv_len, flags, init_key, cleanup, set_asn1, \
469                   get_asn1, ctrl)
470 
471 #define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \
472                              flags, init_key, cleanup, set_asn1, \
473                              get_asn1, ctrl) \
474 BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \
475                   0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
476 
477 #define BLOCK_CIPHER_defs(cname, kstruct, \
478                           nid, block_size, key_len, iv_len, cbits, flags, \
479                           init_key, cleanup, set_asn1, get_asn1, ctrl) \
480 BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
481                      init_key, cleanup, set_asn1, get_asn1, ctrl) \
482 BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \
483                      flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
484 BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \
485                      flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
486 BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \
487                      init_key, cleanup, set_asn1, get_asn1, ctrl)
488 
489 /*-
490 #define BLOCK_CIPHER_defs(cname, kstruct, \
491                                 nid, block_size, key_len, iv_len, flags,\
492                                  init_key, cleanup, set_asn1, get_asn1, ctrl)\
493 static const EVP_CIPHER cname##_cbc = {\
494         nid##_cbc, block_size, key_len, iv_len, \
495         flags | EVP_CIPH_CBC_MODE,\
496         EVP_ORIG_GLOBAL,\
497         init_key,\
498         cname##_cbc_cipher,\
499         cleanup,\
500         sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
501                 sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
502         set_asn1, get_asn1,\
503         ctrl, \
504         NULL \
505 };\
506 const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\
507 static const EVP_CIPHER cname##_cfb = {\
508         nid##_cfb64, 1, key_len, iv_len, \
509         flags | EVP_CIPH_CFB_MODE,\
510         EVP_ORIG_GLOBAL,\
511         init_key,\
512         cname##_cfb_cipher,\
513         cleanup,\
514         sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
515                 sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
516         set_asn1, get_asn1,\
517         ctrl,\
518         NULL \
519 };\
520 const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\
521 static const EVP_CIPHER cname##_ofb = {\
522         nid##_ofb64, 1, key_len, iv_len, \
523         flags | EVP_CIPH_OFB_MODE,\
524         EVP_ORIG_GLOBAL,\
525         init_key,\
526         cname##_ofb_cipher,\
527         cleanup,\
528         sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
529                 sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
530         set_asn1, get_asn1,\
531         ctrl,\
532         NULL \
533 };\
534 const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\
535 static const EVP_CIPHER cname##_ecb = {\
536         nid##_ecb, block_size, key_len, iv_len, \
537         flags | EVP_CIPH_ECB_MODE,\
538         EVP_ORIG_GLOBAL,\
539         init_key,\
540         cname##_ecb_cipher,\
541         cleanup,\
542         sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
543                 sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
544         set_asn1, get_asn1,\
545         ctrl,\
546         NULL \
547 };\
548 const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
549 */
550 
551 #define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \
552                                block_size, key_len, iv_len, cbits, \
553                                flags, init_key, \
554                                cleanup, set_asn1, get_asn1, ctrl) \
555         BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
556         BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \
557                           cbits, flags, init_key, cleanup, set_asn1, \
558                           get_asn1, ctrl)
559 
560 #define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,fl) \
561         BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
562         BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
563                              NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
564                              (fl)|EVP_CIPH_FLAG_DEFAULT_ASN1, \
565                              cipher##_init_key, NULL, NULL, NULL, NULL)
566 
567 typedef struct {
568     unsigned char iv[EVP_MAX_IV_LENGTH];
569     unsigned int iv_len;
570     unsigned int tag_len;
571 } evp_cipher_aead_asn1_params;
572 
573 int evp_cipher_param_to_asn1_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type,
574                                 evp_cipher_aead_asn1_params *params);
575 
576 int evp_cipher_asn1_to_param_ex(EVP_CIPHER_CTX *c, ASN1_TYPE *type,
577                                 evp_cipher_aead_asn1_params *params);
578 
579 /*
580  * To support transparent execution of operation in backends other
581  * than the "origin" key, we support transparent export/import to
582  * those providers, and maintain a cache of the imported keydata,
583  * so we don't need to redo the export/import every time we perform
584  * the same operation in that same provider.
585  * This requires that the "origin" backend (whether it's a legacy or a
586  * provider "origin") implements exports, and that the target provider
587  * has an EVP_KEYMGMT that implements import.
588  */
589 typedef struct {
590     EVP_KEYMGMT *keymgmt;
591     void *keydata;
592 } OP_CACHE_ELEM;
593 
594 DEFINE_STACK_OF(OP_CACHE_ELEM)
595 
596 /*
597  * An EVP_PKEY can have the following states:
598  *
599  * untyped & empty:
600  *
601  *     type == EVP_PKEY_NONE && keymgmt == NULL
602  *
603  * typed & empty:
604  *
605  *     (type != EVP_PKEY_NONE && pkey.ptr == NULL)      ## legacy (libcrypto only)
606  *     || (keymgmt != NULL && keydata == NULL)          ## provider side
607  *
608  * fully assigned:
609  *
610  *     (type != EVP_PKEY_NONE && pkey.ptr != NULL)      ## legacy (libcrypto only)
611  *     || (keymgmt != NULL && keydata != NULL)          ## provider side
612  *
613  * The easiest way to detect a legacy key is:
614  *
615  *     keymgmt == NULL && type != EVP_PKEY_NONE
616  *
617  * The easiest way to detect a provider side key is:
618  *
619  *     keymgmt != NULL
620  */
621 #define evp_pkey_is_blank(pk)                                   \
622     ((pk)->type == EVP_PKEY_NONE && (pk)->keymgmt == NULL)
623 #define evp_pkey_is_typed(pk)                                   \
624     ((pk)->type != EVP_PKEY_NONE || (pk)->keymgmt != NULL)
625 #ifndef FIPS_MODULE
626 # define evp_pkey_is_assigned(pk)                               \
627     ((pk)->pkey.ptr != NULL || (pk)->keydata != NULL)
628 #else
629 # define evp_pkey_is_assigned(pk)                               \
630     ((pk)->keydata != NULL)
631 #endif
632 #define evp_pkey_is_legacy(pk)                                  \
633     ((pk)->type != EVP_PKEY_NONE && (pk)->keymgmt == NULL)
634 #define evp_pkey_is_provided(pk)                                \
635     ((pk)->keymgmt != NULL)
636 
637 union legacy_pkey_st {
638     void *ptr;
639     struct rsa_st *rsa;     /* RSA */
640 #  ifndef OPENSSL_NO_DSA
641     struct dsa_st *dsa;     /* DSA */
642 #  endif
643 #  ifndef OPENSSL_NO_DH
644     struct dh_st *dh;       /* DH */
645 #  endif
646 #  ifndef OPENSSL_NO_EC
647     struct ec_key_st *ec;   /* ECC */
648     ECX_KEY *ecx;           /* X25519, X448, Ed25519, Ed448 */
649 #  endif
650 };
651 
652 struct evp_pkey_st {
653     /* == Legacy attributes == */
654     int type;
655     int save_type;
656 
657 # ifndef FIPS_MODULE
658     /*
659      * Legacy key "origin" is composed of a pointer to an EVP_PKEY_ASN1_METHOD,
660      * a pointer to a low level key and possibly a pointer to an engine.
661      */
662     const EVP_PKEY_ASN1_METHOD *ameth;
663     ENGINE *engine;
664     ENGINE *pmeth_engine; /* If not NULL public key ENGINE to use */
665 
666     /* Union to store the reference to an origin legacy key */
667     union legacy_pkey_st pkey;
668 
669     /* Union to store the reference to a non-origin legacy key */
670     union legacy_pkey_st legacy_cache_pkey;
671 # endif
672 
673     /* == Common attributes == */
674     CRYPTO_REF_COUNT references;
675     CRYPTO_RWLOCK *lock;
676 #ifndef FIPS_MODULE
677     STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */
678     int save_parameters;
679     unsigned int foreign:1; /* the low-level key is using an engine or an app-method */
680     CRYPTO_EX_DATA ex_data;
681 #endif
682 
683     /* == Provider attributes == */
684 
685     /*
686      * Provider keydata "origin" is composed of a pointer to an EVP_KEYMGMT
687      * and a pointer to the provider side key data.  This is never used at
688      * the same time as the legacy key data above.
689      */
690     EVP_KEYMGMT *keymgmt;
691     void *keydata;
692     /*
693      * If any libcrypto code does anything that may modify the keydata
694      * contents, this dirty counter must be incremented.
695      */
696     size_t dirty_cnt;
697 
698     /*
699      * To support transparent execution of operation in backends other
700      * than the "origin" key, we support transparent export/import to
701      * those providers, and maintain a cache of the imported keydata,
702      * so we don't need to redo the export/import every time we perform
703      * the same operation in that same provider.
704      */
705     STACK_OF(OP_CACHE_ELEM) *operation_cache;
706 
707     /*
708      * We keep a copy of that "origin"'s dirty count, so we know if the
709      * operation cache needs flushing.
710      */
711     size_t dirty_cnt_copy;
712 
713     /* Cache of key object information */
714     struct {
715         int bits;
716         int security_bits;
717         int size;
718     } cache;
719 } /* EVP_PKEY */ ;
720 
721 #define EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) \
722     ((ctx)->operation == EVP_PKEY_OP_SIGN \
723      || (ctx)->operation == EVP_PKEY_OP_SIGNCTX \
724      || (ctx)->operation == EVP_PKEY_OP_VERIFY \
725      || (ctx)->operation == EVP_PKEY_OP_VERIFYCTX \
726      || (ctx)->operation == EVP_PKEY_OP_VERIFYRECOVER)
727 
728 #define EVP_PKEY_CTX_IS_DERIVE_OP(ctx) \
729     ((ctx)->operation == EVP_PKEY_OP_DERIVE)
730 
731 #define EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) \
732     ((ctx)->operation == EVP_PKEY_OP_ENCRYPT \
733      || (ctx)->operation == EVP_PKEY_OP_DECRYPT)
734 
735 #define EVP_PKEY_CTX_IS_GEN_OP(ctx) \
736     ((ctx)->operation == EVP_PKEY_OP_PARAMGEN \
737      || (ctx)->operation == EVP_PKEY_OP_KEYGEN)
738 
739 #define EVP_PKEY_CTX_IS_FROMDATA_OP(ctx) \
740     ((ctx)->operation == EVP_PKEY_OP_FROMDATA)
741 
742 #define EVP_PKEY_CTX_IS_KEM_OP(ctx) \
743     ((ctx)->operation == EVP_PKEY_OP_ENCAPSULATE \
744      || (ctx)->operation == EVP_PKEY_OP_DECAPSULATE)
745 
746 void openssl_add_all_ciphers_int(void);
747 void openssl_add_all_digests_int(void);
748 void evp_cleanup_int(void);
749 void evp_app_cleanup_int(void);
750 void *evp_pkey_export_to_provider(EVP_PKEY *pk, OSSL_LIB_CTX *libctx,
751                                   EVP_KEYMGMT **keymgmt,
752                                   const char *propquery);
753 #ifndef FIPS_MODULE
754 int evp_pkey_copy_downgraded(EVP_PKEY **dest, const EVP_PKEY *src);
755 void *evp_pkey_get_legacy(EVP_PKEY *pk);
756 void evp_pkey_free_legacy(EVP_PKEY *x);
757 EVP_PKEY *evp_pkcs82pkey_legacy(const PKCS8_PRIV_KEY_INFO *p8inf,
758                                 OSSL_LIB_CTX *libctx, const char *propq);
759 #endif
760 
761 /*
762  * KEYMGMT utility functions
763  */
764 
765 /*
766  * Key import structure and helper function, to be used as an export callback
767  */
768 struct evp_keymgmt_util_try_import_data_st {
769     EVP_KEYMGMT *keymgmt;
770     void *keydata;
771 
772     int selection;
773 };
774 int evp_keymgmt_util_try_import(const OSSL_PARAM params[], void *arg);
775 int evp_keymgmt_util_assign_pkey(EVP_PKEY *pkey, EVP_KEYMGMT *keymgmt,
776                                  void *keydata);
777 EVP_PKEY *evp_keymgmt_util_make_pkey(EVP_KEYMGMT *keymgmt, void *keydata);
778 
779 int evp_keymgmt_util_export(const EVP_PKEY *pk, int selection,
780                             OSSL_CALLBACK *export_cb, void *export_cbarg);
781 void *evp_keymgmt_util_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt);
782 OP_CACHE_ELEM *evp_keymgmt_util_find_operation_cache(EVP_PKEY *pk,
783                                                      EVP_KEYMGMT *keymgmt);
784 int evp_keymgmt_util_clear_operation_cache(EVP_PKEY *pk, int locking);
785 int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk,
786                                    EVP_KEYMGMT *keymgmt, void *keydata);
787 void evp_keymgmt_util_cache_keyinfo(EVP_PKEY *pk);
788 void *evp_keymgmt_util_fromdata(EVP_PKEY *target, EVP_KEYMGMT *keymgmt,
789                                 int selection, const OSSL_PARAM params[]);
790 int evp_keymgmt_util_has(EVP_PKEY *pk, int selection);
791 int evp_keymgmt_util_match(EVP_PKEY *pk1, EVP_PKEY *pk2, int selection);
792 int evp_keymgmt_util_copy(EVP_PKEY *to, EVP_PKEY *from, int selection);
793 void *evp_keymgmt_util_gen(EVP_PKEY *target, EVP_KEYMGMT *keymgmt,
794                            void *genctx, OSSL_CALLBACK *cb, void *cbarg);
795 int evp_keymgmt_util_get_deflt_digest_name(EVP_KEYMGMT *keymgmt,
796                                            void *keydata,
797                                            char *mdname, size_t mdname_sz);
798 const char *evp_keymgmt_util_query_operation_name(EVP_KEYMGMT *keymgmt,
799                                                   int op_id);
800 
801 /*
802  * KEYMGMT provider interface functions
803  */
804 void *evp_keymgmt_newdata(const EVP_KEYMGMT *keymgmt);
805 void evp_keymgmt_freedata(const EVP_KEYMGMT *keymgmt, void *keyddata);
806 int evp_keymgmt_get_params(const EVP_KEYMGMT *keymgmt,
807                            void *keydata, OSSL_PARAM params[]);
808 int evp_keymgmt_set_params(const EVP_KEYMGMT *keymgmt,
809                            void *keydata, const OSSL_PARAM params[]);
810 void *evp_keymgmt_gen_init(const EVP_KEYMGMT *keymgmt, int selection,
811                            const OSSL_PARAM params[]);
812 int evp_keymgmt_gen_set_template(const EVP_KEYMGMT *keymgmt, void *genctx,
813                                  void *template);
814 int evp_keymgmt_gen_set_params(const EVP_KEYMGMT *keymgmt, void *genctx,
815                                const OSSL_PARAM params[]);
816 void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx,
817                       OSSL_CALLBACK *cb, void *cbarg);
818 void evp_keymgmt_gen_cleanup(const EVP_KEYMGMT *keymgmt, void *genctx);
819 
820 int evp_keymgmt_has_load(const EVP_KEYMGMT *keymgmt);
821 void *evp_keymgmt_load(const EVP_KEYMGMT *keymgmt,
822                        const void *objref, size_t objref_sz);
823 
824 int evp_keymgmt_has(const EVP_KEYMGMT *keymgmt, void *keyddata, int selection);
825 int evp_keymgmt_validate(const EVP_KEYMGMT *keymgmt, void *keydata,
826                          int selection, int checktype);
827 int evp_keymgmt_match(const EVP_KEYMGMT *keymgmt,
828                       const void *keydata1, const void *keydata2,
829                       int selection);
830 
831 int evp_keymgmt_import(const EVP_KEYMGMT *keymgmt, void *keydata,
832                        int selection, const OSSL_PARAM params[]);
833 const OSSL_PARAM *evp_keymgmt_import_types(const EVP_KEYMGMT *keymgmt,
834                                            int selection);
835 int evp_keymgmt_export(const EVP_KEYMGMT *keymgmt, void *keydata,
836                        int selection, OSSL_CALLBACK *param_cb, void *cbarg);
837 const OSSL_PARAM *evp_keymgmt_export_types(const EVP_KEYMGMT *keymgmt,
838                                            int selection);
839 void *evp_keymgmt_dup(const EVP_KEYMGMT *keymgmt,
840                       const void *keydata_from, int selection);
841 EVP_KEYMGMT *evp_keymgmt_fetch_from_prov(OSSL_PROVIDER *prov,
842                                          const char *name,
843                                          const char *properties);
844 
845 /* Pulling defines out of C source files */
846 
847 # define EVP_RC4_KEY_SIZE 16
848 # ifndef TLS1_1_VERSION
849 #  define TLS1_1_VERSION   0x0302
850 # endif
851 
852 void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags);
853 
854 /* EVP_ENCODE_CTX flags */
855 /* Don't generate new lines when encoding */
856 #define EVP_ENCODE_CTX_NO_NEWLINES          1
857 /* Use the SRP base64 alphabet instead of the standard one */
858 #define EVP_ENCODE_CTX_USE_SRP_ALPHABET     2
859 
860 const EVP_CIPHER *evp_get_cipherbyname_ex(OSSL_LIB_CTX *libctx,
861                                           const char *name);
862 const EVP_MD *evp_get_digestbyname_ex(OSSL_LIB_CTX *libctx,
863                                       const char *name);
864 
865 int ossl_pkcs5_pbkdf2_hmac_ex(const char *pass, int passlen,
866                               const unsigned char *salt, int saltlen, int iter,
867                               const EVP_MD *digest, int keylen,
868                               unsigned char *out,
869                               OSSL_LIB_CTX *libctx, const char *propq);
870 
871 # ifndef FIPS_MODULE
872 /*
873  * Internal helpers for stricter EVP_PKEY_CTX_{set,get}_params().
874  *
875  * Return 1 on success, 0 or negative for errors.
876  *
877  * In particular they return -2 if any of the params is not supported.
878  *
879  * They are not available in FIPS_MODULE as they depend on
880  *      - EVP_PKEY_CTX_{get,set}_params()
881  *      - EVP_PKEY_CTX_{gettable,settable}_params()
882  *
883  */
884 int evp_pkey_ctx_set_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params);
885 int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX *ctx, OSSL_PARAM *params);
886 
887 EVP_MD_CTX *evp_md_ctx_new_ex(EVP_PKEY *pkey, const ASN1_OCTET_STRING *id,
888                               OSSL_LIB_CTX *libctx, const char *propq);
889 int evp_pkey_name2type(const char *name);
890 const char *evp_pkey_type2name(int type);
891 
892 int evp_pkey_ctx_set1_id_prov(EVP_PKEY_CTX *ctx, const void *id, int len);
893 int evp_pkey_ctx_get1_id_prov(EVP_PKEY_CTX *ctx, void *id);
894 int evp_pkey_ctx_get1_id_len_prov(EVP_PKEY_CTX *ctx, size_t *id_len);
895 
896 int evp_pkey_ctx_use_cached_data(EVP_PKEY_CTX *ctx);
897 # endif /* !defined(FIPS_MODULE) */
898 
899 int evp_method_store_cache_flush(OSSL_LIB_CTX *libctx);
900 int evp_method_store_remove_all_provided(const OSSL_PROVIDER *prov);
901 
902 int evp_default_properties_enable_fips_int(OSSL_LIB_CTX *libctx, int enable,
903                                            int loadconfig);
904 int evp_set_default_properties_int(OSSL_LIB_CTX *libctx, const char *propq,
905                                    int loadconfig, int mirrored);
906 char *evp_get_global_properties_str(OSSL_LIB_CTX *libctx, int loadconfig);
907 
908 void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force, int keep_digest);
909 
910 /* Three possible states: */
911 # define EVP_PKEY_STATE_UNKNOWN         0
912 # define EVP_PKEY_STATE_LEGACY          1
913 # define EVP_PKEY_STATE_PROVIDER        2
914 int evp_pkey_ctx_state(const EVP_PKEY_CTX *ctx);
915 
916 /* These two must ONLY be called for provider side operations */
917 int evp_pkey_ctx_ctrl_to_param(EVP_PKEY_CTX *ctx,
918                                int keytype, int optype,
919                                int cmd, int p1, void *p2);
920 int evp_pkey_ctx_ctrl_str_to_param(EVP_PKEY_CTX *ctx,
921                                    const char *name, const char *value);
922 
923 /* These two must ONLY be called for legacy operations */
924 int evp_pkey_ctx_set_params_to_ctrl(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params);
925 int evp_pkey_ctx_get_params_to_ctrl(EVP_PKEY_CTX *ctx, OSSL_PARAM *params);
926 
927 /* This must ONLY be called for legacy EVP_PKEYs */
928 int evp_pkey_get_params_to_ctrl(const EVP_PKEY *pkey, OSSL_PARAM *params);
929 
930 /* Same as the public get0 functions but are not const */
931 # ifndef OPENSSL_NO_DEPRECATED_3_0
932 DH *evp_pkey_get0_DH_int(const EVP_PKEY *pkey);
933 EC_KEY *evp_pkey_get0_EC_KEY_int(const EVP_PKEY *pkey);
934 RSA *evp_pkey_get0_RSA_int(const EVP_PKEY *pkey);
935 # endif
936 
937 /* Get internal identification number routines */
938 int evp_asym_cipher_get_number(const EVP_ASYM_CIPHER *cipher);
939 int evp_cipher_get_number(const EVP_CIPHER *cipher);
940 int evp_kdf_get_number(const EVP_KDF *kdf);
941 int evp_kem_get_number(const EVP_KEM *wrap);
942 int evp_keyexch_get_number(const EVP_KEYEXCH *keyexch);
943 int evp_keymgmt_get_number(const EVP_KEYMGMT *keymgmt);
944 int evp_mac_get_number(const EVP_MAC *mac);
945 int evp_md_get_number(const EVP_MD *md);
946 int evp_rand_get_number(const EVP_RAND *rand);
947 int evp_signature_get_number(const EVP_SIGNATURE *signature);
948 
949 #endif /* OSSL_CRYPTO_EVP_H */
950