2 * Copyright (c) 2006 - 2016 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
40 #define HC_DEPRECATED_CRYPTO
45 #include <evp-hcrypto.h>
50 #include <evp-pkcs11.h>
51 #include <evp-openssl.h>
53 #include <krb5-types.h>
55 #ifndef HCRYPTO_DEF_PROVIDER
57 # define HCRYPTO_DEF_PROVIDER cc
59 # define HCRYPTO_DEF_PROVIDER pkcs11_hcrypto
60 # elif HAVE_HCRYPTO_W_OPENSSL
61 # define HCRYPTO_DEF_PROVIDER ossl
63 # define HCRYPTO_DEF_PROVIDER hcrypto
67 #define HC_CONCAT4(x,y,z,aa) x ## y ## z ## aa
70 #define EVP_DEF_OP(_prov,_op) HC_CONCAT4(EVP_,_prov,_,_op)()
73 * @page page_evp EVP - generic crypto interface
75 * See the library functions here: @ref hcrypto_evp
77 * @section evp_cipher EVP Cipher
79 * The use of EVP_CipherInit_ex() and EVP_Cipher() is pretty easy to
80 * understand forward, then EVP_CipherUpdate() and
81 * EVP_CipherFinal_ex() really needs an example to explain @ref
82 * example_evp_cipher.c .
84 * @example example_evp_cipher.c
86 * This is an example how to use EVP_CipherInit_ex(),
87 * EVP_CipherUpdate() and EVP_CipherFinal_ex().
90 struct hc_EVP_MD_CTX
{
98 * Return the output size of the message digest function.
100 * @param md the evp message
102 * @return size output size of the message digest function.
104 * @ingroup hcrypto_evp
108 EVP_MD_size(const EVP_MD
*md
)
110 return md
->hash_size
;
114 * Return the blocksize of the message digest function.
116 * @param md the evp message
118 * @return size size of the message digest block size
120 * @ingroup hcrypto_evp
124 EVP_MD_block_size(const EVP_MD
*md
)
126 return md
->block_size
;
130 * Allocate a messsage digest context object. Free with
131 * EVP_MD_CTX_destroy().
133 * @return a newly allocated message digest context object.
135 * @ingroup hcrypto_evp
139 EVP_MD_CTX_create(void)
141 return calloc(1, sizeof(EVP_MD_CTX
));
145 * Initiate a messsage digest context object. Deallocate with
146 * EVP_MD_CTX_cleanup(). Please use EVP_MD_CTX_create() instead.
148 * @param ctx variable to initiate.
150 * @ingroup hcrypto_evp
154 EVP_MD_CTX_init(EVP_MD_CTX
*ctx
) HC_DEPRECATED
156 memset(ctx
, 0, sizeof(*ctx
));
160 * Free a messsage digest context object.
162 * @param ctx context to free.
164 * @ingroup hcrypto_evp
168 EVP_MD_CTX_destroy(EVP_MD_CTX
*ctx
)
170 EVP_MD_CTX_cleanup(ctx
);
175 * Free the resources used by the EVP_MD context.
177 * @param ctx the context to free the resources from.
179 * @return 1 on success.
181 * @ingroup hcrypto_evp
185 EVP_MD_CTX_cleanup(EVP_MD_CTX
*ctx
) HC_DEPRECATED
187 if (ctx
->md
&& ctx
->md
->cleanup
) {
188 int ret
= (ctx
->md
->cleanup
)(ctx
->ptr
);
191 } else if (ctx
->md
) {
192 memset(ctx
->ptr
, 0, ctx
->md
->ctx_size
);
197 memset(ctx
, 0, sizeof(*ctx
));
202 * Get the EVP_MD use for a specified context.
204 * @param ctx the EVP_MD context to get the EVP_MD for.
206 * @return the EVP_MD used for the context.
208 * @ingroup hcrypto_evp
212 EVP_MD_CTX_md(EVP_MD_CTX
*ctx
)
218 * Return the output size of the message digest function.
220 * @param ctx the evp message digest context
222 * @return size output size of the message digest function.
224 * @ingroup hcrypto_evp
228 EVP_MD_CTX_size(EVP_MD_CTX
*ctx
)
230 return EVP_MD_size(ctx
->md
);
234 * Return the blocksize of the message digest function.
236 * @param ctx the evp message digest context
238 * @return size size of the message digest block size
240 * @ingroup hcrypto_evp
244 EVP_MD_CTX_block_size(EVP_MD_CTX
*ctx
)
246 return EVP_MD_block_size(ctx
->md
);
250 * Init a EVP_MD_CTX for use a specific message digest and engine.
252 * @param ctx the message digest context to init.
253 * @param md the message digest to use.
254 * @param engine the engine to use, NULL to use the default engine.
256 * @return 1 on success.
258 * @ingroup hcrypto_evp
262 EVP_DigestInit_ex(EVP_MD_CTX
*ctx
, const EVP_MD
*md
, ENGINE
*engine
)
264 if (ctx
->md
!= md
|| ctx
->engine
!= engine
) {
265 EVP_MD_CTX_cleanup(ctx
);
267 ctx
->engine
= engine
;
271 ctx
->ptr
= calloc(1, md
->ctx_size
);
272 if (ctx
->ptr
== NULL
)
277 return (ctx
->md
->init
)(ctx
->ptr
);
281 * Update the digest with some data.
283 * @param ctx the context to update
284 * @param data the data to update the context with
285 * @param size length of data
287 * @return 1 on success.
289 * @ingroup hcrypto_evp
293 EVP_DigestUpdate(EVP_MD_CTX
*ctx
, const void *data
, size_t size
)
295 (ctx
->md
->update
)(ctx
->ptr
, data
, size
);
300 * Complete the message digest.
302 * @param ctx the context to complete.
303 * @param hash the output of the message digest function. At least
305 * @param size the output size of hash.
307 * @return 1 on success.
309 * @ingroup hcrypto_evp
313 EVP_DigestFinal_ex(EVP_MD_CTX
*ctx
, void *hash
, unsigned int *size
)
315 (ctx
->md
->final
)(hash
, ctx
->ptr
);
317 *size
= ctx
->md
->hash_size
;
322 * Do the whole EVP_MD_CTX_create(), EVP_DigestInit_ex(),
323 * EVP_DigestUpdate(), EVP_DigestFinal_ex(), EVP_MD_CTX_destroy()
326 * @param data the data to update the context with
327 * @param dsize length of data
328 * @param hash output data of at least EVP_MD_size() length.
329 * @param hsize output length of hash.
330 * @param md message digest to use
331 * @param engine engine to use, NULL for default engine.
333 * @return 1 on success.
335 * @ingroup hcrypto_evp
339 EVP_Digest(const void *data
, size_t dsize
, void *hash
, unsigned int *hsize
,
340 const EVP_MD
*md
, ENGINE
*engine
)
345 ctx
= EVP_MD_CTX_create();
348 ret
= EVP_DigestInit_ex(ctx
, md
, engine
);
350 EVP_MD_CTX_destroy(ctx
);
353 ret
= EVP_DigestUpdate(ctx
, data
, dsize
);
355 EVP_MD_CTX_destroy(ctx
);
358 ret
= EVP_DigestFinal_ex(ctx
, hash
, hsize
);
359 EVP_MD_CTX_destroy(ctx
);
364 * The message digest SHA256
366 * @return the message digest type.
368 * @ingroup hcrypto_evp
375 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER
, sha256
);
379 * The message digest SHA384
381 * @return the message digest type.
383 * @ingroup hcrypto_evp
390 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER
, sha384
);
394 * The message digest SHA512
396 * @return the message digest type.
398 * @ingroup hcrypto_evp
405 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER
, sha512
);
409 * The message digest SHA1
411 * @return the message digest type.
413 * @ingroup hcrypto_evp
420 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER
, sha1
);
424 * The message digest SHA1
426 * @return the message digest type.
428 * @ingroup hcrypto_evp
432 EVP_sha(void) HC_DEPRECATED
440 * The message digest MD5
442 * @return the message digest type.
444 * @ingroup hcrypto_evp
448 EVP_md5(void) HC_DEPRECATED_CRYPTO
451 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER
, md5
);
455 * The message digest MD4
457 * @return the message digest type.
459 * @ingroup hcrypto_evp
463 EVP_md4(void) HC_DEPRECATED_CRYPTO
466 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER
, md4
);
470 * The message digest MD2
472 * @return the message digest type.
474 * @ingroup hcrypto_evp
478 EVP_md2(void) HC_DEPRECATED_CRYPTO
481 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER
, md2
);
493 null_Update (void *m
, const void * data
, size_t size
)
497 null_Final(void *res
, void *m
)
502 * The null message digest
504 * @return the message digest type.
506 * @ingroup hcrypto_evp
512 static const struct hc_evp_md null
= {
516 (hc_evp_md_init
)null_Init
,
517 (hc_evp_md_update
)null_Update
,
518 (hc_evp_md_final
)null_Final
,
525 * Return the block size of the cipher.
527 * @param c cipher to get the block size from.
529 * @return the block size of the cipher.
531 * @ingroup hcrypto_evp
535 EVP_CIPHER_block_size(const EVP_CIPHER
*c
)
537 return c
->block_size
;
541 * Return the key size of the cipher.
543 * @param c cipher to get the key size from.
545 * @return the key size of the cipher.
547 * @ingroup hcrypto_evp
551 EVP_CIPHER_key_length(const EVP_CIPHER
*c
)
557 * Return the IV size of the cipher.
559 * @param c cipher to get the IV size from.
561 * @return the IV size of the cipher.
563 * @ingroup hcrypto_evp
567 EVP_CIPHER_iv_length(const EVP_CIPHER
*c
)
573 * Initiate a EVP_CIPHER_CTX context. Clean up with
574 * EVP_CIPHER_CTX_cleanup().
576 * @param c the cipher initiate.
578 * @ingroup hcrypto_evp
582 EVP_CIPHER_CTX_init(EVP_CIPHER_CTX
*c
)
584 memset(c
, 0, sizeof(*c
));
588 * Clean up the EVP_CIPHER_CTX context.
590 * @param c the cipher to clean up.
592 * @return 1 on success.
594 * @ingroup hcrypto_evp
598 EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX
*c
)
600 if (c
->cipher
&& c
->cipher
->cleanup
) {
601 int ret
= c
->cipher
->cleanup(c
);
605 if (c
->cipher_data
) {
607 memset(c
->cipher_data
, 0, c
->cipher
->ctx_size
);
608 free(c
->cipher_data
);
609 c
->cipher_data
= NULL
;
615 * If the cipher type supports it, change the key length
617 * @param c the cipher context to change the key length for
618 * @param length new key length
620 * @return 1 on success.
622 * @ingroup hcrypto_evp
626 EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX
*c
, int length
)
628 if ((c
->cipher
->flags
& EVP_CIPH_VARIABLE_LENGTH
) && length
> 0) {
637 EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX
*c
, int pad
)
644 * Return the EVP_CIPHER for a EVP_CIPHER_CTX context.
646 * @param ctx the context to get the cipher type from.
648 * @return the EVP_CIPHER pointer.
650 * @ingroup hcrypto_evp
654 EVP_CIPHER_CTX_cipher(EVP_CIPHER_CTX
*ctx
)
660 * Return the block size of the cipher context.
662 * @param ctx cipher context to get the block size from.
664 * @return the block size of the cipher context.
666 * @ingroup hcrypto_evp
670 EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX
*ctx
)
672 return EVP_CIPHER_block_size(ctx
->cipher
);
676 * Return the key size of the cipher context.
678 * @param ctx cipher context to get the key size from.
680 * @return the key size of the cipher context.
682 * @ingroup hcrypto_evp
686 EVP_CIPHER_CTX_key_length(const EVP_CIPHER_CTX
*ctx
)
688 return EVP_CIPHER_key_length(ctx
->cipher
);
692 * Return the IV size of the cipher context.
694 * @param ctx cipher context to get the IV size from.
696 * @return the IV size of the cipher context.
698 * @ingroup hcrypto_evp
702 EVP_CIPHER_CTX_iv_length(const EVP_CIPHER_CTX
*ctx
)
704 return EVP_CIPHER_iv_length(ctx
->cipher
);
708 * Get the flags for an EVP_CIPHER_CTX context.
710 * @param ctx the EVP_CIPHER_CTX to get the flags from
712 * @return the flags for an EVP_CIPHER_CTX.
714 * @ingroup hcrypto_evp
718 EVP_CIPHER_CTX_flags(const EVP_CIPHER_CTX
*ctx
)
720 return ctx
->cipher
->flags
;
724 * Get the mode for an EVP_CIPHER_CTX context.
726 * @param ctx the EVP_CIPHER_CTX to get the mode from
728 * @return the mode for an EVP_CIPHER_CTX.
730 * @ingroup hcrypto_evp
734 EVP_CIPHER_CTX_mode(const EVP_CIPHER_CTX
*ctx
)
736 return EVP_CIPHER_CTX_flags(ctx
) & EVP_CIPH_MODE
;
740 * Get the app data for an EVP_CIPHER_CTX context.
742 * @param ctx the EVP_CIPHER_CTX to get the app data from
744 * @return the app data for an EVP_CIPHER_CTX.
746 * @ingroup hcrypto_evp
750 EVP_CIPHER_CTX_get_app_data(EVP_CIPHER_CTX
*ctx
)
752 return ctx
->app_data
;
756 * Set the app data for an EVP_CIPHER_CTX context.
758 * @param ctx the EVP_CIPHER_CTX to set the app data for
759 * @param data the app data to set for an EVP_CIPHER_CTX.
761 * @ingroup hcrypto_evp
765 EVP_CIPHER_CTX_set_app_data(EVP_CIPHER_CTX
*ctx
, void *data
)
767 ctx
->app_data
= data
;
771 * Initiate the EVP_CIPHER_CTX context to encrypt or decrypt data.
772 * Clean up with EVP_CIPHER_CTX_cleanup().
774 * @param ctx context to initiate
775 * @param c cipher to use.
776 * @param engine crypto engine to use, NULL to select default.
777 * @param key the crypto key to use, NULL will use the previous value.
778 * @param iv the IV to use, NULL will use the previous value.
779 * @param encp non zero will encrypt, -1 use the previous value.
781 * @return 1 on success.
783 * @ingroup hcrypto_evp
787 EVP_CipherInit_ex(EVP_CIPHER_CTX
*ctx
, const EVP_CIPHER
*c
, ENGINE
*engine
,
788 const void *key
, const void *iv
, int encp
)
795 ctx
->encrypt
= (encp
? 1 : 0);
797 if (c
&& (c
!= ctx
->cipher
)) {
798 EVP_CIPHER_CTX_cleanup(ctx
);
800 ctx
->key_len
= c
->key_len
;
802 ctx
->cipher_data
= calloc(1, c
->ctx_size
);
803 if (ctx
->cipher_data
== NULL
&& c
->ctx_size
!= 0)
806 /* assume block size is a multiple of 2 */
807 ctx
->block_mask
= EVP_CIPHER_block_size(c
) - 1;
809 if ((ctx
->cipher
->flags
& EVP_CIPH_CTRL_INIT
) &&
810 !EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_INIT
, 0, NULL
))
813 } else if (ctx
->cipher
== NULL
) {
814 /* reuse of cipher, but not any cipher ever set! */
818 switch (EVP_CIPHER_CTX_mode(ctx
)) {
819 case EVP_CIPH_CBC_MODE
:
821 assert(EVP_CIPHER_CTX_iv_length(ctx
) <= sizeof(ctx
->iv
));
824 memcpy(ctx
->oiv
, iv
, EVP_CIPHER_CTX_iv_length(ctx
));
825 memcpy(ctx
->iv
, ctx
->oiv
, EVP_CIPHER_CTX_iv_length(ctx
));
828 case EVP_CIPH_STREAM_CIPHER
:
830 case EVP_CIPH_CFB8_MODE
:
832 memcpy(ctx
->iv
, iv
, EVP_CIPHER_CTX_iv_length(ctx
));
839 if (key
|| (ctx
->cipher
->flags
& EVP_CIPH_ALWAYS_CALL_INIT
))
840 return ctx
->cipher
->init(ctx
, key
, iv
, encp
);
846 * Encipher/decipher partial data
848 * @param ctx the cipher context.
849 * @param out output data from the operation.
850 * @param outlen output length
851 * @param in input data to the operation.
852 * @param inlen length of data.
854 * The output buffer length should at least be EVP_CIPHER_block_size()
855 * byte longer then the input length.
857 * See @ref evp_cipher for an example how to use this function.
859 * @return 1 on success.
861 * @ingroup hcrypto_evp
865 EVP_CipherUpdate(EVP_CIPHER_CTX
*ctx
, void *out
, int *outlen
,
866 void *in
, size_t inlen
)
868 int ret
, left
, blocksize
;
873 * If there in no spare bytes in the left from last Update and the
874 * input length is on the block boundery, the EVP_CipherUpdate()
875 * function can take a shortcut (and preformance gain) and
876 * directly encrypt the data, otherwise we hav to fix it up and
877 * store extra it the EVP_CIPHER_CTX.
879 if (ctx
->buf_len
== 0 && (inlen
& ctx
->block_mask
) == 0) {
880 ret
= (*ctx
->cipher
->do_cipher
)(ctx
, out
, in
, inlen
);
889 blocksize
= EVP_CIPHER_CTX_block_size(ctx
);
890 left
= blocksize
- ctx
->buf_len
;
895 /* if total buffer is smaller then input, store locally */
897 memcpy(ctx
->buf
+ ctx
->buf_len
, in
, inlen
);
898 ctx
->buf_len
+= inlen
;
902 /* fill in local buffer and encrypt */
903 memcpy(ctx
->buf
+ ctx
->buf_len
, in
, left
);
904 ret
= (*ctx
->cipher
->do_cipher
)(ctx
, out
, ctx
->buf
, blocksize
);
905 memset(ctx
->buf
, 0, blocksize
);
909 *outlen
+= blocksize
;
911 in
= ((unsigned char *)in
) + left
;
912 out
= ((unsigned char *)out
) + blocksize
;
917 ctx
->buf_len
= (inlen
& ctx
->block_mask
);
918 inlen
&= ~ctx
->block_mask
;
920 ret
= (*ctx
->cipher
->do_cipher
)(ctx
, out
, in
, inlen
);
926 in
= ((unsigned char *)in
) + inlen
;
927 memcpy(ctx
->buf
, in
, ctx
->buf_len
);
934 * Encipher/decipher final data
936 * @param ctx the cipher context.
937 * @param out output data from the operation.
938 * @param outlen output length
940 * The input length needs to be at least EVP_CIPHER_block_size() bytes
943 * See @ref evp_cipher for an example how to use this function.
945 * @return 1 on success.
947 * @ingroup hcrypto_evp
951 EVP_CipherFinal_ex(EVP_CIPHER_CTX
*ctx
, void *out
, int *outlen
)
956 int ret
, left
, blocksize
;
958 blocksize
= EVP_CIPHER_CTX_block_size(ctx
);
960 left
= blocksize
- ctx
->buf_len
;
963 /* zero fill local buffer */
964 memset(ctx
->buf
+ ctx
->buf_len
, 0, left
);
965 ret
= (*ctx
->cipher
->do_cipher
)(ctx
, out
, ctx
->buf
, blocksize
);
966 memset(ctx
->buf
, 0, blocksize
);
970 *outlen
+= blocksize
;
977 * Encipher/decipher data
979 * @param ctx the cipher context.
980 * @param out out data from the operation.
981 * @param in in data to the operation.
982 * @param size length of data.
984 * @return 1 on success.
988 EVP_Cipher(EVP_CIPHER_CTX
*ctx
, void *out
, const void *in
,size_t size
)
990 return ctx
->cipher
->do_cipher(ctx
, out
, in
, size
);
998 enc_null_init(EVP_CIPHER_CTX
*ctx
,
999 const unsigned char * key
,
1000 const unsigned char * iv
,
1007 enc_null_do_cipher(EVP_CIPHER_CTX
*ctx
,
1009 const unsigned char *in
,
1012 memmove(out
, in
, size
);
1017 enc_null_cleanup(EVP_CIPHER_CTX
*ctx
)
1023 * The NULL cipher type, does no encryption/decryption.
1025 * @return the null EVP_CIPHER pointer.
1027 * @ingroup hcrypto_evp
1033 static const EVP_CIPHER enc_null
= {
1052 * The RC2 cipher type
1054 * @return the RC2 EVP_CIPHER pointer.
1056 * @ingroup hcrypto_evp
1063 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER
, rc2_cbc
);
1067 * The RC2 cipher type
1069 * @return the RC2 EVP_CIPHER pointer.
1071 * @ingroup hcrypto_evp
1075 EVP_rc2_40_cbc(void)
1078 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER
, rc2_40_cbc
);
1082 * The RC2 cipher type
1084 * @return the RC2 EVP_CIPHER pointer.
1086 * @ingroup hcrypto_evp
1090 EVP_rc2_64_cbc(void)
1093 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER
, rc2_64_cbc
);
1097 * The RC4 cipher type
1099 * @return the RC4 EVP_CIPHER pointer.
1101 * @ingroup hcrypto_evp
1108 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER
, rc4
);
1112 * The RC4-40 cipher type
1114 * @return the RC4-40 EVP_CIPHER pointer.
1116 * @ingroup hcrypto_evp
1123 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER
, rc4_40
);
1127 * The DES cipher type
1129 * @return the DES-CBC EVP_CIPHER pointer.
1131 * @ingroup hcrypto_evp
1138 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER
, des_cbc
);
1142 * The triple DES cipher type
1144 * @return the DES-EDE3-CBC EVP_CIPHER pointer.
1146 * @ingroup hcrypto_evp
1150 EVP_des_ede3_cbc(void)
1153 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER
, des_ede3_cbc
);
1157 * The AES-128 cipher type
1159 * @return the AES-128 EVP_CIPHER pointer.
1161 * @ingroup hcrypto_evp
1165 EVP_aes_128_cbc(void)
1168 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER
, aes_128_cbc
);
1172 * The AES-192 cipher type
1174 * @return the AES-192 EVP_CIPHER pointer.
1176 * @ingroup hcrypto_evp
1180 EVP_aes_192_cbc(void)
1183 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER
, aes_192_cbc
);
1187 * The AES-256 cipher type
1189 * @return the AES-256 EVP_CIPHER pointer.
1191 * @ingroup hcrypto_evp
1195 EVP_aes_256_cbc(void)
1198 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER
, aes_256_cbc
);
1202 * The AES-128 cipher type
1204 * @return the AES-128 EVP_CIPHER pointer.
1206 * @ingroup hcrypto_evp
1210 EVP_aes_128_cfb8(void)
1213 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER
, aes_128_cfb8
);
1217 * The AES-192 cipher type
1219 * @return the AES-192 EVP_CIPHER pointer.
1221 * @ingroup hcrypto_evp
1225 EVP_aes_192_cfb8(void)
1228 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER
, aes_192_cfb8
);
1232 * The AES-256 cipher type
1234 * @return the AES-256 EVP_CIPHER pointer.
1236 * @ingroup hcrypto_evp
1240 EVP_aes_256_cfb8(void)
1243 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER
, aes_256_cfb8
);
1247 * The Camellia-128 cipher type
1249 * @return the Camellia-128 EVP_CIPHER pointer.
1251 * @ingroup hcrypto_evp
1255 EVP_camellia_128_cbc(void)
1258 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER
, camellia_128_cbc
);
1262 * The Camellia-198 cipher type
1264 * @return the Camellia-198 EVP_CIPHER pointer.
1266 * @ingroup hcrypto_evp
1270 EVP_camellia_192_cbc(void)
1273 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER
, camellia_192_cbc
);
1277 * The Camellia-256 cipher type
1279 * @return the Camellia-256 EVP_CIPHER pointer.
1281 * @ingroup hcrypto_evp
1285 EVP_camellia_256_cbc(void)
1288 return EVP_DEF_OP(HCRYPTO_DEF_PROVIDER
, camellia_256_cbc
);
1295 static const struct cipher_name
{
1297 const EVP_CIPHER
*(*func
)(void);
1299 { "des-ede3-cbc", EVP_des_ede3_cbc
},
1300 { "aes-128-cbc", EVP_aes_128_cbc
},
1301 { "aes-192-cbc", EVP_aes_192_cbc
},
1302 { "aes-256-cbc", EVP_aes_256_cbc
},
1303 { "aes-128-cfb8", EVP_aes_128_cfb8
},
1304 { "aes-192-cfb8", EVP_aes_192_cfb8
},
1305 { "aes-256-cfb8", EVP_aes_256_cfb8
},
1306 { "camellia-128-cbc", EVP_camellia_128_cbc
},
1307 { "camellia-192-cbc", EVP_camellia_192_cbc
},
1308 { "camellia-256-cbc", EVP_camellia_256_cbc
}
1312 * Get the cipher type using their name.
1314 * @param name the name of the cipher.
1316 * @return the selected EVP_CIPHER pointer or NULL if not found.
1318 * @ingroup hcrypto_evp
1322 EVP_get_cipherbyname(const char *name
)
1325 for (i
= 0; i
< sizeof(cipher_name
)/sizeof(cipher_name
[0]); i
++) {
1326 if (strcasecmp(cipher_name
[i
].name
, name
) == 0)
1327 return (*cipher_name
[i
].func
)();
1338 #define min(a,b) (((a)>(b))?(b):(a))
1342 * Provides a legancy string to key function, used in PEM files.
1344 * New protocols should use new string to key functions like NIST
1345 * SP56-800A or PKCS#5 v2.0 (see PKCS5_PBKDF2_HMAC_SHA1()).
1347 * @param type type of cipher to use
1348 * @param md message digest to use
1349 * @param salt salt salt string, should be an binary 8 byte buffer.
1350 * @param data the password/input key string.
1351 * @param datalen length of data parameter.
1352 * @param count iteration counter.
1353 * @param keydata output keydata, needs to of the size EVP_CIPHER_key_length().
1354 * @param ivdata output ivdata, needs to of the size EVP_CIPHER_block_size().
1356 * @return the size of derived key.
1358 * @ingroup hcrypto_evp
1362 EVP_BytesToKey(const EVP_CIPHER
*type
,
1365 const void *data
, size_t datalen
,
1370 unsigned int ivlen
, keylen
;
1372 unsigned int mds
= 0, i
;
1373 unsigned char *key
= keydata
;
1374 unsigned char *iv
= ivdata
;
1378 keylen
= EVP_CIPHER_key_length(type
);
1379 ivlen
= EVP_CIPHER_iv_length(type
);
1384 buf
= malloc(EVP_MD_size(md
));
1388 EVP_MD_CTX_init(&c
);
1392 EVP_DigestInit_ex(&c
, md
, NULL
);
1394 EVP_DigestUpdate(&c
, buf
, mds
);
1396 EVP_DigestUpdate(&c
,data
,datalen
);
1398 #define PKCS5_SALT_LEN 8
1401 EVP_DigestUpdate(&c
, salt
, PKCS5_SALT_LEN
);
1403 EVP_DigestFinal_ex(&c
, buf
, &mds
);
1404 assert(mds
== EVP_MD_size(md
));
1406 for (i
= 1; i
< count
; i
++) {
1407 EVP_DigestInit_ex(&c
, md
, NULL
);
1408 EVP_DigestUpdate(&c
, buf
, mds
);
1409 EVP_DigestFinal_ex(&c
, buf
, &mds
);
1410 assert(mds
== EVP_MD_size(md
));
1415 size_t sz
= min(keylen
, mds
);
1417 memcpy(key
, buf
, sz
);
1423 if (ivlen
&& mds
> i
) {
1424 size_t sz
= min(ivlen
, (mds
- i
));
1426 memcpy(iv
, &buf
[i
], sz
);
1431 if (keylen
== 0 && ivlen
== 0)
1435 EVP_MD_CTX_cleanup(&c
);
1438 return EVP_CIPHER_key_length(type
);
1442 * Generate a random key for the specificed EVP_CIPHER.
1444 * @param ctx EVP_CIPHER_CTX type to build the key for.
1445 * @param key return key, must be at least EVP_CIPHER_key_length() byte long.
1447 * @return 1 for success, 0 for failure.
1449 * @ingroup hcrypto_core
1453 EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX
*ctx
, void *key
)
1455 if (ctx
->cipher
->flags
& EVP_CIPH_RAND_KEY
)
1456 return EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_RAND_KEY
, 0, key
);
1457 if (RAND_bytes(key
, ctx
->key_len
) != 1)
1463 * Perform a operation on a ctx
1465 * @param ctx context to perform operation on.
1466 * @param type type of operation.
1467 * @param arg argument to operation.
1468 * @param data addition data to operation.
1470 * @return 1 for success, 0 for failure.
1472 * @ingroup hcrypto_core
1476 EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX
*ctx
, int type
, int arg
, void *data
)
1478 if (ctx
->cipher
== NULL
|| ctx
->cipher
->ctrl
== NULL
)
1480 return (*ctx
->cipher
->ctrl
)(ctx
, type
, arg
, data
);
1484 * Add all algorithms to the crypto core.
1486 * @ingroup hcrypto_core
1490 OpenSSL_add_all_algorithms(void)
1496 * Add all algorithms to the crypto core using configuration file.
1498 * @ingroup hcrypto_core
1502 OpenSSL_add_all_algorithms_conf(void)
1508 * Add all algorithms to the crypto core, but don't use the
1509 * configuration file.
1511 * @ingroup hcrypto_core
1515 OpenSSL_add_all_algorithms_noconf(void)