evp.h@ 95288

Last change on this file since 95288 was 94404, checked in by vboxsync, 3 years ago
libs/openssl: Update to 3.0.2 and switch to it, bugref:10128
File size: 35.6 KB

Line
1	/*
2	* Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
3	*
4	* Licensed under the Apache License 2.0 (the "License"). You may not use
5	* this file except in compliance with the License. You can obtain a copy
6	* in the file LICENSE in the source distribution or at
7	* https://www.openssl.org/source/license.html
8	*/
9
10	#ifndef OSSL_CRYPTO_EVP_H
11	# define OSSL_CRYPTO_EVP_H
12	# pragma once
13
14	# include <openssl/evp.h>
15	# include <openssl/core_dispatch.h>
16	# include "internal/refcount.h"
17	# include "crypto/ecx.h"
18
19	/*
20	* Don't free up md_ctx->pctx in EVP_MD_CTX_reset, use the reserved flag
21	* values in evp.h
22	*/
23	#define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX 0x0400
24
25	#define evp_pkey_ctx_is_legacy(ctx) \
26	((ctx)->keymgmt == NULL)
27	#define evp_pkey_ctx_is_provided(ctx) \
28	(!evp_pkey_ctx_is_legacy(ctx))
29
30	struct evp_pkey_ctx_st {
31	/* Actual operation */
32	int operation;
33
34	/*
35	* Library context, property query, keytype and keymgmt associated with
36	* this context
37	*/
38	OSSL_LIB_CTX *libctx;
39	char *propquery;
40	const char *keytype;
41	/* If \|pkey\| below is set, this field is always a reference to its keymgmt */
42	EVP_KEYMGMT *keymgmt;
43
44	union {
45	struct {
46	void *genctx;
47	} keymgmt;
48
49	struct {
50	EVP_KEYEXCH *exchange;
51	/*
52	* Opaque ctx returned from a providers exchange algorithm
53	* implementation OSSL_FUNC_keyexch_newctx()
54	*/
55	void *algctx;
56	} kex;
57
58	struct {
59	EVP_SIGNATURE *signature;
60	/*
61	* Opaque ctx returned from a providers signature algorithm
62	* implementation OSSL_FUNC_signature_newctx()
63	*/
64	void *algctx;
65	} sig;
66
67	struct {
68	EVP_ASYM_CIPHER *cipher;
69	/*
70	* Opaque ctx returned from a providers asymmetric cipher algorithm
71	* implementation OSSL_FUNC_asym_cipher_newctx()
72	*/
73	void *algctx;
74	} ciph;
75	struct {
76	EVP_KEM *kem;
77	/*
78	* Opaque ctx returned from a providers KEM algorithm
79	* implementation OSSL_FUNC_kem_newctx()
80	*/
81	void *algctx;
82	} encap;
83	} op;
84
85	/*
86	* Cached parameters. Inits of operations that depend on these should
87	* call evp_pkey_ctx_use_delayed_data() when the operation has been set
88	* up properly.
89	*/
90	struct {
91	/* Distinguishing Identifier, ISO/IEC 15946-3, FIPS 196 */
92	char dist_id_name; / The name used with EVP_PKEY_CTX_ctrl_str() */
93	void dist_id; / The distinguishing ID itself */
94	size_t dist_id_len; /* The length of the distinguishing ID */
95
96	/* Indicators of what has been set. Keep them together! */
97	unsigned int dist_id_set : 1;
98	} cached_parameters;
99
100	/* Application specific data, usually used by the callback */
101	void *app_data;
102	/* Keygen callback */
103	EVP_PKEY_gen_cb *pkey_gencb;
104	/* implementation specific keygen data */
105	int *keygen_info;
106	int keygen_info_count;
107
108	/* Legacy fields below */
109
110	/* EVP_PKEY identity */
111	int legacy_keytype;
112	/* Method associated with this operation */
113	const EVP_PKEY_METHOD *pmeth;
114	/* Engine that implements this method or NULL if builtin */
115	ENGINE *engine;
116	/* Key: may be NULL */
117	EVP_PKEY *pkey;
118	/* Peer key for key agreement, may be NULL */
119	EVP_PKEY *peerkey;
120	/* Algorithm specific data */
121	void *data;
122	/* Indicator if digest_custom needs to be called */
123	unsigned int flag_call_digest_custom:1;
124	/*
125	* Used to support taking custody of memory in the case of a provider being
126	* used with the deprecated EVP_PKEY_CTX_set_rsa_keygen_pubexp() API. This
127	* member should NOT be used for any other purpose and should be removed
128	* when said deprecated API is excised completely.
129	*/
130	BIGNUM *rsa_pubexp;
131	} /* EVP_PKEY_CTX */ ;
132
133	#define EVP_PKEY_FLAG_DYNAMIC 1
134
135	struct evp_pkey_method_st {
136	int pkey_id;
137	int flags;
138	int (init) (EVP_PKEY_CTX ctx);
139	int (copy) (EVP_PKEY_CTX dst, const EVP_PKEY_CTX *src);
140	void (cleanup) (EVP_PKEY_CTX ctx);
141	int (paramgen_init) (EVP_PKEY_CTX ctx);
142	int (paramgen) (EVP_PKEY_CTX ctx, EVP_PKEY *pkey);
143	int (keygen_init) (EVP_PKEY_CTX ctx);
144	int (keygen) (EVP_PKEY_CTX ctx, EVP_PKEY *pkey);
145	int (sign_init) (EVP_PKEY_CTX ctx);
146	int (sign) (EVP_PKEY_CTX ctx, unsigned char sig, size_t siglen,
147	const unsigned char *tbs, size_t tbslen);
148	int (verify_init) (EVP_PKEY_CTX ctx);
149	int (verify) (EVP_PKEY_CTX ctx,
150	const unsigned char *sig, size_t siglen,
151	const unsigned char *tbs, size_t tbslen);
152	int (verify_recover_init) (EVP_PKEY_CTX ctx);
153	int (verify_recover) (EVP_PKEY_CTX ctx,
154	unsigned char rout, size_t routlen,
155	const unsigned char *sig, size_t siglen);
156	int (signctx_init) (EVP_PKEY_CTX ctx, EVP_MD_CTX *mctx);
157	int (signctx) (EVP_PKEY_CTX ctx, unsigned char sig, size_t siglen,
158	EVP_MD_CTX *mctx);
159	int (verifyctx_init) (EVP_PKEY_CTX ctx, EVP_MD_CTX *mctx);
160	int (verifyctx) (EVP_PKEY_CTX ctx, const unsigned char *sig, int siglen,
161	EVP_MD_CTX *mctx);
162	int (encrypt_init) (EVP_PKEY_CTX ctx);
163	int (encrypt) (EVP_PKEY_CTX ctx, unsigned char out, size_t outlen,
164	const unsigned char *in, size_t inlen);
165	int (decrypt_init) (EVP_PKEY_CTX ctx);
166	int (decrypt) (EVP_PKEY_CTX ctx, unsigned char out, size_t outlen,
167	const unsigned char *in, size_t inlen);
168	int (derive_init) (EVP_PKEY_CTX ctx);
169	int (derive) (EVP_PKEY_CTX ctx, unsigned char key, size_t keylen);
170	int (ctrl) (EVP_PKEY_CTX ctx, int type, int p1, void *p2);
171	int (ctrl_str) (EVP_PKEY_CTX ctx, const char type, const char value);
172	int (digestsign) (EVP_MD_CTX ctx, unsigned char sig, size_t siglen,
173	const unsigned char *tbs, size_t tbslen);
174	int (digestverify) (EVP_MD_CTX ctx, const unsigned char *sig,
175	size_t siglen, const unsigned char *tbs,
176	size_t tbslen);
177	int (check) (EVP_PKEY pkey);
178	int (public_check) (EVP_PKEY pkey);
179	int (param_check) (EVP_PKEY pkey);
180
181	int (digest_custom) (EVP_PKEY_CTX ctx, EVP_MD_CTX *mctx);
182	} /* EVP_PKEY_METHOD */ ;
183
184	DEFINE_STACK_OF_CONST(EVP_PKEY_METHOD)
185
186	void evp_pkey_set_cb_translate(BN_GENCB cb, EVP_PKEY_CTX ctx);
187
188	const EVP_PKEY_METHOD *ossl_dh_pkey_method(void);
189	const EVP_PKEY_METHOD *ossl_dhx_pkey_method(void);
190	const EVP_PKEY_METHOD *ossl_dsa_pkey_method(void);
191	const EVP_PKEY_METHOD *ossl_ec_pkey_method(void);
192	const EVP_PKEY_METHOD *ossl_ecx25519_pkey_method(void);
193	const EVP_PKEY_METHOD *ossl_ecx448_pkey_method(void);
194	const EVP_PKEY_METHOD *ossl_ed25519_pkey_method(void);
195	const EVP_PKEY_METHOD *ossl_ed448_pkey_method(void);
196	const EVP_PKEY_METHOD *ossl_rsa_pkey_method(void);
197	const EVP_PKEY_METHOD *ossl_rsa_pss_pkey_method(void);
198
199	struct evp_mac_st {
200	OSSL_PROVIDER *prov;
201	int name_id;
202	char *type_name;
203	const char *description;
204
205	CRYPTO_REF_COUNT refcnt;
206	CRYPTO_RWLOCK *lock;
207
208	OSSL_FUNC_mac_newctx_fn *newctx;
209	OSSL_FUNC_mac_dupctx_fn *dupctx;
210	OSSL_FUNC_mac_freectx_fn *freectx;
211	OSSL_FUNC_mac_init_fn *init;
212	OSSL_FUNC_mac_update_fn *update;
213	OSSL_FUNC_mac_final_fn *final;
214	OSSL_FUNC_mac_gettable_params_fn *gettable_params;
215	OSSL_FUNC_mac_gettable_ctx_params_fn *gettable_ctx_params;
216	OSSL_FUNC_mac_settable_ctx_params_fn *settable_ctx_params;
217	OSSL_FUNC_mac_get_params_fn *get_params;
218	OSSL_FUNC_mac_get_ctx_params_fn *get_ctx_params;
219	OSSL_FUNC_mac_set_ctx_params_fn *set_ctx_params;
220	};
221
222	struct evp_kdf_st {
223	OSSL_PROVIDER *prov;
224	int name_id;
225	char *type_name;
226	const char *description;
227	CRYPTO_REF_COUNT refcnt;
228	CRYPTO_RWLOCK *lock;
229
230	OSSL_FUNC_kdf_newctx_fn *newctx;
231	OSSL_FUNC_kdf_dupctx_fn *dupctx;
232	OSSL_FUNC_kdf_freectx_fn *freectx;
233	OSSL_FUNC_kdf_reset_fn *reset;
234	OSSL_FUNC_kdf_derive_fn *derive;
235	OSSL_FUNC_kdf_gettable_params_fn *gettable_params;
236	OSSL_FUNC_kdf_gettable_ctx_params_fn *gettable_ctx_params;
237	OSSL_FUNC_kdf_settable_ctx_params_fn *settable_ctx_params;
238	OSSL_FUNC_kdf_get_params_fn *get_params;
239	OSSL_FUNC_kdf_get_ctx_params_fn *get_ctx_params;
240	OSSL_FUNC_kdf_set_ctx_params_fn *set_ctx_params;
241	};
242
243	#define EVP_ORIG_DYNAMIC 0
244	#define EVP_ORIG_GLOBAL 1
245	#define EVP_ORIG_METH 2
246
247	struct evp_md_st {
248	/* nid */
249	int type;
250
251	/* Legacy structure members */
252	int pkey_type;
253	int md_size;
254	unsigned long flags;
255	int origin;
256	int (init) (EVP_MD_CTX ctx);
257	int (update) (EVP_MD_CTX ctx, const void *data, size_t count);
258	int (final) (EVP_MD_CTX ctx, unsigned char *md);
259	int (copy) (EVP_MD_CTX to, const EVP_MD_CTX *from);
260	int (cleanup) (EVP_MD_CTX ctx);
261	int block_size;
262	int ctx_size; /* how big does the ctx->md_data need to be */
263	/* control function */
264	int (md_ctrl) (EVP_MD_CTX ctx, int cmd, int p1, void *p2);
265
266	/* New structure members */
267	/* Above comment to be removed when legacy has gone */
268	int name_id;
269	char *type_name;
270	const char *description;
271	OSSL_PROVIDER *prov;
272	CRYPTO_REF_COUNT refcnt;
273	CRYPTO_RWLOCK *lock;
274	OSSL_FUNC_digest_newctx_fn *newctx;
275	OSSL_FUNC_digest_init_fn *dinit;
276	OSSL_FUNC_digest_update_fn *dupdate;
277	OSSL_FUNC_digest_final_fn *dfinal;
278	OSSL_FUNC_digest_digest_fn *digest;
279	OSSL_FUNC_digest_freectx_fn *freectx;
280	OSSL_FUNC_digest_dupctx_fn *dupctx;
281	OSSL_FUNC_digest_get_params_fn *get_params;
282	OSSL_FUNC_digest_set_ctx_params_fn *set_ctx_params;
283	OSSL_FUNC_digest_get_ctx_params_fn *get_ctx_params;
284	OSSL_FUNC_digest_gettable_params_fn *gettable_params;
285	OSSL_FUNC_digest_settable_ctx_params_fn *settable_ctx_params;
286	OSSL_FUNC_digest_gettable_ctx_params_fn *gettable_ctx_params;
287
288	} /* EVP_MD */ ;
289
290	struct evp_cipher_st {
291	int nid;
292
293	int block_size;
294	/* Default value for variable length ciphers */
295	int key_len;
296	int iv_len;
297
298	/* Legacy structure members */
299	/* Various flags */
300	unsigned long flags;
301	/* How the EVP_CIPHER was created. */
302	int origin;
303	/* init key */
304	int (init) (EVP_CIPHER_CTX ctx, const unsigned char *key,
305	const unsigned char *iv, int enc);
306	/* encrypt/decrypt data */
307	int (do_cipher) (EVP_CIPHER_CTX ctx, unsigned char *out,
308	const unsigned char *in, size_t inl);
309	/* cleanup ctx */
310	int (cleanup) (EVP_CIPHER_CTX );
311	/* how big ctx->cipher_data needs to be */
312	int ctx_size;
313	/* Populate a ASN1_TYPE with parameters */
314	int (set_asn1_parameters) (EVP_CIPHER_CTX , ASN1_TYPE *);
315	/* Get parameters from a ASN1_TYPE */
316	int (get_asn1_parameters) (EVP_CIPHER_CTX , ASN1_TYPE *);
317	/* Miscellaneous operations */
318	int (ctrl) (EVP_CIPHER_CTX , int type, int arg, void *ptr);
319	/* Application data */
320	void *app_data;
321
322	/* New structure members */
323	/* Above comment to be removed when legacy has gone */
324	int name_id;
325	char *type_name;
326	const char *description;
327	OSSL_PROVIDER *prov;
328	CRYPTO_REF_COUNT refcnt;
329	CRYPTO_RWLOCK *lock;
330	OSSL_FUNC_cipher_newctx_fn *newctx;
331	OSSL_FUNC_cipher_encrypt_init_fn *einit;
332	OSSL_FUNC_cipher_decrypt_init_fn *dinit;
333	OSSL_FUNC_cipher_update_fn *cupdate;
334	OSSL_FUNC_cipher_final_fn *cfinal;
335	OSSL_FUNC_cipher_cipher_fn *ccipher;
336	OSSL_FUNC_cipher_freectx_fn *freectx;
337	OSSL_FUNC_cipher_dupctx_fn *dupctx;
338	OSSL_FUNC_cipher_get_params_fn *get_params;
339	OSSL_FUNC_cipher_get_ctx_params_fn *get_ctx_params;
340	OSSL_FUNC_cipher_set_ctx_params_fn *set_ctx_params;
341	OSSL_FUNC_cipher_gettable_params_fn *gettable_params;
342	OSSL_FUNC_cipher_gettable_ctx_params_fn *gettable_ctx_params;
343	OSSL_FUNC_cipher_settable_ctx_params_fn *settable_ctx_params;
344	} /* EVP_CIPHER */ ;
345
346	/* Macros to code block cipher wrappers */
347
348	/* Wrapper functions for each cipher mode */
349
350	#define EVP_C_DATA(kstruct, ctx) \
351	((kstruct *)EVP_CIPHER_CTX_get_cipher_data(ctx))
352
353	#define BLOCK_CIPHER_ecb_loop() \
354	size_t i, bl; \
355	bl = EVP_CIPHER_CTX_get0_cipher(ctx)->block_size; \
356	if (inl < bl) return 1;\
357	inl -= bl; \
358	for (i=0; i <= inl; i+=bl)
359
360	#define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
361	static int cname##_ecb_cipher(EVP_CIPHER_CTX ctx, unsigned char out, const unsigned char *in, size_t inl) \
362	{\
363	BLOCK_CIPHER_ecb_loop() \
364	cprefix##_ecb_encrypt(in + i, out + i, &EVP_C_DATA(kstruct,ctx)->ksched, EVP_CIPHER_CTX_is_encrypting(ctx)); \
365	return 1;\
366	}
367
368	#define EVP_MAXCHUNK ((size_t)1<<(sizeof(long)*8-2))
369
370	#define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \
371	static int cname##_ofb_cipher(EVP_CIPHER_CTX ctx, unsigned char out, const unsigned char *in, size_t inl) \
372	{\
373	while(inl>=EVP_MAXCHUNK) {\
374	int num = EVP_CIPHER_CTX_get_num(ctx);\
375	cprefix##_ofb##cbits##_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \
376	EVP_CIPHER_CTX_set_num(ctx, num);\
377	inl-=EVP_MAXCHUNK;\
378	in +=EVP_MAXCHUNK;\
379	out+=EVP_MAXCHUNK;\
380	}\
381	if (inl) {\
382	int num = EVP_CIPHER_CTX_get_num(ctx);\
383	cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, &num); \
384	EVP_CIPHER_CTX_set_num(ctx, num);\
385	}\
386	return 1;\
387	}
388
389	#define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
390	static int cname##_cbc_cipher(EVP_CIPHER_CTX ctx, unsigned char out, const unsigned char *in, size_t inl) \
391	{\
392	while(inl>=EVP_MAXCHUNK) \
393	{\
394	cprefix##_cbc_encrypt(in, out, (long)EVP_MAXCHUNK, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx));\
395	inl-=EVP_MAXCHUNK;\
396	in +=EVP_MAXCHUNK;\
397	out+=EVP_MAXCHUNK;\
398	}\
399	if (inl)\
400	cprefix##_cbc_encrypt(in, out, (long)inl, &EVP_C_DATA(kstruct,ctx)->ksched, ctx->iv, EVP_CIPHER_CTX_is_encrypting(ctx));\
401	return 1;\
402	}
403
404	#define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
405	static int cname##_cfb##cbits##_cipher(EVP_CIPHER_CTX ctx, unsigned char out, const unsigned char *in, size_t inl) \
406	{\
407	size_t chunk = EVP_MAXCHUNK;\
408	if (cbits == 1) chunk >>= 3;\
409	if (inl < chunk) chunk = inl;\
410	while (inl && inl >= chunk)\
411	{\
412	int num = EVP_CIPHER_CTX_get_num(ctx);\
413	cprefix##_cfb##cbits##_encrypt(in, out, (long) \
414	((cbits == 1) \
415	&& !EVP_CIPHER_CTX_test_flags(ctx, EVP_CIPH_FLAG_LENGTH_BITS) \
416	? chunk*8 : chunk), \
417	&EVP_C_DATA(kstruct, ctx)->ksched, ctx->iv,\
418	&num, EVP_CIPHER_CTX_is_encrypting(ctx));\
419	EVP_CIPHER_CTX_set_num(ctx, num);\
420	inl -= chunk;\
421	in += chunk;\
422	out += chunk;\
423	if (inl < chunk) chunk = inl;\
424	}\
425	return 1;\
426	}
427
428	#define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
429	BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \
430	BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \
431	BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \
432	BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched)
433
434	#define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \
435	key_len, iv_len, flags, init_key, cleanup, \
436	set_asn1, get_asn1, ctrl) \
437	static const EVP_CIPHER cname##_##mode = { \
438	nid##_##nmode, block_size, key_len, iv_len, \
439	flags \| EVP_CIPH_##MODE##_MODE, \
440	EVP_ORIG_GLOBAL, \
441	init_key, \
442	cname##_##mode##_cipher, \
443	cleanup, \
444	sizeof(kstruct), \
445	set_asn1, get_asn1,\
446	ctrl, \
447	NULL \
448	}; \
449	const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; }
450
451	#define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \
452	iv_len, flags, init_key, cleanup, set_asn1, \
453	get_asn1, ctrl) \
454	BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \
455	iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
456
457	#define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, \
458	iv_len, cbits, flags, init_key, cleanup, \
459	set_asn1, get_asn1, ctrl) \
460	BLOCK_CIPHER_def1(cname, cfb##cbits, cfb##cbits, CFB, kstruct, nid, 1, \
461	key_len, iv_len, flags, init_key, cleanup, set_asn1, \
462	get_asn1, ctrl)
463
464	#define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, \
465	iv_len, cbits, flags, init_key, cleanup, \
466	set_asn1, get_asn1, ctrl) \
467	BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, 1, \
468	key_len, iv_len, flags, init_key, cleanup, set_asn1, \
469	get_asn1, ctrl)
470
471	#define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \
472	flags, init_key, cleanup, set_asn1, \
473	get_asn1, ctrl) \
474	BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \
475	0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
476
477	#define BLOCK_CIPHER_defs(cname, kstruct, \
478	nid, block_size, key_len, iv_len, cbits, flags, \
479	init_key, cleanup, set_asn1, get_asn1, ctrl) \
480	BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
481	init_key, cleanup, set_asn1, get_asn1, ctrl) \
482	BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits, \
483	flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
484	BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits, \
485	flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \
486	BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \
487	init_key, cleanup, set_asn1, get_asn1, ctrl)
488
489	/*-
490	#define BLOCK_CIPHER_defs(cname, kstruct, \
491	nid, block_size, key_len, iv_len, flags,\
492	init_key, cleanup, set_asn1, get_asn1, ctrl)\
493	static const EVP_CIPHER cname##_cbc = {\
494	nid##_cbc, block_size, key_len, iv_len, \
495	flags \| EVP_CIPH_CBC_MODE,\
496	EVP_ORIG_GLOBAL,\
497	init_key,\
498	cname##_cbc_cipher,\
499	cleanup,\
500	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
501	sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
502	set_asn1, get_asn1,\
503	ctrl, \
504	NULL \
505	};\
506	const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\
507	static const EVP_CIPHER cname##_cfb = {\
508	nid##_cfb64, 1, key_len, iv_len, \
509	flags \| EVP_CIPH_CFB_MODE,\
510	EVP_ORIG_GLOBAL,\
511	init_key,\
512	cname##_cfb_cipher,\
513	cleanup,\
514	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
515	sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
516	set_asn1, get_asn1,\
517	ctrl,\
518	NULL \
519	};\
520	const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\
521	static const EVP_CIPHER cname##_ofb = {\
522	nid##_ofb64, 1, key_len, iv_len, \
523	flags \| EVP_CIPH_OFB_MODE,\
524	EVP_ORIG_GLOBAL,\
525	init_key,\
526	cname##_ofb_cipher,\
527	cleanup,\
528	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
529	sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
530	set_asn1, get_asn1,\
531	ctrl,\
532	NULL \
533	};\
534	const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\
535	static const EVP_CIPHER cname##_ecb = {\
536	nid##_ecb, block_size, key_len, iv_len, \
537	flags \| EVP_CIPH_ECB_MODE,\
538	EVP_ORIG_GLOBAL,\
539	init_key,\
540	cname##_ecb_cipher,\
541	cleanup,\
542	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+\
543	sizeof((((EVP_CIPHER_CTX *)NULL)->c.kstruct)),\
544	set_asn1, get_asn1,\
545	ctrl,\
546	NULL \
547	};\
548	const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; }
549	*/
550
551	#define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \
552	block_size, key_len, iv_len, cbits, \
553	flags, init_key, \
554	cleanup, set_asn1, get_asn1, ctrl) \
555	BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \
556	BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \
557	cbits, flags, init_key, cleanup, set_asn1, \
558	get_asn1, ctrl)
559
560	#define IMPLEMENT_CFBR(cipher,cprefix,kstruct,ksched,keysize,cbits,iv_len,fl) \
561	BLOCK_CIPHER_func_cfb(cipher##_##keysize,cprefix,cbits,kstruct,ksched) \
562	BLOCK_CIPHER_def_cfb(cipher##_##keysize,kstruct, \
563	NID_##cipher##_##keysize, keysize/8, iv_len, cbits, \
564	(fl)\|EVP_CIPH_FLAG_DEFAULT_ASN1, \
565	cipher##_init_key, NULL, NULL, NULL, NULL)
566
567	typedef struct {
568	unsigned char iv[EVP_MAX_IV_LENGTH];
569	unsigned int iv_len;
570	unsigned int tag_len;
571	} evp_cipher_aead_asn1_params;
572
573	int evp_cipher_param_to_asn1_ex(EVP_CIPHER_CTX c, ASN1_TYPE type,
574	evp_cipher_aead_asn1_params *params);
575
576	int evp_cipher_asn1_to_param_ex(EVP_CIPHER_CTX c, ASN1_TYPE type,
577	evp_cipher_aead_asn1_params *params);
578
579	/*
580	* To support transparent execution of operation in backends other
581	* than the "origin" key, we support transparent export/import to
582	* those providers, and maintain a cache of the imported keydata,
583	* so we don't need to redo the export/import every time we perform
584	* the same operation in that same provider.
585	* This requires that the "origin" backend (whether it's a legacy or a
586	* provider "origin") implements exports, and that the target provider
587	* has an EVP_KEYMGMT that implements import.
588	*/
589	typedef struct {
590	EVP_KEYMGMT *keymgmt;
591	void *keydata;
592	} OP_CACHE_ELEM;
593
594	DEFINE_STACK_OF(OP_CACHE_ELEM)
595
596	/*
597	* An EVP_PKEY can have the following states:
598	*
599	* untyped & empty:
600	*
601	* type == EVP_PKEY_NONE && keymgmt == NULL
602	*
603	* typed & empty:
604	*
605	* (type != EVP_PKEY_NONE && pkey.ptr == NULL) ## legacy (libcrypto only)
606	* \|\| (keymgmt != NULL && keydata == NULL) ## provider side
607	*
608	* fully assigned:
609	*
610	* (type != EVP_PKEY_NONE && pkey.ptr != NULL) ## legacy (libcrypto only)
611	* \|\| (keymgmt != NULL && keydata != NULL) ## provider side
612	*
613	* The easiest way to detect a legacy key is:
614	*
615	* keymgmt == NULL && type != EVP_PKEY_NONE
616	*
617	* The easiest way to detect a provider side key is:
618	*
619	* keymgmt != NULL
620	*/
621	#define evp_pkey_is_blank(pk) \
622	((pk)->type == EVP_PKEY_NONE && (pk)->keymgmt == NULL)
623	#define evp_pkey_is_typed(pk) \
624	((pk)->type != EVP_PKEY_NONE \|\| (pk)->keymgmt != NULL)
625	#ifndef FIPS_MODULE
626	# define evp_pkey_is_assigned(pk) \
627	((pk)->pkey.ptr != NULL \|\| (pk)->keydata != NULL)
628	#else
629	# define evp_pkey_is_assigned(pk) \
630	((pk)->keydata != NULL)
631	#endif
632	#define evp_pkey_is_legacy(pk) \
633	((pk)->type != EVP_PKEY_NONE && (pk)->keymgmt == NULL)
634	#define evp_pkey_is_provided(pk) \
635	((pk)->keymgmt != NULL)
636
637	union legacy_pkey_st {
638	void *ptr;
639	struct rsa_st rsa; / RSA */
640	# ifndef OPENSSL_NO_DSA
641	struct dsa_st dsa; / DSA */
642	# endif
643	# ifndef OPENSSL_NO_DH
644	struct dh_st dh; / DH */
645	# endif
646	# ifndef OPENSSL_NO_EC
647	struct ec_key_st ec; / ECC */
648	ECX_KEY ecx; / X25519, X448, Ed25519, Ed448 */
649	# endif
650	};
651
652	struct evp_pkey_st {
653	/* == Legacy attributes == */
654	int type;
655	int save_type;
656
657	# ifndef FIPS_MODULE
658	/*
659	* Legacy key "origin" is composed of a pointer to an EVP_PKEY_ASN1_METHOD,
660	* a pointer to a low level key and possibly a pointer to an engine.
661	*/
662	const EVP_PKEY_ASN1_METHOD *ameth;
663	ENGINE *engine;
664	ENGINE pmeth_engine; / If not NULL public key ENGINE to use */
665
666	/* Union to store the reference to an origin legacy key */
667	union legacy_pkey_st pkey;
668
669	/* Union to store the reference to a non-origin legacy key */
670	union legacy_pkey_st legacy_cache_pkey;
671	# endif
672
673	/* == Common attributes == */
674	CRYPTO_REF_COUNT references;
675	CRYPTO_RWLOCK *lock;
676	#ifndef FIPS_MODULE
677	STACK_OF(X509_ATTRIBUTE) attributes; / [ 0 ] */
678	int save_parameters;
679	unsigned int foreign:1; /* the low-level key is using an engine or an app-method */
680	CRYPTO_EX_DATA ex_data;
681	#endif
682
683	/* == Provider attributes == */
684
685	/*
686	* Provider keydata "origin" is composed of a pointer to an EVP_KEYMGMT
687	* and a pointer to the provider side key data. This is never used at
688	* the same time as the legacy key data above.
689	*/
690	EVP_KEYMGMT *keymgmt;
691	void *keydata;
692	/*
693	* If any libcrypto code does anything that may modify the keydata
694	* contents, this dirty counter must be incremented.
695	*/
696	size_t dirty_cnt;
697
698	/*
699	* To support transparent execution of operation in backends other
700	* than the "origin" key, we support transparent export/import to
701	* those providers, and maintain a cache of the imported keydata,
702	* so we don't need to redo the export/import every time we perform
703	* the same operation in that same provider.
704	*/
705	STACK_OF(OP_CACHE_ELEM) *operation_cache;
706
707	/*
708	* We keep a copy of that "origin"'s dirty count, so we know if the
709	* operation cache needs flushing.
710	*/
711	size_t dirty_cnt_copy;
712
713	/* Cache of key object information */
714	struct {
715	int bits;
716	int security_bits;
717	int size;
718	} cache;
719	} /* EVP_PKEY */ ;
720
721	#define EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) \
722	((ctx)->operation == EVP_PKEY_OP_SIGN \
723	\|\| (ctx)->operation == EVP_PKEY_OP_SIGNCTX \
724	\|\| (ctx)->operation == EVP_PKEY_OP_VERIFY \
725	\|\| (ctx)->operation == EVP_PKEY_OP_VERIFYCTX \
726	\|\| (ctx)->operation == EVP_PKEY_OP_VERIFYRECOVER)
727
728	#define EVP_PKEY_CTX_IS_DERIVE_OP(ctx) \
729	((ctx)->operation == EVP_PKEY_OP_DERIVE)
730
731	#define EVP_PKEY_CTX_IS_ASYM_CIPHER_OP(ctx) \
732	((ctx)->operation == EVP_PKEY_OP_ENCRYPT \
733	\|\| (ctx)->operation == EVP_PKEY_OP_DECRYPT)
734
735	#define EVP_PKEY_CTX_IS_GEN_OP(ctx) \
736	((ctx)->operation == EVP_PKEY_OP_PARAMGEN \
737	\|\| (ctx)->operation == EVP_PKEY_OP_KEYGEN)
738
739	#define EVP_PKEY_CTX_IS_FROMDATA_OP(ctx) \
740	((ctx)->operation == EVP_PKEY_OP_FROMDATA)
741
742	#define EVP_PKEY_CTX_IS_KEM_OP(ctx) \
743	((ctx)->operation == EVP_PKEY_OP_ENCAPSULATE \
744	\|\| (ctx)->operation == EVP_PKEY_OP_DECAPSULATE)
745
746	void openssl_add_all_ciphers_int(void);
747	void openssl_add_all_digests_int(void);
748	void evp_cleanup_int(void);
749	void evp_app_cleanup_int(void);
750	void evp_pkey_export_to_provider(EVP_PKEY pk, OSSL_LIB_CTX *libctx,
751	EVP_KEYMGMT **keymgmt,
752	const char *propquery);
753	#ifndef FIPS_MODULE
754	int evp_pkey_copy_downgraded(EVP_PKEY *dest, const EVP_PKEY src);
755	void evp_pkey_get_legacy(EVP_PKEY pk);
756	void evp_pkey_free_legacy(EVP_PKEY *x);
757	EVP_PKEY evp_pkcs82pkey_legacy(const PKCS8_PRIV_KEY_INFO p8inf,
758	OSSL_LIB_CTX libctx, const char propq);
759	#endif
760
761	/*
762	* KEYMGMT utility functions
763	*/
764
765	/*
766	* Key import structure and helper function, to be used as an export callback
767	*/
768	struct evp_keymgmt_util_try_import_data_st {
769	EVP_KEYMGMT *keymgmt;
770	void *keydata;
771
772	int selection;
773	};
774	int evp_keymgmt_util_try_import(const OSSL_PARAM params[], void *arg);
775	int evp_keymgmt_util_assign_pkey(EVP_PKEY pkey, EVP_KEYMGMT keymgmt,
776	void *keydata);
777	EVP_PKEY evp_keymgmt_util_make_pkey(EVP_KEYMGMT keymgmt, void *keydata);
778
779	int evp_keymgmt_util_export(const EVP_PKEY *pk, int selection,
780	OSSL_CALLBACK export_cb, void export_cbarg);
781	void evp_keymgmt_util_export_to_provider(EVP_PKEY pk, EVP_KEYMGMT *keymgmt);
782	OP_CACHE_ELEM evp_keymgmt_util_find_operation_cache(EVP_PKEY pk,
783	EVP_KEYMGMT *keymgmt);
784	int evp_keymgmt_util_clear_operation_cache(EVP_PKEY *pk, int locking);
785	int evp_keymgmt_util_cache_keydata(EVP_PKEY *pk,
786	EVP_KEYMGMT keymgmt, void keydata);
787	void evp_keymgmt_util_cache_keyinfo(EVP_PKEY *pk);
788	void evp_keymgmt_util_fromdata(EVP_PKEY target, EVP_KEYMGMT *keymgmt,
789	int selection, const OSSL_PARAM params[]);
790	int evp_keymgmt_util_has(EVP_PKEY *pk, int selection);
791	int evp_keymgmt_util_match(EVP_PKEY pk1, EVP_PKEY pk2, int selection);
792	int evp_keymgmt_util_copy(EVP_PKEY to, EVP_PKEY from, int selection);
793	void evp_keymgmt_util_gen(EVP_PKEY target, EVP_KEYMGMT *keymgmt,
794	void genctx, OSSL_CALLBACK cb, void *cbarg);
795	int evp_keymgmt_util_get_deflt_digest_name(EVP_KEYMGMT *keymgmt,
796	void *keydata,
797	char *mdname, size_t mdname_sz);
798	const char evp_keymgmt_util_query_operation_name(EVP_KEYMGMT keymgmt,
799	int op_id);
800
801	/*
802	* KEYMGMT provider interface functions
803	*/
804	void evp_keymgmt_newdata(const EVP_KEYMGMT keymgmt);
805	void evp_keymgmt_freedata(const EVP_KEYMGMT keymgmt, void keyddata);
806	int evp_keymgmt_get_params(const EVP_KEYMGMT *keymgmt,
807	void *keydata, OSSL_PARAM params[]);
808	int evp_keymgmt_set_params(const EVP_KEYMGMT *keymgmt,
809	void *keydata, const OSSL_PARAM params[]);
810	void evp_keymgmt_gen_init(const EVP_KEYMGMT keymgmt, int selection,
811	const OSSL_PARAM params[]);
812	int evp_keymgmt_gen_set_template(const EVP_KEYMGMT keymgmt, void genctx,
813	void *template);
814	int evp_keymgmt_gen_set_params(const EVP_KEYMGMT keymgmt, void genctx,
815	const OSSL_PARAM params[]);
816	void evp_keymgmt_gen(const EVP_KEYMGMT keymgmt, void *genctx,
817	OSSL_CALLBACK cb, void cbarg);
818	void evp_keymgmt_gen_cleanup(const EVP_KEYMGMT keymgmt, void genctx);
819
820	int evp_keymgmt_has_load(const EVP_KEYMGMT *keymgmt);
821	void evp_keymgmt_load(const EVP_KEYMGMT keymgmt,
822	const void *objref, size_t objref_sz);
823
824	int evp_keymgmt_has(const EVP_KEYMGMT keymgmt, void keyddata, int selection);
825	int evp_keymgmt_validate(const EVP_KEYMGMT keymgmt, void keydata,
826	int selection, int checktype);
827	int evp_keymgmt_match(const EVP_KEYMGMT *keymgmt,
828	const void keydata1, const void keydata2,
829	int selection);
830
831	int evp_keymgmt_import(const EVP_KEYMGMT keymgmt, void keydata,
832	int selection, const OSSL_PARAM params[]);
833	const OSSL_PARAM evp_keymgmt_import_types(const EVP_KEYMGMT keymgmt,
834	int selection);
835	int evp_keymgmt_export(const EVP_KEYMGMT keymgmt, void keydata,
836	int selection, OSSL_CALLBACK param_cb, void cbarg);
837	const OSSL_PARAM evp_keymgmt_export_types(const EVP_KEYMGMT keymgmt,
838	int selection);
839	void evp_keymgmt_dup(const EVP_KEYMGMT keymgmt,
840	const void *keydata_from, int selection);
841
842	/* Pulling defines out of C source files */
843
844	# define EVP_RC4_KEY_SIZE 16
845	# ifndef TLS1_1_VERSION
846	# define TLS1_1_VERSION 0x0302
847	# endif
848
849	void evp_encode_ctx_set_flags(EVP_ENCODE_CTX *ctx, unsigned int flags);
850
851	/* EVP_ENCODE_CTX flags */
852	/* Don't generate new lines when encoding */
853	#define EVP_ENCODE_CTX_NO_NEWLINES 1
854	/* Use the SRP base64 alphabet instead of the standard one */
855	#define EVP_ENCODE_CTX_USE_SRP_ALPHABET 2
856
857	const EVP_CIPHER evp_get_cipherbyname_ex(OSSL_LIB_CTX libctx,
858	const char *name);
859	const EVP_MD evp_get_digestbyname_ex(OSSL_LIB_CTX libctx,
860	const char *name);
861
862	int ossl_pkcs5_pbkdf2_hmac_ex(const char *pass, int passlen,
863	const unsigned char *salt, int saltlen, int iter,
864	const EVP_MD *digest, int keylen,
865	unsigned char *out,
866	OSSL_LIB_CTX libctx, const char propq);
867
868	# ifndef FIPS_MODULE
869	/*
870	* Internal helpers for stricter EVP_PKEY_CTX_{set,get}_params().
871	*
872	* Return 1 on success, 0 or negative for errors.
873	*
874	* In particular they return -2 if any of the params is not supported.
875	*
876	* They are not available in FIPS_MODULE as they depend on
877	* - EVP_PKEY_CTX_{get,set}_params()
878	* - EVP_PKEY_CTX_{gettable,settable}_params()
879	*
880	*/
881	int evp_pkey_ctx_set_params_strict(EVP_PKEY_CTX ctx, OSSL_PARAM params);
882	int evp_pkey_ctx_get_params_strict(EVP_PKEY_CTX ctx, OSSL_PARAM params);
883
884	EVP_MD_CTX evp_md_ctx_new_ex(EVP_PKEY pkey, const ASN1_OCTET_STRING *id,
885	OSSL_LIB_CTX libctx, const char propq);
886	int evp_pkey_name2type(const char *name);
887	const char *evp_pkey_type2name(int type);
888
889	int evp_pkey_ctx_set1_id_prov(EVP_PKEY_CTX ctx, const void id, int len);
890	int evp_pkey_ctx_get1_id_prov(EVP_PKEY_CTX ctx, void id);
891	int evp_pkey_ctx_get1_id_len_prov(EVP_PKEY_CTX ctx, size_t id_len);
892
893	int evp_pkey_ctx_use_cached_data(EVP_PKEY_CTX *ctx);
894	# endif /* !defined(FIPS_MODULE) */
895
896	int evp_method_store_flush(OSSL_LIB_CTX *libctx);
897	int evp_default_properties_enable_fips_int(OSSL_LIB_CTX *libctx, int enable,
898	int loadconfig);
899	int evp_set_default_properties_int(OSSL_LIB_CTX libctx, const char propq,
900	int loadconfig, int mirrored);
901	char evp_get_global_properties_str(OSSL_LIB_CTX libctx, int loadconfig);
902
903	void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force, int keep_digest);
904
905	/* Three possible states: */
906	# define EVP_PKEY_STATE_UNKNOWN 0
907	# define EVP_PKEY_STATE_LEGACY 1
908	# define EVP_PKEY_STATE_PROVIDER 2
909	int evp_pkey_ctx_state(const EVP_PKEY_CTX *ctx);
910
911	/* These two must ONLY be called for provider side operations */
912	int evp_pkey_ctx_ctrl_to_param(EVP_PKEY_CTX *ctx,
913	int keytype, int optype,
914	int cmd, int p1, void *p2);
915	int evp_pkey_ctx_ctrl_str_to_param(EVP_PKEY_CTX *ctx,
916	const char name, const char value);
917
918	/* These two must ONLY be called for legacy operations */
919	int evp_pkey_ctx_set_params_to_ctrl(EVP_PKEY_CTX ctx, const OSSL_PARAM params);
920	int evp_pkey_ctx_get_params_to_ctrl(EVP_PKEY_CTX ctx, OSSL_PARAM params);
921
922	/* This must ONLY be called for legacy EVP_PKEYs */
923	int evp_pkey_get_params_to_ctrl(const EVP_PKEY pkey, OSSL_PARAM params);
924
925	/* Same as the public get0 functions but are not const */
926	# ifndef OPENSSL_NO_DEPRECATED_3_0
927	DH evp_pkey_get0_DH_int(const EVP_PKEY pkey);
928	EC_KEY evp_pkey_get0_EC_KEY_int(const EVP_PKEY pkey);
929	RSA evp_pkey_get0_RSA_int(const EVP_PKEY pkey);
930	# endif
931
932	/* Get internal identification number routines */
933	int evp_asym_cipher_get_number(const EVP_ASYM_CIPHER *cipher);
934	int evp_cipher_get_number(const EVP_CIPHER *cipher);
935	int evp_kdf_get_number(const EVP_KDF *kdf);
936	int evp_kem_get_number(const EVP_KEM *wrap);
937	int evp_keyexch_get_number(const EVP_KEYEXCH *keyexch);
938	int evp_keymgmt_get_number(const EVP_KEYMGMT *keymgmt);
939	int evp_mac_get_number(const EVP_MAC *mac);
940	int evp_md_get_number(const EVP_MD *md);
941	int evp_rand_get_number(const EVP_RAND *rand);
942	int evp_signature_get_number(const EVP_SIGNATURE *signature);
943
944	#endif /* OSSL_CRYPTO_EVP_H */

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/src/libs/openssl-3.0.3/include/crypto/evp.h@ 95288

Download in other formats: