1 /* $NetBSD: evp.c,v 1.3 2023/06/19 21:41:43 christos Exp $ */ 2 3 /* 4 * Copyright (c) 2006 - 2016 Kungliga Tekniska Högskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #ifdef HAVE_CONFIG_H 37 #include <config.h> 38 #endif 39 #include <krb5/roken.h> 40 41 #define HC_DEPRECATED 42 #define HC_DEPRECATED_CRYPTO 43 44 #include <assert.h> 45 46 #include <evp.h> 47 #include <evp-hcrypto.h> 48 #include <evp-cc.h> 49 #if defined(_WIN32) 50 #include <evp-w32.h> 51 #endif 52 #include <evp-pkcs11.h> 53 #include <evp-openssl.h> 54 55 #include <krb5/krb5-types.h> 56 57 #ifndef HCRYPTO_DEF_PROVIDER 58 # ifdef __APPLE__ 59 # define HCRYPTO_DEF_PROVIDER cc 60 # elif __sun 61 # define HCRYPTO_DEF_PROVIDER pkcs11_hcrypto 62 # elif HAVE_HCRYPTO_W_OPENSSL 63 # define HCRYPTO_DEF_PROVIDER ossl 64 # else 65 # define HCRYPTO_DEF_PROVIDER hcrypto 66 # endif 67 #endif 68 69 #define HC_CONCAT4(x,y,z,aa) x ## y ## z ## aa 70 71 72 #define EVP_DEF_OP(_prov,_op) HC_CONCAT4(EVP_,_prov,_,_op)() 73 74 /** 75 * @page page_evp EVP - generic crypto interface 76 * 77 * See the library functions here: @ref hcrypto_evp 78 * 79 * @section evp_cipher EVP Cipher 80 * 81 * The use of EVP_CipherInit_ex() and EVP_Cipher() is pretty easy to 82 * understand forward, then EVP_CipherUpdate() and 83 * EVP_CipherFinal_ex() really needs an example to explain @ref 84 * example_evp_cipher.c . 85 * 86 * @example example_evp_cipher.c 87 * 88 * This is an example how to use EVP_CipherInit_ex(), 89 * EVP_CipherUpdate() and EVP_CipherFinal_ex(). 90 */ 91 92 struct hc_EVP_MD_CTX { 93 const EVP_MD *md; 94 ENGINE *engine; 95 void *ptr; 96 }; 97 98 99 /** 100 * Return the output size of the message digest function. 101 * 102 * @param md the evp message 103 * 104 * @return size output size of the message digest function. 105 * 106 * @ingroup hcrypto_evp 107 */ 108 109 size_t 110 EVP_MD_size(const EVP_MD *md) 111 { 112 return md->hash_size; 113 } 114 115 /** 116 * Return the blocksize of the message digest function. 117 * 118 * @param md the evp message 119 * 120 * @return size size of the message digest block size 121 * 122 * @ingroup hcrypto_evp 123 */ 124 125 size_t 126 EVP_MD_block_size(const EVP_MD *md) 127 { 128 return md->block_size; 129 } 130 131 /** 132 * Allocate a messsage digest context object. Free with 133 * EVP_MD_CTX_destroy(). 134 * 135 * @return a newly allocated message digest context object. 136 * 137 * @ingroup hcrypto_evp 138 */ 139 140 EVP_MD_CTX * 141 EVP_MD_CTX_create(void) 142 { 143 return calloc(1, sizeof(EVP_MD_CTX)); 144 } 145 146 /** 147 * Initiate a messsage digest context object. Deallocate with 148 * EVP_MD_CTX_cleanup(). Please use EVP_MD_CTX_create() instead. 149 * 150 * @param ctx variable to initiate. 151 * 152 * @ingroup hcrypto_evp 153 */ 154 155 void 156 EVP_MD_CTX_init(EVP_MD_CTX *ctx) HC_DEPRECATED 157 { 158 memset(ctx, 0, sizeof(*ctx)); 159 } 160 161 /** 162 * Free a messsage digest context object. 163 * 164 * @param ctx context to free. 165 * 166 * @ingroup hcrypto_evp 167 */ 168 169 void 170 EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) 171 { 172 EVP_MD_CTX_cleanup(ctx); 173 free(ctx); 174 } 175 176 /** 177 * Free the resources used by the EVP_MD context. 178 * 179 * @param ctx the context to free the resources from. 180 * 181 * @return 1 on success. 182 * 183 * @ingroup hcrypto_evp 184 */ 185 186 int 187 EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) HC_DEPRECATED 188 { 189 if (ctx->md && ctx->md->cleanup) { 190 int ret = (ctx->md->cleanup)(ctx->ptr); 191 if (!ret) 192 return ret; 193 } else if (ctx->md) { 194 memset(ctx->ptr, 0, ctx->md->ctx_size); 195 } 196 ctx->md = NULL; 197 ctx->engine = NULL; 198 free(ctx->ptr); 199 memset(ctx, 0, sizeof(*ctx)); 200 return 1; 201 } 202 203 /** 204 * Get the EVP_MD use for a specified context. 205 * 206 * @param ctx the EVP_MD context to get the EVP_MD for. 207 * 208 * @return the EVP_MD used for the context. 209 * 210 * @ingroup hcrypto_evp 211 */ 212 213 const EVP_MD * 214 EVP_MD_CTX_md(EVP_MD_CTX *ctx) 215 { 216 return ctx->md; 217 } 218 219 /** 220 * Return the output size of the message digest function. 221 * 222 * @param ctx the evp message digest context 223 * 224 * @return size output size of the message digest function. 225 * 226 * @ingroup hcrypto_evp 227 */ 228 229 size_t 230 EVP_MD_CTX_size(EVP_MD_CTX *ctx) 231 { 232 return EVP_MD_size(ctx->md); 233 } 234 235 /** 236 * Return the blocksize of the message digest function. 237 * 238 * @param ctx the evp message digest context 239 * 240 * @return size size of the message digest block size 241 * 242 * @ingroup hcrypto_evp 243 */ 244 245 size_t 246 EVP_MD_CTX_block_size(EVP_MD_CTX *ctx) 247 { 248 return EVP_MD_block_size(ctx->md); 249 } 250 251 /** 252 * Init a EVP_MD_CTX for use a specific message digest and engine. 253 * 254 * @param ctx the message digest context to init. 255 * @param md the message digest to use. 256 * @param engine the engine to use, NULL to use the default engine. 257 * 258 * @return 1 on success. 259 * 260 * @ingroup hcrypto_evp 261 */ 262 263 int 264 EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *md, ENGINE *engine) 265 { 266 if (ctx->md != md || ctx->engine != engine) { 267 EVP_MD_CTX_cleanup(ctx); 268 ctx->md = md; 269 ctx->engine = engine; 270 if (md == NULL) 271 return 0; 272 273 ctx->ptr = calloc(1, md->ctx_size); 274 if (ctx->ptr == NULL) 275 return 0; 276 } 277 if (ctx->md == 0) 278 return 0; 279 return (ctx->md->init)(ctx->ptr); 280 } 281 282 /** 283 * Update the digest with some data. 284 * 285 * @param ctx the context to update 286 * @param data the data to update the context with 287 * @param size length of data 288 * 289 * @return 1 on success. 290 * 291 * @ingroup hcrypto_evp 292 */ 293 294 int 295 EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t size) 296 { 297 (ctx->md->update)(ctx->ptr, data, size); 298 return 1; 299 } 300 301 /** 302 * Complete the message digest. 303 * 304 * @param ctx the context to complete. 305 * @param hash the output of the message digest function. At least 306 * EVP_MD_size(). 307 * @param size the output size of hash. 308 * 309 * @return 1 on success. 310 * 311 * @ingroup hcrypto_evp 312 */ 313 314 int 315 EVP_DigestFinal_ex(EVP_MD_CTX *ctx, void *hash, unsigned int *size) 316 { 317 (ctx->md->final)(hash, ctx->ptr); 318 if (size) 319 *size = ctx->md->hash_size; 320 return 1; 321 } 322 323 /** 324 * Do the whole EVP_MD_CTX_create(), EVP_DigestInit_ex(), 325 * EVP_DigestUpdate(), EVP_DigestFinal_ex(), EVP_MD_CTX_destroy() 326 * dance in one call. 327 * 328 * @param data the data to update the context with 329 * @param dsize length of data 330 * @param hash output data of at least EVP_MD_size() length. 331 * @param hsize output length of hash. 332 * @param md message digest to use 333 * @param engine engine to use, NULL for default engine. 334 * 335 * @return 1 on success. 336 * 337 * @ingroup hcrypto_evp 338 */ 339 340 int 341 EVP_Digest(const void *data, size_t dsize, void *hash, unsigned int *hsize, 342 const EVP_MD *md, ENGINE *engine) 343 { 344 EVP_MD_CTX *ctx; 345 int ret; 346 347 ctx = EVP_MD_CTX_create(); 348 if (ctx == NULL) 349 return 0; 350 ret = EVP_DigestInit_ex(ctx, md, engine); 351 if (ret != 1) { 352 EVP_MD_CTX_destroy(ctx); 353 return ret; 354 } 355 ret = EVP_DigestUpdate(ctx, data, dsize); 356 if (ret != 1) { 357 EVP_MD_CTX_destroy(ctx); 358 return ret; 359 } 360 ret = EVP_DigestFinal_ex(ctx, hash, hsize); 361 EVP_MD_CTX_destroy(ctx); 362 return ret; 363 } 364 365 /** 366 * The message digest SHA256 367 * 368 * @return the message digest type. 369 * 370 * @ingroup hcrypto_evp 371 */ 372 373 const EVP_MD * 374 EVP_sha256(void) 375 { 376 hcrypto_validate(); 377 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, sha256); 378 } 379 380 /** 381 * The message digest SHA384 382 * 383 * @return the message digest type. 384 * 385 * @ingroup hcrypto_evp 386 */ 387 388 const EVP_MD * 389 EVP_sha384(void) 390 { 391 hcrypto_validate(); 392 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, sha384); 393 } 394 395 /** 396 * The message digest SHA512 397 * 398 * @return the message digest type. 399 * 400 * @ingroup hcrypto_evp 401 */ 402 403 const EVP_MD * 404 EVP_sha512(void) 405 { 406 hcrypto_validate(); 407 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, sha512); 408 } 409 410 /** 411 * The message digest SHA1 412 * 413 * @return the message digest type. 414 * 415 * @ingroup hcrypto_evp 416 */ 417 418 const EVP_MD * 419 EVP_sha1(void) 420 { 421 hcrypto_validate(); 422 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, sha1); 423 } 424 425 /** 426 * The message digest SHA1 427 * 428 * @return the message digest type. 429 * 430 * @ingroup hcrypto_evp 431 */ 432 433 const EVP_MD * 434 EVP_sha(void) HC_DEPRECATED 435 436 { 437 hcrypto_validate(); 438 return EVP_sha1(); 439 } 440 441 /** 442 * The message digest MD5 443 * 444 * @return the message digest type. 445 * 446 * @ingroup hcrypto_evp 447 */ 448 449 const EVP_MD * 450 EVP_md5(void) HC_DEPRECATED_CRYPTO 451 { 452 hcrypto_validate(); 453 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, md5); 454 } 455 456 /** 457 * The message digest MD4 458 * 459 * @return the message digest type. 460 * 461 * @ingroup hcrypto_evp 462 */ 463 464 const EVP_MD * 465 EVP_md4(void) HC_DEPRECATED_CRYPTO 466 { 467 hcrypto_validate(); 468 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, md4); 469 } 470 471 /* 472 * 473 */ 474 475 static int 476 null_Init (void *m) 477 { 478 return -1; 479 } 480 static int 481 null_Update (void *m, const void * data, size_t size) 482 { 483 return -1; 484 } 485 static int 486 null_Final(void *res, void *m) 487 { 488 return -1; 489 } 490 491 /** 492 * The null message digest 493 * 494 * @return the message digest type. 495 * 496 * @ingroup hcrypto_evp 497 */ 498 499 const EVP_MD * 500 EVP_md_null(void) 501 { 502 static const struct hc_evp_md null = { 503 0, 504 0, 505 0, 506 (hc_evp_md_init)null_Init, 507 (hc_evp_md_update)null_Update, 508 (hc_evp_md_final)null_Final, 509 NULL 510 }; 511 return &null; 512 } 513 514 /** 515 * Return the block size of the cipher. 516 * 517 * @param c cipher to get the block size from. 518 * 519 * @return the block size of the cipher. 520 * 521 * @ingroup hcrypto_evp 522 */ 523 524 size_t 525 EVP_CIPHER_block_size(const EVP_CIPHER *c) 526 { 527 return c->block_size; 528 } 529 530 /** 531 * Return the key size of the cipher. 532 * 533 * @param c cipher to get the key size from. 534 * 535 * @return the key size of the cipher. 536 * 537 * @ingroup hcrypto_evp 538 */ 539 540 size_t 541 EVP_CIPHER_key_length(const EVP_CIPHER *c) 542 { 543 return c->key_len; 544 } 545 546 /** 547 * Return the IV size of the cipher. 548 * 549 * @param c cipher to get the IV size from. 550 * 551 * @return the IV size of the cipher. 552 * 553 * @ingroup hcrypto_evp 554 */ 555 556 size_t 557 EVP_CIPHER_iv_length(const EVP_CIPHER *c) 558 { 559 return c->iv_len; 560 } 561 562 /** 563 * Initiate a EVP_CIPHER_CTX context. Clean up with 564 * EVP_CIPHER_CTX_cleanup(). 565 * 566 * @param c the cipher initiate. 567 * 568 * @ingroup hcrypto_evp 569 */ 570 571 void 572 EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *c) 573 { 574 memset(c, 0, sizeof(*c)); 575 } 576 577 /** 578 * Clean up the EVP_CIPHER_CTX context. 579 * 580 * @param c the cipher to clean up. 581 * 582 * @return 1 on success. 583 * 584 * @ingroup hcrypto_evp 585 */ 586 587 int 588 EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) 589 { 590 if (c->cipher && c->cipher->cleanup) { 591 int ret = c->cipher->cleanup(c); 592 if (!ret) 593 return ret; 594 } 595 if (c->cipher_data) { 596 if (c->cipher) 597 memset(c->cipher_data, 0, c->cipher->ctx_size); 598 free(c->cipher_data); 599 c->cipher_data = NULL; 600 } 601 return 1; 602 } 603 604 /** 605 * If the cipher type supports it, change the key length 606 * 607 * @param c the cipher context to change the key length for 608 * @param length new key length 609 * 610 * @return 1 on success. 611 * 612 * @ingroup hcrypto_evp 613 */ 614 615 int 616 EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int length) 617 { 618 if ((c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH) && length > 0) { 619 c->key_len = length; 620 return 1; 621 } 622 return 0; 623 } 624 625 #if 0 626 int 627 EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad) 628 { 629 return 0; 630 } 631 #endif 632 633 /** 634 * Return the EVP_CIPHER for a EVP_CIPHER_CTX context. 635 * 636 * @param ctx the context to get the cipher type from. 637 * 638 * @return the EVP_CIPHER pointer. 639 * 640 * @ingroup hcrypto_evp 641 */ 642 643 const EVP_CIPHER * 644 EVP_CIPHER_CTX_cipher(EVP_CIPHER_CTX *ctx) 645 { 646 return ctx->cipher; 647 } 648 649 /** 650 * Return the block size of the cipher context. 651 * 652 * @param ctx cipher context to get the block size from. 653 * 654 * @return the block size of the cipher context. 655 * 656 * @ingroup hcrypto_evp 657 */ 658 659 size_t 660 EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) 661 { 662 return EVP_CIPHER_block_size(ctx->cipher); 663 } 664 665 /** 666 * Return the key size of the cipher context. 667 * 668 * @param ctx cipher context to get the key size from. 669 * 670 * @return the key size of the cipher context. 671 * 672 * @ingroup hcrypto_evp 673 */ 674 675 size_t 676 EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) 677 { 678 return EVP_CIPHER_key_length(ctx->cipher); 679 } 680 681 /** 682 * Return the IV size of the cipher context. 683 * 684 * @param ctx cipher context to get the IV size from. 685 * 686 * @return the IV size of the cipher context. 687 * 688 * @ingroup hcrypto_evp 689 */ 690 691 size_t 692 EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) 693 { 694 return EVP_CIPHER_iv_length(ctx->cipher); 695 } 696 697 /** 698 * Get the flags for an EVP_CIPHER_CTX context. 699 * 700 * @param ctx the EVP_CIPHER_CTX to get the flags from 701 * 702 * @return the flags for an EVP_CIPHER_CTX. 703 * 704 * @ingroup hcrypto_evp 705 */ 706 707 unsigned long 708 EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx) 709 { 710 return ctx->cipher->flags; 711 } 712 713 /** 714 * Get the mode for an EVP_CIPHER_CTX context. 715 * 716 * @param ctx the EVP_CIPHER_CTX to get the mode from 717 * 718 * @return the mode for an EVP_CIPHER_CTX. 719 * 720 * @ingroup hcrypto_evp 721 */ 722 723 int 724 EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx) 725 { 726 return EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_MODE; 727 } 728 729 /** 730 * Get the app data for an EVP_CIPHER_CTX context. 731 * 732 * @param ctx the EVP_CIPHER_CTX to get the app data from 733 * 734 * @return the app data for an EVP_CIPHER_CTX. 735 * 736 * @ingroup hcrypto_evp 737 */ 738 739 void * 740 EVP_CIPHER_CTX_get_app_data(EVP_CIPHER_CTX *ctx) 741 { 742 return ctx->app_data; 743 } 744 745 /** 746 * Set the app data for an EVP_CIPHER_CTX context. 747 * 748 * @param ctx the EVP_CIPHER_CTX to set the app data for 749 * @param data the app data to set for an EVP_CIPHER_CTX. 750 * 751 * @ingroup hcrypto_evp 752 */ 753 754 void 755 EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data) 756 { 757 ctx->app_data = data; 758 } 759 760 /** 761 * Initiate the EVP_CIPHER_CTX context to encrypt or decrypt data. 762 * Clean up with EVP_CIPHER_CTX_cleanup(). 763 * 764 * @param ctx context to initiate 765 * @param c cipher to use. 766 * @param engine crypto engine to use, NULL to select default. 767 * @param key the crypto key to use, NULL will use the previous value. 768 * @param iv the IV to use, NULL will use the previous value. 769 * @param encp non zero will encrypt, -1 use the previous value. 770 * 771 * @return 1 on success. 772 * 773 * @ingroup hcrypto_evp 774 */ 775 776 int 777 EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *c, ENGINE *engine, 778 const void *key, const void *iv, int encp) 779 { 780 ctx->buf_len = 0; 781 782 if (encp == -1) 783 encp = ctx->encrypt; 784 else 785 ctx->encrypt = (encp ? 1 : 0); 786 787 if (c && (c != ctx->cipher)) { 788 EVP_CIPHER_CTX_cleanup(ctx); 789 ctx->cipher = c; 790 ctx->key_len = c->key_len; 791 792 ctx->cipher_data = calloc(1, c->ctx_size); 793 if (ctx->cipher_data == NULL && c->ctx_size != 0) 794 return 0; 795 796 /* assume block size is a multiple of 2 */ 797 ctx->block_mask = EVP_CIPHER_block_size(c) - 1; 798 799 if ((ctx->cipher->flags & EVP_CIPH_CTRL_INIT) && 800 !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) 801 return 0; 802 803 } else if (ctx->cipher == NULL) { 804 /* reuse of cipher, but not any cipher ever set! */ 805 return 0; 806 } 807 808 switch (EVP_CIPHER_CTX_mode(ctx)) { 809 case EVP_CIPH_CBC_MODE: 810 811 assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof(ctx->iv)); 812 813 if (iv) 814 memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); 815 memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); 816 break; 817 818 case EVP_CIPH_STREAM_CIPHER: 819 break; 820 case EVP_CIPH_CFB8_MODE: 821 if (iv) 822 memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx)); 823 break; 824 825 default: 826 return 0; 827 } 828 829 if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) 830 return ctx->cipher->init(ctx, key, iv, encp); 831 832 return 1; 833 } 834 835 /** 836 * Encipher/decipher partial data 837 * 838 * @param ctx the cipher context. 839 * @param out output data from the operation. 840 * @param outlen output length 841 * @param in input data to the operation. 842 * @param inlen length of data. 843 * 844 * The output buffer length should at least be EVP_CIPHER_block_size() 845 * byte longer then the input length. 846 * 847 * See @ref evp_cipher for an example how to use this function. 848 * 849 * @return 1 on success. 850 * 851 * @ingroup hcrypto_evp 852 */ 853 854 int 855 EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, void *out, int *outlen, 856 void *in, size_t inlen) 857 { 858 int ret, left, blocksize; 859 860 *outlen = 0; 861 862 /** 863 * If there in no spare bytes in the left from last Update and the 864 * input length is on the block boundery, the EVP_CipherUpdate() 865 * function can take a shortcut (and preformance gain) and 866 * directly encrypt the data, otherwise we hav to fix it up and 867 * store extra it the EVP_CIPHER_CTX. 868 */ 869 if (ctx->buf_len == 0 && (inlen & ctx->block_mask) == 0) { 870 ret = (*ctx->cipher->do_cipher)(ctx, out, in, inlen); 871 if (ret == 1) 872 *outlen = inlen; 873 else 874 *outlen = 0; 875 return ret; 876 } 877 878 879 blocksize = EVP_CIPHER_CTX_block_size(ctx); 880 left = blocksize - ctx->buf_len; 881 assert(left > 0); 882 883 if (ctx->buf_len) { 884 885 /* if total buffer is smaller then input, store locally */ 886 if (inlen < left) { 887 memcpy(ctx->buf + ctx->buf_len, in, inlen); 888 ctx->buf_len += inlen; 889 return 1; 890 } 891 892 /* fill in local buffer and encrypt */ 893 memcpy(ctx->buf + ctx->buf_len, in, left); 894 ret = (*ctx->cipher->do_cipher)(ctx, out, ctx->buf, blocksize); 895 memset(ctx->buf, 0, blocksize); 896 if (ret != 1) 897 return ret; 898 899 *outlen += blocksize; 900 inlen -= left; 901 in = ((unsigned char *)in) + left; 902 out = ((unsigned char *)out) + blocksize; 903 ctx->buf_len = 0; 904 } 905 906 if (inlen) { 907 ctx->buf_len = (inlen & ctx->block_mask); 908 inlen &= ~ctx->block_mask; 909 910 ret = (*ctx->cipher->do_cipher)(ctx, out, in, inlen); 911 if (ret != 1) 912 return ret; 913 914 *outlen += inlen; 915 916 in = ((unsigned char *)in) + inlen; 917 memcpy(ctx->buf, in, ctx->buf_len); 918 } 919 920 return 1; 921 } 922 923 /** 924 * Encipher/decipher final data 925 * 926 * @param ctx the cipher context. 927 * @param out output data from the operation. 928 * @param outlen output length 929 * 930 * The input length needs to be at least EVP_CIPHER_block_size() bytes 931 * long. 932 * 933 * See @ref evp_cipher for an example how to use this function. 934 * 935 * @return 1 on success. 936 * 937 * @ingroup hcrypto_evp 938 */ 939 940 int 941 EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, void *out, int *outlen) 942 { 943 *outlen = 0; 944 945 if (ctx->buf_len) { 946 int ret, left, blocksize; 947 948 blocksize = EVP_CIPHER_CTX_block_size(ctx); 949 950 left = blocksize - ctx->buf_len; 951 assert(left > 0); 952 953 /* zero fill local buffer */ 954 memset(ctx->buf + ctx->buf_len, 0, left); 955 ret = (*ctx->cipher->do_cipher)(ctx, out, ctx->buf, blocksize); 956 memset(ctx->buf, 0, blocksize); 957 if (ret != 1) 958 return ret; 959 960 *outlen += blocksize; 961 } 962 963 return 1; 964 } 965 966 /** 967 * Encipher/decipher data 968 * 969 * @param ctx the cipher context. 970 * @param out out data from the operation. 971 * @param in in data to the operation. 972 * @param size length of data. 973 * 974 * @return 1 on success. 975 */ 976 977 int 978 EVP_Cipher(EVP_CIPHER_CTX *ctx, void *out, const void *in,size_t size) 979 { 980 return ctx->cipher->do_cipher(ctx, out, in, size); 981 } 982 983 /* 984 * 985 */ 986 987 static int 988 enc_null_init(EVP_CIPHER_CTX *ctx, 989 const unsigned char * key, 990 const unsigned char * iv, 991 int encp) 992 { 993 return 1; 994 } 995 996 static int 997 enc_null_do_cipher(EVP_CIPHER_CTX *ctx, 998 unsigned char *out, 999 const unsigned char *in, 1000 unsigned int size) 1001 { 1002 memmove(out, in, size); 1003 return 1; 1004 } 1005 1006 static int 1007 enc_null_cleanup(EVP_CIPHER_CTX *ctx) 1008 { 1009 return 1; 1010 } 1011 1012 /** 1013 * The NULL cipher type, does no encryption/decryption. 1014 * 1015 * @return the null EVP_CIPHER pointer. 1016 * 1017 * @ingroup hcrypto_evp 1018 */ 1019 1020 const EVP_CIPHER * 1021 EVP_enc_null(void) 1022 { 1023 static const EVP_CIPHER enc_null = { 1024 0, 1025 0, 1026 0, 1027 0, 1028 EVP_CIPH_CBC_MODE, 1029 enc_null_init, 1030 enc_null_do_cipher, 1031 enc_null_cleanup, 1032 0, 1033 NULL, 1034 NULL, 1035 NULL, 1036 NULL 1037 }; 1038 return &enc_null; 1039 } 1040 1041 /** 1042 * The RC2 cipher type 1043 * 1044 * @return the RC2 EVP_CIPHER pointer. 1045 * 1046 * @ingroup hcrypto_evp 1047 */ 1048 1049 const EVP_CIPHER * 1050 EVP_rc2_cbc(void) 1051 { 1052 hcrypto_validate(); 1053 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc2_cbc); 1054 } 1055 1056 /** 1057 * The RC2 cipher type 1058 * 1059 * @return the RC2 EVP_CIPHER pointer. 1060 * 1061 * @ingroup hcrypto_evp 1062 */ 1063 1064 const EVP_CIPHER * 1065 EVP_rc2_40_cbc(void) 1066 { 1067 hcrypto_validate(); 1068 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc2_40_cbc); 1069 } 1070 1071 /** 1072 * The RC2 cipher type 1073 * 1074 * @return the RC2 EVP_CIPHER pointer. 1075 * 1076 * @ingroup hcrypto_evp 1077 */ 1078 1079 const EVP_CIPHER * 1080 EVP_rc2_64_cbc(void) 1081 { 1082 hcrypto_validate(); 1083 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc2_64_cbc); 1084 } 1085 1086 /** 1087 * The RC4 cipher type 1088 * 1089 * @return the RC4 EVP_CIPHER pointer. 1090 * 1091 * @ingroup hcrypto_evp 1092 */ 1093 1094 const EVP_CIPHER * 1095 EVP_rc4(void) 1096 { 1097 hcrypto_validate(); 1098 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc4); 1099 } 1100 1101 /** 1102 * The RC4-40 cipher type 1103 * 1104 * @return the RC4-40 EVP_CIPHER pointer. 1105 * 1106 * @ingroup hcrypto_evp 1107 */ 1108 1109 const EVP_CIPHER * 1110 EVP_rc4_40(void) 1111 { 1112 hcrypto_validate(); 1113 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc4_40); 1114 } 1115 1116 /** 1117 * The DES cipher type 1118 * 1119 * @return the DES-CBC EVP_CIPHER pointer. 1120 * 1121 * @ingroup hcrypto_evp 1122 */ 1123 1124 const EVP_CIPHER * 1125 EVP_des_cbc(void) 1126 { 1127 hcrypto_validate(); 1128 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, des_cbc); 1129 } 1130 1131 /** 1132 * The triple DES cipher type 1133 * 1134 * @return the DES-EDE3-CBC EVP_CIPHER pointer. 1135 * 1136 * @ingroup hcrypto_evp 1137 */ 1138 1139 const EVP_CIPHER * 1140 EVP_des_ede3_cbc(void) 1141 { 1142 hcrypto_validate(); 1143 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, des_ede3_cbc); 1144 } 1145 1146 /** 1147 * The AES-128 cipher type 1148 * 1149 * @return the AES-128 EVP_CIPHER pointer. 1150 * 1151 * @ingroup hcrypto_evp 1152 */ 1153 1154 const EVP_CIPHER * 1155 EVP_aes_128_cbc(void) 1156 { 1157 hcrypto_validate(); 1158 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_128_cbc); 1159 } 1160 1161 /** 1162 * The AES-192 cipher type 1163 * 1164 * @return the AES-192 EVP_CIPHER pointer. 1165 * 1166 * @ingroup hcrypto_evp 1167 */ 1168 1169 const EVP_CIPHER * 1170 EVP_aes_192_cbc(void) 1171 { 1172 hcrypto_validate(); 1173 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_192_cbc); 1174 } 1175 1176 /** 1177 * The AES-256 cipher type 1178 * 1179 * @return the AES-256 EVP_CIPHER pointer. 1180 * 1181 * @ingroup hcrypto_evp 1182 */ 1183 1184 const EVP_CIPHER * 1185 EVP_aes_256_cbc(void) 1186 { 1187 hcrypto_validate(); 1188 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_256_cbc); 1189 } 1190 1191 /** 1192 * The AES-128 cipher type 1193 * 1194 * @return the AES-128 EVP_CIPHER pointer. 1195 * 1196 * @ingroup hcrypto_evp 1197 */ 1198 1199 const EVP_CIPHER * 1200 EVP_aes_128_cfb8(void) 1201 { 1202 hcrypto_validate(); 1203 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_128_cfb8); 1204 } 1205 1206 /** 1207 * The AES-192 cipher type 1208 * 1209 * @return the AES-192 EVP_CIPHER pointer. 1210 * 1211 * @ingroup hcrypto_evp 1212 */ 1213 1214 const EVP_CIPHER * 1215 EVP_aes_192_cfb8(void) 1216 { 1217 hcrypto_validate(); 1218 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_192_cfb8); 1219 } 1220 1221 /** 1222 * The AES-256 cipher type 1223 * 1224 * @return the AES-256 EVP_CIPHER pointer. 1225 * 1226 * @ingroup hcrypto_evp 1227 */ 1228 1229 const EVP_CIPHER * 1230 EVP_aes_256_cfb8(void) 1231 { 1232 hcrypto_validate(); 1233 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_256_cfb8); 1234 } 1235 1236 /** 1237 * The Camellia-128 cipher type 1238 * 1239 * @return the Camellia-128 EVP_CIPHER pointer. 1240 * 1241 * @ingroup hcrypto_evp 1242 */ 1243 1244 const EVP_CIPHER * 1245 EVP_camellia_128_cbc(void) 1246 { 1247 hcrypto_validate(); 1248 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, camellia_128_cbc); 1249 } 1250 1251 /** 1252 * The Camellia-198 cipher type 1253 * 1254 * @return the Camellia-198 EVP_CIPHER pointer. 1255 * 1256 * @ingroup hcrypto_evp 1257 */ 1258 1259 const EVP_CIPHER * 1260 EVP_camellia_192_cbc(void) 1261 { 1262 hcrypto_validate(); 1263 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, camellia_192_cbc); 1264 } 1265 1266 /** 1267 * The Camellia-256 cipher type 1268 * 1269 * @return the Camellia-256 EVP_CIPHER pointer. 1270 * 1271 * @ingroup hcrypto_evp 1272 */ 1273 1274 const EVP_CIPHER * 1275 EVP_camellia_256_cbc(void) 1276 { 1277 hcrypto_validate(); 1278 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, camellia_256_cbc); 1279 } 1280 1281 /* 1282 * 1283 */ 1284 1285 static const struct cipher_name { 1286 const char *name; 1287 const EVP_CIPHER *(*func)(void); 1288 } cipher_name[] = { 1289 { "des-ede3-cbc", EVP_des_ede3_cbc }, 1290 { "aes-128-cbc", EVP_aes_128_cbc }, 1291 { "aes-192-cbc", EVP_aes_192_cbc }, 1292 { "aes-256-cbc", EVP_aes_256_cbc }, 1293 { "aes-128-cfb8", EVP_aes_128_cfb8 }, 1294 { "aes-192-cfb8", EVP_aes_192_cfb8 }, 1295 { "aes-256-cfb8", EVP_aes_256_cfb8 }, 1296 { "camellia-128-cbc", EVP_camellia_128_cbc }, 1297 { "camellia-192-cbc", EVP_camellia_192_cbc }, 1298 { "camellia-256-cbc", EVP_camellia_256_cbc } 1299 }; 1300 1301 /** 1302 * Get the cipher type using their name. 1303 * 1304 * @param name the name of the cipher. 1305 * 1306 * @return the selected EVP_CIPHER pointer or NULL if not found. 1307 * 1308 * @ingroup hcrypto_evp 1309 */ 1310 1311 const EVP_CIPHER * 1312 EVP_get_cipherbyname(const char *name) 1313 { 1314 int i; 1315 for (i = 0; i < sizeof(cipher_name)/sizeof(cipher_name[0]); i++) { 1316 if (strcasecmp(cipher_name[i].name, name) == 0) 1317 return (*cipher_name[i].func)(); 1318 } 1319 return NULL; 1320 } 1321 1322 1323 /* 1324 * 1325 */ 1326 1327 #ifndef min 1328 #define min(a,b) (((a)>(b))?(b):(a)) 1329 #endif 1330 1331 /** 1332 * Provides a legancy string to key function, used in PEM files. 1333 * 1334 * New protocols should use new string to key functions like NIST 1335 * SP56-800A or PKCS#5 v2.0 (see PKCS5_PBKDF2_HMAC_SHA1()). 1336 * 1337 * @param type type of cipher to use 1338 * @param md message digest to use 1339 * @param salt salt salt string, should be an binary 8 byte buffer. 1340 * @param data the password/input key string. 1341 * @param datalen length of data parameter. 1342 * @param count iteration counter. 1343 * @param keydata output keydata, needs to of the size EVP_CIPHER_key_length(). 1344 * @param ivdata output ivdata, needs to of the size EVP_CIPHER_block_size(). 1345 * 1346 * @return the size of derived key. 1347 * 1348 * @ingroup hcrypto_evp 1349 */ 1350 1351 int 1352 EVP_BytesToKey(const EVP_CIPHER *type, 1353 const EVP_MD *md, 1354 const void *salt, 1355 const void *data, size_t datalen, 1356 unsigned int count, 1357 void *keydata, 1358 void *ivdata) 1359 { 1360 unsigned int ivlen, keylen; 1361 int first = 0; 1362 unsigned int mds = 0, i; 1363 unsigned char *key = keydata; 1364 unsigned char *iv = ivdata; 1365 unsigned char *buf; 1366 EVP_MD_CTX c; 1367 1368 keylen = EVP_CIPHER_key_length(type); 1369 ivlen = EVP_CIPHER_iv_length(type); 1370 1371 if (data == NULL) 1372 return keylen; 1373 1374 buf = malloc(EVP_MD_size(md)); 1375 if (buf == NULL) 1376 return -1; 1377 1378 EVP_MD_CTX_init(&c); 1379 1380 first = 1; 1381 while (1) { 1382 EVP_DigestInit_ex(&c, md, NULL); 1383 if (!first) 1384 EVP_DigestUpdate(&c, buf, mds); 1385 first = 0; 1386 EVP_DigestUpdate(&c,data,datalen); 1387 1388 #define PKCS5_SALT_LEN 8 1389 1390 if (salt) 1391 EVP_DigestUpdate(&c, salt, PKCS5_SALT_LEN); 1392 1393 EVP_DigestFinal_ex(&c, buf, &mds); 1394 assert(mds == EVP_MD_size(md)); 1395 1396 for (i = 1; i < count; i++) { 1397 EVP_DigestInit_ex(&c, md, NULL); 1398 EVP_DigestUpdate(&c, buf, mds); 1399 EVP_DigestFinal_ex(&c, buf, &mds); 1400 assert(mds == EVP_MD_size(md)); 1401 } 1402 1403 i = 0; 1404 if (keylen) { 1405 size_t sz = min(keylen, mds); 1406 if (key) { 1407 memcpy(key, buf, sz); 1408 key += sz; 1409 } 1410 keylen -= sz; 1411 i += sz; 1412 } 1413 if (ivlen && mds > i) { 1414 size_t sz = min(ivlen, (mds - i)); 1415 if (iv) { 1416 memcpy(iv, &buf[i], sz); 1417 iv += sz; 1418 } 1419 ivlen -= sz; 1420 } 1421 if (keylen == 0 && ivlen == 0) 1422 break; 1423 } 1424 1425 EVP_MD_CTX_cleanup(&c); 1426 free(buf); 1427 1428 return EVP_CIPHER_key_length(type); 1429 } 1430 1431 /** 1432 * Generate a random key for the specificed EVP_CIPHER. 1433 * 1434 * @param ctx EVP_CIPHER_CTX type to build the key for. 1435 * @param key return key, must be at least EVP_CIPHER_key_length() byte long. 1436 * 1437 * @return 1 for success, 0 for failure. 1438 * 1439 * @ingroup hcrypto_core 1440 */ 1441 1442 int 1443 EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, void *key) 1444 { 1445 if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) 1446 return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key); 1447 if (RAND_bytes(key, ctx->key_len) != 1) 1448 return 0; 1449 return 1; 1450 } 1451 1452 /** 1453 * Perform a operation on a ctx 1454 * 1455 * @param ctx context to perform operation on. 1456 * @param type type of operation. 1457 * @param arg argument to operation. 1458 * @param data addition data to operation. 1459 1460 * @return 1 for success, 0 for failure. 1461 * 1462 * @ingroup hcrypto_core 1463 */ 1464 1465 int 1466 EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *data) 1467 { 1468 if (ctx->cipher == NULL || ctx->cipher->ctrl == NULL) 1469 return 0; 1470 return (*ctx->cipher->ctrl)(ctx, type, arg, data); 1471 } 1472 1473 /** 1474 * Add all algorithms to the crypto core. 1475 * 1476 * @ingroup hcrypto_core 1477 */ 1478 1479 void 1480 OpenSSL_add_all_algorithms(void) 1481 { 1482 return; 1483 } 1484 1485 /** 1486 * Add all algorithms to the crypto core using configuration file. 1487 * 1488 * @ingroup hcrypto_core 1489 */ 1490 1491 void 1492 OpenSSL_add_all_algorithms_conf(void) 1493 { 1494 return; 1495 } 1496 1497 /** 1498 * Add all algorithms to the crypto core, but don't use the 1499 * configuration file. 1500 * 1501 * @ingroup hcrypto_core 1502 */ 1503 1504 void 1505 OpenSSL_add_all_algorithms_noconf(void) 1506 { 1507 return; 1508 } 1509