xref: /netbsd-src/crypto/external/bsd/openssl/dist/include/internal/passphrase.h (revision b0d1725196a7921d003d2c66a14f186abda4176b) 
1*b0d17251Schristos /*
2*b0d17251Schristos  * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
3*b0d17251Schristos  *
4*b0d17251Schristos  * Licensed under the Apache License 2.0 (the "License").  You may not use
5*b0d17251Schristos  * this file except in compliance with the License.  You can obtain a copy
6*b0d17251Schristos  * in the file LICENSE in the source distribution or at
7*b0d17251Schristos  * https://www.openssl.org/source/license.html
8*b0d17251Schristos  */
9*b0d17251Schristos 
10*b0d17251Schristos #ifndef OSSL_INTERNAL_PASSPHRASE_H
11*b0d17251Schristos # define OSSL_INTERNAL_PASSPHRASE_H
12*b0d17251Schristos # pragma once
13*b0d17251Schristos 
14*b0d17251Schristos /*
15*b0d17251Schristos  * This is a passphrase reader bridge with bells and whistles.
16*b0d17251Schristos  *
17*b0d17251Schristos  * On one hand, an API may wish to offer all sorts of passphrase callback
18*b0d17251Schristos  * possibilities to users, or may have to do so for historical reasons.
19*b0d17251Schristos  * On the other hand, that same API may have demands from other interfaces,
20*b0d17251Schristos  * notably from the libcrypto <-> provider interface, which uses
21*b0d17251Schristos  * OSSL_PASSPHRASE_CALLBACK consistently.
22*b0d17251Schristos  *
23*b0d17251Schristos  * The structure and functions below are the fundaments for bridging one
24*b0d17251Schristos  * passphrase callback form to another.
25*b0d17251Schristos  *
26*b0d17251Schristos  * In addition, extra features are included (this may be a growing list):
27*b0d17251Schristos  *
28*b0d17251Schristos  * -   password caching.  This is to be used by APIs where it's likely
29*b0d17251Schristos  *     that the same passphrase may be asked for more than once, but the
30*b0d17251Schristos  *     user shouldn't get prompted more than once.  For example, this is
31*b0d17251Schristos  *     useful for OSSL_DECODER, which may have to use a passphrase while
32*b0d17251Schristos  *     trying to find out what input it has.
33*b0d17251Schristos  */
34*b0d17251Schristos 
35*b0d17251Schristos /*
36*b0d17251Schristos  * Structure to hold whatever the calling user may specify.  This structure
37*b0d17251Schristos  * is intended to be integrated into API specific structures or to be used
38*b0d17251Schristos  * as a local on-stack variable type.  Therefore, no functions to allocate
39*b0d17251Schristos  * or freed it on the heap is offered.
40*b0d17251Schristos  */
41*b0d17251Schristos struct ossl_passphrase_data_st {
42*b0d17251Schristos     enum {
43*b0d17251Schristos         is_expl_passphrase = 1, /* Explicit passphrase given by user */
44*b0d17251Schristos         is_pem_password,        /* pem_password_cb given by user */
45*b0d17251Schristos         is_ossl_passphrase,     /* OSSL_PASSPHRASE_CALLBACK given by user */
46*b0d17251Schristos         is_ui_method            /* UI_METHOD given by user */
47*b0d17251Schristos     } type;
48*b0d17251Schristos     union {
49*b0d17251Schristos         struct {
50*b0d17251Schristos             char *passphrase_copy;
51*b0d17251Schristos             size_t passphrase_len;
52*b0d17251Schristos         } expl_passphrase;
53*b0d17251Schristos 
54*b0d17251Schristos         struct {
55*b0d17251Schristos             pem_password_cb *password_cb;
56*b0d17251Schristos             void *password_cbarg;
57*b0d17251Schristos         } pem_password;
58*b0d17251Schristos 
59*b0d17251Schristos         struct {
60*b0d17251Schristos             OSSL_PASSPHRASE_CALLBACK *passphrase_cb;
61*b0d17251Schristos             void *passphrase_cbarg;
62*b0d17251Schristos         } ossl_passphrase;
63*b0d17251Schristos 
64*b0d17251Schristos         struct {
65*b0d17251Schristos             const UI_METHOD *ui_method;
66*b0d17251Schristos             void *ui_method_data;
67*b0d17251Schristos         } ui_method;
68*b0d17251Schristos     } _;
69*b0d17251Schristos 
70*b0d17251Schristos     /*-
71*b0d17251Schristos      * Flags section
72*b0d17251Schristos      */
73*b0d17251Schristos 
74*b0d17251Schristos     /* Set to indicate that caching should be done */
75*b0d17251Schristos     unsigned int flag_cache_passphrase:1;
76*b0d17251Schristos 
77*b0d17251Schristos     /*-
78*b0d17251Schristos      * Misc section: caches and other
79*b0d17251Schristos      */
80*b0d17251Schristos 
81*b0d17251Schristos     char *cached_passphrase;
82*b0d17251Schristos     size_t cached_passphrase_len;
83*b0d17251Schristos };
84*b0d17251Schristos 
85*b0d17251Schristos /* Structure manipulation */
86*b0d17251Schristos 
87*b0d17251Schristos void ossl_pw_clear_passphrase_data(struct ossl_passphrase_data_st *data);
88*b0d17251Schristos void ossl_pw_clear_passphrase_cache(struct ossl_passphrase_data_st *data);
89*b0d17251Schristos 
90*b0d17251Schristos int ossl_pw_set_passphrase(struct ossl_passphrase_data_st *data,
91*b0d17251Schristos                            const unsigned char *passphrase,
92*b0d17251Schristos                            size_t passphrase_len);
93*b0d17251Schristos int ossl_pw_set_pem_password_cb(struct ossl_passphrase_data_st *data,
94*b0d17251Schristos                                 pem_password_cb *cb, void *cbarg);
95*b0d17251Schristos int ossl_pw_set_ossl_passphrase_cb(struct ossl_passphrase_data_st *data,
96*b0d17251Schristos                                    OSSL_PASSPHRASE_CALLBACK *cb, void *cbarg);
97*b0d17251Schristos int ossl_pw_set_ui_method(struct ossl_passphrase_data_st *data,
98*b0d17251Schristos                           const UI_METHOD *ui_method, void *ui_data);
99*b0d17251Schristos 
100*b0d17251Schristos int ossl_pw_enable_passphrase_caching(struct ossl_passphrase_data_st *data);
101*b0d17251Schristos int ossl_pw_disable_passphrase_caching(struct ossl_passphrase_data_st *data);
102*b0d17251Schristos 
103*b0d17251Schristos /* Central function for direct calls */
104*b0d17251Schristos 
105*b0d17251Schristos int ossl_pw_get_passphrase(char *pass, size_t pass_size, size_t *pass_len,
106*b0d17251Schristos                            const OSSL_PARAM params[], int verify,
107*b0d17251Schristos                            struct ossl_passphrase_data_st *data);
108*b0d17251Schristos 
109*b0d17251Schristos /* Callback functions */
110*b0d17251Schristos 
111*b0d17251Schristos /*
112*b0d17251Schristos  * All of these callback expect that the callback argument is a
113*b0d17251Schristos  * struct ossl_passphrase_data_st
114*b0d17251Schristos  */
115*b0d17251Schristos 
116*b0d17251Schristos pem_password_cb ossl_pw_pem_password;
117*b0d17251Schristos pem_password_cb ossl_pw_pvk_password;
118*b0d17251Schristos /* One callback for encoding (verification prompt) and one for decoding */
119*b0d17251Schristos OSSL_PASSPHRASE_CALLBACK ossl_pw_passphrase_callback_enc;
120*b0d17251Schristos OSSL_PASSPHRASE_CALLBACK ossl_pw_passphrase_callback_dec;
121*b0d17251Schristos 
122*b0d17251Schristos #endif
123