search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fixes https://github.com/heimdal/heimdal/issues/294
[heimdal.git] / lib / hcrypto / evp-pkcs11.c
blob3bfec76b6fec8c388179695c0f7b2079a5bfaad5
1 /*
2 * Copyright (c) 2015-2016, Secure Endpoints Inc.
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * - Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * - Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
18 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
19 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
20 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
21 * COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
22 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
23 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
24 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
26 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
28 * OF THE POSSIBILITY OF SUCH DAMAGE.
29 */
30
31 /* PKCS#11 provider */
32
33 #include <config.h>
34 #include <roken.h>
35 #include <assert.h>
36 #ifdef HAVE_DLFCN_H
37 #include <dlfcn.h>
38 #ifndef RTLD_LAZY
39 #define RTLD_LAZY 0
40 #endif
41 #ifndef RTLD_LOCAL
42 #define RTLD_LOCAL 0
43 #endif
44 #ifndef RTLD_GROUP
45 #define RTLD_GROUP 0
46 #endif
47 #ifndef RTLD_NODELETE
48 #define RTLD_NODELETE 0
49 #endif
50 #else
51 #error PKCS11 support requires dlfcn.h
52 #endif
53
54 #include <heimbase.h>
55
56 #include <evp.h>
57 #include <evp-hcrypto.h>
58 #include <evp-pkcs11.h>
59
60 #include <ref/pkcs11.h>
61
62 #if __sun && !defined(PKCS11_MODULE_PATH)
63 # if _LP64
64 # define PKCS11_MODULE_PATH "/usr/lib/64/libpkcs11.so"
65 # else
66 # define PKCS11_MODULE_PATH "/usr/lib/libpkcs11.so"
67 # endif
68 #elif defined(__linux__)
69 /*
70 * XXX We should have an autoconf check for OpenCryptoki and such
71 * things. However, there's no AC_CHECK_OBJECT(), and we'd have to
72 * write one. Today I'm feeling lazy. Another possibility would be to
73 * have a symlink from the libdir we'll install into, and then we could
74 * dlopen() that on all platforms.
75 *
76 * XXX Also, we should pick an appropriate shared object based on 32- vs
77 * 64-bits.
78 */
79 # define PKCS11_MODULE_PATH "/usr/lib/pkcs11/PKCS11_API.so"
80 #endif
81
82 static CK_FUNCTION_LIST_PTR p11_module;
83
84 static int
85 p11_cleanup(EVP_CIPHER_CTX *ctx);
86
87 struct pkcs11_cipher_ctx {
88 CK_SESSION_HANDLE hSession;
89 CK_OBJECT_HANDLE hSecret;
90 int cipher_init_done;
91 };
92
93 struct pkcs11_md_ctx {
94 CK_SESSION_HANDLE hSession;
95 };
96
97 static void *pkcs11_module_handle;
98 static void
99 p11_module_init_once(void *context)
100 {
101 CK_RV rv;
102 CK_FUNCTION_LIST_PTR module;
103 CK_RV (*C_GetFunctionList_fn)(CK_FUNCTION_LIST_PTR_PTR);
104 char *pkcs11ModulePath = secure_getenv("PKCS11_MODULE_PATH");
105
106 if (pkcs11ModulePath != NULL) {
107 pkcs11_module_handle =
108 dlopen(pkcs11ModulePath,
109 RTLD_LAZY | RTLD_LOCAL | RTLD_GROUP | RTLD_NODELETE);
110 if (pkcs11_module_handle == NULL)
111 fprintf(stderr, "p11_module_init(%s): %s\n", pkcs11ModulePath, dlerror());
112 }
113 #ifdef PKCS11_MODULE_PATH
114 if (pkcs11_module_handle == NULL) {
115 pkcs11_module_handle =
116 dlopen(PKCS11_MODULE_PATH,
117 RTLD_LAZY | RTLD_LOCAL | RTLD_GROUP | RTLD_NODELETE);
118 if (pkcs11_module_handle == NULL)
119 fprintf(stderr, "p11_module_init(%s): %s\n", PKCS11_MODULE_PATH, dlerror());
120 }
121 #endif
122 if (pkcs11_module_handle == NULL)
123 goto cleanup;
124
125 C_GetFunctionList_fn = (CK_RV (*)(CK_FUNCTION_LIST_PTR_PTR))
126 dlsym(pkcs11_module_handle, "C_GetFunctionList");
127 if (C_GetFunctionList_fn == NULL)
128 goto cleanup;
129
130 rv = C_GetFunctionList_fn(&module);
131 if (rv != CKR_OK)
132 goto cleanup;
133
134 rv = module->C_Initialize(NULL);
135 if (rv == CKR_CRYPTOKI_ALREADY_INITIALIZED)
136 rv = CKR_OK;
137 if (rv == CKR_OK)
138 *((CK_FUNCTION_LIST_PTR_PTR)context) = module;
139
140 cleanup:
141 if (pkcs11_module_handle != NULL && p11_module == NULL) {
142 dlclose(pkcs11_module_handle);
143 pkcs11_module_handle = NULL;
144 }
145 /* else leak pkcs11_module_handle */
146 }
147
148 static CK_RV
149 p11_module_init(void)
150 {
151 static heim_base_once_t init_module = HEIM_BASE_ONCE_INIT;
152
153 heim_base_once_f(&init_module, &p11_module, p11_module_init_once);
154
155 return p11_module != NULL ? CKR_OK : CKR_LIBRARY_LOAD_FAILED;
156 }
157
158 static CK_RV
159 p11_session_init(CK_MECHANISM_TYPE mechanismType, CK_SESSION_HANDLE_PTR phSession)
160 {
161 CK_RV rv;
162 CK_ULONG i, ulSlotCount = 0;
163 CK_SLOT_ID_PTR pSlotList = NULL;
164 CK_MECHANISM_INFO info;
165
166 if (phSession != NULL)
167 *phSession = CK_INVALID_HANDLE;
168
169 rv = p11_module_init();
170 if (rv != CKR_OK)
171 goto cleanup;
172
173 assert(p11_module != NULL);
174
175 rv = p11_module->C_GetSlotList(CK_FALSE, NULL, &ulSlotCount);
176 if (rv != CKR_OK)
177 goto cleanup;
178
179 pSlotList = (CK_SLOT_ID_PTR)calloc(ulSlotCount, sizeof(CK_SLOT_ID));
180 if (pSlotList == NULL) {
181 rv = CKR_HOST_MEMORY;
182 goto cleanup;
183 }
184
185 rv = p11_module->C_GetSlotList(CK_FALSE, pSlotList, &ulSlotCount);
186 if (rv != CKR_OK)
187 goto cleanup;
188
189 /*
190 * Note that this approach of using the first slot that supports the desired
191 * mechanism may not always be what the user wants (for example it may prefer
192 * software to hardware crypto). We're going to assume that this code will be
193 * principally used on Solaris (which has a meta-slot provider that sorts by
194 * hardware first) or in situations where the user can configure the slots in
195 * order of provider preference. In the future we should make this configurable.
196 */
197 for (i = 0; i < ulSlotCount; i++) {
198 rv = p11_module->C_GetMechanismInfo(pSlotList[i], mechanismType, &info);
199 if (rv == CKR_OK)
200 break;
201 }
202
203 if (i == ulSlotCount) {
204 rv = CKR_MECHANISM_INVALID;
205 goto cleanup;
206 }
207
208 if (phSession != NULL) {
209 rv = p11_module->C_OpenSession(pSlotList[i], CKF_SERIAL_SESSION, NULL, NULL, phSession);
210 if (rv != CKR_OK)
211 goto cleanup;
212 }
213
214 cleanup:
215 free(pSlotList);
216
217 return rv;
218 }
219
220 static int
221 p11_mech_available_p(CK_MECHANISM_TYPE mechanismType)
222 {
223 return p11_session_init(mechanismType, NULL) == CKR_OK;
224 }
225
226 static CK_KEY_TYPE
227 p11_key_type_for_mech(CK_MECHANISM_TYPE mechanismType)
228 {
229 CK_KEY_TYPE keyType = 0;
230
231 switch (mechanismType) {
232 case CKM_RC2_CBC:
233 keyType = CKK_RC2;
234 break;
235 case CKM_RC4:
236 keyType = CKK_RC4;
237 break;
238 case CKM_DES_CBC:
239 keyType = CKK_DES;
240 break;
241 case CKM_DES3_CBC:
242 keyType = CKK_DES3;
243 break;
244 case CKM_AES_CBC:
245 case CKM_AES_CFB8:
246 keyType = CKK_AES;
247 break;
248 case CKM_CAMELLIA_CBC:
249 keyType = CKK_CAMELLIA;
250 break;
251 default:
252 assert(0 && "Unknown PKCS#11 mechanism type");
253 break;
254 }
255
256 return keyType;
257 }
258
259 static int
260 p11_key_init(EVP_CIPHER_CTX *ctx,
261 const unsigned char *key,
262 const unsigned char *iv,
263 int encp)
264 {
265 CK_RV rv;
266 CK_BBOOL bFalse = CK_FALSE;
267 CK_BBOOL bTrue = CK_TRUE;
268 CK_MECHANISM_TYPE mechanismType = (CK_MECHANISM_TYPE)ctx->cipher->app_data;
269 CK_KEY_TYPE keyType = p11_key_type_for_mech(mechanismType);
270 CK_OBJECT_CLASS objectClass = CKO_SECRET_KEY;
271 CK_ATTRIBUTE_TYPE op = encp ? CKA_ENCRYPT : CKA_DECRYPT;
272 CK_ATTRIBUTE attributes[] = {
273 { CKA_EXTRACTABLE, &bFalse, sizeof(bFalse) },
274 { CKA_CLASS, &objectClass, sizeof(objectClass) },
275 { CKA_KEY_TYPE, &keyType, sizeof(keyType) },
276 { CKA_TOKEN, &bFalse, sizeof(bFalse) },
277 { CKA_PRIVATE, &bFalse, sizeof(bFalse) },
278 { CKA_SENSITIVE, &bTrue, sizeof(bTrue) },
279 { CKA_VALUE, (void *)key, ctx->key_len },
280 { op, &bTrue, sizeof(bTrue) }
281 };
282 struct pkcs11_cipher_ctx *p11ctx = (struct pkcs11_cipher_ctx *)ctx->cipher_data;
283 p11ctx->cipher_init_done = 0;
284
285 rv = p11_session_init(mechanismType, &p11ctx->hSession);
286 if (rv != CKR_OK)
287 goto cleanup;
288
289 assert(p11_module != NULL);
290
291 rv = p11_module->C_CreateObject(p11ctx->hSession, attributes,
292 sizeof(attributes) / sizeof(attributes[0]),
293 &p11ctx->hSecret);
294 if (rv != CKR_OK)
295 goto cleanup;
296
297 cleanup:
298 if (rv != CKR_OK)
299 p11_cleanup(ctx);
300
301 return rv == CKR_OK;
302 }
303
304 static int
305 p11_do_cipher(EVP_CIPHER_CTX *ctx,
306 unsigned char *out,
307 const unsigned char *in,
308 unsigned int size)
309 {
310 struct pkcs11_cipher_ctx *p11ctx = (struct pkcs11_cipher_ctx *)ctx->cipher_data;
311 CK_RV rv = CKR_OK;
312 CK_ULONG ulCipherTextLen = size;
313 CK_MECHANISM_TYPE mechanismType = (CK_MECHANISM_TYPE)ctx->cipher->app_data;
314 CK_MECHANISM mechanism = {
315 mechanismType,
316 ctx->cipher->iv_len ? ctx->iv : NULL,
317 ctx->cipher->iv_len
318 };
319
320 assert(p11_module != NULL);
321 /* The EVP layer only ever calls us with complete cipher blocks */
322 assert(EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_STREAM_CIPHER ||
323 (size % ctx->cipher->block_size) == 0);
324
325 if (ctx->encrypt) {
326 if (!p11ctx->cipher_init_done) {
327 rv = p11_module->C_EncryptInit(p11ctx->hSession, &mechanism, p11ctx->hSecret);
328 if (rv == CKR_OK)
329 p11ctx->cipher_init_done = 1;
330 }
331 if (rv == CKR_OK)
332 rv = p11_module->C_EncryptUpdate(p11ctx->hSession, (unsigned char *)in, size, out, &ulCipherTextLen);
333 } else {
334 if (!p11ctx->cipher_init_done) {
335 rv = p11_module->C_DecryptInit(p11ctx->hSession, &mechanism, p11ctx->hSecret);
336 if (rv == CKR_OK)
337 p11ctx->cipher_init_done = 1;
338 }
339 if (rv == CKR_OK)
340 rv = p11_module->C_DecryptUpdate(p11ctx->hSession, (unsigned char *)in, size, out, &ulCipherTextLen);
341 }
342
343 return rv == CKR_OK;
344 }
345
346 static int
347 p11_cleanup(EVP_CIPHER_CTX *ctx)
348 {
349 struct pkcs11_cipher_ctx *p11ctx = (struct pkcs11_cipher_ctx *)ctx->cipher_data;
350
351 assert(p11_module != NULL);
352
353 if (p11ctx->hSecret != CK_INVALID_HANDLE) {
354 p11_module->C_DestroyObject(p11ctx->hSession, p11ctx->hSecret);
355 p11ctx->hSecret = CK_INVALID_HANDLE;
356 }
357 if (p11ctx->hSession != CK_INVALID_HANDLE) {
358 p11_module->C_CloseSession(p11ctx->hSession);
359 p11ctx->hSession = CK_INVALID_HANDLE;
360 }
361
362 return 1;
363 }
364
365 static int
366 p11_md_hash_init(CK_MECHANISM_TYPE mechanismType, EVP_MD_CTX *ctx)
367 {
368 struct pkcs11_md_ctx *p11ctx = (struct pkcs11_md_ctx *)ctx;
369 CK_RV rv;
370
371 rv = p11_session_init(mechanismType, &p11ctx->hSession);
372 if (rv == CKR_OK) {
373 CK_MECHANISM mechanism = { mechanismType, NULL, 0 };
374
375 assert(p11_module != NULL);
376
377 rv = p11_module->C_DigestInit(p11ctx->hSession, &mechanism);
378 }
379
380 return rv == CKR_OK;
381 }
382
383 static int
384 p11_md_update(EVP_MD_CTX *ctx, const void *data, size_t length)
385 {
386 struct pkcs11_md_ctx *p11ctx = (struct pkcs11_md_ctx *)ctx;
387 CK_RV rv;
388
389 assert(p11_module != NULL);
390
391 rv = p11_module->C_DigestUpdate(p11ctx->hSession, (unsigned char *)data, length);
392
393 return rv == CKR_OK;
394 }
395
396 static int
397 p11_md_final(void *digest, EVP_MD_CTX *ctx)
398 {
399 struct pkcs11_md_ctx *p11ctx = (struct pkcs11_md_ctx *)ctx;
400 CK_RV rv;
401 CK_ULONG digestLen = 0;
402
403 assert(p11_module != NULL);
404
405 rv = p11_module->C_DigestFinal(p11ctx->hSession, NULL, &digestLen);
406 if (rv == CKR_OK)
407 rv = p11_module->C_DigestFinal(p11ctx->hSession, digest, &digestLen);
408
409 return rv == CKR_OK;
410 }
411
412 static int
413 p11_md_cleanup(EVP_MD_CTX *ctx)
414 {
415 struct pkcs11_md_ctx *p11ctx = (struct pkcs11_md_ctx *)ctx;
416 CK_RV rv;
417
418 assert(p11_module != NULL);
419
420 rv = p11_module->C_CloseSession(p11ctx->hSession);
421 if (rv == CKR_OK)
422 p11ctx->hSession = CK_INVALID_HANDLE;
423
424 return rv == CKR_OK;
425 }
426
427 #define PKCS11_CIPHER_ALGORITHM(name, mechanismType, block_size, \
428 key_len, iv_len, flags) \
429 \
430 static EVP_CIPHER \
431 pkcs11_##name = { \
432 0, \
433 block_size, \
434 key_len, \
435 iv_len, \
436 flags, \
437 p11_key_init, \
438 p11_do_cipher, \
439 p11_cleanup, \
440 sizeof(struct pkcs11_cipher_ctx), \
441 NULL, \
442 NULL, \
443 NULL, \
444 (void *)mechanismType \
445 }; \
446 \
447 const EVP_CIPHER * \
448 hc_EVP_pkcs11_##name(void) \
449 { \
450 if (p11_mech_available_p(mechanismType)) \
451 return &pkcs11_##name; \
452 else \
453 return NULL; \
454 } \
455 \
456 static void \
457 pkcs11_hcrypto_##name##_init_once(void *context) \
458 { \
459 const EVP_CIPHER *cipher; \
460 \
461 cipher = hc_EVP_pkcs11_ ##name(); \
462 if (cipher == NULL && HCRYPTO_FALLBACK) \
463 cipher = hc_EVP_hcrypto_ ##name(); \
464 \
465 *((const EVP_CIPHER **)context) = cipher; \
466 } \
467 \
468 const EVP_CIPHER * \
469 hc_EVP_pkcs11_hcrypto_##name(void) \
470 { \
471 static const EVP_CIPHER *__cipher; \
472 static heim_base_once_t __init = HEIM_BASE_ONCE_INIT; \
473 \
474 heim_base_once_f(&__init, &__cipher, \
475 pkcs11_hcrypto_##name##_init_once); \
476 \
477 return __cipher; \
478 }
479
480 #define PKCS11_MD_ALGORITHM(name, mechanismType, hash_size, block_size) \
481 \
482 static int p11_##name##_init(EVP_MD_CTX *ctx) \
483 { \
484 return p11_md_hash_init(mechanismType, ctx); \
485 } \
486 \
487 const EVP_MD * \
488 hc_EVP_pkcs11_##name(void) \
489 { \
490 static struct hc_evp_md name = { \
491 hash_size, \
492 block_size, \
493 sizeof(struct pkcs11_md_ctx), \
494 p11_##name##_init, \
495 p11_md_update, \
496 p11_md_final, \
497 p11_md_cleanup \
498 }; \
499 \
500 if (p11_mech_available_p(mechanismType)) \
501 return &name; \
502 else \
503 return NULL; \
504 } \
505 \
506 static void \
507 pkcs11_hcrypto_##name##_init_once(void *context) \
508 { \
509 const EVP_MD *md; \
510 \
511 md = hc_EVP_pkcs11_ ##name(); \
512 if (md == NULL && HCRYPTO_FALLBACK) \
513 md = hc_EVP_hcrypto_ ##name(); \
514 \
515 *((const EVP_MD **)context) = md; \
516 } \
517 \
518 const EVP_MD * \
519 hc_EVP_pkcs11_hcrypto_##name(void) \
520 { \
521 static const EVP_MD *__md; \
522 static heim_base_once_t __init = HEIM_BASE_ONCE_INIT; \
523 \
524 heim_base_once_f(&__init, &__md, \
525 pkcs11_hcrypto_##name##_init_once); \
526 \
527 return __md; \
528 }
529
530 #define PKCS11_MD_ALGORITHM_UNAVAILABLE(name) \
531 \
532 const EVP_MD * \
533 hc_EVP_pkcs11_##name(void) \
534 { \
535 return NULL; \
536 } \
537 \
538 const EVP_MD * \
539 hc_EVP_pkcs11_hcrypto_##name(void) \
540 { \
541 return hc_EVP_hcrypto_ ##name(); \
542 }
543
544 /**
545 * The triple DES cipher type (PKCS#11 provider)
546 *
547 * @return the DES-EDE3-CBC EVP_CIPHER pointer.
548 *
549 * @ingroup hcrypto_evp
550 */
551
552 PKCS11_CIPHER_ALGORITHM(des_ede3_cbc,
553 CKM_DES3_CBC,
554 8,
555 24,
556 8,
557 EVP_CIPH_CBC_MODE)
558
559 /**
560 * The DES cipher type (PKCS#11 provider)
561 *
562 * @return the DES-CBC EVP_CIPHER pointer.
563 *
564 * @ingroup hcrypto_evp
565 */
566
567 PKCS11_CIPHER_ALGORITHM(des_cbc,
568 CKM_DES_CBC,
569 8,
570 8,
571 8,
572 EVP_CIPH_CBC_MODE)
573
574 /**
575 * The AES-128 cipher type (PKCS#11 provider)
576 *
577 * @return the AES-128-CBC EVP_CIPHER pointer.
578 *
579 * @ingroup hcrypto_evp
580 */
581
582 PKCS11_CIPHER_ALGORITHM(aes_128_cbc,
583 CKM_AES_CBC,
584 16,
585 16,
586 16,
587 EVP_CIPH_CBC_MODE)
588
589 /**
590 * The AES-192 cipher type (PKCS#11 provider)
591 *
592 * @return the AES-192-CBC EVP_CIPHER pointer.
593 *
594 * @ingroup hcrypto_evp
595 */
596
597 PKCS11_CIPHER_ALGORITHM(aes_192_cbc,
598 CKM_AES_CBC,
599 16,
600 24,
601 16,
602 EVP_CIPH_CBC_MODE)
603
604 /**
605 * The AES-256 cipher type (PKCS#11 provider)
606 *
607 * @return the AES-256-CBC EVP_CIPHER pointer.
608 *
609 * @ingroup hcrypto_evp
610 */
611
612 PKCS11_CIPHER_ALGORITHM(aes_256_cbc,
613 CKM_AES_CBC,
614 16,
615 32,
616 16,
617 EVP_CIPH_CBC_MODE)
618
619 /**
620 * The AES-128 CFB8 cipher type (PKCS#11 provider)
621 *
622 * @return the AES-128-CFB8 EVP_CIPHER pointer.
623 *
624 * @ingroup hcrypto_evp
625 */
626
627 PKCS11_CIPHER_ALGORITHM(aes_128_cfb8,
628 CKM_AES_CFB8,
629 16,
630 16,
631 16,
632 EVP_CIPH_CFB8_MODE)
633
634 /**
635 * The AES-192 CFB8 cipher type (PKCS#11 provider)
636 *
637 * @return the AES-192-CFB8 EVP_CIPHER pointer.
638 *
639 * @ingroup hcrypto_evp
640 */
641
642 PKCS11_CIPHER_ALGORITHM(aes_192_cfb8,
643 CKM_AES_CFB8,
644 16,
645 24,
646 16,
647 EVP_CIPH_CFB8_MODE)
648
649 /**
650 * The AES-256 CFB8 cipher type (PKCS#11 provider)
651 *
652 * @return the AES-256-CFB8 EVP_CIPHER pointer.
653 *
654 * @ingroup hcrypto_evp
655 */
656
657 PKCS11_CIPHER_ALGORITHM(aes_256_cfb8,
658 CKM_AES_CFB8,
659 16,
660 32,
661 16,
662 EVP_CIPH_CFB8_MODE)
663
664 /**
665 * The RC2 cipher type - PKCS#11
666 *
667 * @return the RC2 EVP_CIPHER pointer.
668 *
669 * @ingroup hcrypto_evp
670 */
671
672 PKCS11_CIPHER_ALGORITHM(rc2_cbc,
673 CKM_RC2_CBC,
674 8,
675 16,
676 8,
677 EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH)
678
679 /**
680 * The RC2-40 cipher type - PKCS#11
681 *
682 * @return the RC2-40 EVP_CIPHER pointer.
683 *
684 * @ingroup hcrypto_evp
685 */
686
687 PKCS11_CIPHER_ALGORITHM(rc2_40_cbc,
688 CKM_RC2_CBC,
689 8,
690 5,
691 8,
692 EVP_CIPH_CBC_MODE)
693
694 /**
695 * The RC2-64 cipher type - PKCS#11
696 *
697 * @return the RC2-64 EVP_CIPHER pointer.
698 *
699 * @ingroup hcrypto_evp
700 */
701
702 PKCS11_CIPHER_ALGORITHM(rc2_64_cbc,
703 CKM_RC2_CBC,
704 8,
705 8,
706 8,
707 EVP_CIPH_CBC_MODE)
708
709 /**
710 * The Camellia-128 cipher type - PKCS#11
711 *
712 * @return the Camellia-128 EVP_CIPHER pointer.
713 *
714 * @ingroup hcrypto_evp
715 */
716
717 PKCS11_CIPHER_ALGORITHM(camellia_128_cbc,
718 CKM_CAMELLIA_CBC,
719 16,
720 16,
721 16,
722 EVP_CIPH_CBC_MODE)
723
724 /**
725 * The Camellia-198 cipher type - PKCS#11
726 *
727 * @return the Camellia-198 EVP_CIPHER pointer.
728 *
729 * @ingroup hcrypto_evp
730 */
731
732 PKCS11_CIPHER_ALGORITHM(camellia_192_cbc,
733 CKM_CAMELLIA_CBC,
734 16,
735 24,
736 16,
737 EVP_CIPH_CBC_MODE)
738
739 /**
740 * The Camellia-256 cipher type - PKCS#11
741 *
742 * @return the Camellia-256 EVP_CIPHER pointer.
743 *
744 * @ingroup hcrypto_evp
745 */
746
747 PKCS11_CIPHER_ALGORITHM(camellia_256_cbc,
748 CKM_CAMELLIA_CBC,
749 16,
750 32,
751 16,
752 EVP_CIPH_CBC_MODE)
753
754 /**
755 * The RC4 cipher type (PKCS#11 provider)
756 *
757 * @return the RC4 EVP_CIPHER pointer.
758 *
759 * @ingroup hcrypto_evp
760 */
761
762 PKCS11_CIPHER_ALGORITHM(rc4,
763 CKM_RC4,
764 1,
765 16,
766 0,
767 EVP_CIPH_STREAM_CIPHER | EVP_CIPH_VARIABLE_LENGTH)
768
769 /**
770 * The RC4-40 cipher type (PKCS#11 provider)
771 *
772 * @return the RC4 EVP_CIPHER pointer.
773 *
774 * @ingroup hcrypto_evp
775 */
776
777 PKCS11_CIPHER_ALGORITHM(rc4_40,
778 CKM_RC4,
779 1,
780 5,
781 0,
782 EVP_CIPH_STREAM_CIPHER | EVP_CIPH_VARIABLE_LENGTH)
783
784 PKCS11_MD_ALGORITHM(md2, CKM_MD2, 16, 16)
785 #ifdef CKM_MD4 /* non-standard extension */
786 PKCS11_MD_ALGORITHM(md4, CKM_MD4, 16, 64)
787 #else
788 PKCS11_MD_ALGORITHM_UNAVAILABLE(md4)
789 #endif
790 PKCS11_MD_ALGORITHM(md5, CKM_MD5, 16, 64)
791 PKCS11_MD_ALGORITHM(sha1, CKM_SHA_1, 20, 64)
792 PKCS11_MD_ALGORITHM(sha256, CKM_SHA256, 32, 64)
793 PKCS11_MD_ALGORITHM(sha384, CKM_SHA384, 48, 128)
794 PKCS11_MD_ALGORITHM(sha512, CKM_SHA512, 64, 128)
Heimdal