1 /* $OpenBSD: evp_locl.h,v 1.28 2022/09/13 04:59:18 jsing Exp $ */ 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * project 2000. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59 #ifndef HEADER_EVP_LOCL_H 60 #define HEADER_EVP_LOCL_H 61 62 __BEGIN_HIDDEN_DECLS 63 64 /* 65 * Don't free md_ctx->pctx in EVP_MD_CTX_cleanup(). Needed for ownership 66 * handling in EVP_MD_CTX_set_pkey_ctx(). 67 */ 68 #define EVP_MD_CTX_FLAG_KEEP_PKEY_CTX 0x0400 69 70 typedef int evp_sign_method(int type, const unsigned char *m, 71 unsigned int m_length, unsigned char *sigret, unsigned int *siglen, 72 void *key); 73 typedef int evp_verify_method(int type, const unsigned char *m, 74 unsigned int m_length, const unsigned char *sigbuf, unsigned int siglen, 75 void *key); 76 77 /* Type needs to be a bit field 78 * Sub-type needs to be for variations on the method, as in, can it do 79 * arbitrary encryption.... */ 80 struct evp_pkey_st { 81 int type; 82 int save_type; 83 int references; 84 const EVP_PKEY_ASN1_METHOD *ameth; 85 ENGINE *engine; 86 union { 87 char *ptr; 88 #ifndef OPENSSL_NO_RSA 89 struct rsa_st *rsa; /* RSA */ 90 #endif 91 #ifndef OPENSSL_NO_DSA 92 struct dsa_st *dsa; /* DSA */ 93 #endif 94 #ifndef OPENSSL_NO_DH 95 struct dh_st *dh; /* DH */ 96 #endif 97 #ifndef OPENSSL_NO_EC 98 struct ec_key_st *ec; /* ECC */ 99 #endif 100 #ifndef OPENSSL_NO_GOST 101 struct gost_key_st *gost; /* GOST */ 102 #endif 103 } pkey; 104 int save_parameters; 105 STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ 106 } /* EVP_PKEY */; 107 108 struct env_md_st { 109 int type; 110 int pkey_type; 111 int md_size; 112 unsigned long flags; 113 int (*init)(EVP_MD_CTX *ctx); 114 int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count); 115 int (*final)(EVP_MD_CTX *ctx, unsigned char *md); 116 int (*copy)(EVP_MD_CTX *to, const EVP_MD_CTX *from); 117 int (*cleanup)(EVP_MD_CTX *ctx); 118 119 int block_size; 120 int ctx_size; /* how big does the ctx->md_data need to be */ 121 /* control function */ 122 int (*md_ctrl)(EVP_MD_CTX *ctx, int cmd, int p1, void *p2); 123 } /* EVP_MD */; 124 125 struct env_md_ctx_st { 126 const EVP_MD *digest; 127 ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */ 128 unsigned long flags; 129 void *md_data; 130 /* Public key context for sign/verify */ 131 EVP_PKEY_CTX *pctx; 132 /* Update function: usually copied from EVP_MD */ 133 int (*update)(EVP_MD_CTX *ctx, const void *data, size_t count); 134 } /* EVP_MD_CTX */; 135 136 struct evp_cipher_st { 137 int nid; 138 int block_size; 139 int key_len; /* Default value for variable length ciphers */ 140 int iv_len; 141 unsigned long flags; /* Various flags */ 142 int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key, 143 const unsigned char *iv, int enc); /* init key */ 144 int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out, 145 const unsigned char *in, size_t inl);/* encrypt/decrypt data */ 146 void (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */ 147 int ctx_size; /* how big ctx->cipher_data needs to be */ 148 int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */ 149 int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */ 150 int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */ 151 void *app_data; /* Application data */ 152 } /* EVP_CIPHER */; 153 154 struct evp_cipher_ctx_st { 155 const EVP_CIPHER *cipher; 156 ENGINE *engine; /* functional reference if 'cipher' is ENGINE-provided */ 157 int encrypt; /* encrypt or decrypt */ 158 int buf_len; /* number we have left */ 159 160 unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ 161 unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ 162 unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */ 163 int num; /* used by cfb/ofb/ctr mode */ 164 165 void *app_data; /* application stuff */ 166 int key_len; /* May change for variable length cipher */ 167 unsigned long flags; /* Various flags */ 168 void *cipher_data; /* per EVP data */ 169 int final_used; 170 int block_mask; 171 unsigned char final[EVP_MAX_BLOCK_LENGTH];/* possible final block */ 172 } /* EVP_CIPHER_CTX */; 173 174 struct evp_Encode_Ctx_st { 175 176 int num; /* number saved in a partial encode/decode */ 177 int length; /* The length is either the output line length 178 * (in input bytes) or the shortest input line 179 * length that is ok. Once decoding begins, 180 * the length is adjusted up each time a longer 181 * line is decoded */ 182 unsigned char enc_data[80]; /* data to encode */ 183 int line_num; /* number read on current line */ 184 int expect_nl; 185 } /* EVP_ENCODE_CTX */; 186 187 #define EVP_MAXCHUNK ((size_t)1<<(sizeof(long)*8-2)) 188 189 struct evp_pkey_ctx_st { 190 /* Method associated with this operation */ 191 const EVP_PKEY_METHOD *pmeth; 192 /* Engine that implements this method or NULL if builtin */ 193 ENGINE *engine; 194 /* Key: may be NULL */ 195 EVP_PKEY *pkey; 196 /* Peer key for key agreement, may be NULL */ 197 EVP_PKEY *peerkey; 198 /* Actual operation */ 199 int operation; 200 /* Algorithm specific data */ 201 void *data; 202 /* Application specific data */ 203 void *app_data; 204 /* Keygen callback */ 205 EVP_PKEY_gen_cb *pkey_gencb; 206 /* implementation specific keygen data */ 207 int *keygen_info; 208 int keygen_info_count; 209 } /* EVP_PKEY_CTX */; 210 211 #define EVP_PKEY_FLAG_DYNAMIC 1 212 213 struct evp_pkey_method_st { 214 int pkey_id; 215 int flags; 216 217 int (*init)(EVP_PKEY_CTX *ctx); 218 int (*copy)(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src); 219 void (*cleanup)(EVP_PKEY_CTX *ctx); 220 221 int (*paramgen_init)(EVP_PKEY_CTX *ctx); 222 int (*paramgen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); 223 224 int (*keygen_init)(EVP_PKEY_CTX *ctx); 225 int (*keygen)(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); 226 227 int (*sign_init)(EVP_PKEY_CTX *ctx); 228 int (*sign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, 229 const unsigned char *tbs, size_t tbslen); 230 231 int (*verify_init)(EVP_PKEY_CTX *ctx); 232 int (*verify)(EVP_PKEY_CTX *ctx, 233 const unsigned char *sig, size_t siglen, 234 const unsigned char *tbs, size_t tbslen); 235 236 int (*verify_recover_init)(EVP_PKEY_CTX *ctx); 237 int (*verify_recover)(EVP_PKEY_CTX *ctx, 238 unsigned char *rout, size_t *routlen, 239 const unsigned char *sig, size_t siglen); 240 241 int (*signctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); 242 int (*signctx)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, 243 EVP_MD_CTX *mctx); 244 245 int (*verifyctx_init)(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); 246 int (*verifyctx)(EVP_PKEY_CTX *ctx, const unsigned char *sig, 247 int siglen, EVP_MD_CTX *mctx); 248 249 int (*encrypt_init)(EVP_PKEY_CTX *ctx); 250 int (*encrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, 251 const unsigned char *in, size_t inlen); 252 253 int (*decrypt_init)(EVP_PKEY_CTX *ctx); 254 int (*decrypt)(EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, 255 const unsigned char *in, size_t inlen); 256 257 int (*derive_init)(EVP_PKEY_CTX *ctx); 258 int (*derive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); 259 260 int (*ctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2); 261 int (*ctrl_str)(EVP_PKEY_CTX *ctx, const char *type, const char *value); 262 263 int (*check)(EVP_PKEY *pkey); 264 int (*public_check)(EVP_PKEY *pkey); 265 int (*param_check)(EVP_PKEY *pkey); 266 } /* EVP_PKEY_METHOD */; 267 268 void evp_pkey_set_cb_translate(BN_GENCB *cb, EVP_PKEY_CTX *ctx); 269 270 int PKCS5_v2_PBKDF2_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, 271 ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, int en_de); 272 273 /* EVP_AEAD represents a specific AEAD algorithm. */ 274 struct evp_aead_st { 275 unsigned char key_len; 276 unsigned char nonce_len; 277 unsigned char overhead; 278 unsigned char max_tag_len; 279 280 int (*init)(struct evp_aead_ctx_st*, const unsigned char *key, 281 size_t key_len, size_t tag_len); 282 void (*cleanup)(struct evp_aead_ctx_st*); 283 284 int (*seal)(const struct evp_aead_ctx_st *ctx, unsigned char *out, 285 size_t *out_len, size_t max_out_len, const unsigned char *nonce, 286 size_t nonce_len, const unsigned char *in, size_t in_len, 287 const unsigned char *ad, size_t ad_len); 288 289 int (*open)(const struct evp_aead_ctx_st *ctx, unsigned char *out, 290 size_t *out_len, size_t max_out_len, const unsigned char *nonce, 291 size_t nonce_len, const unsigned char *in, size_t in_len, 292 const unsigned char *ad, size_t ad_len); 293 }; 294 295 /* An EVP_AEAD_CTX represents an AEAD algorithm configured with a specific key 296 * and message-independent IV. */ 297 struct evp_aead_ctx_st { 298 const EVP_AEAD *aead; 299 /* aead_state is an opaque pointer to the AEAD specific state. */ 300 void *aead_state; 301 }; 302 303 int EVP_PKEY_CTX_str2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *str); 304 int EVP_PKEY_CTX_hex2ctrl(EVP_PKEY_CTX *ctx, int cmd, const char *hex); 305 int EVP_PKEY_CTX_md(EVP_PKEY_CTX *ctx, int optype, int cmd, const char *md_name); 306 307 __END_HIDDEN_DECLS 308 309 #endif /* !HEADER_EVP_LOCL_H */ 310