1 /* $NetBSD: evp.c,v 1.1.1.1 2011/04/13 18:14:50 elric Exp $ */ 2 3 /* 4 * Copyright (c) 2006 - 2008 Kungliga Tekniska Högskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #ifdef HAVE_CONFIG_H 37 #include <config.h> 38 #endif 39 40 #define HC_DEPRECATED 41 #define HC_DEPRECATED_CRYPTO 42 43 #include <sys/types.h> 44 #include <stdio.h> 45 #include <stdlib.h> 46 #include <string.h> 47 #include <assert.h> 48 49 #include <evp.h> 50 #include <evp-hcrypto.h> 51 #include <evp-cc.h> 52 53 #include <krb5/krb5-types.h> 54 #include <krb5/roken.h> 55 56 #ifndef HCRYPTO_DEF_PROVIDER 57 #define HCRYPTO_DEF_PROVIDER hcrypto 58 #endif 59 60 #define HC_CONCAT4(x,y,z,aa) x ## y ## z ## aa 61 62 63 #define EVP_DEF_OP(_prov,_op) HC_CONCAT4(EVP_,_prov,_,_op)() 64 65 /** 66 * @page page_evp EVP - generic crypto interface 67 * 68 * See the library functions here: @ref hcrypto_evp 69 * 70 * @section evp_cipher EVP Cipher 71 * 72 * The use of EVP_CipherInit_ex() and EVP_Cipher() is pretty easy to 73 * understand forward, then EVP_CipherUpdate() and 74 * EVP_CipherFinal_ex() really needs an example to explain @ref 75 * example_evp_cipher.c . 76 * 77 * @example example_evp_cipher.c 78 * 79 * This is an example how to use EVP_CipherInit_ex(), 80 * EVP_CipherUpdate() and EVP_CipherFinal_ex(). 81 */ 82 83 struct hc_EVP_MD_CTX { 84 const EVP_MD *md; 85 ENGINE *engine; 86 void *ptr; 87 }; 88 89 90 /** 91 * Return the output size of the message digest function. 92 * 93 * @param md the evp message 94 * 95 * @return size output size of the message digest function. 96 * 97 * @ingroup hcrypto_evp 98 */ 99 100 size_t 101 EVP_MD_size(const EVP_MD *md) 102 { 103 return md->hash_size; 104 } 105 106 /** 107 * Return the blocksize of the message digest function. 108 * 109 * @param md the evp message 110 * 111 * @return size size of the message digest block size 112 * 113 * @ingroup hcrypto_evp 114 */ 115 116 size_t 117 EVP_MD_block_size(const EVP_MD *md) 118 { 119 return md->block_size; 120 } 121 122 /** 123 * Allocate a messsage digest context object. Free with 124 * EVP_MD_CTX_destroy(). 125 * 126 * @return a newly allocated message digest context object. 127 * 128 * @ingroup hcrypto_evp 129 */ 130 131 EVP_MD_CTX * 132 EVP_MD_CTX_create(void) 133 { 134 return calloc(1, sizeof(EVP_MD_CTX)); 135 } 136 137 /** 138 * Initiate a messsage digest context object. Deallocate with 139 * EVP_MD_CTX_cleanup(). Please use EVP_MD_CTX_create() instead. 140 * 141 * @param ctx variable to initiate. 142 * 143 * @ingroup hcrypto_evp 144 */ 145 146 void 147 EVP_MD_CTX_init(EVP_MD_CTX *ctx) HC_DEPRECATED 148 { 149 memset(ctx, 0, sizeof(*ctx)); 150 } 151 152 /** 153 * Free a messsage digest context object. 154 * 155 * @param ctx context to free. 156 * 157 * @ingroup hcrypto_evp 158 */ 159 160 void 161 EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) 162 { 163 EVP_MD_CTX_cleanup(ctx); 164 free(ctx); 165 } 166 167 /** 168 * Free the resources used by the EVP_MD context. 169 * 170 * @param ctx the context to free the resources from. 171 * 172 * @return 1 on success. 173 * 174 * @ingroup hcrypto_evp 175 */ 176 177 int 178 EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) HC_DEPRECATED 179 { 180 if (ctx->md && ctx->md->cleanup) 181 (ctx->md->cleanup)(ctx); 182 else if (ctx->md) 183 memset(ctx->ptr, 0, ctx->md->ctx_size); 184 ctx->md = NULL; 185 ctx->engine = NULL; 186 free(ctx->ptr); 187 memset(ctx, 0, sizeof(*ctx)); 188 return 1; 189 } 190 191 /** 192 * Get the EVP_MD use for a specified context. 193 * 194 * @param ctx the EVP_MD context to get the EVP_MD for. 195 * 196 * @return the EVP_MD used for the context. 197 * 198 * @ingroup hcrypto_evp 199 */ 200 201 const EVP_MD * 202 EVP_MD_CTX_md(EVP_MD_CTX *ctx) 203 { 204 return ctx->md; 205 } 206 207 /** 208 * Return the output size of the message digest function. 209 * 210 * @param ctx the evp message digest context 211 * 212 * @return size output size of the message digest function. 213 * 214 * @ingroup hcrypto_evp 215 */ 216 217 size_t 218 EVP_MD_CTX_size(EVP_MD_CTX *ctx) 219 { 220 return EVP_MD_size(ctx->md); 221 } 222 223 /** 224 * Return the blocksize of the message digest function. 225 * 226 * @param ctx the evp message digest context 227 * 228 * @return size size of the message digest block size 229 * 230 * @ingroup hcrypto_evp 231 */ 232 233 size_t 234 EVP_MD_CTX_block_size(EVP_MD_CTX *ctx) 235 { 236 return EVP_MD_block_size(ctx->md); 237 } 238 239 /** 240 * Init a EVP_MD_CTX for use a specific message digest and engine. 241 * 242 * @param ctx the message digest context to init. 243 * @param md the message digest to use. 244 * @param engine the engine to use, NULL to use the default engine. 245 * 246 * @return 1 on success. 247 * 248 * @ingroup hcrypto_evp 249 */ 250 251 int 252 EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *md, ENGINE *engine) 253 { 254 if (ctx->md != md || ctx->engine != engine) { 255 EVP_MD_CTX_cleanup(ctx); 256 ctx->md = md; 257 ctx->engine = engine; 258 259 ctx->ptr = calloc(1, md->ctx_size); 260 if (ctx->ptr == NULL) 261 return 0; 262 } 263 (ctx->md->init)(ctx->ptr); 264 return 1; 265 } 266 267 /** 268 * Update the digest with some data. 269 * 270 * @param ctx the context to update 271 * @param data the data to update the context with 272 * @param size length of data 273 * 274 * @return 1 on success. 275 * 276 * @ingroup hcrypto_evp 277 */ 278 279 int 280 EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t size) 281 { 282 (ctx->md->update)(ctx->ptr, data, size); 283 return 1; 284 } 285 286 /** 287 * Complete the message digest. 288 * 289 * @param ctx the context to complete. 290 * @param hash the output of the message digest function. At least 291 * EVP_MD_size(). 292 * @param size the output size of hash. 293 * 294 * @return 1 on success. 295 * 296 * @ingroup hcrypto_evp 297 */ 298 299 int 300 EVP_DigestFinal_ex(EVP_MD_CTX *ctx, void *hash, unsigned int *size) 301 { 302 (ctx->md->final)(hash, ctx->ptr); 303 if (size) 304 *size = ctx->md->hash_size; 305 return 1; 306 } 307 308 /** 309 * Do the whole EVP_MD_CTX_create(), EVP_DigestInit_ex(), 310 * EVP_DigestUpdate(), EVP_DigestFinal_ex(), EVP_MD_CTX_destroy() 311 * dance in one call. 312 * 313 * @param data the data to update the context with 314 * @param dsize length of data 315 * @param hash output data of at least EVP_MD_size() length. 316 * @param hsize output length of hash. 317 * @param md message digest to use 318 * @param engine engine to use, NULL for default engine. 319 * 320 * @return 1 on success. 321 * 322 * @ingroup hcrypto_evp 323 */ 324 325 int 326 EVP_Digest(const void *data, size_t dsize, void *hash, unsigned int *hsize, 327 const EVP_MD *md, ENGINE *engine) 328 { 329 EVP_MD_CTX *ctx; 330 int ret; 331 332 ctx = EVP_MD_CTX_create(); 333 if (ctx == NULL) 334 return 0; 335 ret = EVP_DigestInit_ex(ctx, md, engine); 336 if (ret != 1) { 337 EVP_MD_CTX_destroy(ctx); 338 return ret; 339 } 340 ret = EVP_DigestUpdate(ctx, data, dsize); 341 if (ret != 1) { 342 EVP_MD_CTX_destroy(ctx); 343 return ret; 344 } 345 ret = EVP_DigestFinal_ex(ctx, hash, hsize); 346 EVP_MD_CTX_destroy(ctx); 347 return ret; 348 } 349 350 /** 351 * The message digest SHA256 352 * 353 * @return the message digest type. 354 * 355 * @ingroup hcrypto_evp 356 */ 357 358 const EVP_MD * 359 EVP_sha256(void) 360 { 361 hcrypto_validate(); 362 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, sha256); 363 } 364 365 /** 366 * The message digest SHA384 367 * 368 * @return the message digest type. 369 * 370 * @ingroup hcrypto_evp 371 */ 372 373 const EVP_MD * 374 EVP_sha384(void) 375 { 376 hcrypto_validate(); 377 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, sha384); 378 } 379 380 /** 381 * The message digest SHA512 382 * 383 * @return the message digest type. 384 * 385 * @ingroup hcrypto_evp 386 */ 387 388 const EVP_MD * 389 EVP_sha512(void) 390 { 391 hcrypto_validate(); 392 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, sha512); 393 } 394 395 /** 396 * The message digest SHA1 397 * 398 * @return the message digest type. 399 * 400 * @ingroup hcrypto_evp 401 */ 402 403 const EVP_MD * 404 EVP_sha1(void) 405 { 406 hcrypto_validate(); 407 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, sha1); 408 } 409 410 /** 411 * The message digest SHA1 412 * 413 * @return the message digest type. 414 * 415 * @ingroup hcrypto_evp 416 */ 417 418 const EVP_MD * 419 EVP_sha(void) HC_DEPRECATED 420 421 { 422 hcrypto_validate(); 423 return EVP_sha1(); 424 } 425 426 /** 427 * The message digest MD5 428 * 429 * @return the message digest type. 430 * 431 * @ingroup hcrypto_evp 432 */ 433 434 const EVP_MD * 435 EVP_md5(void) HC_DEPRECATED_CRYPTO 436 { 437 hcrypto_validate(); 438 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, md5); 439 } 440 441 /** 442 * The message digest MD4 443 * 444 * @return the message digest type. 445 * 446 * @ingroup hcrypto_evp 447 */ 448 449 const EVP_MD * 450 EVP_md4(void) HC_DEPRECATED_CRYPTO 451 { 452 hcrypto_validate(); 453 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, md4); 454 } 455 456 /** 457 * The message digest MD2 458 * 459 * @return the message digest type. 460 * 461 * @ingroup hcrypto_evp 462 */ 463 464 const EVP_MD * 465 EVP_md2(void) HC_DEPRECATED_CRYPTO 466 { 467 hcrypto_validate(); 468 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, md2); 469 } 470 471 /* 472 * 473 */ 474 475 static void 476 null_Init (void *m) 477 { 478 } 479 static void 480 null_Update (void *m, const void * data, size_t size) 481 { 482 } 483 static void 484 null_Final(void *res, void *m) 485 { 486 } 487 488 /** 489 * The null message digest 490 * 491 * @return the message digest type. 492 * 493 * @ingroup hcrypto_evp 494 */ 495 496 const EVP_MD * 497 EVP_md_null(void) 498 { 499 static const struct hc_evp_md null = { 500 0, 501 0, 502 0, 503 (hc_evp_md_init)null_Init, 504 (hc_evp_md_update)null_Update, 505 (hc_evp_md_final)null_Final, 506 NULL 507 }; 508 return &null; 509 } 510 511 /** 512 * Return the block size of the cipher. 513 * 514 * @param c cipher to get the block size from. 515 * 516 * @return the block size of the cipher. 517 * 518 * @ingroup hcrypto_evp 519 */ 520 521 size_t 522 EVP_CIPHER_block_size(const EVP_CIPHER *c) 523 { 524 return c->block_size; 525 } 526 527 /** 528 * Return the key size of the cipher. 529 * 530 * @param c cipher to get the key size from. 531 * 532 * @return the key size of the cipher. 533 * 534 * @ingroup hcrypto_evp 535 */ 536 537 size_t 538 EVP_CIPHER_key_length(const EVP_CIPHER *c) 539 { 540 return c->key_len; 541 } 542 543 /** 544 * Return the IV size of the cipher. 545 * 546 * @param c cipher to get the IV size from. 547 * 548 * @return the IV size of the cipher. 549 * 550 * @ingroup hcrypto_evp 551 */ 552 553 size_t 554 EVP_CIPHER_iv_length(const EVP_CIPHER *c) 555 { 556 return c->iv_len; 557 } 558 559 /** 560 * Initiate a EVP_CIPHER_CTX context. Clean up with 561 * EVP_CIPHER_CTX_cleanup(). 562 * 563 * @param c the cipher initiate. 564 * 565 * @ingroup hcrypto_evp 566 */ 567 568 void 569 EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *c) 570 { 571 memset(c, 0, sizeof(*c)); 572 } 573 574 /** 575 * Clean up the EVP_CIPHER_CTX context. 576 * 577 * @param c the cipher to clean up. 578 * 579 * @return 1 on success. 580 * 581 * @ingroup hcrypto_evp 582 */ 583 584 int 585 EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) 586 { 587 if (c->cipher && c->cipher->cleanup) 588 c->cipher->cleanup(c); 589 if (c->cipher_data) { 590 memset(c->cipher_data, 0, c->cipher->ctx_size); 591 free(c->cipher_data); 592 c->cipher_data = NULL; 593 } 594 return 1; 595 } 596 597 /** 598 * If the cipher type supports it, change the key length 599 * 600 * @param c the cipher context to change the key length for 601 * @param length new key length 602 * 603 * @return 1 on success. 604 * 605 * @ingroup hcrypto_evp 606 */ 607 608 int 609 EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int length) 610 { 611 if ((c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH) && length > 0) { 612 c->key_len = length; 613 return 1; 614 } 615 return 0; 616 } 617 618 #if 0 619 int 620 EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad) 621 { 622 return 0; 623 } 624 #endif 625 626 /** 627 * Return the EVP_CIPHER for a EVP_CIPHER_CTX context. 628 * 629 * @param ctx the context to get the cipher type from. 630 * 631 * @return the EVP_CIPHER pointer. 632 * 633 * @ingroup hcrypto_evp 634 */ 635 636 const EVP_CIPHER * 637 EVP_CIPHER_CTX_cipher(EVP_CIPHER_CTX *ctx) 638 { 639 return ctx->cipher; 640 } 641 642 /** 643 * Return the block size of the cipher context. 644 * 645 * @param ctx cipher context to get the block size from. 646 * 647 * @return the block size of the cipher context. 648 * 649 * @ingroup hcrypto_evp 650 */ 651 652 size_t 653 EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) 654 { 655 return EVP_CIPHER_block_size(ctx->cipher); 656 } 657 658 /** 659 * Return the key size of the cipher context. 660 * 661 * @param ctx cipher context to get the key size from. 662 * 663 * @return the key size of the cipher context. 664 * 665 * @ingroup hcrypto_evp 666 */ 667 668 size_t 669 EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) 670 { 671 return EVP_CIPHER_key_length(ctx->cipher); 672 } 673 674 /** 675 * Return the IV size of the cipher context. 676 * 677 * @param ctx cipher context to get the IV size from. 678 * 679 * @return the IV size of the cipher context. 680 * 681 * @ingroup hcrypto_evp 682 */ 683 684 size_t 685 EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) 686 { 687 return EVP_CIPHER_iv_length(ctx->cipher); 688 } 689 690 /** 691 * Get the flags for an EVP_CIPHER_CTX context. 692 * 693 * @param ctx the EVP_CIPHER_CTX to get the flags from 694 * 695 * @return the flags for an EVP_CIPHER_CTX. 696 * 697 * @ingroup hcrypto_evp 698 */ 699 700 unsigned long 701 EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx) 702 { 703 return ctx->cipher->flags; 704 } 705 706 /** 707 * Get the mode for an EVP_CIPHER_CTX context. 708 * 709 * @param ctx the EVP_CIPHER_CTX to get the mode from 710 * 711 * @return the mode for an EVP_CIPHER_CTX. 712 * 713 * @ingroup hcrypto_evp 714 */ 715 716 int 717 EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx) 718 { 719 return EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_MODE; 720 } 721 722 /** 723 * Get the app data for an EVP_CIPHER_CTX context. 724 * 725 * @param ctx the EVP_CIPHER_CTX to get the app data from 726 * 727 * @return the app data for an EVP_CIPHER_CTX. 728 * 729 * @ingroup hcrypto_evp 730 */ 731 732 void * 733 EVP_CIPHER_CTX_get_app_data(EVP_CIPHER_CTX *ctx) 734 { 735 return ctx->app_data; 736 } 737 738 /** 739 * Set the app data for an EVP_CIPHER_CTX context. 740 * 741 * @param ctx the EVP_CIPHER_CTX to set the app data for 742 * @param data the app data to set for an EVP_CIPHER_CTX. 743 * 744 * @ingroup hcrypto_evp 745 */ 746 747 void 748 EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data) 749 { 750 ctx->app_data = data; 751 } 752 753 /** 754 * Initiate the EVP_CIPHER_CTX context to encrypt or decrypt data. 755 * Clean up with EVP_CIPHER_CTX_cleanup(). 756 * 757 * @param ctx context to initiate 758 * @param c cipher to use. 759 * @param engine crypto engine to use, NULL to select default. 760 * @param key the crypto key to use, NULL will use the previous value. 761 * @param iv the IV to use, NULL will use the previous value. 762 * @param encp non zero will encrypt, -1 use the previous value. 763 * 764 * @return 1 on success. 765 * 766 * @ingroup hcrypto_evp 767 */ 768 769 int 770 EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *c, ENGINE *engine, 771 const void *key, const void *iv, int encp) 772 { 773 ctx->buf_len = 0; 774 775 if (encp == -1) 776 encp = ctx->encrypt; 777 else 778 ctx->encrypt = (encp ? 1 : 0); 779 780 if (c && (c != ctx->cipher)) { 781 EVP_CIPHER_CTX_cleanup(ctx); 782 ctx->cipher = c; 783 ctx->key_len = c->key_len; 784 785 ctx->cipher_data = calloc(1, c->ctx_size); 786 if (ctx->cipher_data == NULL && c->ctx_size != 0) 787 return 0; 788 789 /* assume block size is a multiple of 2 */ 790 ctx->block_mask = EVP_CIPHER_block_size(c) - 1; 791 792 } else if (ctx->cipher == NULL) { 793 /* reuse of cipher, but not any cipher ever set! */ 794 return 0; 795 } 796 797 switch (EVP_CIPHER_CTX_mode(ctx)) { 798 case EVP_CIPH_CBC_MODE: 799 800 assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof(ctx->iv)); 801 802 if (iv) 803 memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); 804 memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); 805 break; 806 807 case EVP_CIPH_STREAM_CIPHER: 808 break; 809 case EVP_CIPH_CFB8_MODE: 810 if (iv) 811 memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx)); 812 break; 813 814 default: 815 return 0; 816 } 817 818 if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) 819 ctx->cipher->init(ctx, key, iv, encp); 820 821 return 1; 822 } 823 824 /** 825 * Encipher/decipher partial data 826 * 827 * @param ctx the cipher context. 828 * @param out output data from the operation. 829 * @param outlen output length 830 * @param in input data to the operation. 831 * @param inlen length of data. 832 * 833 * The output buffer length should at least be EVP_CIPHER_block_size() 834 * byte longer then the input length. 835 * 836 * See @ref evp_cipher for an example how to use this function. 837 * 838 * @return 1 on success. 839 * 840 * @ingroup hcrypto_evp 841 */ 842 843 int 844 EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, void *out, int *outlen, 845 void *in, size_t inlen) 846 { 847 int ret, left, blocksize; 848 849 *outlen = 0; 850 851 /** 852 * If there in no spare bytes in the left from last Update and the 853 * input length is on the block boundery, the EVP_CipherUpdate() 854 * function can take a shortcut (and preformance gain) and 855 * directly encrypt the data, otherwise we hav to fix it up and 856 * store extra it the EVP_CIPHER_CTX. 857 */ 858 if (ctx->buf_len == 0 && (inlen & ctx->block_mask) == 0) { 859 ret = (*ctx->cipher->do_cipher)(ctx, out, in, inlen); 860 if (ret == 1) 861 *outlen = inlen; 862 else 863 *outlen = 0; 864 return ret; 865 } 866 867 868 blocksize = EVP_CIPHER_CTX_block_size(ctx); 869 left = blocksize - ctx->buf_len; 870 assert(left > 0); 871 872 if (ctx->buf_len) { 873 874 /* if total buffer is smaller then input, store locally */ 875 if (inlen < left) { 876 memcpy(ctx->buf + ctx->buf_len, in, inlen); 877 ctx->buf_len += inlen; 878 return 1; 879 } 880 881 /* fill in local buffer and encrypt */ 882 memcpy(ctx->buf + ctx->buf_len, in, left); 883 ret = (*ctx->cipher->do_cipher)(ctx, out, ctx->buf, blocksize); 884 memset(ctx->buf, 0, blocksize); 885 if (ret != 1) 886 return ret; 887 888 *outlen += blocksize; 889 inlen -= left; 890 in = ((unsigned char *)in) + left; 891 out = ((unsigned char *)out) + blocksize; 892 ctx->buf_len = 0; 893 } 894 895 if (inlen) { 896 ctx->buf_len = (inlen & ctx->block_mask); 897 inlen &= ~ctx->block_mask; 898 899 ret = (*ctx->cipher->do_cipher)(ctx, out, in, inlen); 900 if (ret != 1) 901 return ret; 902 903 *outlen += inlen; 904 905 in = ((unsigned char *)in) + inlen; 906 memcpy(ctx->buf, in, ctx->buf_len); 907 } 908 909 return 1; 910 } 911 912 /** 913 * Encipher/decipher final data 914 * 915 * @param ctx the cipher context. 916 * @param out output data from the operation. 917 * @param outlen output length 918 * 919 * The input length needs to be at least EVP_CIPHER_block_size() bytes 920 * long. 921 * 922 * See @ref evp_cipher for an example how to use this function. 923 * 924 * @return 1 on success. 925 * 926 * @ingroup hcrypto_evp 927 */ 928 929 int 930 EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, void *out, int *outlen) 931 { 932 *outlen = 0; 933 934 if (ctx->buf_len) { 935 int ret, left, blocksize; 936 937 blocksize = EVP_CIPHER_CTX_block_size(ctx); 938 939 left = blocksize - ctx->buf_len; 940 assert(left > 0); 941 942 /* zero fill local buffer */ 943 memset(ctx->buf + ctx->buf_len, 0, left); 944 ret = (*ctx->cipher->do_cipher)(ctx, out, ctx->buf, blocksize); 945 memset(ctx->buf, 0, blocksize); 946 if (ret != 1) 947 return ret; 948 949 *outlen += blocksize; 950 } 951 952 return 1; 953 } 954 955 /** 956 * Encipher/decipher data 957 * 958 * @param ctx the cipher context. 959 * @param out out data from the operation. 960 * @param in in data to the operation. 961 * @param size length of data. 962 * 963 * @return 1 on success. 964 */ 965 966 int 967 EVP_Cipher(EVP_CIPHER_CTX *ctx, void *out, const void *in,size_t size) 968 { 969 return ctx->cipher->do_cipher(ctx, out, in, size); 970 } 971 972 /* 973 * 974 */ 975 976 static int 977 enc_null_init(EVP_CIPHER_CTX *ctx, 978 const unsigned char * key, 979 const unsigned char * iv, 980 int encp) 981 { 982 return 1; 983 } 984 985 static int 986 enc_null_do_cipher(EVP_CIPHER_CTX *ctx, 987 unsigned char *out, 988 const unsigned char *in, 989 unsigned int size) 990 { 991 memmove(out, in, size); 992 return 1; 993 } 994 995 static int 996 enc_null_cleanup(EVP_CIPHER_CTX *ctx) 997 { 998 return 1; 999 } 1000 1001 /** 1002 * The NULL cipher type, does no encryption/decryption. 1003 * 1004 * @return the null EVP_CIPHER pointer. 1005 * 1006 * @ingroup hcrypto_evp 1007 */ 1008 1009 const EVP_CIPHER * 1010 EVP_enc_null(void) 1011 { 1012 static const EVP_CIPHER enc_null = { 1013 0, 1014 0, 1015 0, 1016 0, 1017 EVP_CIPH_CBC_MODE, 1018 enc_null_init, 1019 enc_null_do_cipher, 1020 enc_null_cleanup, 1021 0, 1022 NULL, 1023 NULL, 1024 NULL, 1025 NULL 1026 }; 1027 return &enc_null; 1028 } 1029 1030 /** 1031 * The RC2 cipher type 1032 * 1033 * @return the RC2 EVP_CIPHER pointer. 1034 * 1035 * @ingroup hcrypto_evp 1036 */ 1037 1038 const EVP_CIPHER * 1039 EVP_rc2_cbc(void) 1040 { 1041 hcrypto_validate(); 1042 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc2_cbc); 1043 } 1044 1045 /** 1046 * The RC2 cipher type 1047 * 1048 * @return the RC2 EVP_CIPHER pointer. 1049 * 1050 * @ingroup hcrypto_evp 1051 */ 1052 1053 const EVP_CIPHER * 1054 EVP_rc2_40_cbc(void) 1055 { 1056 hcrypto_validate(); 1057 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc2_40_cbc); 1058 } 1059 1060 /** 1061 * The RC2 cipher type 1062 * 1063 * @return the RC2 EVP_CIPHER pointer. 1064 * 1065 * @ingroup hcrypto_evp 1066 */ 1067 1068 const EVP_CIPHER * 1069 EVP_rc2_64_cbc(void) 1070 { 1071 hcrypto_validate(); 1072 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc2_64_cbc); 1073 } 1074 1075 /** 1076 * The RC4 cipher type 1077 * 1078 * @return the RC4 EVP_CIPHER pointer. 1079 * 1080 * @ingroup hcrypto_evp 1081 */ 1082 1083 const EVP_CIPHER * 1084 EVP_rc4(void) 1085 { 1086 hcrypto_validate(); 1087 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc4); 1088 } 1089 1090 /** 1091 * The RC4-40 cipher type 1092 * 1093 * @return the RC4-40 EVP_CIPHER pointer. 1094 * 1095 * @ingroup hcrypto_evp 1096 */ 1097 1098 const EVP_CIPHER * 1099 EVP_rc4_40(void) 1100 { 1101 hcrypto_validate(); 1102 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc4_40); 1103 } 1104 1105 /** 1106 * The DES cipher type 1107 * 1108 * @return the DES-CBC EVP_CIPHER pointer. 1109 * 1110 * @ingroup hcrypto_evp 1111 */ 1112 1113 const EVP_CIPHER * 1114 EVP_des_cbc(void) 1115 { 1116 hcrypto_validate(); 1117 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, des_cbc); 1118 } 1119 1120 /** 1121 * The tripple DES cipher type 1122 * 1123 * @return the DES-EDE3-CBC EVP_CIPHER pointer. 1124 * 1125 * @ingroup hcrypto_evp 1126 */ 1127 1128 const EVP_CIPHER * 1129 EVP_des_ede3_cbc(void) 1130 { 1131 hcrypto_validate(); 1132 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, des_ede3_cbc); 1133 } 1134 1135 /** 1136 * The AES-128 cipher type 1137 * 1138 * @return the AES-128 EVP_CIPHER pointer. 1139 * 1140 * @ingroup hcrypto_evp 1141 */ 1142 1143 const EVP_CIPHER * 1144 EVP_aes_128_cbc(void) 1145 { 1146 hcrypto_validate(); 1147 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_128_cbc); 1148 } 1149 1150 /** 1151 * The AES-192 cipher type 1152 * 1153 * @return the AES-192 EVP_CIPHER pointer. 1154 * 1155 * @ingroup hcrypto_evp 1156 */ 1157 1158 const EVP_CIPHER * 1159 EVP_aes_192_cbc(void) 1160 { 1161 hcrypto_validate(); 1162 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_192_cbc); 1163 } 1164 1165 /** 1166 * The AES-256 cipher type 1167 * 1168 * @return the AES-256 EVP_CIPHER pointer. 1169 * 1170 * @ingroup hcrypto_evp 1171 */ 1172 1173 const EVP_CIPHER * 1174 EVP_aes_256_cbc(void) 1175 { 1176 hcrypto_validate(); 1177 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_256_cbc); 1178 } 1179 1180 /** 1181 * The AES-128 cipher type 1182 * 1183 * @return the AES-128 EVP_CIPHER pointer. 1184 * 1185 * @ingroup hcrypto_evp 1186 */ 1187 1188 const EVP_CIPHER * 1189 EVP_aes_128_cfb8(void) 1190 { 1191 hcrypto_validate(); 1192 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_128_cfb8); 1193 } 1194 1195 /** 1196 * The AES-192 cipher type 1197 * 1198 * @return the AES-192 EVP_CIPHER pointer. 1199 * 1200 * @ingroup hcrypto_evp 1201 */ 1202 1203 const EVP_CIPHER * 1204 EVP_aes_192_cfb8(void) 1205 { 1206 hcrypto_validate(); 1207 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_192_cfb8); 1208 } 1209 1210 /** 1211 * The AES-256 cipher type 1212 * 1213 * @return the AES-256 EVP_CIPHER pointer. 1214 * 1215 * @ingroup hcrypto_evp 1216 */ 1217 1218 const EVP_CIPHER * 1219 EVP_aes_256_cfb8(void) 1220 { 1221 hcrypto_validate(); 1222 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_256_cfb8); 1223 } 1224 1225 /** 1226 * The Camellia-128 cipher type 1227 * 1228 * @return the Camellia-128 EVP_CIPHER pointer. 1229 * 1230 * @ingroup hcrypto_evp 1231 */ 1232 1233 const EVP_CIPHER * 1234 EVP_camellia_128_cbc(void) 1235 { 1236 hcrypto_validate(); 1237 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, camellia_128_cbc); 1238 } 1239 1240 /** 1241 * The Camellia-198 cipher type 1242 * 1243 * @return the Camellia-198 EVP_CIPHER pointer. 1244 * 1245 * @ingroup hcrypto_evp 1246 */ 1247 1248 const EVP_CIPHER * 1249 EVP_camellia_192_cbc(void) 1250 { 1251 hcrypto_validate(); 1252 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, camellia_192_cbc); 1253 } 1254 1255 /** 1256 * The Camellia-256 cipher type 1257 * 1258 * @return the Camellia-256 EVP_CIPHER pointer. 1259 * 1260 * @ingroup hcrypto_evp 1261 */ 1262 1263 const EVP_CIPHER * 1264 EVP_camellia_256_cbc(void) 1265 { 1266 hcrypto_validate(); 1267 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, camellia_256_cbc); 1268 } 1269 1270 /* 1271 * 1272 */ 1273 1274 static const struct cipher_name { 1275 const char *name; 1276 const EVP_CIPHER *(*func)(void); 1277 } cipher_name[] = { 1278 { "des-ede3-cbc", EVP_des_ede3_cbc }, 1279 { "aes-128-cbc", EVP_aes_128_cbc }, 1280 { "aes-192-cbc", EVP_aes_192_cbc }, 1281 { "aes-256-cbc", EVP_aes_256_cbc }, 1282 { "aes-128-cfb8", EVP_aes_128_cfb8 }, 1283 { "aes-192-cfb8", EVP_aes_192_cfb8 }, 1284 { "aes-256-cfb8", EVP_aes_256_cfb8 }, 1285 { "camellia-128-cbc", EVP_camellia_128_cbc }, 1286 { "camellia-192-cbc", EVP_camellia_192_cbc }, 1287 { "camellia-256-cbc", EVP_camellia_256_cbc } 1288 }; 1289 1290 /** 1291 * Get the cipher type using their name. 1292 * 1293 * @param name the name of the cipher. 1294 * 1295 * @return the selected EVP_CIPHER pointer or NULL if not found. 1296 * 1297 * @ingroup hcrypto_evp 1298 */ 1299 1300 const EVP_CIPHER * 1301 EVP_get_cipherbyname(const char *name) 1302 { 1303 int i; 1304 for (i = 0; i < sizeof(cipher_name)/sizeof(cipher_name[0]); i++) { 1305 if (strcasecmp(cipher_name[i].name, name) == 0) 1306 return (*cipher_name[i].func)(); 1307 } 1308 return NULL; 1309 } 1310 1311 1312 /* 1313 * 1314 */ 1315 1316 #ifndef min 1317 #define min(a,b) (((a)>(b))?(b):(a)) 1318 #endif 1319 1320 /** 1321 * Provides a legancy string to key function, used in PEM files. 1322 * 1323 * New protocols should use new string to key functions like NIST 1324 * SP56-800A or PKCS#5 v2.0 (see PKCS5_PBKDF2_HMAC_SHA1()). 1325 * 1326 * @param type type of cipher to use 1327 * @param md message digest to use 1328 * @param salt salt salt string, should be an binary 8 byte buffer. 1329 * @param data the password/input key string. 1330 * @param datalen length of data parameter. 1331 * @param count iteration counter. 1332 * @param keydata output keydata, needs to of the size EVP_CIPHER_key_length(). 1333 * @param ivdata output ivdata, needs to of the size EVP_CIPHER_block_size(). 1334 * 1335 * @return the size of derived key. 1336 * 1337 * @ingroup hcrypto_evp 1338 */ 1339 1340 int 1341 EVP_BytesToKey(const EVP_CIPHER *type, 1342 const EVP_MD *md, 1343 const void *salt, 1344 const void *data, size_t datalen, 1345 unsigned int count, 1346 void *keydata, 1347 void *ivdata) 1348 { 1349 unsigned int ivlen, keylen; 1350 int first = 0; 1351 unsigned int mds = 0, i; 1352 unsigned char *key = keydata; 1353 unsigned char *iv = ivdata; 1354 unsigned char *buf; 1355 EVP_MD_CTX c; 1356 1357 keylen = EVP_CIPHER_key_length(type); 1358 ivlen = EVP_CIPHER_iv_length(type); 1359 1360 if (data == NULL) 1361 return keylen; 1362 1363 buf = malloc(EVP_MD_size(md)); 1364 if (buf == NULL) 1365 return -1; 1366 1367 EVP_MD_CTX_init(&c); 1368 1369 first = 1; 1370 while (1) { 1371 EVP_DigestInit_ex(&c, md, NULL); 1372 if (!first) 1373 EVP_DigestUpdate(&c, buf, mds); 1374 first = 0; 1375 EVP_DigestUpdate(&c,data,datalen); 1376 1377 #define PKCS5_SALT_LEN 8 1378 1379 if (salt) 1380 EVP_DigestUpdate(&c, salt, PKCS5_SALT_LEN); 1381 1382 EVP_DigestFinal_ex(&c, buf, &mds); 1383 assert(mds == EVP_MD_size(md)); 1384 1385 for (i = 1; i < count; i++) { 1386 EVP_DigestInit_ex(&c, md, NULL); 1387 EVP_DigestUpdate(&c, buf, mds); 1388 EVP_DigestFinal_ex(&c, buf, &mds); 1389 assert(mds == EVP_MD_size(md)); 1390 } 1391 1392 i = 0; 1393 if (keylen) { 1394 size_t sz = min(keylen, mds); 1395 if (key) { 1396 memcpy(key, buf, sz); 1397 key += sz; 1398 } 1399 keylen -= sz; 1400 i += sz; 1401 } 1402 if (ivlen && mds > i) { 1403 size_t sz = min(ivlen, (mds - i)); 1404 if (iv) { 1405 memcpy(iv, &buf[i], sz); 1406 iv += sz; 1407 } 1408 ivlen -= sz; 1409 } 1410 if (keylen == 0 && ivlen == 0) 1411 break; 1412 } 1413 1414 EVP_MD_CTX_cleanup(&c); 1415 free(buf); 1416 1417 return EVP_CIPHER_key_length(type); 1418 } 1419 1420 /** 1421 * Generate a random key for the specificed EVP_CIPHER. 1422 * 1423 * @param ctx EVP_CIPHER_CTX type to build the key for. 1424 * @param key return key, must be at least EVP_CIPHER_key_length() byte long. 1425 * 1426 * @return 1 for success, 0 for failure. 1427 * 1428 * @ingroup hcrypto_core 1429 */ 1430 1431 int 1432 EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, void *key) 1433 { 1434 if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) 1435 return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key); 1436 if (RAND_bytes(key, ctx->key_len) != 1) 1437 return 0; 1438 return 1; 1439 } 1440 1441 /** 1442 * Perform a operation on a ctx 1443 * 1444 * @param ctx context to perform operation on. 1445 * @param type type of operation. 1446 * @param arg argument to operation. 1447 * @param data addition data to operation. 1448 1449 * @return 1 for success, 0 for failure. 1450 * 1451 * @ingroup hcrypto_core 1452 */ 1453 1454 int 1455 EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *data) 1456 { 1457 if (ctx->cipher == NULL || ctx->cipher->ctrl == NULL) 1458 return 0; 1459 return (*ctx->cipher->ctrl)(ctx, type, arg, data); 1460 } 1461 1462 /** 1463 * Add all algorithms to the crypto core. 1464 * 1465 * @ingroup hcrypto_core 1466 */ 1467 1468 void 1469 OpenSSL_add_all_algorithms(void) 1470 { 1471 return; 1472 } 1473 1474 /** 1475 * Add all algorithms to the crypto core using configuration file. 1476 * 1477 * @ingroup hcrypto_core 1478 */ 1479 1480 void 1481 OpenSSL_add_all_algorithms_conf(void) 1482 { 1483 return; 1484 } 1485 1486 /** 1487 * Add all algorithms to the crypto core, but don't use the 1488 * configuration file. 1489 * 1490 * @ingroup hcrypto_core 1491 */ 1492 1493 void 1494 OpenSSL_add_all_algorithms_noconf(void) 1495 { 1496 return; 1497 } 1498