1 /* $NetBSD: evp.c,v 1.2 2017/01/28 21:31:47 christos Exp $ */ 2 3 /* 4 * Copyright (c) 2006 - 2016 Kungliga Tekniska Högskolan 5 * (Royal Institute of Technology, Stockholm, Sweden). 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * 3. Neither the name of the Institute nor the names of its contributors 20 * may be used to endorse or promote products derived from this software 21 * without specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 33 * SUCH DAMAGE. 34 */ 35 36 #ifdef HAVE_CONFIG_H 37 #include <config.h> 38 #endif 39 #include <krb5/roken.h> 40 41 #define HC_DEPRECATED 42 #define HC_DEPRECATED_CRYPTO 43 44 #include <assert.h> 45 46 #include <evp.h> 47 #include <evp-hcrypto.h> 48 #include <evp-cc.h> 49 #if defined(_WIN32) 50 #include <evp-w32.h> 51 #endif 52 #include <evp-pkcs11.h> 53 #include <evp-openssl.h> 54 55 #include <krb5/krb5-types.h> 56 57 #ifndef HCRYPTO_DEF_PROVIDER 58 # ifdef __APPLE__ 59 # define HCRYPTO_DEF_PROVIDER cc 60 # elif __sun 61 # define HCRYPTO_DEF_PROVIDER pkcs11_hcrypto 62 # elif HAVE_HCRYPTO_W_OPENSSL 63 # define HCRYPTO_DEF_PROVIDER ossl 64 # else 65 # define HCRYPTO_DEF_PROVIDER hcrypto 66 # endif 67 #endif 68 69 #define HC_CONCAT4(x,y,z,aa) x ## y ## z ## aa 70 71 72 #define EVP_DEF_OP(_prov,_op) HC_CONCAT4(EVP_,_prov,_,_op)() 73 74 /** 75 * @page page_evp EVP - generic crypto interface 76 * 77 * See the library functions here: @ref hcrypto_evp 78 * 79 * @section evp_cipher EVP Cipher 80 * 81 * The use of EVP_CipherInit_ex() and EVP_Cipher() is pretty easy to 82 * understand forward, then EVP_CipherUpdate() and 83 * EVP_CipherFinal_ex() really needs an example to explain @ref 84 * example_evp_cipher.c . 85 * 86 * @example example_evp_cipher.c 87 * 88 * This is an example how to use EVP_CipherInit_ex(), 89 * EVP_CipherUpdate() and EVP_CipherFinal_ex(). 90 */ 91 92 struct hc_EVP_MD_CTX { 93 const EVP_MD *md; 94 ENGINE *engine; 95 void *ptr; 96 }; 97 98 99 /** 100 * Return the output size of the message digest function. 101 * 102 * @param md the evp message 103 * 104 * @return size output size of the message digest function. 105 * 106 * @ingroup hcrypto_evp 107 */ 108 109 size_t 110 EVP_MD_size(const EVP_MD *md) 111 { 112 return md->hash_size; 113 } 114 115 /** 116 * Return the blocksize of the message digest function. 117 * 118 * @param md the evp message 119 * 120 * @return size size of the message digest block size 121 * 122 * @ingroup hcrypto_evp 123 */ 124 125 size_t 126 EVP_MD_block_size(const EVP_MD *md) 127 { 128 return md->block_size; 129 } 130 131 /** 132 * Allocate a messsage digest context object. Free with 133 * EVP_MD_CTX_destroy(). 134 * 135 * @return a newly allocated message digest context object. 136 * 137 * @ingroup hcrypto_evp 138 */ 139 140 EVP_MD_CTX * 141 EVP_MD_CTX_create(void) 142 { 143 return calloc(1, sizeof(EVP_MD_CTX)); 144 } 145 146 /** 147 * Initiate a messsage digest context object. Deallocate with 148 * EVP_MD_CTX_cleanup(). Please use EVP_MD_CTX_create() instead. 149 * 150 * @param ctx variable to initiate. 151 * 152 * @ingroup hcrypto_evp 153 */ 154 155 void 156 EVP_MD_CTX_init(EVP_MD_CTX *ctx) HC_DEPRECATED 157 { 158 memset(ctx, 0, sizeof(*ctx)); 159 } 160 161 /** 162 * Free a messsage digest context object. 163 * 164 * @param ctx context to free. 165 * 166 * @ingroup hcrypto_evp 167 */ 168 169 void 170 EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) 171 { 172 EVP_MD_CTX_cleanup(ctx); 173 free(ctx); 174 } 175 176 /** 177 * Free the resources used by the EVP_MD context. 178 * 179 * @param ctx the context to free the resources from. 180 * 181 * @return 1 on success. 182 * 183 * @ingroup hcrypto_evp 184 */ 185 186 int 187 EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) HC_DEPRECATED 188 { 189 if (ctx->md && ctx->md->cleanup) { 190 int ret = (ctx->md->cleanup)(ctx->ptr); 191 if (!ret) 192 return ret; 193 } else if (ctx->md) { 194 memset(ctx->ptr, 0, ctx->md->ctx_size); 195 } 196 ctx->md = NULL; 197 ctx->engine = NULL; 198 free(ctx->ptr); 199 memset(ctx, 0, sizeof(*ctx)); 200 return 1; 201 } 202 203 /** 204 * Get the EVP_MD use for a specified context. 205 * 206 * @param ctx the EVP_MD context to get the EVP_MD for. 207 * 208 * @return the EVP_MD used for the context. 209 * 210 * @ingroup hcrypto_evp 211 */ 212 213 const EVP_MD * 214 EVP_MD_CTX_md(EVP_MD_CTX *ctx) 215 { 216 return ctx->md; 217 } 218 219 /** 220 * Return the output size of the message digest function. 221 * 222 * @param ctx the evp message digest context 223 * 224 * @return size output size of the message digest function. 225 * 226 * @ingroup hcrypto_evp 227 */ 228 229 size_t 230 EVP_MD_CTX_size(EVP_MD_CTX *ctx) 231 { 232 return EVP_MD_size(ctx->md); 233 } 234 235 /** 236 * Return the blocksize of the message digest function. 237 * 238 * @param ctx the evp message digest context 239 * 240 * @return size size of the message digest block size 241 * 242 * @ingroup hcrypto_evp 243 */ 244 245 size_t 246 EVP_MD_CTX_block_size(EVP_MD_CTX *ctx) 247 { 248 return EVP_MD_block_size(ctx->md); 249 } 250 251 /** 252 * Init a EVP_MD_CTX for use a specific message digest and engine. 253 * 254 * @param ctx the message digest context to init. 255 * @param md the message digest to use. 256 * @param engine the engine to use, NULL to use the default engine. 257 * 258 * @return 1 on success. 259 * 260 * @ingroup hcrypto_evp 261 */ 262 263 int 264 EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *md, ENGINE *engine) 265 { 266 if (ctx->md != md || ctx->engine != engine) { 267 EVP_MD_CTX_cleanup(ctx); 268 ctx->md = md; 269 ctx->engine = engine; 270 if (md == NULL) 271 return 0; 272 273 ctx->ptr = calloc(1, md->ctx_size); 274 if (ctx->ptr == NULL) 275 return 0; 276 } 277 if (ctx->md == 0) 278 return 0; 279 return (ctx->md->init)(ctx->ptr); 280 } 281 282 /** 283 * Update the digest with some data. 284 * 285 * @param ctx the context to update 286 * @param data the data to update the context with 287 * @param size length of data 288 * 289 * @return 1 on success. 290 * 291 * @ingroup hcrypto_evp 292 */ 293 294 int 295 EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t size) 296 { 297 (ctx->md->update)(ctx->ptr, data, size); 298 return 1; 299 } 300 301 /** 302 * Complete the message digest. 303 * 304 * @param ctx the context to complete. 305 * @param hash the output of the message digest function. At least 306 * EVP_MD_size(). 307 * @param size the output size of hash. 308 * 309 * @return 1 on success. 310 * 311 * @ingroup hcrypto_evp 312 */ 313 314 int 315 EVP_DigestFinal_ex(EVP_MD_CTX *ctx, void *hash, unsigned int *size) 316 { 317 (ctx->md->final)(hash, ctx->ptr); 318 if (size) 319 *size = ctx->md->hash_size; 320 return 1; 321 } 322 323 /** 324 * Do the whole EVP_MD_CTX_create(), EVP_DigestInit_ex(), 325 * EVP_DigestUpdate(), EVP_DigestFinal_ex(), EVP_MD_CTX_destroy() 326 * dance in one call. 327 * 328 * @param data the data to update the context with 329 * @param dsize length of data 330 * @param hash output data of at least EVP_MD_size() length. 331 * @param hsize output length of hash. 332 * @param md message digest to use 333 * @param engine engine to use, NULL for default engine. 334 * 335 * @return 1 on success. 336 * 337 * @ingroup hcrypto_evp 338 */ 339 340 int 341 EVP_Digest(const void *data, size_t dsize, void *hash, unsigned int *hsize, 342 const EVP_MD *md, ENGINE *engine) 343 { 344 EVP_MD_CTX *ctx; 345 int ret; 346 347 ctx = EVP_MD_CTX_create(); 348 if (ctx == NULL) 349 return 0; 350 ret = EVP_DigestInit_ex(ctx, md, engine); 351 if (ret != 1) { 352 EVP_MD_CTX_destroy(ctx); 353 return ret; 354 } 355 ret = EVP_DigestUpdate(ctx, data, dsize); 356 if (ret != 1) { 357 EVP_MD_CTX_destroy(ctx); 358 return ret; 359 } 360 ret = EVP_DigestFinal_ex(ctx, hash, hsize); 361 EVP_MD_CTX_destroy(ctx); 362 return ret; 363 } 364 365 /** 366 * The message digest SHA256 367 * 368 * @return the message digest type. 369 * 370 * @ingroup hcrypto_evp 371 */ 372 373 const EVP_MD * 374 EVP_sha256(void) 375 { 376 hcrypto_validate(); 377 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, sha256); 378 } 379 380 /** 381 * The message digest SHA384 382 * 383 * @return the message digest type. 384 * 385 * @ingroup hcrypto_evp 386 */ 387 388 const EVP_MD * 389 EVP_sha384(void) 390 { 391 hcrypto_validate(); 392 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, sha384); 393 } 394 395 /** 396 * The message digest SHA512 397 * 398 * @return the message digest type. 399 * 400 * @ingroup hcrypto_evp 401 */ 402 403 const EVP_MD * 404 EVP_sha512(void) 405 { 406 hcrypto_validate(); 407 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, sha512); 408 } 409 410 /** 411 * The message digest SHA1 412 * 413 * @return the message digest type. 414 * 415 * @ingroup hcrypto_evp 416 */ 417 418 const EVP_MD * 419 EVP_sha1(void) 420 { 421 hcrypto_validate(); 422 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, sha1); 423 } 424 425 /** 426 * The message digest SHA1 427 * 428 * @return the message digest type. 429 * 430 * @ingroup hcrypto_evp 431 */ 432 433 const EVP_MD * 434 EVP_sha(void) HC_DEPRECATED 435 436 { 437 hcrypto_validate(); 438 return EVP_sha1(); 439 } 440 441 /** 442 * The message digest MD5 443 * 444 * @return the message digest type. 445 * 446 * @ingroup hcrypto_evp 447 */ 448 449 const EVP_MD * 450 EVP_md5(void) HC_DEPRECATED_CRYPTO 451 { 452 hcrypto_validate(); 453 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, md5); 454 } 455 456 /** 457 * The message digest MD4 458 * 459 * @return the message digest type. 460 * 461 * @ingroup hcrypto_evp 462 */ 463 464 const EVP_MD * 465 EVP_md4(void) HC_DEPRECATED_CRYPTO 466 { 467 hcrypto_validate(); 468 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, md4); 469 } 470 471 /** 472 * The message digest MD2 473 * 474 * @return the message digest type. 475 * 476 * @ingroup hcrypto_evp 477 */ 478 479 const EVP_MD * 480 EVP_md2(void) HC_DEPRECATED_CRYPTO 481 { 482 hcrypto_validate(); 483 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, md2); 484 } 485 486 /* 487 * 488 */ 489 490 static void 491 null_Init (void *m) 492 { 493 } 494 static void 495 null_Update (void *m, const void * data, size_t size) 496 { 497 } 498 static void 499 null_Final(void *res, void *m) 500 { 501 } 502 503 /** 504 * The null message digest 505 * 506 * @return the message digest type. 507 * 508 * @ingroup hcrypto_evp 509 */ 510 511 const EVP_MD * 512 EVP_md_null(void) 513 { 514 static const struct hc_evp_md null = { 515 0, 516 0, 517 0, 518 (hc_evp_md_init)null_Init, 519 (hc_evp_md_update)null_Update, 520 (hc_evp_md_final)null_Final, 521 NULL 522 }; 523 return &null; 524 } 525 526 /** 527 * Return the block size of the cipher. 528 * 529 * @param c cipher to get the block size from. 530 * 531 * @return the block size of the cipher. 532 * 533 * @ingroup hcrypto_evp 534 */ 535 536 size_t 537 EVP_CIPHER_block_size(const EVP_CIPHER *c) 538 { 539 return c->block_size; 540 } 541 542 /** 543 * Return the key size of the cipher. 544 * 545 * @param c cipher to get the key size from. 546 * 547 * @return the key size of the cipher. 548 * 549 * @ingroup hcrypto_evp 550 */ 551 552 size_t 553 EVP_CIPHER_key_length(const EVP_CIPHER *c) 554 { 555 return c->key_len; 556 } 557 558 /** 559 * Return the IV size of the cipher. 560 * 561 * @param c cipher to get the IV size from. 562 * 563 * @return the IV size of the cipher. 564 * 565 * @ingroup hcrypto_evp 566 */ 567 568 size_t 569 EVP_CIPHER_iv_length(const EVP_CIPHER *c) 570 { 571 return c->iv_len; 572 } 573 574 /** 575 * Initiate a EVP_CIPHER_CTX context. Clean up with 576 * EVP_CIPHER_CTX_cleanup(). 577 * 578 * @param c the cipher initiate. 579 * 580 * @ingroup hcrypto_evp 581 */ 582 583 void 584 EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *c) 585 { 586 memset(c, 0, sizeof(*c)); 587 } 588 589 /** 590 * Clean up the EVP_CIPHER_CTX context. 591 * 592 * @param c the cipher to clean up. 593 * 594 * @return 1 on success. 595 * 596 * @ingroup hcrypto_evp 597 */ 598 599 int 600 EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) 601 { 602 if (c->cipher && c->cipher->cleanup) { 603 int ret = c->cipher->cleanup(c); 604 if (!ret) 605 return ret; 606 } 607 if (c->cipher_data) { 608 if (c->cipher) 609 memset(c->cipher_data, 0, c->cipher->ctx_size); 610 free(c->cipher_data); 611 c->cipher_data = NULL; 612 } 613 return 1; 614 } 615 616 /** 617 * If the cipher type supports it, change the key length 618 * 619 * @param c the cipher context to change the key length for 620 * @param length new key length 621 * 622 * @return 1 on success. 623 * 624 * @ingroup hcrypto_evp 625 */ 626 627 int 628 EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int length) 629 { 630 if ((c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH) && length > 0) { 631 c->key_len = length; 632 return 1; 633 } 634 return 0; 635 } 636 637 #if 0 638 int 639 EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad) 640 { 641 return 0; 642 } 643 #endif 644 645 /** 646 * Return the EVP_CIPHER for a EVP_CIPHER_CTX context. 647 * 648 * @param ctx the context to get the cipher type from. 649 * 650 * @return the EVP_CIPHER pointer. 651 * 652 * @ingroup hcrypto_evp 653 */ 654 655 const EVP_CIPHER * 656 EVP_CIPHER_CTX_cipher(EVP_CIPHER_CTX *ctx) 657 { 658 return ctx->cipher; 659 } 660 661 /** 662 * Return the block size of the cipher context. 663 * 664 * @param ctx cipher context to get the block size from. 665 * 666 * @return the block size of the cipher context. 667 * 668 * @ingroup hcrypto_evp 669 */ 670 671 size_t 672 EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx) 673 { 674 return EVP_CIPHER_block_size(ctx->cipher); 675 } 676 677 /** 678 * Return the key size of the cipher context. 679 * 680 * @param ctx cipher context to get the key size from. 681 * 682 * @return the key size of the cipher context. 683 * 684 * @ingroup hcrypto_evp 685 */ 686 687 size_t 688 EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx) 689 { 690 return EVP_CIPHER_key_length(ctx->cipher); 691 } 692 693 /** 694 * Return the IV size of the cipher context. 695 * 696 * @param ctx cipher context to get the IV size from. 697 * 698 * @return the IV size of the cipher context. 699 * 700 * @ingroup hcrypto_evp 701 */ 702 703 size_t 704 EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx) 705 { 706 return EVP_CIPHER_iv_length(ctx->cipher); 707 } 708 709 /** 710 * Get the flags for an EVP_CIPHER_CTX context. 711 * 712 * @param ctx the EVP_CIPHER_CTX to get the flags from 713 * 714 * @return the flags for an EVP_CIPHER_CTX. 715 * 716 * @ingroup hcrypto_evp 717 */ 718 719 unsigned long 720 EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx) 721 { 722 return ctx->cipher->flags; 723 } 724 725 /** 726 * Get the mode for an EVP_CIPHER_CTX context. 727 * 728 * @param ctx the EVP_CIPHER_CTX to get the mode from 729 * 730 * @return the mode for an EVP_CIPHER_CTX. 731 * 732 * @ingroup hcrypto_evp 733 */ 734 735 int 736 EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx) 737 { 738 return EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_MODE; 739 } 740 741 /** 742 * Get the app data for an EVP_CIPHER_CTX context. 743 * 744 * @param ctx the EVP_CIPHER_CTX to get the app data from 745 * 746 * @return the app data for an EVP_CIPHER_CTX. 747 * 748 * @ingroup hcrypto_evp 749 */ 750 751 void * 752 EVP_CIPHER_CTX_get_app_data(EVP_CIPHER_CTX *ctx) 753 { 754 return ctx->app_data; 755 } 756 757 /** 758 * Set the app data for an EVP_CIPHER_CTX context. 759 * 760 * @param ctx the EVP_CIPHER_CTX to set the app data for 761 * @param data the app data to set for an EVP_CIPHER_CTX. 762 * 763 * @ingroup hcrypto_evp 764 */ 765 766 void 767 EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data) 768 { 769 ctx->app_data = data; 770 } 771 772 /** 773 * Initiate the EVP_CIPHER_CTX context to encrypt or decrypt data. 774 * Clean up with EVP_CIPHER_CTX_cleanup(). 775 * 776 * @param ctx context to initiate 777 * @param c cipher to use. 778 * @param engine crypto engine to use, NULL to select default. 779 * @param key the crypto key to use, NULL will use the previous value. 780 * @param iv the IV to use, NULL will use the previous value. 781 * @param encp non zero will encrypt, -1 use the previous value. 782 * 783 * @return 1 on success. 784 * 785 * @ingroup hcrypto_evp 786 */ 787 788 int 789 EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *c, ENGINE *engine, 790 const void *key, const void *iv, int encp) 791 { 792 ctx->buf_len = 0; 793 794 if (encp == -1) 795 encp = ctx->encrypt; 796 else 797 ctx->encrypt = (encp ? 1 : 0); 798 799 if (c && (c != ctx->cipher)) { 800 EVP_CIPHER_CTX_cleanup(ctx); 801 ctx->cipher = c; 802 ctx->key_len = c->key_len; 803 804 ctx->cipher_data = calloc(1, c->ctx_size); 805 if (ctx->cipher_data == NULL && c->ctx_size != 0) 806 return 0; 807 808 /* assume block size is a multiple of 2 */ 809 ctx->block_mask = EVP_CIPHER_block_size(c) - 1; 810 811 if ((ctx->cipher->flags & EVP_CIPH_CTRL_INIT) && 812 !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) 813 return 0; 814 815 } else if (ctx->cipher == NULL) { 816 /* reuse of cipher, but not any cipher ever set! */ 817 return 0; 818 } 819 820 switch (EVP_CIPHER_CTX_mode(ctx)) { 821 case EVP_CIPH_CBC_MODE: 822 823 assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof(ctx->iv)); 824 825 if (iv) 826 memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); 827 memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); 828 break; 829 830 case EVP_CIPH_STREAM_CIPHER: 831 break; 832 case EVP_CIPH_CFB8_MODE: 833 if (iv) 834 memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx)); 835 break; 836 837 default: 838 return 0; 839 } 840 841 if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) 842 return ctx->cipher->init(ctx, key, iv, encp); 843 844 return 1; 845 } 846 847 /** 848 * Encipher/decipher partial data 849 * 850 * @param ctx the cipher context. 851 * @param out output data from the operation. 852 * @param outlen output length 853 * @param in input data to the operation. 854 * @param inlen length of data. 855 * 856 * The output buffer length should at least be EVP_CIPHER_block_size() 857 * byte longer then the input length. 858 * 859 * See @ref evp_cipher for an example how to use this function. 860 * 861 * @return 1 on success. 862 * 863 * @ingroup hcrypto_evp 864 */ 865 866 int 867 EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, void *out, int *outlen, 868 void *in, size_t inlen) 869 { 870 int ret, left, blocksize; 871 872 *outlen = 0; 873 874 /** 875 * If there in no spare bytes in the left from last Update and the 876 * input length is on the block boundery, the EVP_CipherUpdate() 877 * function can take a shortcut (and preformance gain) and 878 * directly encrypt the data, otherwise we hav to fix it up and 879 * store extra it the EVP_CIPHER_CTX. 880 */ 881 if (ctx->buf_len == 0 && (inlen & ctx->block_mask) == 0) { 882 ret = (*ctx->cipher->do_cipher)(ctx, out, in, inlen); 883 if (ret == 1) 884 *outlen = inlen; 885 else 886 *outlen = 0; 887 return ret; 888 } 889 890 891 blocksize = EVP_CIPHER_CTX_block_size(ctx); 892 left = blocksize - ctx->buf_len; 893 assert(left > 0); 894 895 if (ctx->buf_len) { 896 897 /* if total buffer is smaller then input, store locally */ 898 if (inlen < left) { 899 memcpy(ctx->buf + ctx->buf_len, in, inlen); 900 ctx->buf_len += inlen; 901 return 1; 902 } 903 904 /* fill in local buffer and encrypt */ 905 memcpy(ctx->buf + ctx->buf_len, in, left); 906 ret = (*ctx->cipher->do_cipher)(ctx, out, ctx->buf, blocksize); 907 memset(ctx->buf, 0, blocksize); 908 if (ret != 1) 909 return ret; 910 911 *outlen += blocksize; 912 inlen -= left; 913 in = ((unsigned char *)in) + left; 914 out = ((unsigned char *)out) + blocksize; 915 ctx->buf_len = 0; 916 } 917 918 if (inlen) { 919 ctx->buf_len = (inlen & ctx->block_mask); 920 inlen &= ~ctx->block_mask; 921 922 ret = (*ctx->cipher->do_cipher)(ctx, out, in, inlen); 923 if (ret != 1) 924 return ret; 925 926 *outlen += inlen; 927 928 in = ((unsigned char *)in) + inlen; 929 memcpy(ctx->buf, in, ctx->buf_len); 930 } 931 932 return 1; 933 } 934 935 /** 936 * Encipher/decipher final data 937 * 938 * @param ctx the cipher context. 939 * @param out output data from the operation. 940 * @param outlen output length 941 * 942 * The input length needs to be at least EVP_CIPHER_block_size() bytes 943 * long. 944 * 945 * See @ref evp_cipher for an example how to use this function. 946 * 947 * @return 1 on success. 948 * 949 * @ingroup hcrypto_evp 950 */ 951 952 int 953 EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, void *out, int *outlen) 954 { 955 *outlen = 0; 956 957 if (ctx->buf_len) { 958 int ret, left, blocksize; 959 960 blocksize = EVP_CIPHER_CTX_block_size(ctx); 961 962 left = blocksize - ctx->buf_len; 963 assert(left > 0); 964 965 /* zero fill local buffer */ 966 memset(ctx->buf + ctx->buf_len, 0, left); 967 ret = (*ctx->cipher->do_cipher)(ctx, out, ctx->buf, blocksize); 968 memset(ctx->buf, 0, blocksize); 969 if (ret != 1) 970 return ret; 971 972 *outlen += blocksize; 973 } 974 975 return 1; 976 } 977 978 /** 979 * Encipher/decipher data 980 * 981 * @param ctx the cipher context. 982 * @param out out data from the operation. 983 * @param in in data to the operation. 984 * @param size length of data. 985 * 986 * @return 1 on success. 987 */ 988 989 int 990 EVP_Cipher(EVP_CIPHER_CTX *ctx, void *out, const void *in,size_t size) 991 { 992 return ctx->cipher->do_cipher(ctx, out, in, size); 993 } 994 995 /* 996 * 997 */ 998 999 static int 1000 enc_null_init(EVP_CIPHER_CTX *ctx, 1001 const unsigned char * key, 1002 const unsigned char * iv, 1003 int encp) 1004 { 1005 return 1; 1006 } 1007 1008 static int 1009 enc_null_do_cipher(EVP_CIPHER_CTX *ctx, 1010 unsigned char *out, 1011 const unsigned char *in, 1012 unsigned int size) 1013 { 1014 memmove(out, in, size); 1015 return 1; 1016 } 1017 1018 static int 1019 enc_null_cleanup(EVP_CIPHER_CTX *ctx) 1020 { 1021 return 1; 1022 } 1023 1024 /** 1025 * The NULL cipher type, does no encryption/decryption. 1026 * 1027 * @return the null EVP_CIPHER pointer. 1028 * 1029 * @ingroup hcrypto_evp 1030 */ 1031 1032 const EVP_CIPHER * 1033 EVP_enc_null(void) 1034 { 1035 static const EVP_CIPHER enc_null = { 1036 0, 1037 0, 1038 0, 1039 0, 1040 EVP_CIPH_CBC_MODE, 1041 enc_null_init, 1042 enc_null_do_cipher, 1043 enc_null_cleanup, 1044 0, 1045 NULL, 1046 NULL, 1047 NULL, 1048 NULL 1049 }; 1050 return &enc_null; 1051 } 1052 1053 /** 1054 * The RC2 cipher type 1055 * 1056 * @return the RC2 EVP_CIPHER pointer. 1057 * 1058 * @ingroup hcrypto_evp 1059 */ 1060 1061 const EVP_CIPHER * 1062 EVP_rc2_cbc(void) 1063 { 1064 hcrypto_validate(); 1065 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc2_cbc); 1066 } 1067 1068 /** 1069 * The RC2 cipher type 1070 * 1071 * @return the RC2 EVP_CIPHER pointer. 1072 * 1073 * @ingroup hcrypto_evp 1074 */ 1075 1076 const EVP_CIPHER * 1077 EVP_rc2_40_cbc(void) 1078 { 1079 hcrypto_validate(); 1080 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc2_40_cbc); 1081 } 1082 1083 /** 1084 * The RC2 cipher type 1085 * 1086 * @return the RC2 EVP_CIPHER pointer. 1087 * 1088 * @ingroup hcrypto_evp 1089 */ 1090 1091 const EVP_CIPHER * 1092 EVP_rc2_64_cbc(void) 1093 { 1094 hcrypto_validate(); 1095 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc2_64_cbc); 1096 } 1097 1098 /** 1099 * The RC4 cipher type 1100 * 1101 * @return the RC4 EVP_CIPHER pointer. 1102 * 1103 * @ingroup hcrypto_evp 1104 */ 1105 1106 const EVP_CIPHER * 1107 EVP_rc4(void) 1108 { 1109 hcrypto_validate(); 1110 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc4); 1111 } 1112 1113 /** 1114 * The RC4-40 cipher type 1115 * 1116 * @return the RC4-40 EVP_CIPHER pointer. 1117 * 1118 * @ingroup hcrypto_evp 1119 */ 1120 1121 const EVP_CIPHER * 1122 EVP_rc4_40(void) 1123 { 1124 hcrypto_validate(); 1125 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc4_40); 1126 } 1127 1128 /** 1129 * The DES cipher type 1130 * 1131 * @return the DES-CBC EVP_CIPHER pointer. 1132 * 1133 * @ingroup hcrypto_evp 1134 */ 1135 1136 const EVP_CIPHER * 1137 EVP_des_cbc(void) 1138 { 1139 hcrypto_validate(); 1140 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, des_cbc); 1141 } 1142 1143 /** 1144 * The triple DES cipher type 1145 * 1146 * @return the DES-EDE3-CBC EVP_CIPHER pointer. 1147 * 1148 * @ingroup hcrypto_evp 1149 */ 1150 1151 const EVP_CIPHER * 1152 EVP_des_ede3_cbc(void) 1153 { 1154 hcrypto_validate(); 1155 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, des_ede3_cbc); 1156 } 1157 1158 /** 1159 * The AES-128 cipher type 1160 * 1161 * @return the AES-128 EVP_CIPHER pointer. 1162 * 1163 * @ingroup hcrypto_evp 1164 */ 1165 1166 const EVP_CIPHER * 1167 EVP_aes_128_cbc(void) 1168 { 1169 hcrypto_validate(); 1170 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_128_cbc); 1171 } 1172 1173 /** 1174 * The AES-192 cipher type 1175 * 1176 * @return the AES-192 EVP_CIPHER pointer. 1177 * 1178 * @ingroup hcrypto_evp 1179 */ 1180 1181 const EVP_CIPHER * 1182 EVP_aes_192_cbc(void) 1183 { 1184 hcrypto_validate(); 1185 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_192_cbc); 1186 } 1187 1188 /** 1189 * The AES-256 cipher type 1190 * 1191 * @return the AES-256 EVP_CIPHER pointer. 1192 * 1193 * @ingroup hcrypto_evp 1194 */ 1195 1196 const EVP_CIPHER * 1197 EVP_aes_256_cbc(void) 1198 { 1199 hcrypto_validate(); 1200 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_256_cbc); 1201 } 1202 1203 /** 1204 * The AES-128 cipher type 1205 * 1206 * @return the AES-128 EVP_CIPHER pointer. 1207 * 1208 * @ingroup hcrypto_evp 1209 */ 1210 1211 const EVP_CIPHER * 1212 EVP_aes_128_cfb8(void) 1213 { 1214 hcrypto_validate(); 1215 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_128_cfb8); 1216 } 1217 1218 /** 1219 * The AES-192 cipher type 1220 * 1221 * @return the AES-192 EVP_CIPHER pointer. 1222 * 1223 * @ingroup hcrypto_evp 1224 */ 1225 1226 const EVP_CIPHER * 1227 EVP_aes_192_cfb8(void) 1228 { 1229 hcrypto_validate(); 1230 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_192_cfb8); 1231 } 1232 1233 /** 1234 * The AES-256 cipher type 1235 * 1236 * @return the AES-256 EVP_CIPHER pointer. 1237 * 1238 * @ingroup hcrypto_evp 1239 */ 1240 1241 const EVP_CIPHER * 1242 EVP_aes_256_cfb8(void) 1243 { 1244 hcrypto_validate(); 1245 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_256_cfb8); 1246 } 1247 1248 /** 1249 * The Camellia-128 cipher type 1250 * 1251 * @return the Camellia-128 EVP_CIPHER pointer. 1252 * 1253 * @ingroup hcrypto_evp 1254 */ 1255 1256 const EVP_CIPHER * 1257 EVP_camellia_128_cbc(void) 1258 { 1259 hcrypto_validate(); 1260 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, camellia_128_cbc); 1261 } 1262 1263 /** 1264 * The Camellia-198 cipher type 1265 * 1266 * @return the Camellia-198 EVP_CIPHER pointer. 1267 * 1268 * @ingroup hcrypto_evp 1269 */ 1270 1271 const EVP_CIPHER * 1272 EVP_camellia_192_cbc(void) 1273 { 1274 hcrypto_validate(); 1275 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, camellia_192_cbc); 1276 } 1277 1278 /** 1279 * The Camellia-256 cipher type 1280 * 1281 * @return the Camellia-256 EVP_CIPHER pointer. 1282 * 1283 * @ingroup hcrypto_evp 1284 */ 1285 1286 const EVP_CIPHER * 1287 EVP_camellia_256_cbc(void) 1288 { 1289 hcrypto_validate(); 1290 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, camellia_256_cbc); 1291 } 1292 1293 /* 1294 * 1295 */ 1296 1297 static const struct cipher_name { 1298 const char *name; 1299 const EVP_CIPHER *(*func)(void); 1300 } cipher_name[] = { 1301 { "des-ede3-cbc", EVP_des_ede3_cbc }, 1302 { "aes-128-cbc", EVP_aes_128_cbc }, 1303 { "aes-192-cbc", EVP_aes_192_cbc }, 1304 { "aes-256-cbc", EVP_aes_256_cbc }, 1305 { "aes-128-cfb8", EVP_aes_128_cfb8 }, 1306 { "aes-192-cfb8", EVP_aes_192_cfb8 }, 1307 { "aes-256-cfb8", EVP_aes_256_cfb8 }, 1308 { "camellia-128-cbc", EVP_camellia_128_cbc }, 1309 { "camellia-192-cbc", EVP_camellia_192_cbc }, 1310 { "camellia-256-cbc", EVP_camellia_256_cbc } 1311 }; 1312 1313 /** 1314 * Get the cipher type using their name. 1315 * 1316 * @param name the name of the cipher. 1317 * 1318 * @return the selected EVP_CIPHER pointer or NULL if not found. 1319 * 1320 * @ingroup hcrypto_evp 1321 */ 1322 1323 const EVP_CIPHER * 1324 EVP_get_cipherbyname(const char *name) 1325 { 1326 int i; 1327 for (i = 0; i < sizeof(cipher_name)/sizeof(cipher_name[0]); i++) { 1328 if (strcasecmp(cipher_name[i].name, name) == 0) 1329 return (*cipher_name[i].func)(); 1330 } 1331 return NULL; 1332 } 1333 1334 1335 /* 1336 * 1337 */ 1338 1339 #ifndef min 1340 #define min(a,b) (((a)>(b))?(b):(a)) 1341 #endif 1342 1343 /** 1344 * Provides a legancy string to key function, used in PEM files. 1345 * 1346 * New protocols should use new string to key functions like NIST 1347 * SP56-800A or PKCS#5 v2.0 (see PKCS5_PBKDF2_HMAC_SHA1()). 1348 * 1349 * @param type type of cipher to use 1350 * @param md message digest to use 1351 * @param salt salt salt string, should be an binary 8 byte buffer. 1352 * @param data the password/input key string. 1353 * @param datalen length of data parameter. 1354 * @param count iteration counter. 1355 * @param keydata output keydata, needs to of the size EVP_CIPHER_key_length(). 1356 * @param ivdata output ivdata, needs to of the size EVP_CIPHER_block_size(). 1357 * 1358 * @return the size of derived key. 1359 * 1360 * @ingroup hcrypto_evp 1361 */ 1362 1363 int 1364 EVP_BytesToKey(const EVP_CIPHER *type, 1365 const EVP_MD *md, 1366 const void *salt, 1367 const void *data, size_t datalen, 1368 unsigned int count, 1369 void *keydata, 1370 void *ivdata) 1371 { 1372 unsigned int ivlen, keylen; 1373 int first = 0; 1374 unsigned int mds = 0, i; 1375 unsigned char *key = keydata; 1376 unsigned char *iv = ivdata; 1377 unsigned char *buf; 1378 EVP_MD_CTX c; 1379 1380 keylen = EVP_CIPHER_key_length(type); 1381 ivlen = EVP_CIPHER_iv_length(type); 1382 1383 if (data == NULL) 1384 return keylen; 1385 1386 buf = malloc(EVP_MD_size(md)); 1387 if (buf == NULL) 1388 return -1; 1389 1390 EVP_MD_CTX_init(&c); 1391 1392 first = 1; 1393 while (1) { 1394 EVP_DigestInit_ex(&c, md, NULL); 1395 if (!first) 1396 EVP_DigestUpdate(&c, buf, mds); 1397 first = 0; 1398 EVP_DigestUpdate(&c,data,datalen); 1399 1400 #define PKCS5_SALT_LEN 8 1401 1402 if (salt) 1403 EVP_DigestUpdate(&c, salt, PKCS5_SALT_LEN); 1404 1405 EVP_DigestFinal_ex(&c, buf, &mds); 1406 assert(mds == EVP_MD_size(md)); 1407 1408 for (i = 1; i < count; i++) { 1409 EVP_DigestInit_ex(&c, md, NULL); 1410 EVP_DigestUpdate(&c, buf, mds); 1411 EVP_DigestFinal_ex(&c, buf, &mds); 1412 assert(mds == EVP_MD_size(md)); 1413 } 1414 1415 i = 0; 1416 if (keylen) { 1417 size_t sz = min(keylen, mds); 1418 if (key) { 1419 memcpy(key, buf, sz); 1420 key += sz; 1421 } 1422 keylen -= sz; 1423 i += sz; 1424 } 1425 if (ivlen && mds > i) { 1426 size_t sz = min(ivlen, (mds - i)); 1427 if (iv) { 1428 memcpy(iv, &buf[i], sz); 1429 iv += sz; 1430 } 1431 ivlen -= sz; 1432 } 1433 if (keylen == 0 && ivlen == 0) 1434 break; 1435 } 1436 1437 EVP_MD_CTX_cleanup(&c); 1438 free(buf); 1439 1440 return EVP_CIPHER_key_length(type); 1441 } 1442 1443 /** 1444 * Generate a random key for the specificed EVP_CIPHER. 1445 * 1446 * @param ctx EVP_CIPHER_CTX type to build the key for. 1447 * @param key return key, must be at least EVP_CIPHER_key_length() byte long. 1448 * 1449 * @return 1 for success, 0 for failure. 1450 * 1451 * @ingroup hcrypto_core 1452 */ 1453 1454 int 1455 EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, void *key) 1456 { 1457 if (ctx->cipher->flags & EVP_CIPH_RAND_KEY) 1458 return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key); 1459 if (RAND_bytes(key, ctx->key_len) != 1) 1460 return 0; 1461 return 1; 1462 } 1463 1464 /** 1465 * Perform a operation on a ctx 1466 * 1467 * @param ctx context to perform operation on. 1468 * @param type type of operation. 1469 * @param arg argument to operation. 1470 * @param data addition data to operation. 1471 1472 * @return 1 for success, 0 for failure. 1473 * 1474 * @ingroup hcrypto_core 1475 */ 1476 1477 int 1478 EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *data) 1479 { 1480 if (ctx->cipher == NULL || ctx->cipher->ctrl == NULL) 1481 return 0; 1482 return (*ctx->cipher->ctrl)(ctx, type, arg, data); 1483 } 1484 1485 /** 1486 * Add all algorithms to the crypto core. 1487 * 1488 * @ingroup hcrypto_core 1489 */ 1490 1491 void 1492 OpenSSL_add_all_algorithms(void) 1493 { 1494 return; 1495 } 1496 1497 /** 1498 * Add all algorithms to the crypto core using configuration file. 1499 * 1500 * @ingroup hcrypto_core 1501 */ 1502 1503 void 1504 OpenSSL_add_all_algorithms_conf(void) 1505 { 1506 return; 1507 } 1508 1509 /** 1510 * Add all algorithms to the crypto core, but don't use the 1511 * configuration file. 1512 * 1513 * @ingroup hcrypto_core 1514 */ 1515 1516 void 1517 OpenSSL_add_all_algorithms_noconf(void) 1518 { 1519 return; 1520 } 1521