search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
krb5: implement draft-ietf-kitten-aes-cts-hmac-sha2-07
[heimdal.git] / lib / hcrypto / evp.c
blob70eab2ef9d090d89c6ea8a06d12b578a8f91fb30
1 /*
2 * Copyright (c) 2006 - 2016 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
20 *
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
31 * SUCH DAMAGE.
32 */
33
34 #ifdef HAVE_CONFIG_H
35 #include <config.h>
36 #endif
37 #include <roken.h>
38
39 #define HC_DEPRECATED
40 #define HC_DEPRECATED_CRYPTO
41
42 #include <assert.h>
43
44 #include <evp.h>
45 #include <evp-hcrypto.h>
46 #include <evp-cc.h>
47 #if _WIN32
48 #include <evp-w32.h>
49 #endif
50 #include <evp-pkcs11.h>
51 #include <evp-openssl.h>
52
53 #include <krb5-types.h>
54
55 #ifndef HCRYPTO_DEF_PROVIDER
56 # ifdef __APPLE__
57 # define HCRYPTO_DEF_PROVIDER cc
58 # elif __sun
59 # define HCRYPTO_DEF_PROVIDER pkcs11_hcrypto
60 # elif HAVE_HCRYPTO_W_OPENSSL
61 # define HCRYPTO_DEF_PROVIDER ossl
62 # else
63 # define HCRYPTO_DEF_PROVIDER hcrypto
64 # endif
65 #endif
66
67 #define HC_CONCAT4(x,y,z,aa) x ## y ## z ## aa
68
69
70 #define EVP_DEF_OP(_prov,_op) HC_CONCAT4(EVP_,_prov,_,_op)()
71
72 /**
73 * @page page_evp EVP - generic crypto interface
74 *
75 * See the library functions here: @ref hcrypto_evp
76 *
77 * @section evp_cipher EVP Cipher
78 *
79 * The use of EVP_CipherInit_ex() and EVP_Cipher() is pretty easy to
80 * understand forward, then EVP_CipherUpdate() and
81 * EVP_CipherFinal_ex() really needs an example to explain @ref
82 * example_evp_cipher.c .
83 *
84 * @example example_evp_cipher.c
85 *
86 * This is an example how to use EVP_CipherInit_ex(),
87 * EVP_CipherUpdate() and EVP_CipherFinal_ex().
88 */
89
90 struct hc_EVP_MD_CTX {
91 const EVP_MD *md;
92 ENGINE *engine;
93 void *ptr;
94 };
95
96
97 /**
98 * Return the output size of the message digest function.
99 *
100 * @param md the evp message
101 *
102 * @return size output size of the message digest function.
103 *
104 * @ingroup hcrypto_evp
105 */
106
107 size_t
108 EVP_MD_size(const EVP_MD *md)
109 {
110 return md->hash_size;
111 }
112
113 /**
114 * Return the blocksize of the message digest function.
115 *
116 * @param md the evp message
117 *
118 * @return size size of the message digest block size
119 *
120 * @ingroup hcrypto_evp
121 */
122
123 size_t
124 EVP_MD_block_size(const EVP_MD *md)
125 {
126 return md->block_size;
127 }
128
129 /**
130 * Allocate a messsage digest context object. Free with
131 * EVP_MD_CTX_destroy().
132 *
133 * @return a newly allocated message digest context object.
134 *
135 * @ingroup hcrypto_evp
136 */
137
138 EVP_MD_CTX *
139 EVP_MD_CTX_create(void)
140 {
141 return calloc(1, sizeof(EVP_MD_CTX));
142 }
143
144 /**
145 * Initiate a messsage digest context object. Deallocate with
146 * EVP_MD_CTX_cleanup(). Please use EVP_MD_CTX_create() instead.
147 *
148 * @param ctx variable to initiate.
149 *
150 * @ingroup hcrypto_evp
151 */
152
153 void
154 EVP_MD_CTX_init(EVP_MD_CTX *ctx) HC_DEPRECATED
155 {
156 memset(ctx, 0, sizeof(*ctx));
157 }
158
159 /**
160 * Free a messsage digest context object.
161 *
162 * @param ctx context to free.
163 *
164 * @ingroup hcrypto_evp
165 */
166
167 void
168 EVP_MD_CTX_destroy(EVP_MD_CTX *ctx)
169 {
170 EVP_MD_CTX_cleanup(ctx);
171 free(ctx);
172 }
173
174 /**
175 * Free the resources used by the EVP_MD context.
176 *
177 * @param ctx the context to free the resources from.
178 *
179 * @return 1 on success.
180 *
181 * @ingroup hcrypto_evp
182 */
183
184 int
185 EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) HC_DEPRECATED
186 {
187 if (ctx->md && ctx->md->cleanup) {
188 int ret = (ctx->md->cleanup)(ctx->ptr);
189 if (!ret)
190 return ret;
191 } else if (ctx->md) {
192 memset(ctx->ptr, 0, ctx->md->ctx_size);
193 }
194 ctx->md = NULL;
195 ctx->engine = NULL;
196 free(ctx->ptr);
197 memset(ctx, 0, sizeof(*ctx));
198 return 1;
199 }
200
201 /**
202 * Get the EVP_MD use for a specified context.
203 *
204 * @param ctx the EVP_MD context to get the EVP_MD for.
205 *
206 * @return the EVP_MD used for the context.
207 *
208 * @ingroup hcrypto_evp
209 */
210
211 const EVP_MD *
212 EVP_MD_CTX_md(EVP_MD_CTX *ctx)
213 {
214 return ctx->md;
215 }
216
217 /**
218 * Return the output size of the message digest function.
219 *
220 * @param ctx the evp message digest context
221 *
222 * @return size output size of the message digest function.
223 *
224 * @ingroup hcrypto_evp
225 */
226
227 size_t
228 EVP_MD_CTX_size(EVP_MD_CTX *ctx)
229 {
230 return EVP_MD_size(ctx->md);
231 }
232
233 /**
234 * Return the blocksize of the message digest function.
235 *
236 * @param ctx the evp message digest context
237 *
238 * @return size size of the message digest block size
239 *
240 * @ingroup hcrypto_evp
241 */
242
243 size_t
244 EVP_MD_CTX_block_size(EVP_MD_CTX *ctx)
245 {
246 return EVP_MD_block_size(ctx->md);
247 }
248
249 /**
250 * Init a EVP_MD_CTX for use a specific message digest and engine.
251 *
252 * @param ctx the message digest context to init.
253 * @param md the message digest to use.
254 * @param engine the engine to use, NULL to use the default engine.
255 *
256 * @return 1 on success.
257 *
258 * @ingroup hcrypto_evp
259 */
260
261 int
262 EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *md, ENGINE *engine)
263 {
264 if (ctx->md != md || ctx->engine != engine) {
265 EVP_MD_CTX_cleanup(ctx);
266 ctx->md = md;
267 ctx->engine = engine;
268 if (md == NULL)
269 return 0;
270
271 ctx->ptr = calloc(1, md->ctx_size);
272 if (ctx->ptr == NULL)
273 return 0;
274 }
275 if (ctx->md == 0)
276 return 0;
277 return (ctx->md->init)(ctx->ptr);
278 }
279
280 /**
281 * Update the digest with some data.
282 *
283 * @param ctx the context to update
284 * @param data the data to update the context with
285 * @param size length of data
286 *
287 * @return 1 on success.
288 *
289 * @ingroup hcrypto_evp
290 */
291
292 int
293 EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t size)
294 {
295 (ctx->md->update)(ctx->ptr, data, size);
296 return 1;
297 }
298
299 /**
300 * Complete the message digest.
301 *
302 * @param ctx the context to complete.
303 * @param hash the output of the message digest function. At least
304 * EVP_MD_size().
305 * @param size the output size of hash.
306 *
307 * @return 1 on success.
308 *
309 * @ingroup hcrypto_evp
310 */
311
312 int
313 EVP_DigestFinal_ex(EVP_MD_CTX *ctx, void *hash, unsigned int *size)
314 {
315 (ctx->md->final)(hash, ctx->ptr);
316 if (size)
317 *size = ctx->md->hash_size;
318 return 1;
319 }
320
321 /**
322 * Do the whole EVP_MD_CTX_create(), EVP_DigestInit_ex(),
323 * EVP_DigestUpdate(), EVP_DigestFinal_ex(), EVP_MD_CTX_destroy()
324 * dance in one call.
325 *
326 * @param data the data to update the context with
327 * @param dsize length of data
328 * @param hash output data of at least EVP_MD_size() length.
329 * @param hsize output length of hash.
330 * @param md message digest to use
331 * @param engine engine to use, NULL for default engine.
332 *
333 * @return 1 on success.
334 *
335 * @ingroup hcrypto_evp
336 */
337
338 int
339 EVP_Digest(const void *data, size_t dsize, void *hash, unsigned int *hsize,
340 const EVP_MD *md, ENGINE *engine)
341 {
342 EVP_MD_CTX *ctx;
343 int ret;
344
345 ctx = EVP_MD_CTX_create();
346 if (ctx == NULL)
347 return 0;
348 ret = EVP_DigestInit_ex(ctx, md, engine);
349 if (ret != 1) {
350 EVP_MD_CTX_destroy(ctx);
351 return ret;
352 }
353 ret = EVP_DigestUpdate(ctx, data, dsize);
354 if (ret != 1) {
355 EVP_MD_CTX_destroy(ctx);
356 return ret;
357 }
358 ret = EVP_DigestFinal_ex(ctx, hash, hsize);
359 EVP_MD_CTX_destroy(ctx);
360 return ret;
361 }
362
363 /**
364 * The message digest SHA256
365 *
366 * @return the message digest type.
367 *
368 * @ingroup hcrypto_evp
369 */
370
371 const EVP_MD *
372 EVP_sha256(void)
373 {
374 hcrypto_validate();
375 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, sha256);
376 }
377
378 /**
379 * The message digest SHA384
380 *
381 * @return the message digest type.
382 *
383 * @ingroup hcrypto_evp
384 */
385
386 const EVP_MD *
387 EVP_sha384(void)
388 {
389 hcrypto_validate();
390 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, sha384);
391 }
392
393 /**
394 * The message digest SHA512
395 *
396 * @return the message digest type.
397 *
398 * @ingroup hcrypto_evp
399 */
400
401 const EVP_MD *
402 EVP_sha512(void)
403 {
404 hcrypto_validate();
405 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, sha512);
406 }
407
408 /**
409 * The message digest SHA1
410 *
411 * @return the message digest type.
412 *
413 * @ingroup hcrypto_evp
414 */
415
416 const EVP_MD *
417 EVP_sha1(void)
418 {
419 hcrypto_validate();
420 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, sha1);
421 }
422
423 /**
424 * The message digest SHA1
425 *
426 * @return the message digest type.
427 *
428 * @ingroup hcrypto_evp
429 */
430
431 const EVP_MD *
432 EVP_sha(void) HC_DEPRECATED
433
434 {
435 hcrypto_validate();
436 return EVP_sha1();
437 }
438
439 /**
440 * The message digest MD5
441 *
442 * @return the message digest type.
443 *
444 * @ingroup hcrypto_evp
445 */
446
447 const EVP_MD *
448 EVP_md5(void) HC_DEPRECATED_CRYPTO
449 {
450 hcrypto_validate();
451 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, md5);
452 }
453
454 /**
455 * The message digest MD4
456 *
457 * @return the message digest type.
458 *
459 * @ingroup hcrypto_evp
460 */
461
462 const EVP_MD *
463 EVP_md4(void) HC_DEPRECATED_CRYPTO
464 {
465 hcrypto_validate();
466 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, md4);
467 }
468
469 /**
470 * The message digest MD2
471 *
472 * @return the message digest type.
473 *
474 * @ingroup hcrypto_evp
475 */
476
477 const EVP_MD *
478 EVP_md2(void) HC_DEPRECATED_CRYPTO
479 {
480 hcrypto_validate();
481 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, md2);
482 }
483
484 /*
485 *
486 */
487
488 static void
489 null_Init (void *m)
490 {
491 }
492 static void
493 null_Update (void *m, const void * data, size_t size)
494 {
495 }
496 static void
497 null_Final(void *res, void *m)
498 {
499 }
500
501 /**
502 * The null message digest
503 *
504 * @return the message digest type.
505 *
506 * @ingroup hcrypto_evp
507 */
508
509 const EVP_MD *
510 EVP_md_null(void)
511 {
512 static const struct hc_evp_md null = {
513 0,
514 0,
515 0,
516 (hc_evp_md_init)null_Init,
517 (hc_evp_md_update)null_Update,
518 (hc_evp_md_final)null_Final,
519 NULL
520 };
521 return &null;
522 }
523
524 /**
525 * Return the block size of the cipher.
526 *
527 * @param c cipher to get the block size from.
528 *
529 * @return the block size of the cipher.
530 *
531 * @ingroup hcrypto_evp
532 */
533
534 size_t
535 EVP_CIPHER_block_size(const EVP_CIPHER *c)
536 {
537 return c->block_size;
538 }
539
540 /**
541 * Return the key size of the cipher.
542 *
543 * @param c cipher to get the key size from.
544 *
545 * @return the key size of the cipher.
546 *
547 * @ingroup hcrypto_evp
548 */
549
550 size_t
551 EVP_CIPHER_key_length(const EVP_CIPHER *c)
552 {
553 return c->key_len;
554 }
555
556 /**
557 * Return the IV size of the cipher.
558 *
559 * @param c cipher to get the IV size from.
560 *
561 * @return the IV size of the cipher.
562 *
563 * @ingroup hcrypto_evp
564 */
565
566 size_t
567 EVP_CIPHER_iv_length(const EVP_CIPHER *c)
568 {
569 return c->iv_len;
570 }
571
572 /**
573 * Initiate a EVP_CIPHER_CTX context. Clean up with
574 * EVP_CIPHER_CTX_cleanup().
575 *
576 * @param c the cipher initiate.
577 *
578 * @ingroup hcrypto_evp
579 */
580
581 void
582 EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *c)
583 {
584 memset(c, 0, sizeof(*c));
585 }
586
587 /**
588 * Clean up the EVP_CIPHER_CTX context.
589 *
590 * @param c the cipher to clean up.
591 *
592 * @return 1 on success.
593 *
594 * @ingroup hcrypto_evp
595 */
596
597 int
598 EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c)
599 {
600 if (c->cipher && c->cipher->cleanup) {
601 int ret = c->cipher->cleanup(c);
602 if (!ret)
603 return ret;
604 }
605 if (c->cipher_data) {
606 memset(c->cipher_data, 0, c->cipher->ctx_size);
607 free(c->cipher_data);
608 c->cipher_data = NULL;
609 }
610 return 1;
611 }
612
613 /**
614 * If the cipher type supports it, change the key length
615 *
616 * @param c the cipher context to change the key length for
617 * @param length new key length
618 *
619 * @return 1 on success.
620 *
621 * @ingroup hcrypto_evp
622 */
623
624 int
625 EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int length)
626 {
627 if ((c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH) && length > 0) {
628 c->key_len = length;
629 return 1;
630 }
631 return 0;
632 }
633
634 #if 0
635 int
636 EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad)
637 {
638 return 0;
639 }
640 #endif
641
642 /**
643 * Return the EVP_CIPHER for a EVP_CIPHER_CTX context.
644 *
645 * @param ctx the context to get the cipher type from.
646 *
647 * @return the EVP_CIPHER pointer.
648 *
649 * @ingroup hcrypto_evp
650 */
651
652 const EVP_CIPHER *
653 EVP_CIPHER_CTX_cipher(EVP_CIPHER_CTX *ctx)
654 {
655 return ctx->cipher;
656 }
657
658 /**
659 * Return the block size of the cipher context.
660 *
661 * @param ctx cipher context to get the block size from.
662 *
663 * @return the block size of the cipher context.
664 *
665 * @ingroup hcrypto_evp
666 */
667
668 size_t
669 EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
670 {
671 return EVP_CIPHER_block_size(ctx->cipher);
672 }
673
674 /**
675 * Return the key size of the cipher context.
676 *
677 * @param ctx cipher context to get the key size from.
678 *
679 * @return the key size of the cipher context.
680 *
681 * @ingroup hcrypto_evp
682 */
683
684 size_t
685 EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX *ctx)
686 {
687 return EVP_CIPHER_key_length(ctx->cipher);
688 }
689
690 /**
691 * Return the IV size of the cipher context.
692 *
693 * @param ctx cipher context to get the IV size from.
694 *
695 * @return the IV size of the cipher context.
696 *
697 * @ingroup hcrypto_evp
698 */
699
700 size_t
701 EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX *ctx)
702 {
703 return EVP_CIPHER_iv_length(ctx->cipher);
704 }
705
706 /**
707 * Get the flags for an EVP_CIPHER_CTX context.
708 *
709 * @param ctx the EVP_CIPHER_CTX to get the flags from
710 *
711 * @return the flags for an EVP_CIPHER_CTX.
712 *
713 * @ingroup hcrypto_evp
714 */
715
716 unsigned long
717 EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX *ctx)
718 {
719 return ctx->cipher->flags;
720 }
721
722 /**
723 * Get the mode for an EVP_CIPHER_CTX context.
724 *
725 * @param ctx the EVP_CIPHER_CTX to get the mode from
726 *
727 * @return the mode for an EVP_CIPHER_CTX.
728 *
729 * @ingroup hcrypto_evp
730 */
731
732 int
733 EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX *ctx)
734 {
735 return EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_MODE;
736 }
737
738 /**
739 * Get the app data for an EVP_CIPHER_CTX context.
740 *
741 * @param ctx the EVP_CIPHER_CTX to get the app data from
742 *
743 * @return the app data for an EVP_CIPHER_CTX.
744 *
745 * @ingroup hcrypto_evp
746 */
747
748 void *
749 EVP_CIPHER_CTX_get_app_data(EVP_CIPHER_CTX *ctx)
750 {
751 return ctx->app_data;
752 }
753
754 /**
755 * Set the app data for an EVP_CIPHER_CTX context.
756 *
757 * @param ctx the EVP_CIPHER_CTX to set the app data for
758 * @param data the app data to set for an EVP_CIPHER_CTX.
759 *
760 * @ingroup hcrypto_evp
761 */
762
763 void
764 EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX *ctx, void *data)
765 {
766 ctx->app_data = data;
767 }
768
769 /**
770 * Initiate the EVP_CIPHER_CTX context to encrypt or decrypt data.
771 * Clean up with EVP_CIPHER_CTX_cleanup().
772 *
773 * @param ctx context to initiate
774 * @param c cipher to use.
775 * @param engine crypto engine to use, NULL to select default.
776 * @param key the crypto key to use, NULL will use the previous value.
777 * @param iv the IV to use, NULL will use the previous value.
778 * @param encp non zero will encrypt, -1 use the previous value.
779 *
780 * @return 1 on success.
781 *
782 * @ingroup hcrypto_evp
783 */
784
785 int
786 EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *c, ENGINE *engine,
787 const void *key, const void *iv, int encp)
788 {
789 ctx->buf_len = 0;
790
791 if (encp == -1)
792 encp = ctx->encrypt;
793 else
794 ctx->encrypt = (encp ? 1 : 0);
795
796 if (c && (c != ctx->cipher)) {
797 EVP_CIPHER_CTX_cleanup(ctx);
798 ctx->cipher = c;
799 ctx->key_len = c->key_len;
800
801 ctx->cipher_data = calloc(1, c->ctx_size);
802 if (ctx->cipher_data == NULL && c->ctx_size != 0)
803 return 0;
804
805 /* assume block size is a multiple of 2 */
806 ctx->block_mask = EVP_CIPHER_block_size(c) - 1;
807
808 if ((ctx->cipher->flags & EVP_CIPH_CTRL_INIT) &&
809 !EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL))
810 return 0;
811
812 } else if (ctx->cipher == NULL) {
813 /* reuse of cipher, but not any cipher ever set! */
814 return 0;
815 }
816
817 switch (EVP_CIPHER_CTX_mode(ctx)) {
818 case EVP_CIPH_CBC_MODE:
819
820 assert(EVP_CIPHER_CTX_iv_length(ctx) <= sizeof(ctx->iv));
821
822 if (iv)
823 memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx));
824 memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx));
825 break;
826
827 case EVP_CIPH_STREAM_CIPHER:
828 break;
829 case EVP_CIPH_CFB8_MODE:
830 if (iv)
831 memcpy(ctx->iv, iv, EVP_CIPHER_CTX_iv_length(ctx));
832 break;
833
834 default:
835 return 0;
836 }
837
838 if (key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT))
839 return ctx->cipher->init(ctx, key, iv, encp);
840
841 return 1;
842 }
843
844 /**
845 * Encipher/decipher partial data
846 *
847 * @param ctx the cipher context.
848 * @param out output data from the operation.
849 * @param outlen output length
850 * @param in input data to the operation.
851 * @param inlen length of data.
852 *
853 * The output buffer length should at least be EVP_CIPHER_block_size()
854 * byte longer then the input length.
855 *
856 * See @ref evp_cipher for an example how to use this function.
857 *
858 * @return 1 on success.
859 *
860 * @ingroup hcrypto_evp
861 */
862
863 int
864 EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, void *out, int *outlen,
865 void *in, size_t inlen)
866 {
867 int ret, left, blocksize;
868
869 *outlen = 0;
870
871 /**
872 * If there in no spare bytes in the left from last Update and the
873 * input length is on the block boundery, the EVP_CipherUpdate()
874 * function can take a shortcut (and preformance gain) and
875 * directly encrypt the data, otherwise we hav to fix it up and
876 * store extra it the EVP_CIPHER_CTX.
877 */
878 if (ctx->buf_len == 0 && (inlen & ctx->block_mask) == 0) {
879 ret = (*ctx->cipher->do_cipher)(ctx, out, in, inlen);
880 if (ret == 1)
881 *outlen = inlen;
882 else
883 *outlen = 0;
884 return ret;
885 }
886
887
888 blocksize = EVP_CIPHER_CTX_block_size(ctx);
889 left = blocksize - ctx->buf_len;
890 assert(left > 0);
891
892 if (ctx->buf_len) {
893
894 /* if total buffer is smaller then input, store locally */
895 if (inlen < left) {
896 memcpy(ctx->buf + ctx->buf_len, in, inlen);
897 ctx->buf_len += inlen;
898 return 1;
899 }
900
901 /* fill in local buffer and encrypt */
902 memcpy(ctx->buf + ctx->buf_len, in, left);
903 ret = (*ctx->cipher->do_cipher)(ctx, out, ctx->buf, blocksize);
904 memset(ctx->buf, 0, blocksize);
905 if (ret != 1)
906 return ret;
907
908 *outlen += blocksize;
909 inlen -= left;
910 in = ((unsigned char *)in) + left;
911 out = ((unsigned char *)out) + blocksize;
912 ctx->buf_len = 0;
913 }
914
915 if (inlen) {
916 ctx->buf_len = (inlen & ctx->block_mask);
917 inlen &= ~ctx->block_mask;
918
919 ret = (*ctx->cipher->do_cipher)(ctx, out, in, inlen);
920 if (ret != 1)
921 return ret;
922
923 *outlen += inlen;
924
925 in = ((unsigned char *)in) + inlen;
926 memcpy(ctx->buf, in, ctx->buf_len);
927 }
928
929 return 1;
930 }
931
932 /**
933 * Encipher/decipher final data
934 *
935 * @param ctx the cipher context.
936 * @param out output data from the operation.
937 * @param outlen output length
938 *
939 * The input length needs to be at least EVP_CIPHER_block_size() bytes
940 * long.
941 *
942 * See @ref evp_cipher for an example how to use this function.
943 *
944 * @return 1 on success.
945 *
946 * @ingroup hcrypto_evp
947 */
948
949 int
950 EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, void *out, int *outlen)
951 {
952 *outlen = 0;
953
954 if (ctx->buf_len) {
955 int ret, left, blocksize;
956
957 blocksize = EVP_CIPHER_CTX_block_size(ctx);
958
959 left = blocksize - ctx->buf_len;
960 assert(left > 0);
961
962 /* zero fill local buffer */
963 memset(ctx->buf + ctx->buf_len, 0, left);
964 ret = (*ctx->cipher->do_cipher)(ctx, out, ctx->buf, blocksize);
965 memset(ctx->buf, 0, blocksize);
966 if (ret != 1)
967 return ret;
968
969 *outlen += blocksize;
970 }
971
972 return 1;
973 }
974
975 /**
976 * Encipher/decipher data
977 *
978 * @param ctx the cipher context.
979 * @param out out data from the operation.
980 * @param in in data to the operation.
981 * @param size length of data.
982 *
983 * @return 1 on success.
984 */
985
986 int
987 EVP_Cipher(EVP_CIPHER_CTX *ctx, void *out, const void *in,size_t size)
988 {
989 return ctx->cipher->do_cipher(ctx, out, in, size);
990 }
991
992 /*
993 *
994 */
995
996 static int
997 enc_null_init(EVP_CIPHER_CTX *ctx,
998 const unsigned char * key,
999 const unsigned char * iv,
1000 int encp)
1001 {
1002 return 1;
1003 }
1004
1005 static int
1006 enc_null_do_cipher(EVP_CIPHER_CTX *ctx,
1007 unsigned char *out,
1008 const unsigned char *in,
1009 unsigned int size)
1010 {
1011 memmove(out, in, size);
1012 return 1;
1013 }
1014
1015 static int
1016 enc_null_cleanup(EVP_CIPHER_CTX *ctx)
1017 {
1018 return 1;
1019 }
1020
1021 /**
1022 * The NULL cipher type, does no encryption/decryption.
1023 *
1024 * @return the null EVP_CIPHER pointer.
1025 *
1026 * @ingroup hcrypto_evp
1027 */
1028
1029 const EVP_CIPHER *
1030 EVP_enc_null(void)
1031 {
1032 static const EVP_CIPHER enc_null = {
1033 0,
1034 0,
1035 0,
1036 0,
1037 EVP_CIPH_CBC_MODE,
1038 enc_null_init,
1039 enc_null_do_cipher,
1040 enc_null_cleanup,
1041 0,
1042 NULL,
1043 NULL,
1044 NULL,
1045 NULL
1046 };
1047 return &enc_null;
1048 }
1049
1050 /**
1051 * The RC2 cipher type
1052 *
1053 * @return the RC2 EVP_CIPHER pointer.
1054 *
1055 * @ingroup hcrypto_evp
1056 */
1057
1058 const EVP_CIPHER *
1059 EVP_rc2_cbc(void)
1060 {
1061 hcrypto_validate();
1062 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc2_cbc);
1063 }
1064
1065 /**
1066 * The RC2 cipher type
1067 *
1068 * @return the RC2 EVP_CIPHER pointer.
1069 *
1070 * @ingroup hcrypto_evp
1071 */
1072
1073 const EVP_CIPHER *
1074 EVP_rc2_40_cbc(void)
1075 {
1076 hcrypto_validate();
1077 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc2_40_cbc);
1078 }
1079
1080 /**
1081 * The RC2 cipher type
1082 *
1083 * @return the RC2 EVP_CIPHER pointer.
1084 *
1085 * @ingroup hcrypto_evp
1086 */
1087
1088 const EVP_CIPHER *
1089 EVP_rc2_64_cbc(void)
1090 {
1091 hcrypto_validate();
1092 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc2_64_cbc);
1093 }
1094
1095 /**
1096 * The RC4 cipher type
1097 *
1098 * @return the RC4 EVP_CIPHER pointer.
1099 *
1100 * @ingroup hcrypto_evp
1101 */
1102
1103 const EVP_CIPHER *
1104 EVP_rc4(void)
1105 {
1106 hcrypto_validate();
1107 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc4);
1108 }
1109
1110 /**
1111 * The RC4-40 cipher type
1112 *
1113 * @return the RC4-40 EVP_CIPHER pointer.
1114 *
1115 * @ingroup hcrypto_evp
1116 */
1117
1118 const EVP_CIPHER *
1119 EVP_rc4_40(void)
1120 {
1121 hcrypto_validate();
1122 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, rc4_40);
1123 }
1124
1125 /**
1126 * The DES cipher type
1127 *
1128 * @return the DES-CBC EVP_CIPHER pointer.
1129 *
1130 * @ingroup hcrypto_evp
1131 */
1132
1133 const EVP_CIPHER *
1134 EVP_des_cbc(void)
1135 {
1136 hcrypto_validate();
1137 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, des_cbc);
1138 }
1139
1140 /**
1141 * The triple DES cipher type
1142 *
1143 * @return the DES-EDE3-CBC EVP_CIPHER pointer.
1144 *
1145 * @ingroup hcrypto_evp
1146 */
1147
1148 const EVP_CIPHER *
1149 EVP_des_ede3_cbc(void)
1150 {
1151 hcrypto_validate();
1152 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, des_ede3_cbc);
1153 }
1154
1155 /**
1156 * The AES-128 cipher type
1157 *
1158 * @return the AES-128 EVP_CIPHER pointer.
1159 *
1160 * @ingroup hcrypto_evp
1161 */
1162
1163 const EVP_CIPHER *
1164 EVP_aes_128_cbc(void)
1165 {
1166 hcrypto_validate();
1167 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_128_cbc);
1168 }
1169
1170 /**
1171 * The AES-192 cipher type
1172 *
1173 * @return the AES-192 EVP_CIPHER pointer.
1174 *
1175 * @ingroup hcrypto_evp
1176 */
1177
1178 const EVP_CIPHER *
1179 EVP_aes_192_cbc(void)
1180 {
1181 hcrypto_validate();
1182 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_192_cbc);
1183 }
1184
1185 /**
1186 * The AES-256 cipher type
1187 *
1188 * @return the AES-256 EVP_CIPHER pointer.
1189 *
1190 * @ingroup hcrypto_evp
1191 */
1192
1193 const EVP_CIPHER *
1194 EVP_aes_256_cbc(void)
1195 {
1196 hcrypto_validate();
1197 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_256_cbc);
1198 }
1199
1200 /**
1201 * The AES-128 cipher type
1202 *
1203 * @return the AES-128 EVP_CIPHER pointer.
1204 *
1205 * @ingroup hcrypto_evp
1206 */
1207
1208 const EVP_CIPHER *
1209 EVP_aes_128_cfb8(void)
1210 {
1211 hcrypto_validate();
1212 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_128_cfb8);
1213 }
1214
1215 /**
1216 * The AES-192 cipher type
1217 *
1218 * @return the AES-192 EVP_CIPHER pointer.
1219 *
1220 * @ingroup hcrypto_evp
1221 */
1222
1223 const EVP_CIPHER *
1224 EVP_aes_192_cfb8(void)
1225 {
1226 hcrypto_validate();
1227 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_192_cfb8);
1228 }
1229
1230 /**
1231 * The AES-256 cipher type
1232 *
1233 * @return the AES-256 EVP_CIPHER pointer.
1234 *
1235 * @ingroup hcrypto_evp
1236 */
1237
1238 const EVP_CIPHER *
1239 EVP_aes_256_cfb8(void)
1240 {
1241 hcrypto_validate();
1242 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, aes_256_cfb8);
1243 }
1244
1245 /**
1246 * The Camellia-128 cipher type
1247 *
1248 * @return the Camellia-128 EVP_CIPHER pointer.
1249 *
1250 * @ingroup hcrypto_evp
1251 */
1252
1253 const EVP_CIPHER *
1254 EVP_camellia_128_cbc(void)
1255 {
1256 hcrypto_validate();
1257 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, camellia_128_cbc);
1258 }
1259
1260 /**
1261 * The Camellia-198 cipher type
1262 *
1263 * @return the Camellia-198 EVP_CIPHER pointer.
1264 *
1265 * @ingroup hcrypto_evp
1266 */
1267
1268 const EVP_CIPHER *
1269 EVP_camellia_192_cbc(void)
1270 {
1271 hcrypto_validate();
1272 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, camellia_192_cbc);
1273 }
1274
1275 /**
1276 * The Camellia-256 cipher type
1277 *
1278 * @return the Camellia-256 EVP_CIPHER pointer.
1279 *
1280 * @ingroup hcrypto_evp
1281 */
1282
1283 const EVP_CIPHER *
1284 EVP_camellia_256_cbc(void)
1285 {
1286 hcrypto_validate();
1287 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER, camellia_256_cbc);
1288 }
1289
1290 /*
1291 *
1292 */
1293
1294 static const struct cipher_name {
1295 const char *name;
1296 const EVP_CIPHER *(*func)(void);
1297 } cipher_name[] = {
1298 { "des-ede3-cbc", EVP_des_ede3_cbc },
1299 { "aes-128-cbc", EVP_aes_128_cbc },
1300 { "aes-192-cbc", EVP_aes_192_cbc },
1301 { "aes-256-cbc", EVP_aes_256_cbc },
1302 { "aes-128-cfb8", EVP_aes_128_cfb8 },
1303 { "aes-192-cfb8", EVP_aes_192_cfb8 },
1304 { "aes-256-cfb8", EVP_aes_256_cfb8 },
1305 { "camellia-128-cbc", EVP_camellia_128_cbc },
1306 { "camellia-192-cbc", EVP_camellia_192_cbc },
1307 { "camellia-256-cbc", EVP_camellia_256_cbc }
1308 };
1309
1310 /**
1311 * Get the cipher type using their name.
1312 *
1313 * @param name the name of the cipher.
1314 *
1315 * @return the selected EVP_CIPHER pointer or NULL if not found.
1316 *
1317 * @ingroup hcrypto_evp
1318 */
1319
1320 const EVP_CIPHER *
1321 EVP_get_cipherbyname(const char *name)
1322 {
1323 int i;
1324 for (i = 0; i < sizeof(cipher_name)/sizeof(cipher_name[0]); i++) {
1325 if (strcasecmp(cipher_name[i].name, name) == 0)
1326 return (*cipher_name[i].func)();
1327 }
1328 return NULL;
1329 }
1330
1331
1332 /*
1333 *
1334 */
1335
1336 #ifndef min
1337 #define min(a,b) (((a)>(b))?(b):(a))
1338 #endif
1339
1340 /**
1341 * Provides a legancy string to key function, used in PEM files.
1342 *
1343 * New protocols should use new string to key functions like NIST
1344 * SP56-800A or PKCS#5 v2.0 (see PKCS5_PBKDF2_HMAC_SHA1()).
1345 *
1346 * @param type type of cipher to use
1347 * @param md message digest to use
1348 * @param salt salt salt string, should be an binary 8 byte buffer.
1349 * @param data the password/input key string.
1350 * @param datalen length of data parameter.
1351 * @param count iteration counter.
1352 * @param keydata output keydata, needs to of the size EVP_CIPHER_key_length().
1353 * @param ivdata output ivdata, needs to of the size EVP_CIPHER_block_size().
1354 *
1355 * @return the size of derived key.
1356 *
1357 * @ingroup hcrypto_evp
1358 */
1359
1360 int
1361 EVP_BytesToKey(const EVP_CIPHER *type,
1362 const EVP_MD *md,
1363 const void *salt,
1364 const void *data, size_t datalen,
1365 unsigned int count,
1366 void *keydata,
1367 void *ivdata)
1368 {
1369 unsigned int ivlen, keylen;
1370 int first = 0;
1371 unsigned int mds = 0, i;
1372 unsigned char *key = keydata;
1373 unsigned char *iv = ivdata;
1374 unsigned char *buf;
1375 EVP_MD_CTX c;
1376
1377 keylen = EVP_CIPHER_key_length(type);
1378 ivlen = EVP_CIPHER_iv_length(type);
1379
1380 if (data == NULL)
1381 return keylen;
1382
1383 buf = malloc(EVP_MD_size(md));
1384 if (buf == NULL)
1385 return -1;
1386
1387 EVP_MD_CTX_init(&c);
1388
1389 first = 1;
1390 while (1) {
1391 EVP_DigestInit_ex(&c, md, NULL);
1392 if (!first)
1393 EVP_DigestUpdate(&c, buf, mds);
1394 first = 0;
1395 EVP_DigestUpdate(&c,data,datalen);
1396
1397 #define PKCS5_SALT_LEN 8
1398
1399 if (salt)
1400 EVP_DigestUpdate(&c, salt, PKCS5_SALT_LEN);
1401
1402 EVP_DigestFinal_ex(&c, buf, &mds);
1403 assert(mds == EVP_MD_size(md));
1404
1405 for (i = 1; i < count; i++) {
1406 EVP_DigestInit_ex(&c, md, NULL);
1407 EVP_DigestUpdate(&c, buf, mds);
1408 EVP_DigestFinal_ex(&c, buf, &mds);
1409 assert(mds == EVP_MD_size(md));
1410 }
1411
1412 i = 0;
1413 if (keylen) {
1414 size_t sz = min(keylen, mds);
1415 if (key) {
1416 memcpy(key, buf, sz);
1417 key += sz;
1418 }
1419 keylen -= sz;
1420 i += sz;
1421 }
1422 if (ivlen && mds > i) {
1423 size_t sz = min(ivlen, (mds - i));
1424 if (iv) {
1425 memcpy(iv, &buf[i], sz);
1426 iv += sz;
1427 }
1428 ivlen -= sz;
1429 }
1430 if (keylen == 0 && ivlen == 0)
1431 break;
1432 }
1433
1434 EVP_MD_CTX_cleanup(&c);
1435 free(buf);
1436
1437 return EVP_CIPHER_key_length(type);
1438 }
1439
1440 /**
1441 * Generate a random key for the specificed EVP_CIPHER.
1442 *
1443 * @param ctx EVP_CIPHER_CTX type to build the key for.
1444 * @param key return key, must be at least EVP_CIPHER_key_length() byte long.
1445 *
1446 * @return 1 for success, 0 for failure.
1447 *
1448 * @ingroup hcrypto_core
1449 */
1450
1451 int
1452 EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, void *key)
1453 {
1454 if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
1455 return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
1456 if (RAND_bytes(key, ctx->key_len) != 1)
1457 return 0;
1458 return 1;
1459 }
1460
1461 /**
1462 * Perform a operation on a ctx
1463 *
1464 * @param ctx context to perform operation on.
1465 * @param type type of operation.
1466 * @param arg argument to operation.
1467 * @param data addition data to operation.
1468
1469 * @return 1 for success, 0 for failure.
1470 *
1471 * @ingroup hcrypto_core
1472 */
1473
1474 int
1475 EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *data)
1476 {
1477 if (ctx->cipher == NULL || ctx->cipher->ctrl == NULL)
1478 return 0;
1479 return (*ctx->cipher->ctrl)(ctx, type, arg, data);
1480 }
1481
1482 /**
1483 * Add all algorithms to the crypto core.
1484 *
1485 * @ingroup hcrypto_core
1486 */
1487
1488 void
1489 OpenSSL_add_all_algorithms(void)
1490 {
1491 return;
1492 }
1493
1494 /**
1495 * Add all algorithms to the crypto core using configuration file.
1496 *
1497 * @ingroup hcrypto_core
1498 */
1499
1500 void
1501 OpenSSL_add_all_algorithms_conf(void)
1502 {
1503 return;
1504 }
1505
1506 /**
1507 * Add all algorithms to the crypto core, but don't use the
1508 * configuration file.
1509 *
1510 * @ingroup hcrypto_core
1511 */
1512
1513 void
1514 OpenSSL_add_all_algorithms_noconf(void)
1515 {
1516 return;
1517 }
Heimdal